Three Decades after Chernobyl: Technical or Human Causes?

The accident of unit 4 at the NPP Chernobyl from 1986 was arguably the worst disaster of a nuclear power plant that happened so far. It became apparent to the broader public that the vast amount of radioactive fission products that accumulate during operation of a nuclear reactor have the potential to render large areas inhabitable. The root cause of the accident was therefore of major interest for all countries who operated nuclear power plants, or who had nuclear power plants in its vicinity. Considering all information available today it is safe to draw the conclusion that the reactor design was too complex at that time, and therefore errors have been made. It is not so easy to exclude that this could happen with other designs in other countries as well.


Introduction
Thirty years after the disaster at the Chernobyl Nuclear Power Plant (NPP), all details of the accident seem to be known. The Chernobyl reactor was a pressure tube reactor of the type RBMK, which has been built several times in the Soviet Union. Experts from regulatory authorities and research institutes have analysed the existing accident data and results from accident simulations and gave their view in many published reports (GRS 1996, USNRC 1987, Snell and Howieson 1991, Sehgal 2012. The International Atomic Energy Agency IAEA and the "Nuclear Energy Agency" of the "Organization for Economic Co-operation and Development" organized conferences and published the resulting experts' opinions (INSAG 1986, INSAG 1992, OECD/NEA 2002. In most cases, the authors conclude that human error combined with weaknesses in the reactor design of the RBMK reactor have led to the accident. In this content the term "human error" indicates violation of operating procedures and lack of knowledge of the operators of the reactor. Deficiencies in the safety culture of the power plant are typically identified as root cause for the transgressions of the operators. The long prison sentences for the main engineer Fomin of the Csernobyl NPP and his deputy Diatlov add to this picture. This narrative of the accident and its root cause, as presented in many books, reports and papers, can be traced back to an IAEA meeting. A few months after the accident, 25th to 29th of August 1986, the IAEA organized a "Post Accident Review Meeting" were Soviet experts gave detailed information on the accident to a large number of experts from IAEA member states. The IAEA issued a report that summarized the meeting, the first report of the "International Nuclear Safety Advisory Group" (INSAG 1986). The report gave a clear statement on the reason for the accident: "… the accident was caused by a remarkable range of human errors and violations of operating rules in combination with specific reactor features which compounded and amplified the effects of the errors and led to the reactivity excursion.", where "human errors" refers exclusively to operator errors.
Five years after the accident, the report INSAG-1 was revised by IAEA and reissued as INSAG-7 (INSAG 1992). The new version is based on two Russian reports: One report (Shteynberg 1991) was issued by a commission, appointed by the Soviets' "State Committee for the Supervision of Safety in Industry and Nuclear Power". Said commission had the task to reassess the events of the Chernobyl accident. The other report (Abagyan et al., 1991) investigates in detail the cause of the accident and is authored by prestigious Soviet institutes, such as the Kurtchatov Institute or the Scientific Research and Design Institute for Power Technology (Russian abbreviation NIKIET). Both reports are annexed to INSAG-7. These reports present a completely different picture of the accident. In particular, Shteynberg (1991) contradicts the account of the accident of INSAG-1 regarding operator errors. Abagyan et al. (1991) draws a whole new picture on the RBMK designer organization. The conclusions of INSAG-7 are therefore different than INSAG-1, but retain a certain emphasis on lacking safety culture and operator errors.
The new perspective from Shteynberg 1991 andAbagyan et al., 1991 is rarely reflected in the current literature on the Chernobyl accident. Large, influential organizations such as US Nuclear Regulatory Commission (NRC) had already completed their analyses of the Chernobyl accident before the revised report INSAG-7 was published (e.g. USNRC 1987). Others, such as (OECD / NEA 2002), tend to follow the narrative of human error and violation of operating procedures notwithstanding their recent publication date. This leads to the fact that whenever the Chernobyl accident is portrayed based on literature, it is most likely that mistakes and violation of the operators are identified as main cause for the event.
