November 21, 2022 | Justin Clark

Reliability and Defense-in-Depth for 100 Millennia


Two key principles of sustainable systems are Reliability and Defense-in-Depth, but how often does an engineer work with a design lifetime of 100,000 years? Only in nuclear fuel disposal.

Speaking of Defense-in-Depth and Reliability, see here what’s happening in Finland!, informs us that “Finland is set to open the world’s first permanent repository for high-level nuclear waste. How did it succeed when other countries stumbled? in the article by the same title, written by Sedeer El-Showk.

A new spent-fuel storage facility called Onkalo is being constructed in Finland. Yucca Mountain in the US was our forsaken attempt. Finland appears to be accomplishing the goal of storing spent nuclear waste.

Containment is 430m below ground in gneiss/granite bedrock largely impermeable to water. The setup is impressively designed for defense-in-depth, a method of layering safeguards, a key component in both reliability centered design and risk management. It’s hard not to appreciate the design integrity here.

One critique the article in considers is the decision to use copper instead of bronze. The article does not mention it, but a higher priority design criteria in this environment is heat. While bronze does have a lower susceptibility to corrosion, the addition of tin to copper lowers the alloy melting point over 100C from 1084C to 950C. With a design lifetime of 100,000 years, anything can happen, and this extra 134C melting point buffer with pure copper is a much stronger risk reduction rather than lowering an already negligible corrosion rate. Copper is also much more ductile, and thus more resilient during seismic activity.

Containment from inside out:

  • Iron shell
  • Argon gas – inert atmosphere
  • Copper shell
  • Iron casing
  • Copper cask welded shut
  • Bentonite outer shell (desiccant-type clay)
  • Gneiss / Granite bedrock

TVO (Teollisuuden Voima Oy in Finland; a Finnish nuclear power company) has designed a rigorous and comprehensive structure to prevent the release of spent nuclear fuel, considering decay heat, corrosion, mechanical shock, diffusion, and neutron activation.

Both copper (Cu) and tin (Sn) have small total neutron absorption cross sections (<10 barns) so activation characteristics won’t change much between copper and bronze. Fissile materials in the granite are already exposed naturally to more decay neutrons than will be coming from this facility. As a fun fact, “50-80% of the earth’s total thermal energy production is due to the decay series of uranium, thorium, and 40K” (Nuclides, and Isotopes, Chart of the Nuclides, 17th ed. Bechtel Marine Propulsion Company).

Defense-in-Depth: one of the classic TapRooT® training points

Defense-in-depth is one of many systems design practices built into TapRooT® root cause analysis and Equifactor® equipment troubleshooting.

Reliable complex systems need layers of protection that prevent and catch single mistakes from causing catastrophic failure. One technique heavily used in TapRooT® Root Cause Analysis is safeguard analysis, treating every failed or missing safeguard that directly led to or failed to mitigate the consequences of an accident. This allows a meaningful analysis of root causes that allowed those safeguards to be faulty or missing.

Objective, evidence-based analysis of design, operation, maintenance, failures, and accidents is only way to achieve a first-time reliable solution. If you are a professional problem-solver looking for:

  • Structured, standardized accident investigations,
  • Continuous improvement based on Human Factors principles,
  • Elimination of human error,
  • Holistic first-time machine failure resolution,

Schedule a demonstration of the TapRooT® Root Cause Analysis and Equifactor® Equipment Troubleshooting System right on my calendar.

The best ways to see TapRooT® in action are to attend a TapRooT® Root Cause Analysis course or the 2023 Global TapRooT® Summit. See you there!

Photo credit: Image by Olaf from Pixabay.

Environmental, Equipment Reliability / Equifactor®
Show Comments

Leave a Reply

Your email address will not be published. Required fields are marked *