In the summer of 1981, the owners of the Diablo Canyon nuclear plant in California wanted to start up their brand new $4.2 billion plant. But they had to wait a couple more years and spend another $1.6 billion before turning on the switch.
Why? Among other things, it seems that the containment building housing the reactor vessel had five large air conditioning units mounted near its top. Each of these units weighed 150,000 pounds, but the plant’s designers thought the units only weighed 45,000 pounds. Consequently, they had not designed supports for the air conditioning units to hold them in place during an earthquake (which have been known to occur in California). To add insult to injury, not only would this vital cooling equipment be disabled by an earthquake, but the 150,000 pound units could wreak havoc on (i.e., squash) whatever emergency equipment they fell upon.
The plant’s owner installed more supports for the 525,000 pounds of additional weight from the five air conditioners. The original calculations had been off by merely 262 tons or so.
Ironically, part of the wait was caused by part of the weight.
Here, defense-in-depth was defeated by garbage in, garbage out. Engineering calculations, such as those performed for the air conditioning unit supports, are prepared by one person and technically reviewed by a second person. This independent verification is supposed to check both the accuracy and applicability of the calculations. For example, it is mathematically accurate to say that the average person in a room of ten women and ten men has one ovary and one testicle. But that result, regardless of its statistical precision, does not apply to any one in the room.
Diablo Canyon’s calculation might also have been mathematically correct. But the inputs to the calculation were wrong since they assumed the wrong weight for the air conditioning units. Therefore, its results were rendered not applicable.
Mistakes happen. That’s why independent verifications are performed. In this case, the independent verification failed to catch a gross error. When finally detected, its correction carried a large price tag. Had it remained undetected until revealing itself during an earthquake, it may have carried an even higher price tag.
“Fission Stories” is a weekly feature by Dave Lochbaum. For more information on nuclear power safety, see the nuclear safety section of UCS’s website and our interactive map, the Nuclear Power Information Tracker.