References to accounts of the events given by participants in the accident night are rarely found (a counter-example can be found in Schmid 2011). The deputy chief engineer of the power station, Diatlov, who designed the test program that led to the accident of Chernobyl and who was present in the control room in the night of the accident published an article in a scientific journal after INSAG-7 was issued (Diatlov 1995). A book, which he wrote about the background and the course of the accident, was not published, but is available electronically from Internet libraries (Diatlov 2005). However, some aspects of the accident can only be understood by combining the information of the logs of the Chernobyl control system, the logbook entries, the interpretations of the various scientific institutes of the events, and the description Diatlov on the events of the night of the accident. By combining all information a new view on the root cause of the accident becomes apparent.

The Chernobyl reactor
The RBMK type reactor was not the first choice for the Chernobyl site (Shteynberg, 1991). In fact the RBMK design was ranked third in a feasibility study. Nevertheless it was decided to construct a RBMK reactor since the required parts and components for the RBMK design were available, while components for the other two designs would have to be manufactured and long production times were expected. The decision for RBMK reactors was taken in 1969, in 1972 it was decided to build a total of 4,000 MW electrical power (four reactor blocks). The Gidroproekt and NIKIET institutions worked together to develop the reactor design, which was subsequently examined by the Soviet State Committee for Construction and Planning. Finally, the design was approved by the Council of Ministers. The blocks Chernobyl one to four went online between 1977 and 1983.

Fig. 1
Schematic of an RBMK reactor (Nuclear Energy Institute 1997) Figures 1 to 3 show the schematic of the RBMK reactor, a section through the reactor, and the reactor core. RBMK is a Russian acronym for high-performance channel reactor and is designed as a boiling water reactor. In contrast to the western type boiling water reactors the RBMK does not feature a reactor pressure vessel. Instead it is equipped with approximately 1660 parallel vertical cooling channels (or pressure tubes). Each pressure tube can be loaded with a fuel element with an active region of about 7m, which represents the reactor core. The channels protrude vertically a graphite block (Figure 3, or (1) in Figure 2). Each single channel can be separated from the circuit by isolation valves at full load operation and a fuel element can be unloaded or loaded by the refuelling machine. (1) core, (2) pressure tubes leading tot he core, (3) lower biological shield (4) collector, (5) lateral biological shield (6) steam drum separator (7) pressure tubes (8) upper biological shield (9) refueling machine (10) upper core plate (11) upper pressure tubes (12) recirculation lines (13) collector aft er pump (14) collector before pump (15) main circulation pump Th e reactor cooling circuit begins and ends with the steam separators (shown in (6) in Figure 2 and as a "steam (drum) separator" in Figure 1). Th e steam separators separate steam from water. Th e separated water, together with the feed water from the condenser (see "water from turbine" in Figure 1) is pumped to the reactor core by means of a total of six main circulation pumps (with two backup main circulation pumps in total eight main circulation pumps are installed). Th e water is partially evaporated in the reactor core so that a two-phase mixture of water and steam is fed to the steam separator drum from the core exit. Th e steam separator drum separates the steam from the water, the steam is led to the turbine via the steam lines, while the water is mixed with the feed water and fed back to the core. A total of eight turbines and generators were installed at Chernobyl Nuclear Power Plant for the four reactor blocks (two per block). It is important to note that during operation not only water, but also a certain fraction steam is present the reactor core (which is also called "void fraction").

