Tag Archives: safety

What Does “Fail-Safe” Mean?

20th Novemberelectricity, nuclear, safety

The term “fail-safe” is often-used to refer to an object or a device, but it more properly refers to a condition. In this post I hope to explain what “fail-safe” actually actually means, with reference to how nuclear power station stay safe.

To “fail safe” means that in the event of a failure, the failure causes the device to fail in such a way that the device is rendered safe. In terms of deaths per gigawatt year nuclear power comes second only to hydroelectric power in terms of safety (Source: ExternE Externalities of Energy Project, European Commission). This is due to the incredible emphasis that is put on safety in nuclear power stations, and is a testament to nuclear power stations’ defence in depth concept.

Control Rods

One of the key parts of a nuclear reactor is the control rod assembly. When fission occurs in a fuel rod, neutrons are released and these neutrons go on to cause further fissions. The purpose of control rods is to “soak up” excess neutrons and prevent further fissions. Control rods are made of materials such as boron, cadmium and hafnium that have a large capture cross section, meaning that they have a high probability of capturing and absorbing neutrons.

crocus-control-rods

The control rod assembly for the CROCUS research reactor.

If the control rods are raised out of the reactor the excess neutrons are not absorbed and further fission occurs and the reactor releases more thermal energy. If the control rods are lowered into the reactor the neutrons are absorbed, fission does not occur and the amount of thermal energy released is decreased.

Control rods fail safe by being held up by electromagnets. In the event of a power failure the electromagnets are no longer powered and thus the control rods will fall into the reactor, shutting it down. Whilst we cannot be sure that the power supply to the reactor will not fail, we can be sure that gravity won’t fail. If the control rods weren’t held up by electromagnets then we’d run the risk of a fail dangerous situation, with the control rods raised up out of the reactor and no way for them to be reinserted to shut down the reactor.

Moderator and Coolant

The neutrons released in each fission process are travelling too fast to cause further fissions. (Imagine trying to putt a golf ball – hit it too hard and it will just skip over the hole.) The job of the moderator is to slow these neutrons down so that they are travelling at the correct speed to continue the chain reaction process.

The moderators used in nuclear reactors vary between different designs, but graphite and light- and heavy-water are common.

The job of the coolant in the reactor is to take thermal energy away from the nuclear fuel and transfer it (via a heat exchanger) to a steam generator that then drives a turbine and generates electricity. If coolant leaks from a reactor whilst the nuclear fission process continues this leads to thermal energy not being removed from the fuel, and the fuel heating up to the point at which is gets so hot that it melts – a meltdown.

In some reactors (e.g. PWRs, BWRs, SCWRs) the coolant is the moderator, and the reactor will fail safe in the event of a coolant leak because a coolant leak is a moderator leak and the reactor cannot continue the fission process without a moderator. Other reactor designs, that do not use a combined moderator-coolant, have different safety features in place to cope with a coolant leak.

Hydraulic Fuses

13th Augusthydraulics, safety

A hydraulic fuse acts to stop the excessive flow of a hydraulic fluid, in the same way that an electrical fuse acts to stop the excessive flow of electrical current. They are commonly found in “mission critical” hydraulic systems, such as those that operate the flight control surfaces (ailerons, flaps, rudder) on aeroplanes.

There are two types of hydraulic fuse. The first operates as a pressure relief valve, and vents fluid in case of a build-up of pressure. The second operates to prevent the loss of hydraulic fluid, for example if a fluid line is severed, and operates as a check valve – allowing fluid to flow only in one direction.

hydraulic-fuse

Source

In the example of the second type of fuse shown above, excessive flow through the inlet will push the piston between the two metering plate housings and into the outlet, preventing fluid from passing through the fuse. The spring prevents the fuse from operating too early, pulling the piston to the left against the pressure to the right.

The fuse plugs used in hydroelectric dams can be viewed as a type of hydraulic fuse. They are usually constructed from across dam spillways, preventing water from exiting the reservoir along the spillway. In the event that the water level rises too high, the fuse plug is washed away by the increased water pressure.

fuse-plug-warragamba-dam

The fuse plug at the Warragamba Dam in Australia.

