Not surprisingly, many of the discussions focused on the inadequacies of the process control and protective systems installed at the at Fukushima nuclear power plant. However, in most cases, the same lessons learned can also be applied to critical operations in any industrial plant. Among the 200 attendees at the ARC Tokyo Forum were end-user engineers, integrators and contractors, automation suppliers, consultants and researchers.
Akira Nagashima, co-chairman of the SICE 50th anniversary project steering committee and moderator of the panel, opened the discussion by summarizing its purpose: “I think there is a serious task we engineers must address before we think about how to rebuild Japan. Yes, the triggering event of this crisis was a 9.0-scale super earthquake, but we must admit that we engineers had underestimated the power of Mother Nature and thereby allowed a runaway chain reaction of accidents. The vulnerability of the artifacts and technologies we ourselves introduced made this crisis worse.”
Reinvent ourselves
Mr. Nagashima continued, “All engineers, whether involved in addressing this crisis or not, must stop and rethink what we have taken for granted. I believe this is a rare opportunity to review our own mindset and behaviors and reinvent ourselves from scratch.”
Toshiaki Itoh, formerly of Mitsubishi Chemical and current SICE Fellow, analyzed the causes of the troubles in the Fukushima nuclear power plant from the viewpoint of instrument control engineering. He pointed to irregularities of the accident by showing that fundamental protective control could not be enabled by ordinary steps or procedures. Because the tsunami washed out auxiliary power supply units and cooling systems abruptly, the risk level had not increased sequentially in Fukushima. “By its nature, current protective control is not enough to cope with such unpredictable events,” he said.
Chiaki Itoh, Yokogawa Electric, started his presentation with the premise that “science, or technology, is not almighty.” He described the evolution of control systems since the introduction of digital controllers in the late ’70s through the need to allocate computing resources flexibly and avoid the risk of system downtime and the profusion of redundant systems through the ’80s. The safety system operates independent of the control system, which is designed to operate a plant in a stable manner.
But, according to Itoh, the limitations of both current redundant architectures and safety systems have been revealed. “We all saw the limitations of redundant architecture in an open system, in the troubles at the Fukushima nuclear power plant. We also faced the limitations of safety systems, because stopping the system is complicated and not safe, as was shown in the case of the nuclear plant.”
Itoh continued, “A typical plant control system is installed in an enclosure that has redundant power supplies sitting side by side. The prevalence of this design approach indicates that the safety mechanisms we have in mind will be effective only to the extent that they prevent accidents caused by the potential failure of the engineered product themselves. We now need to pursue a structural switch in redundant architecture, from homogeneous to heterogeneous and add diversified technologies such as wireless communication systems and various kinds of sensors to measure open systems.”
Attendees agreed that while natural disasters cannot be avoided, it would be a shame if we can’t learn and gain important insights from them.
Shin Kai, [email protected], is director of research at ARC Advisory Group, Japan.