Reactivity initiated event
Th e Chernobyl accident was a so called "reactivity initiated event", which means that the control over the reactor power was lost, and that the power output of the reactor increased tremendously in a short time period. Th e power control of a reactor is a complex issue, and even more so in case of an RBMK reactor. Th ere are a number of factors to consider: Th e source of power in the RBMK nuclear reactor stems from the uranium-235 in the fuel pellets, which, during operation, is hit by neutrons inducing fi ssion, a process during which thermal energy and further neutrons are generated for further fi ssions (chain reaction). Th ose neutrons however, before being able to induce further fi ssions, must be slowed down (moderated). Unlike light water reactors (which use water for moderation of neutrons) the RBMK reactor uses the graphite block surrounding the fuel channels as moderator (the black tiles in Figure 3). Th e graphite off ers the advantage that a fraction of uranium 235 between 1% and 2% in the fuel is sufficient, while water-moderated reactors need a fraction between 3% and 5%. However, light water reactors have the advantage that the coolant is also the moderator at the same time. If a light water reactor loses its coolant (i.e., a pipeline breaks, the cooling water is lost and the reactor runs dry), the chain reaction collapses and the reactor power is sharply reduced. The RBMK reactor in such a situation has to rely on its neutron absorber rods (control rods), which control the power and have to be inserted into the core.
The power of a reactor is proportional to the number of neutrons which are generated in the chain reaction. An important parameter is therefore the so called "reactivity", a measure of how the generation of neutrons is changing. Positive reactivity means more neutrons are going to be generated and the power will increase. Negative reactivity means that less neutrons are going to be generated and the power will decrease. In principle, the following factors influence the reactivity in the RMBK reactor core: • Graphite as moderator and its temperature • Temperature of the fuel elements • Enrichment and burn-off of the fuel elements • Presence of xenon in the reactor core • The temperature and density of the cooling water when entering the reactor and the steam fraction (void fraction) in the cooling channels • The control rods of the reactor and their positioning.
The Chernobyl accident was a so called reactivity initiated event, an event in which the reactivity (and the power) increased in an uncontrolled way. All factors above played a role in the accident, but the last two bullet points were of special importance for the Chernobyl accident.

Positive void coefficient
A key figure to characterize the behaviour of a reactor is the "power coefficient", and in case of the RBMK reactor, the "void coefficient". The power coefficient describes how the reactor is going to react to a power change: a positive power coefficient means that an increase in power will induce a further additional increase, a decrease in power a further decrease. It is desirable (although not necessarily required) to construct a reactor with a negative power coefficient: this means, an increase in power would lead to a reduction in power, a decrease to an increase. Such a reactor will by itself tend to regulate its power at a fixed power level. The other key figure, the "void coefficient", describes the feedback of the reactor to an increase of steam in the core region. A positive void coefficient means that an increase of the steam fraction in the pressure tubes in the core region leads to an increase in power, a negative void coefficient means that an increase in void leads to a decrease in power.
The light water cooled and moderated reactors have a negative power coefficient, as well as a negative void coefficient. The designers of the RBMK reactor aimed for a negative power coefficient, and accepted a positive void coefficient (during certain operational regimes). However, the designers of the RBMK were convinced that this effect was limited. Their design calculations showed that if the pressure tubes were to be filled with steam, the reactivity would first increase, but then decrease, and eventually become negative (see Figure 4, Abagyan et al., 1991). This calculation, although accepted by the regulatory authority, turned out to be wrong, as the Chernobyl accident showed. Reactivity vs coolant density in a fuel channel.
(1) Assumptions of the designers, reactivity negative for voided channel, (2) reality, reactivity strongly positive for voided channel (Abagyan et al. 1991) Shteynberg (1991) points out that the impact of the steam fraction in the cooling channel on the reactivity was only evaluated for performance levels above 50% of the nominal reactor power (i.e. 1600 MWth and upwards). The accident happened at an operating power of about 200 MWth, a region which should prove to be particularly unstable. However, as Shteynberg (1991) concludes, the designers did not expect any problems with this power range (which, according to him, is shown by the lack of supporting calculations for this range) and the operators were also unaware of the risks of operating the reactor in this dangerous power region.

Control rods
As in most nuclear power plants the reactor power of the RBMK reactor is controlled by control rods. The basic principle of control rods is simple -rods with a neutron absorbing material are inserted into the reactor to "slow down" the chain reaction, or withdrawn to "accelerate" it. By inserting the control rods the power is reduced (negative reactivity is inserted), by withdrawing the control rods power is increased (positive reactivity is inserted).
