On February 17, 1998, a trainee at Oregon State University’s research reactor pressed a button to manually insert the control rods to shut down the reactor. Nothing happened.
The reactor operator pressed the same button. Nothing happened.
The operator reached out to turn the reactor’s keyswitch to OFF, which would cause the reactor to shut down. He noticed that the keyswitch was not in the OPERATE position, where it should have been, but was somewhere between OPERATE and RESET. He placed the keyswitch to the OPERATE position. This time, the reactor shut down when he pressed the button.
The subsequent investigation determined that dirt was binding the switch and preventing it fully returning to the OPERATE position. The out-of-position switch disabled all automatic and many of the manual shut downs for the research reactor.
Our Takeaway
Seldom is the key to safety literally a key.
Even in this case, the mispositioned key disabling safety functions represented a deeper design shortcoming. The protection circuit for the reactor should not allow the reactor to be operated with safety functions disabled. For example, if the keyswitch physically needed to be firmly and securely in OPERATE in order for the safety functions to be enabled, then this condition should also have been required for control rods to be withdrawn for the reactor’s operation. A time delay circuit could have been employed to allow the keyswitch to be moved to RESET as necessary.
“Fission Stories” is a weekly feature by Dave Lochbaum. For more information on nuclear power safety, see the nuclear safety section of UCS’s website and our interactive map, the Nuclear Power Information Tracker.