The San Onofre Controversy: What Should We Criticize … and What Should We Praise?

Peter M. Sandman | Jun 02, 2013


On May 16, Ken Silverstein interviewed me by telephone about the controversy over whether Southern California Edison (SCE) had withheld information about problems at its San Onofre nuclear generating station (SONGS) – problems that later led to radiation leaks that required taking the power plant offline.  I followed up with an email.  Ken’s May 17 Forbes story and my email are both online.
On May 29, Ken sent me a link to a follow-up story he had posted on EnergyBiz, and asked for further comment.  When he read the email I sent in return, he requested my okay to post it as a two-part guest column.  Part one, posted on May 30, focused on what SCE should do and on whether the issue is a “crisis” or merely a “controversy.”  This is part two.
Reading your posts on the SONGS controversy, I am impressed by a problem of “hindsight bias”: how to interpret warnings after they come true.
Decades ago I did a lot of work with manufacturing companies worried about toxic tort liability.  In particular, they were afraid of getting sued by cancer victims arguing that emissions from a neighborhood factory had caused their cancers.  One of the most depressing things I learned from my clients was that their attorneys had consistently advised them to do as little investigation as the law permitted of the carcinogenicity of their emissions.
As I wrote in a 2002 website column on “Yellow Flags: The Acid Test of Transparency”: “A chemical company, for example, wants to have nothing in its files suggesting that dimethylmeatloaf might be a carcinogen.  A chain of memos in which the company’s people debate the issue and ultimately decide, no, it’s not a carcinogen (reasoning cogently even if mistakenly) is seen as ammunition for the plaintiff; far better never to have considered the possibility.”
Now, suppose two energy companies are both planning a new power plant.  Company X asks itself “What might go wrong?”  It aggressively seeks answers to that important question – so it ends up with dozens of letters in its files from contractors and outsiders warning of possible problems.  It does its best to think through all the worst case scenarios it has solicited – so it also ends up with dozens of internal memos in its files debating the various problems it was warned about.  In some cases it initiates design changes to make a problem less likely to occur or less damaging or easier to respond to.  In other cases it decides after due consideration that a problem is unlikely to materialize, or that there’s nothing feasible to be done about it.
Company Y, by contrast, is less cautious.  It doesn’t do as much to investigate possible problems, so it doesn’t end up with as many warning letters and internal memos in its files.
Presumably, X’s power plant will be safer than Y’s, since X made some design improvements in response to warnings that Y never even considered.  But if something goes wrong at X’s power plant, there is likely to be a relevant warning in the files, leading to charges that X “ignored” the warning.  Y is in better shape to defend itself after a possible problem turns into an actual problem, because Y remained determinedly ignorant that it was a possible problem in the first place.
I’m not insisting that this analogy accurately reflects the situation at SONGS – that SCE is an “X” sort of company.  I don’t know enough to know whether SCE should be praised or excoriated.
Judging from your posts, and the quotations from various letters and memo in your posts, it sounds like SCE seriously debated the possibility that the steam generator design it was considering might cause vibrations that would erode the tubes holding radioactive fuel, and that the eroded tubes might leak radiation.  It decided this possibility wasn’t serious enough to justify a redesign that looked like it wasn’t going to be an easy fix.  It also decided that the problem wasn’t serious enough to require an explicit heads-up to the Nuclear Regulatory Commission.
Both of these decisions – not to redesign the steam generators and not to tell the NRC – deserve to be second-guessed.  But the right question isn’t whether the two decisions were correct.  Obviously they were incorrect.  The tubes eroded and radiation leaked and SONGS got shut down.  SCE would presumably have saved a lot of money if it had insisted on a redesign.  And it would presumably be in better shape today if it had told the NRC, regardless of whether the NRC responded by requiring additional public hearings or not, and regardless of whether the NRC ended up okaying the original design or forcing a redesign.
In hindsight, obviously, SCE made two wrong calls.
Still open in my mind is whether the two wrong calls were sensible and legal at the time, without benefit of hindsight.  I’m not saying they were; I don’t know.  But surely the mere fact that a decision turned out incorrect doesn’t prove it was scandalous or incompetent or illegal.
And even if we conclude that we are right to criticize SCE for deciding not to redesign the steam generators and not to tell the NRC, let’s try not to criticize it for finding out there was a possible vibration problem and debating that possibility seriously.  The existence in the company’s files of warnings and an internal debate proves only that it did decent due diligence.
Of course none of this justifies being less than candid after the vibration problem surfaced.  I haven’t looked carefully at exactly what SCE said when.  But if SCE executives told Congress and the media that the company was never warned about the problem, then obviously they were either mistaken or lying.  That’s the evidence of the recently released letters.
They would have been far wiser if they had shown everyone the warning letters, explained how and why they decided not to redesign and not to tell the NRC, and then wished aloud that they had decided differently.  If they made some honest wrong calls back in 2004 and 2005, they should have said so.
I’m fine with criticizing (and perhaps even prosecuting) SCE for misleading everyone about those warnings, if that’s what it did.  But I don’t know whether it’s fair or not to criticize SCE for deciding in the first place that the warnings didn’t justify a redesign or a call to the NRC.  And I’m pretty certain it’s terribly unfair – and terribly unwise – to criticize SCE for having warnings in its files about possible problems it decided not to fix.
As a society, we want companies to think about all the things that might go wrong, but we don’t want companies to feel they must fix all the things they think about.  That means sometimes something will go wrong that a company thought about and didn’t fix.  If that in itself becomes punishable – legally punishable or reputationally punishable – we will have fewer companies like X and more like Y … and more things will go wrong.
Peter M. Sandman is a risk communication consultant based in New York City, with more than 40 years consulting for companies, governments, and others facing controversies and crises.  For more on his approach, see his risk communication website, especially the section on what he calls “outrage management.”