According to Shteynberg (1991), as well as by Abagyan et al. (1991), the design of the control rods triggered the accident. The RBMK reactor core is large compared to other cores, therefore a large number of control rods are necessary to ensure an even power distribution. The so called "operational reactivity margin" (ORM) is a very important operational parameter for RBMK reactors which played a key role in the accident. Roughly speaking it specifies for the RBMK reactor how many control rods are fully extracted at a certain point in time. More precisely, the ORM reports the "equivalent" withdrawn control rods, which means that two control rods withdrawn to 50% count as one. Furthermore not all control rods are equally effective, and furthermore effectiveness of a rod is not equal over the whole size. The algorithm for calculating the ORM takes those effects into account. According to the operating instructions, there is a minimum value for the ORM value, which must not be exceeded. There must always be 26-30 equivalent control rods withdrawn. The main engineer may permit operation also down to an ORM value of 15 equivalent control rods. Operation below this value is not permitted.
The reason for this rule (and especially its safety relevance) it is not immediately apparent. It seems safe to assume that the operators of the reactor at the night of the accident were not aware of the safety relevance of the ORM, because Diatlov, deputy chief engineer, who was present in the control room in the accident night, wrote (Diatlov 1995) regarding the purpose of the ORM: … "a guarantee that the reactor protection operates properly. At the same time the restriction is imposed not on the maximum, which would be natural, but on the minimum". A restriction on the maximum would be, indeed, more intuitive: Inserted control rods mean that the power can be further increased as needed (by pulling them out). On the other hand, if the control rods are withdrawn from the core it means that, if needed, more negative reactivity can be introduced to shut down the reactor. So one would assume operating at power with the control rods withdrawn is safer, then with control rods inserted.
Another fact would lead the operators to neglect the ORM parameter. Usually safety relevant parameters are shown at prominent positions in the control room. The ORM value, on the other hand, was computed by the PRIZMA program (Shteynberg 1991), on a console which was usually out of view. The ORM computation would take several minutes. It was also known that the calculated ORM value was not precise, since a group of rods was not considered. In principle the ORM value could also be derived manually from the indicated penetration depth of different control rods by a hand calculation (correcting for the various effects mentioned above). Either way it would be a lengthy procedure.
But the ORM value has a critical influence on the safe shutdown of the reactor. Due to the design of the control rods, the efficiency of the reactor SCRAM (the emergency shutdown) system was linked to the ORM value. When the reactor emergency shutdown was triggered at an ORM value of 30 and more, negative reactivity could very quickly be introduced to reduce the power; at an ORM value of 15 it took six seconds to introduce the relatively small value of 1$ of negative reactivity; and at an ORM value of 7 the introduced reactivity was positive over 8 seconds (which means the reactor power increases further for eight seconds when the operator hits the emergency shutdown button). Only after that the power would decrease (Shteynberg 1991). The design of the control rod is the reason for this effect: to ensure better performance during normal operation when the control rods are fully withdrawn, displacement bodies made of graphite were fitted with telescope rods at the lower end of the control rods. This means that during normal operation the middle of the core region (approximately 7m) was filled with a graphite displacer of 5m (see Figure 5). Above and below the displacer in the reactor core was a 1 m water column. When a fully withdrawn control rod was inserted, the graphite displacer had to pass through 1m of water in the lower core region. However at this position the water acts as a neutron absorber, the graphite body acts as a moderator, which means that positive reactivity is introduced into the lower region of the reactor (power is increased). In the upper part of the reactor core, negative reactivity is inserted because the absorber material is introduced into the core (see Figure 5). If the rods are already one meter inserted, the graphite displacer will be at the bottom of the core, and no positive reactivity will be introduced. This is the reason why a minimum ORM value is enhancing safety -it means, that a certain number of rods are already inserted into the core.
