The only fatal reactor accident in the United States occurred on January 3, 1961, when an Army prototype known as SL-1 (for stationary, low power reactor, unit 1) exploded, killing the 3 operators who were present. We’ll use the SL-1 tragedy as an example of how the Cause Mapping process can be applied to a specific incident. A thorough root cause analysis built as a Cause Map can capture all of the causes in a simple, intuitive format that fits on one page.
The SL-1 tragedy killed the three operators present, which is an impact to the safety goal. Another goal is that there be no damage to the vessel. In the case of SL-1, the vessel sustained extensive damage.
The loss of life and vessel damage were both caused by the reactor exploding. The reactor exploded because it went prompt critical (an uncontrollable, exponentially increasing fission reaction). The reactor went prompt critical because withdrawal of the central rod can cause prompt criticality and because the rod was rapidly, manually lifted 26.4″ out of the core.
Withdrawal of the central rod can cause prompt criticality due to a lack of shutdown margin in the core, and inadequate safety criteria.
Because most of the evidence was so effectively destroyed, nobody really knows why the control rod was lifted out of the core. There are two theories (disregarding the bizarre and improbable murder/suicide theory): 1) the control rod got stuck while being lifted to be attached to the drive mechanism, and, as the operator was exerting greater force on it, suddenly came free, resulting in a lift far greater than intended, or that an rod drop testing/exercising was performed improperly.
The control rod may have become stuck and came free while being attached because it was required to be lifted 4″ out of the core and because control rods had been sticking. The control rods had been sticking for one or more of the following reasons: 1) reduced clearances due to radiation damage (which can cause structural material to swell), 2) the passage was blocked due to loss of poison strips in the channel, caused by poor design and inadequate testing, or 3) lifting equipment not working properly due to inadequate lifting capacity of the lifting equipment.
It’s also possible that an exercising/testing was potentially improperly performed. This could have occurred because the operators chose to exercise/test the rods, attempting to ensure that they would perform properly, and because they didn’t realize what would happen. This is because of inadequate training and inadequate work instructions. The testing was also potentially done improperly due to inadequate work instructions.
On a positive note, the SL-1 incident did initiate some positive changes in the nuclear industry. Most notably, reactor design has improved and incorporated a “one-rod stuck” criteria which specifies that a reactor can NOT go critical by the removal of any one control rod. Additionally, procedures and training have gotten more intense and more formal, and planning for emergencies has increased.