Related Topics


Bye Bye San Onofre..

Victory at last, Victory at last, Great God Almighty, Victory at last! 

Flawed unsafe San Onofre will be decommissioned, not restarted!

Sandman Responds to "Near Miss" Letter

I am unqualified to judge how bad what might have happened at SONGS would have been, or how close it came to happening, or whether SCE and the NRC should have realized they were (or might be) skirting the edge of disaster.  These are all technical questions, and I’m a risk communication expert.  There are people with technical expertise far surpassing mine on both sides of these questions.  I can’t even tell who’s unbiased (if anyone), much less who’s right.
I’m similarly unqualified to assess the competing claims of technically savvy people regarding what happened, what nearly happened, and what might still happen at Fukushima.
But the concept of a “near miss” is more a risk communication concept than a technical concept.  (If there are technical criteria for “how near is too near,” I haven’t seen them.)  And I am very familiar with what I sometimes call “the near miss paradox.”
Any time a disaster might have happened but doesn’t, it’s debatable whether the near miss demonstrates how effective the safeguards are or how too-close-for-comfort insufficient they are.  Proponents of the technology that didn’t run amok but might have argue that the near miss proves the technology’s resilience; opponents argue that it proves the technology’s unacceptable dangerousness.
Anyone who has raised a family is all-too-familiar with the claim our children endlessly make that “nothing bad happened” when they threw a ball in the living room or rode their bikes into the dangerous part of town or whatever.  We know the adult answer is that bad things could have happened, and relying on continued good luck is foolish.
On the other hand, imagine a child who repeated the behavior we thought was dangerous millions of times, and nothing bad ever happened.  Eventually wouldn’t we be forced to concede that the kid was right, that the feared outcome was less likely than we’d thought, that the “near miss” wasn’t so near after all?
Smart proponents don’t claim that the nuclear power industry never makes mistakes.  Instead, they claim that nuclear systems are designed with “defense in depth”; when one precaution fails a backup protects us, or a backup to the backup.  If there are five precautions, each with an individually unacceptable one percent failure rate, the odds of all five failing simultaneously are .01 x .01 x .01 x .01 x .01, a very low probability that we might decide to accept.  The more nuclear “near misses” the anti-nuclear movement points too, the more sensible this industry rebuttal begins to sound – unless, of course, all five precautions work on the same power source or are located in the same flood-prone building.
Smart proponents, in other words, claim that nuclear power technology is literally foolproof.  So the evidence that it is sometimes in the hands of fools isn’t as damning as it seems to the rest of us.
The paradox in a nutshell: The nuclear industry keeps doing idiotic things – at least things that look idiotic in hindsight – and keeps getting away with it.  Dumb luck that is due to run out any time now?  Or defense in depth that’s working?
I was on the staff of the Kemeny Commission that investigated the 1979 Three Mile Island accident.  In the midst of the crisis, when many things were going wrong, Metropolitan Edison had put out a news release claiming that the plant was “cooling according to design.”  So I asked Blaine Fabian, the utility’s PR director, how he could justify having made such a statement.  Nuclear plants are designed to survive a serious accident, he explained.  They are designed to protect the public even though many things are going wrong.  So even though many things were going wrong at TMI, the plant was, nonetheless, “cooling according to design.”  (See my article on Three Mile Island – 25 Years Later.)