According to Shteynberg (1991) the way the ORM value was displayed in the control room suggests that the designers of the RMBK reactor themselves were not aware of the critical role of the minimum ORM value. As a safety-relevant parameter, the ORM would have been automatically calculated and displayed with constantly updated values. An automatic signal to shut down the reactor in case the ORM value drops below the allowed minimum would have been implemented in the reactor protection system.

Fig. 5
Design of the control rods of the reactor protection system (Abagyan et al. 1991) (a) rod completely withdrawn with graphite displacer (b) situation while inserting the rod introducing positive reactivity over several seconds in the lower part of the core.

The Chernobyl accident
The course of the accident is described and commented in many places (see, for example, GRS 1996, Shteynberg 1991, Abagyan et al., 1991, USNRC 1987. Here a shortened presentation is given, which focuses on the cause of the accident. On April 25, 1986, the Chernobyl NPP Unit 4 was scheduled for a shutdown and maintenance. It was planned to carry out a test before shutting down the unit. Like all nuclear power stations, RBMK reactors need energy to cool the reactor core even after shutdown (the chain reaction is interrupted, but the decay heat, i.e. the energy from the further decay of fission products, must be dissipated). Usually the power for the residual heat removal system is drawn from the electricity grid. If, as is possible and even probable in the case of an accident, this connection is temporarily unavailable, emergency power generators (diesel generators) are put into operation. However, they need about a minute for starting up. In order to bridge the time between the loss of offsite power and connection to the emergency diesel generators, the output of the running down turbine generators should be used.
The test should confirm that this is actually possible. The experiment should start at reduced power, at between 700 and 1000 MW of thermal power (nominal power are 3200 MWth). Four of the eight main coolant pumps (six plus two reserve pumps) should remain in operation to ensure cooling of the reactor, four should be supplied by the generator connected to the running down turbine. It should be observed for how long those main coolant pumps could be supplied with power.
In attempting to reach the test conditions, the reactor power was inadvertently decreased to 30 MWth instead of the intended range. The operators decided to increase the reactor power again to be able to conduct the test. In certain accounts of the accident this is portrayed as violation of procedure, but according to (GRS 1996) an immediate re-start of the reactor in this situation would have been permissible in principle, if the ORM value were at least 30 equivalent control rods before power reduction. Shteynberg (1991) quotes the operating procedure manual, which states it is permissible to restore the power, as long as the power was not reduced below the (not clearly defined) "minimum controllable power level".
The attempt to increase the power to the planned range was not successful. The reason for this is that when the power in the reactor is reduced, more xenon is produced than is burned and there is a temporary increase in xenon. Xenon acts as a neutron poison and counteracts a power increase. Even though the ORM limit was violated again and significantly more control bars were withdrawn than planned (a breach of the operating regulations), the targeted power level could not be achieved.
The crew decided to stabilize the reactor power at 200 MWth instead and start the test from this level. In some reports, e.g. (GRS 1996, INSAG 1986, it is noted that the team in had changed the test conditions without proper consultation of the relevant departments. However, one must point out that the author of the test program, the deputy chief engineer Diatlov, was part of the team of operators at that night and present in the control room. It is, of course, a violation of procedure to modify the proposed test program ad-hoc without appropriate analysis and verification. In INSAG (1986) it was noted that a low power range for the RBMK is a particularly unstable region. However, as Shteynberg (1991) pointed out, this did not appear to be known to the designers of the reactor, nor to the operators before the accident. Furthermore INSAG (1986), and other reports referring to INSAG (1986) states that continuous operation at that power level was forbidden. Shteynberg (1991) explicitly referred to that statement as untrue, there was no such rule. Furthermore operation at house load was an event which would be automatically triggered on some occasions. House load operation at RBMK reactors corresponds to a power level of 200-300 MWth.
The range of power where the reactor was now operated was highly unstable. In addition the power distribution showed a maximum in the upper and lower regions of the reactor, instead of dropping from a maximum in the middle upwards and downwards. A reduction in the coolant density (such as steam formation) would lead to a strong increase in output, an increase in output to an accelerated reduction of Xenon and a further decrease in the coolant density and thus to a further increase in output. The power coefficient was strongly positive.
