Better control design may mean fewer nuclear accidents
Since the accident at the Three Mile Island nuclear power plant, it has become widely recognized that the control rooms of commercial nuclear reactors are poorly designed.
During the accident the operators made a number of mistakes later traced to the confusing array of warning lights, valves, switches, and gauges that adorn the walls of most reactor control rooms.
This new awareness has led to a dramatic increase in both government and industry efforts to apply what is called "human factors research" to the design of nuclear power plant control rooms.
(Human factors research began about 20 years ago in the aerospace industry as part of efforts to increase aviation safety. It is the systematic study of ways to organize controls to keep human errors to a minimum.)
The latest manifestation of this activity is a handbook prepared by two Sandia Laboratories researchers, A. D. Swain and Henry E. Guttmann, for the Nuclear Regulatory Commission (NRC). The handbook lays out methods for evaluating the reliability of human operators in nuclear power plants and suggests a number of ways to keep errors to a minimum.
According to Dr. Swain, many of the changes that could substantially reduce the probability of human error "can be made easily and inexpensively on existing plants and designed into new plants by paying special attention to control panel layouts, written procedures, and work schedules."
Other human-factors experts who have studied the problem generally agree that a great deal of improvement can be made, although they do not necessarily agree that the upgrading would be easy or inexpensive.
"It's just a guess, but I think human errors can be reduced by as much as 50 percent," says John O'Brien, one of the two human-factors experts at the Electric Power Research Institute.
The recommendations in the Sandia handbook mirror those made in a spate of post-TMI reports.
According to the coauthor, Dr. Guttman, these include:
* Putting the legends on various gauges and valves in plain English rather than in cryptic engineering shorthand.
* Organizing controls around a flow diagram of the plant. That is, if a series of valves lies along a single pipe, then the pipe would be diagrammed on the wall of the control room and the controls for each would be placed in the same order as the valves.
* Putting gauges in physical proximity to the switches that effect them so that operators can see the result of operations at the time that they make them.
* Better writing of procedures. "Procedures are written in a garbled way and assume the operator knows a great deal about the system," says Dr. Guttmann.
* Use of status checklists on each shift. When a new shift comes on duty there is no formal procedure, like a pilot's checklist, that ensures the new crew is completely informed about the status of all the systems.
* Improving the annunciator system. Reactor control rooms have hundreds of labeled plastic indicators called annunciators which light up when there is a problem. Even on minor mishaps dozens of these lights can begin blinking. When this happens, operators normally hit a switch that stops the blinking. Although the light remains on, there are typically 20 to 30 of the annunciators that are on for routine reasons. So, if the operator is interrupted, it is easy for him to overlook some of the problems. The Sandia researchers suggest that the annunciators be rigged so that they begin blinking again if no corrective action is taken within a set period of time.
"Making changes of this sort can reduce the probability that operators can make specific mistakes by 2 to 10 times," says Dr. Guttmann, although he cautions that these figures are "very soft."
Within the next few months, reactor operators will begin a year-long review of their control room design mandated by the NRC. At the end of this time they are expected to come up with specific plans for upgrading their control rooms. Some utilities already have begun this process on their own.
In the future, human-factors experts believe increased reliance on computer-controlled video displays holds considerable promise for reducing control room confusion. General Electric and some of the other reactor vendors have been experimenting with this approach for some time.
These advanced displays have the advantage of flexibility. But they have the disadvantage of not showing the status of all systems continuously. Also, NRC experts who have studied them worry what will happen if the computer goes out.
"I think this is the right direction to move, but I don't think anyone is doing it correctly yet," Mr. O'Brien says.