The “cooling according to design” claim came across as dishonest, and certainly contributed to the meltdown of MetEd’s credibility.  It was horrible risk communication.  Still, Fabian had a point.  Despite design flaws and operational errors at Three Mile Island, public health and safety were protected.
What about Chernobyl and Fukushima?  Nuclear proponents say Chernobyl doesn’t count because the Soviet Union was basically a developing country and its nuclear plants lacked basic safeguards.  They say Fukushima counts as a success story, not as a disaster: Under unprecedentedly awful conditions, plant operators still managed to keep control; nobody died; and surprisingly little radiation was released.  The tsunami was a disaster and arguably so was the evacuation, they say, but what actually happened technically wasn’t.  Opponents, of course, tell a very different story.
At a minimum, Three Mile Island, Chernobyl, and Fukushima were all economic and reputational disasters.  Defense in depth did not successfully defend the industry itself.
After any indisputable disaster – Bhopal, say – it is almost always possible to find pre-disaster statements from the responsible industry that the disaster that later happened couldn’t happen, and that prior near-misses demonstrated exactly that.  For any high-magnitude low-probability risk, it’s possible to point to the risk’s non-occurrence and especially to near misses as evidence that it can’t happen … until it happens.  That’s the folk wisdom behind the public’s inclination to see industrial near misses as warnings.
But what’s really going on with near misses, I think, isn’t risk assessment (of the folk type or the quantitative type).  It’s perceptual distortion – in both directions.
In our own lives, as risk perception experts have long documented, we typically do what the nuclear industry is doing: We see the fact that nothing bad has happened yet, even when we skated near the edge, as evidence of our invulnerability.  When I endanger myself and nothing bad happens, I habituate to the risk (familiarity breeds contempt) and tend to feel safe in my risk-taking.  This is a well-known risk communication problem; companies often hire me to help them convince their employees that they shouldn’t ignore safety rules on the grounds that they have done so for years without an accident.
But when a third party (especially a corporate third party) endangers me and nothing bad happens, I tend to see that near miss as a warning.
Both tendencies are cognitive/affective risk perception distortions, not sound risk assessments.  I see my own near misses as evidence that I’m safe, and your near misses as evidence that I’m at risk.
Add to this perceptual distortion the additional distorting effect of self-interest (the nuclear industry has a financial stake in seeing near misses as proof of safety) and ideology (the anti-nuclear movement has a political stake in seeing near misses as proof of danger), and you begin to see what a can of worms the “near miss” concept really is.

CaptD's Reply To Mr. Sandman's Reply

If you watch this excellent Seminar that occurred earlier this week in San Diego, CA you will see four highly qualified speakers, three of which are nuclear experts, explain why the Risk of a Nuclear Disaster is unlike any other Risk known to man.  Why, because it can bring down a Countries Economy or worse, and last many for generations, plus the waste that is created by operating nuclear reactors has created a long term storage situation that will cost maniknd an unknown amount of money per year to deal with forever...!