The test program was initiated. The operators had disabled the automatic shutdown signal, which would trigger a shutdown together with start of the test, in order to be able to repeat the test if something goes wrong. INSAG (1986) states "had these trips not been disabled, the insertion of the emergency rods would have terminated the transient regardless of all the other circumstances" (as turned out later this statement is wrong). Diatlov (2005) wrote, the operators had the impression that the test started as planned and that the reactor could now be shut down. Thirty seconds after the experiment was started, the chief operator, Akimov, gave the junior operator Toptunov the order to shut down the reactor. As again Shteynberg (1991) stated, up to this event, the manual shutdown, there were no processes which could have triggered the power excursion that destroyed the reactor.
In fact it was just the actuation of the emergency shutdown system (its particular design with graphite displacers at the bottom) that destroyed the reactor, and, contrary to the statement in INSAG (1986), would the system have been actuated automatically, it would have destroyed the reactor as well. The accident occurred at 1:24 and according to Shteynberg (1991) already at 0:30 the conditions in the reactor were such that a shutdown with the shutdown system was not possible anymore. As was said earlier, due to the particular design and low value of ORM, the shutdown system increased the reactor power for eight seconds, before causing a reduction. And at 200 MWth, the reactor power coefficient was strongly positive, which means that an increase in power would lead to a further increase. Those two circumstances together led to the power surge that destroyed the reactor.
A reactor power of more than 540 MWth was recorded seconds after the actuation of the system. The increase in power together with the test conditions, which in turn reduced the throughput continuously in four of the eight circulating pumps, led to increased steam formation, which in turn led to increased power. It is assumed (Shteynberg 1991) that in the lower part of the reactor the energy input in some fuel elements exceeded 320 cal / g. This quantity of energy led to an explosion of the uranium fuel pellets, which led to a destruction of the fuel rods. The coolant came into direct contact with the hot fuel particles and evaporated spontaneously, which led to a local pressure rise. The increase in pressure resulted in the destruction of the fuel channels, which led to the formation of steam in the entire reactor core and to a further power excursion. Two loud explosions subsequently shook the entire building. The heavy upper-biologic shield (see (8) in Figure 2) was raised and turned to a vertical position. The temperatures in the reactor core rose to high levels and most likely the graphite moderator ignited, a fire that could not be extinguished for several days. The radiological releases still led to excessive limits in many hundred kilometres from the accident site.

4
Conclusions and reason for the accident INSAG (1986) mainly blamed the operators for the accident. The crew operated the reactor in a dangerous power range, forbidden by operating procedures, violated numerous regulations, and the extremely unlikely combination of violations along with design weaknesses led to disaster. Within this reasoning it was only logical that Fomin, the chief engineer of Chernobyl NPP, and Diatlov, his deputy and author of the test program, were sentenced to prison. The updated report INSAG (1992) and especially the expert commission reports which are annexed to INSAG (1992) draw a completely different picture. Not only the operators, but also the designers did not know about the design weaknesses. The authorities who had to examine the design did not ask the right questions.
Before the accident, however, there were several indications of the problems of the RBMK, both with regard to the steam bubble coefficient as well as the design of the control rods and their graphite displacer (Shteynberg 1991). But the response to those warnings came to slow and in some cases the warnings were ignored right away.
After re-examination of the up-to-date accounts of the accident it seems to be safe to conclude that the accident was caused mainly by design weaknesses of the reactor, together with violations of procedures by the operators.
Important technical design weaknesses can be named: • The problematic design of the reactor control rods triggered the reactor accident in Chernobyl. • There was an unstable power range, and the designer of the reactor were not aware of it (at least at the time of design).
• The way the central parameter ORM was displayed and the lack of automatic monitoring and response to a low ORM margin.
