EXECUTIVE SUMMARY

  This submission is from a Chartered Engineer with over 50 years' experience of power-station operations. It identifies certain concerns over the ability of our current engineering community to support the design, construction, operation and maintenance of future nuclear plant. The question of economic viability of nuclear power stations is dismissed because there is no option but to build these plants. The submission draws particular attention to the critical importance of control and instrumentation technology, and points out that equipment and systems that have operated safely in overseas plant should not be assumed to be readily applicable to a new generation of power station, even if that plant is identical to those operating in other countries. The critical need for the highest possible level of supervision throughout the design, construction and operational phases by properly-qualified engineering personnel is stressed, but the difficulties of finding suitable personnel in the available timeframe make this problematical. Five essential measures are outlined, ranging from increased emphasis on the teaching of physics and mathematics at secondary-school level, media projects to raise the profile of the engineering profession, canvassing the views of existing nuclear staff and increased funding at University level. Finally, the need for compliance with established international standards is stressed.

SUBMISSION

  1.  My background. I am a Chartered Engineer who has worked with Conventional and Nuclear Power stations in the UK and overseas since 1957. I was for 20 years employed by a company in the (then) Babcock and Wilcox Group, and for seven of those years (1975-82) I was engineering Director for that company. I then set up my own consultancy practice, which for 20 years served the power and water industries in the UK and overseas.

  2.  My specialist experience with power stations. I have now retired, but during my working life my speciality was control and instrumentation-a field that requires a good understanding of how the plant works and the ability to apply control technologies that enable it to be operated safely, efficiently and reliably. I have published two books on the subject.[35] I should however stress that my experience does not extend to the details of nuclear reactor control systems.

  3.  Relevant concerns. Over the years, I have become increasingly concerned by the gradual erosion of engineering skills in the UK generally and in the power-station environment in particular. In the field of control the requirement for high-level engineering training and competence is particularly important, firstly because errors and failures can contribute to, or even cause, accidents and secondly because computer systems are subject to software malfunctions that are very difficult indeed to predict.[36]

  4.  The critical importance of control technology. The control systems for nuclear plant demand great skill and care-from the initial design, throughout the entire process of construction and commissioning, and into the day-to-day operation and maintenance. Supervision must be meticulous and stringent, and has to be carried out by engineers who thoroughly understand the plant and the full complexity of whatever technology is employed in its control.

  5.  The disparate lifetimes of main plant and electronic technologies. It should also be remembered that, although the main plant is designed to last for decades, computer technologies evolve on a two to five year cycle. After they've stopped laughing at it, tomorrow's experts may well have great difficulty in understanding yesterday's technology. They will also have problems in sourcing obsolete components. Manufacturers of computers and electronic components naturally prefer to serve the biggest markets (washing machines, TVs, personal electronic devices and so on), and tend to avoid customers who buy in small quantities, yet demand extreme standards of safety and reliability.

  6.  A relevant example. In the 1980s, the attitude of computer suppliers to safety-critical applications was brought into sharp focus by the incident at Three Mile Island (TMI). After that incident a major supplier of computers, Digital Equipment Corporation (DEC), became extremely concerned at the risk of possible litigation and issued a decree that no DEC machines were to be used in nuclear power-plant applications. This was a great problem to me because my company was at that stage well advanced in manufacturing the control systems for two nuclear plants-Heysham and Sizewell A. The systems we were providing were for Datalogging only-not control-and so there was no risk of a malfunction causing a critical reactor failure. There was little option but to proceed with the engineering and delivery of the systems. However, bearing in mind one of the TMI findings that the flood of information following the incident confused the operators and contributed to the problems, I was concerned that no item in the complex electronic make-up of a nuclear power stations' electronic systems should be exempted from very close and critical scrutiny by people who are experienced and qualified in all the relevant areas.

  7.  The risks we face. I am concerned that, with a severe lack of trained and experienced engineers to design and supervise the control systems of any proposed new nuclear plant, there will be a tendency to buy "off-the-shelf" systems from countries such as the USA, France or Canada. However, these countries are themselves experiencing difficulties of recruiting and/or retaining experienced engineers and there is a risk that any systems supplied by them will be hastily cobbled together and that latent weaknesses or faults may jeopardise safety in the long term. We also run the risk of assuming that technologies that have worked successfully on foreign power stations for decades would still be available today, although Paragraph 5 above explains the faults in such arguments.

  8.  Another example. It is worthwhile seeing how even apparently fault-tolerant systems can be flawed. I have personally seen a situation where are extremely safety-critical application was (quite rightly) provided with a triple-redundant, fault-tolerant control system, yet by a simple lack of understanding this concept was completely negated. In the original design, all critical functions were simultaneously performed by three sub-systems, which acted together under a "voting" system, whereby any failure in one would be detected and out-voted by the other two. This was an excellent concept and should have assured an almost impregnable level of safety. Unfortunately, the decision to apply triple-redundancy was taken at a late stage, when construction of the plant had already reached an advanced stage. Faced with having to provide three separate pressure tappings into expensive-and by then already complete-high-pressure pipework, the constructors found two existing ones and simply "teed off" two detectors from one. This negated the entire voting system since, for example, an obstruction at the tapping point feeding the two devices would cause them to operate erroneously. But-more crucially-they would agree with each other and out-vote the single remaining one, which was in fact providing the only correct reading!

  9.  Measures to be taken. I propose that five important steps should be taken as a matter of extreme urgency:

(a) The teaching of Maths and Physics in Secondary schools should be stepped up by a significant degree.

(b) Media projects should be initiated, aimed at raising the profile of the engineering profession.

(c) Staff of existing nuclear power stations should be interviewed, to get their views, particularly on issues of maintenance, training and the availability of spares.

(d) The level of funding to support relevant courses at Tertiary Colleges and Universities should be increased. These should expand from the core maths/physics areas (which should themselves be taken to a higher level at this stage) into subjects such as metallurgy, thermodynamics, instrumentation technology and computer science.

(e) The design of any control system of a nuclear plant must comply with IEC 61508 "Functional safety of electrical/electronic/programmable electronic safety-related systems". Moreover, engineers responsible for the supervision of design, construction, commissioning, operation and maintenance of such systems should be fully conversant with this standard, and must ensure compliance throughout the chain. This will require a great deal of intense work by highly-qualified engineers.

  10.  Is there a non-nuclear option? The terms of reference for the Nuclear Case Study include a question of whether nuclear power can prove to be economically viable. There are compelling engineering arguments that there is no viable option but to build nuclear power stations. This is not the place for presenting these arguments, but a detailed statement can be provided if required.

  11.  Too late? In many ways, we are already too late in proposing to take action now: the suggested measures should have been implemented at least a decade ago. This is water under the bridge however, and all we can try to do is to retrieve something from the mess. But we must act quickly, positively and decisively.

March 2008

36   I have personally tried to address these concerns by writing a novel in which the hero is a power-plant engineer and the plot revolves round the control systems of power stations! In doing this, I hoped to encourage young people to see engineering as a worthwhile career, and to show everybody the risks of facile control solutions. Back