Fukushima proved that a nuclear accident that was calculated to only occur once in a thousand years could occur not once but multiple times over the course of several days, as Fukushima's reactors melted down one after the other!  The effect of that, according to Former PM Kan of Japan (one of the four speakers) was that he almost had to order the evacuation of Tokyo along with its millions of residents forever!  That is why he not only does not support using nuclear power any longer but is now working to insure that a Fukushima-type accident never happens again - Anywhere on Earth!

☢ Seminar About Fukushima's effect on Japan, USA and the World

 - Jun 6, 2013 - 8:50 AM

Recent Seminar in San Diego, CA (in English & Japanese) about Fukushima, Lessons Learned for California and the rest of US...

Lessons for California from Gregory Jaczko, Former Chairman of the Nuclear Regulatory Commission

+ Former Japanese PM Kan and two others...

Well worth your time to watch!

Thank you to those who organized this excellent event!

Risky Business But Not For Utilities Who Only Profit

       Highway Billboard

Mr. Sandman

Lets talk about Nuclear Risk.  We all know what risks those that live near a nuclear disaster face, but what risks do the Utilities that own them face?  In Japan, TEPCO’s share prices dropped but the Japanese Government bailed them out, so it is now business as usual for them as they still remain in charge of the Fukushima debacle and will generate huge profits from the decommissioning cleanup which is expected to take 40+ years or quite possibly much longer.  If something similar had happened at San Onofre on 01/31/12, under US law, the Price Anderson Act which only has about 12 billion dollars dedicated would have completely shielded SCE and its parent Company Edison International (EIX) from being held responsible, with the US Government being held responsible for all the rest of the damages caused, which in these tough economic times is not very reassuring to the 8 million residents that live nearby, since the southern California oceanfront property alone, is worth well over a trillion dollars!  Note: Any and all damages from radiation is excluded from all insurance policies that I know of.

As someone with scientific training, who has followed Fukushima’s multiple meltdowns which includes radioactive releases that unfortunately still continue to this day, I realize that its ongoing pollution is still spreading and not just in Japan but globally.  I suggest that this recently revised paper will help readers understand the scope of what has happened in Japan:

 Modelling the global atmospheric transport and deposition of radionuclides from the Fukushima Dai-ichi nuclear accident  by T. Christoudias1 and J. Lelieveld 

I’d like to suggest that nuclear power and its associated risk of a nuclear incident and/or an nuclear accident, poses a special concern to mankind that sets it apart from all the other daily risks we normally face.

With the above in mind, what happened at San Onofre is nothing less than either a nuclear near-miss, namely a highly radioactive reactor core coolant leak to the atmosphere, caused by a defective design, that occurred at the most opportune time (like getting a flat in front of a tire shop instead of on a dark rainy night on a narrow downhill mountain road) or a wakeup call for the entire Nuclear Industry (and all those that regulate them) or both!


Some of the many questions being asked about the design and regulatory process that resulted in approving these unsafe Replacement Steam Generators that if we were not just lucky, could have caused a nuclear accident in California instead of a nuclear near-miss:

1. According to some News Paper Comments and Industry Reports in 2004, the going price for each 620 Ton CE Replacement Steam Generator was estimated between 200-250 Million Dollars (Per Piece). How did SCE CNO/President in 2004 convince MHI to build four (4) such large complicated and premium generators for only 569 million dollars, which is almost 230 million dollars short of their market price and funds approved by the CPCU? 

2. Since MHI had experience building only Fort Calhoun Generators of less than 300 tons, how did the SCE and the NRC Technically Qualify MHI?

3. Which other utilities’ QA Program, did SCE use to approve Mitsubishi’s quality assurance program. Fort Calhoun? French? Belgium? Japan?

4. Why did SCE not apply to NRC for increasing the plugging limit for Old CE Generators, so this they could have had allowed more time to think, research and not rush according to Michael Peevey, current CPUC Chairman and Ex-Nuclear Utility Executive, who exclaimed when he saw the RSG, they look different inside?

5. Which CE Replacement Generator US Utilities did SCE benchmark to develop such detailed design and performance specifications or did they just modify the CE OSG Specifications with New Industry Information?  Were the licensed engineers, who wrote, checked and approved SCE’s specifications steam generator experts or was a steam generator expert hiding in the background, who directed all the work but kept his name off the documents?

