Fukushima Nuclear Disaster

A magnitude 9.0 earthquake struck off the coast of Japan, causing automatic shutdown of the Fukushima Daiichi nuclear reactors. The reactors survived the earthquake itself, but the incident set in motion a sequence of failures.

The facility was designed to withstand a maximum tsunami height of 5.7 meters based on historical records. This assumption had been questioned in internal studies years prior but was not acted upon.

The earthquake triggered a tsunami approximately 14 meters high, far exceeding design basis. The tsunami inundated the backup diesel generators and flooded the switchgear, eliminating all means of cooling the reactor cores.

Multiple independent backup systems were located in the same low-lying area. No physical separation meant a single flood event could disable all cooling options simultaneously.

Prior studies had identified tsunami risk. In 2008, engineers calculated that a 14-meter tsunami was possible. These findings were not escalated to decision-makers.

Information about tsunami risk existed but did not flow to the right people at the right time. Hierarchy and compartmentalization meant critical safety information remained isolated.

Without cooling, the reactor cores overheated, hydrogen was generated, explosions occurred, containment was breached, and radioactive release followed. Each loss of function cascaded into the next.

This was not a mechanical failure. The reactor was well-designed. The failure was in understanding what conditions could actually occur and designing defenses accordingly.

Design basis assumptions must be actively challenged. If a study suggests your assumptions are wrong, that finding requires response, not filing.

For your systems: What assumptions are you making about the environment? What would happen if those assumptions were wrong by a factor of 2? By a factor of 10? Have you tested whether those assumptions hold?