Essential violation of rules of the crew that can be named: • The operational operating margin of the ORM (operational reactivity margin) was repeatedly not checked by the operating crew in the control room. If the relevant regulations had been complied with, the accident would not have occurred. • The operating team violated procedures by changing the test conditions on the spot and by executing the test at 200 MWth, without prior analysis. • The test program itself contained control violations which, however, would not have affected the accident sequence.
The ORM parameter, the operational reactivity margin, was not defined precisely enough by the designer. Thus, the safety relevance of the ORM rule could not be known to the operators. The "peripheral" nature of the evaluation led the operators to believe that this value was not safety-relevant. There are indications that even the designers of the RMBK reactor were not aware of the critical function of the ORM, since otherwise they would have displayed the parameter to the operators in a better way.
Coming back to the question technical or human errors a safe conclusion would be that there were components of both. Yes, there were violations of procedures by the operating crew, and yes, there were weaknesses in the technical design of the reactor. However the training and experience of the crew in the control room complied with all standards of the Soviet Union at that time (Shteynberg 1991). One important parameter (ORM value) was ignored, but by a whole team in the control room. There is no evidence that another team would have behaved differently.
The design weaknesses were certainly not known at the time the RBMK design was developed. Although there were new calculations in the years 1980 and 1985, which suggested that a completely steam-filled channel would not lead to a fading of the chain reaction, but would lead to a power excursion. However, no proper attention was paid to these calculations. There were also references to the "positive", i.e. reactivity-increasing effect of the control rods (Shteynberg 1991). It is therefore also important that there was no open technical debate on the technical weaknesses of the RBMK reactor in the Soviet Union, and that no consequences had been drawn by supervisory authorities and political authorities.
The lessons learned from the Chernobyl accident nowadays points toward the importance of operator training. While this is certainly a valuable lesson, there is another lesson to be learned. There were warnings on the design errors that did not receive proper attention. There are enough examples in Western countries where a warning of a supposed design weakness led to a lengthy review, while affected reactors remained in operation. One example is the possible deboration of the pump seal of a pressurized water reactor in the case of a small leak. There was the fear that a power excursion might occur if a deborated coolant plug could be transported into the reactor core. The investigations have finally shown that the concern was unfounded -but the reactors were still operating until clarification. A further example of a safety -critical issue that has long been discussed in the "Western" world (and is still discussed): If a severe accident occurs, are the containment sump filters clogged because of their narrow mesh width, or can the cooling water be recirculated? Here, too, the reactors were operated without waiting for the complete clarification of the question.
The general perception of the Chernobyl catastrophe is still very much oriented along the lines of INSAG (1986). Human failure together with design weaknesses is determined as the root cause. Lessons for other nuclear power plants are generally confined to underlining the important role of safety culture. Chernobyl is perceived as a problem that is limited to the RBMK reactor in the Soviet Union. In Western nuclear power plants, an accident such as in Chernobyl is unthinkable. However, it is questionable whether this distinction is fully justified. Of course, an accident will not take place in exactly the same way -but undetected faults in the technical design can lead to accidents or severe accidents in other reactor designs as well. Warnings of design weaknesses in general do not lead to a shutdown of the affected units, even in the Western industries, but are examined while the plants continue operation or are sometimes even ignored. With all the differences between RBMK reactors and Western pressurized water reactors, there are similarities that are often overlooked. Reports such as D'Auria (2005) comparing the safety level (and related interpretations) of RBMK reactors to the safety level of Western reactor concepts without classifying the western designs as significantly superior are of little concern.
Designers of reactors are humans and humans make mistakes. The computer systems that the designers of the RBMK reactors had available led them in the wrong direction regarding the behavior of the reactor in the formation of steam in the pressure tubes. The supervisory bodies were not in a position to identify these errors. There was too little or no reaction to hints that the design calculations could be faulty. The operators, after all, did not follow instructions whose meaning they did not understand. All these are reasons for a catastrophic accidents against which also Western reactors are not immune. The RBMK reactor was designed and operated by humans. In view of the complexity of this machine, mistakes have been made -and the consequences of mistakes can be severe when dealing with nuclear power plants.
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.