The fuse plug is the large dark grey structure in the bottom-centre of the map. In the event that the level of water in Lake Burragorang on the left rises too high, the excess water will wash away the fuse plug and run down the light brown spillway towards the top-right.

Whipple shielding

28th Januarysafety, space

Space is full of micrometeroids and debris whizzing around at incredible speeds, thousands of metres per second. At these speeds even tiny objects have enormous amounts of kinetic energy and can cause serious damage on impact.

hypervelocity-impact

The image above shows what happens to a eighteen centimetre-thick aluminium plate when struck by a two-and-a-half gram twelve millimetre-wide aluminium ball travelling at nearly seven kilometres per second . You can see the large crater created, and spalling beginning to occur on the opposite side of the plate as the impact shockwave reflects off it.

To prevent damage to spacecraft thick and heavy shielding as shown above is clearly unsuitable; this is where the Whipple shield comes into play.

In its simplest form a Whipple shield is simply two thin layers of shielding separated by a gap. Impact with the first layer of shielding causes the projectile to vaporise, preventing it from penetrating the second layer. In this way two light and thin layers can have a much better shielding effect than one heavy and thick layer. (Other types of Whipple shielding also exist, using multiple layers or “stuffed” layers containing a substance like Kevlar.)

whipple-shield (L-R) A multi-layer and twin-layer Whipple shield.

In the example on the right-hand side it is easy to see the shielding effect in play – the projectile has punched a tiny hole in the first layer but failed to penetrate the second layer, causing only minor heat damage (from the plasma produced on impact).

Gravel Gertie

21st Januarynuclear, safety

A Gravel Gertie is a structure specially designed for use when handling nuclear weapons. It is not designed to contain the force of a nuclear explosion, but rather to reduce the damage and contamination caused by a non-nuclear explosion – for example if the explosive lenses used in a compression-type thermonuclear weapon detonated prematurely during inspection or maintenance.

gravel-gertie

A Gravel Gertie has thick reinforced walls, but is “open” at the top with the roof being a seven-metre layer of gravel, held back by a thick waterproof membrane. In the event of an explosion expanding gas vents out through the gravel, but this gravel also acts to trap radioactive contaminants. In tests at Sandia National Laboratories a Gravel Gertie reduced airborne contamination after an explosion by a factor of ten.

View Larger Map

Four Gravel Gerties are visible in this aerial map of the Royal Ordnance Factory in Burghfield where the UK’s nuclear weapons are assembled; ROF Burghfield is part of the UK’s Atomic Weapons Establishment.

Surviving acceleration

30th Octoberacceleration, safety

How fast can you accelerate, or decelerate, and live to tell the tale?

In this context, acceleration and deceleration are usually measured in ‘G’s, multiples of the acceleration due to gravity. For example, if you crashed a car travelling at 70 miles per hour into a wall, and it took you one second to come to a stop this would be a deceleration of 35.8 metres per second per second, which is equivalent to an deceleration of 3.65 G. If the person in the car had a weight of 1000 newtons (≈100 kg) they would feel a force pushing them forwards against their seatbelt of 3650 N.

G-forces on the human body are described in two ways*: G_x which is along an axis running horizontally through the chest at a right angle and G_z which is along an axis running vertically downwards through the head and feet. A positive G_x is described as “eyeballs in” and a negative G_x as “eyeballs out”; a positive G_z pushes blood towards the feet and a negative G_z pushes blood towards the head.

The human body responds differently to acceleration in different directions.

For example: a human being can survive an “eyeballs in” 5G acceleration for about 1500 seconds, but an “eyeballs out” 5G acceleration for only half of that. Moving vertically, with blood towards the feet, a 5G acceleration can only last for 350 seconds before death occurs; but with blood towards the head for only about 8 seconds.

It seems that the human body is least sensitive to “eyeballs in” and “eyeballs out” accelerations, which makes sense when considering that human beings are far more prone to experience these accelerations than others. It’s easier to survive blood rushing to the feet than it is to survive blood rushing to the head, as increased blood pressure in the head can cause blood vessels in the brain to burst.

* It seems that very little work has been done on how the body responds to sideways accelerations.

MrReid.org

Stuff that interests Mr Reid, a physicist and teacher