6. Where did all the public claims of challenges, reward, innovations and teamwork between SCE and MHI go wrong?

7. Were the SCE Engineers sent to Japan to check MHI’s work and approve documents/test results qualified in that field, or were they there as trainees to do some company sponsored sight-seeing?

8. Who specifically at SCE made the decisions to certify all these numerous design changes and determined the changes were “Like for Like” and did not require a CFR 50.59 Licensing Amendment Process?

9. Which SCE Engineer(s) approved/validated the MHI Thermal-Hydraulic FIT-IIIFIVATS Code Inputs and Calculations?

10. Which licensed SCE Engineer(s) furnished all these changes, information/documents to which NRC Engineers, who agreed that it was OK to proceed without a CFR 50.59 Licensing Amendment Process?

11. To get 10% heat transfer equivalent by switching from Alloy 600 To alloy 690, SCE needed to add 935 tubes, but they only added 377 tubes. What happened to the balance of 568 tubes? Were the length of 9727 tubes increased and by how much to make up for the 533 tubes? Hint: The average tube length was increased by over 50 inches!

12. Why did the SCE Engineers did not question the MHI benchmarking, verification and validation of the FIT-III thermal-hydraulic model?

13. How come the SCE engineers did not contact their counter parts at PVNGS (of which, SCE is a part owner) for information/advice, since PVNGS has the Largest CE Replacement Generators (800 Tons) in the world, were built during 2001-2005 and are still operating successfully?

14. Were the OLD CE Steam Generators and new replacement generators exact in Thermal Output (MWe) or were there power differences due to being uprated that caused what the NRC referred to as "unprecedented damage"?

In summation, there are numerous questions that still remain to be answered by both SCE and the NRC, all of which will help us understand how this nuclear near miss occurred and hopefully insure that it never ever happens again.  Using San Onofre as an example, it has become painfully obvious that the NRC and specifically NRC Region IV have allowed the Utility to lead them down a dangerous operational path, one that the public now realizes is totally unsafe!  The associated dangers of any restart have been well documented by Ex-NRC Senior employees, Utility whistle blowers, nuclear experts from both inside and outside the USA, along with a huge number of knowledgeable public organizations, that have even employed their own experts to double check what the NRC is saying about what the Utility is proposing!  You have only to search the ADAM database and you will find a mountain of technical articles that describe in detail what is going on at San Onofre; is anyone at the NRC even reading these and or responding to their authors?  If the NRC really wants public input, then they should not only provide specific data so knowledgeable experts can review it, but then the NRC needs to actually consider what these outside experts say by responding to them about the concerns they have raised!  To many, the only real surprise will be to find out if anyone at the NRC will take the responsibility to tell SCE that San Onofre needs to be decommissioned now!


Sadly this decision is now moving beyond being based upon acceptable engineering design principles and has entered the political arena with the nuclear industry making use their considerable political influence!  This should be ringing NRC alarm bells; because it is exactly what lead to Fukushima's Trillion Dollar Eco-Disaster, because the Japanese regulatory agency allowed themselves to be "bullied" into making poor decisions regarding safety, by both the very Industry they were regulating and their Utilities political supporters!

San Onofre has now become the "poster boy" for how not to regulate and/or operate a nuclear power generating station.  What is needed now is to form a high level working group, (with a few Non-industry Experts) and use San Onofre as a test case to better understand how the NRC allowed itself to get so deeply involved in defending the very Utility it is supposed to be regulating, said another way the NRC needs to rethink how they do business!  Right now, the NRC is working along side Edison and MHI to try and re-engineer Edison's damaged RSG; how can there be an impartial technical review process, when the NRC has their own experts working with SCE and MHI?

  Nuclear energy is BIG business and it is up to the NRC to insure that it is not only run safely but in such a way that any nuclear incident and/or nuclear accident is unacceptable because the risk of one or more Trillion Dollar Eco-Disaster would destroy our great Country for generations, just like Fukushima is doing in Northern Japan!

Note: Some of the above was posted on the NRC’s website: - comment-105173