Sage Journals: Discover world-class research

Abstract

The threat of global climate change has pushed governments around the world to consider alternative energy sources, including nuclear energy. As the interest in nuclear power increases, serious discussions on safety must resume before moving forward. There is no better time than now, the twenty-fifth anniversary of Chernobyl, to revisit the causes of the worst civilian nuclear disaster in history in an attempt to prevent future accidents. The author reviews initial reports that accused operators of violating instructions, but also looks at evidence that surfaced in the early 1990s, which suggested that the reactor design, combined with a lack of information sharing, were to blame for the explosion. While it is imperative to address human error, design flaws, and communication failures, the author argues that organizational characteristics of the Soviet nuclear power sector deserve more attention by scholars and policy makers. Chernobyl was not a disaster waiting to happen, the author writes, but occurred despite ongoing efforts to improve technical design, operator training, and inter-organizational communication. Chernobyl, in this interpretation, illuminates that what the nuclear industry considers “safe enough” is always linked to specific historical periods, cultural settings, and institutional arrangements, and that even the best efforts to ensure nuclear safety may not be good enough.

Keywords

Chernobyl nuclear industry nuclear safety organizations RBMK safety culture Soviet Union

After more than two decades of detailed study, scientists of all stripes have begun to better understand the health and environmental impacts of Chernobyl. Despite these findings, there remains much to be investigated, clarified, and even publicized.¹ Equally significant as research on the consequences of Chernobyl, however, is the continued exploration of the causes that led to the disaster. And in the context of a potential resurgence of nuclear power as one possible response to global climate change, the twenty-fifth anniversary of Chernobyl provides an opportunity to revisit these causes—and to reflect on ways to prevent a future disaster of such scale.²

The organizational aspect of the Chernobyl disaster particularly deserves more attention by scholars and policy makers.³ Human error, problematic design features, and communication failures—all of which led to Chernobyl becoming the worst accident in the civilian nuclear industry—are likely to persist despite the industry’s attempt to design safer and more proliferation-resistant reactors, as well as its effort to increase system automation to minimize human error. But the institutions that operate, regulate, and evaluate a nuclear industry are critical. International experience shows that there are different ways to run a nuclear industry, but we are still mostly in the dark when it comes to understanding what works, what doesn’t, and why.⁴

Background

It is important to contextualize the Soviet Union’s nuclear industry to understand the causes that led to Chernobyl. On April 26, when reactor number four at the Chernobyl nuclear power plant exploded, the logic of Cold War competition prevailed: Nuclear affairs equaled state secrets. Setbacks or accidents related to nuclear issues were routinely classified, even when they involved public health; only successful accomplishments were announced. True, just one year earlier, new Soviet leader Mikhail Gorbachev had come to power, promising to restructure the country’s ramshackle economy and establish a new culture of openness and transparency. The Russian words perestroika and glasnost entered the global vocabulary, as Gorbachev inspired people around the world. Despite this, Chernobyl went unreported for days, even as Soviet scientists realized the gravity of the situation and government officials moved to evacuate the plant’s satellite town. It wasn’t until two days after the explosion, on April 28—when the radioactive cloud drifting from the destroyed reactor set off Swedish radiation detectors—that Soviet television made an announcement: “An accident has occurred at the Chernobyl nuclear power plant and one of the reactors has been damaged. Measures are being taken to deal with the consequences of the accident. Aid is being given to those affected; a government commission has been created.”⁵

Fast forward to August of the same year: The Soviet Union dispatched a delegation headed by academician Valerii Legasov to a post-accident review meeting at the International Atomic Energy Agency (IAEA) in Vienna.⁶ Their statements revealed more details about the Soviet nuclear industry than had ever been disclosed before, which did not fail to impress the international community. At the same time, the delegates delivered a clear verdict: The plant managers had failed to enforce proper discipline among their staff, and the workers on duty in the control room had violated operating instructions. Based on this testimony, the International Nuclear Safety Advisory Group (INSAG), a panel assisting the director general of the IAEA, concluded that the reactor operators were to blame for the accident.⁷ The human error version was reinforced a year later, when six individuals, including the former plant director, were sentenced to long prison terms.⁸

At the same time, however, Soviet nuclear specialists knew (and foreign reactor experts suspected) that there was more to the accident than an “unauthorized experiment” and “operator error.” With Gorbachev’s glasnost policies gradually taking effect, newly emboldened Soviet media started publishing accounts that blamed the reactor design itself. In February 1990, the Soviet agency supervising nuclear plant safety, Gospromatomnadzor, appointed a commission under Nikolai Shteinberg, an experienced nuclear specialist from the Chernobyl plant, to re-evaluate the disaster.⁹ This report came out in 1991, the same year another report was published by a group of renowned experts from science and industry under Armen Abagian, the head of the All-Russian Research Institute for Nuclear Power Plant Operation (VNIIAES).¹⁰ The evidence presented in these two reports prompted the IAEA to revise its findings. The result, “INSAG-7: The Chernobyl Accident: Updating of INSAG-1” (which included a translation of the two Soviet reports), shifted the blame from operator error to specific reactor features, in particular the control rod design.

Designing reactors

The RBMK (Russian acronym for “high power, channel-type reactor”) was the brainchild of Savelii Feinberg, a physicist at the country’s leading nuclear research center, the Kurchatov Institute (Goncharov, 2001; Karpan, 2005; Sidorenko, 2003). Nikolai Dollezhal, a decorated engineer who had devised the plutonium producing reactor for the first Soviet atomic bomb, developed the technical design. The RBMK was based on a long tradition of light water-cooled, graphite moderated reactors. Already in the early 1950s, engineers had started modifying the basic model used for military purposes. For example, the Siberian Nuclear Power Plant, a secret facility launched near Tomsk in 1958, was a classic dual-use design: First and foremost, the plant generated weapons-grade plutonium, and electricity was merely a by-product. But a few graphite moderated reactors produced electricity only: In 1954, the Obninsk Nuclear Power Plant started operation near Moscow, becoming the world’s first nuclear power plant, and in 1964, the first industrial-scale graphite moderated reactor went online at Beloiarsk Nuclear Power Station in the Urals. These reactors were quite small (a symbolic 5 megawatt at Obninsk, and 100 megawatt at Beloiarsk), and their contribution to the country’s massive electricity generation plans remained negligible. But when Dollezhal’s engineers proposed a 1,000 megawatt giant, economic planners listened. After a brief review period, they selected the RBMK design for standardization and mass production, alongside the VVER, a pressurized light-water design that were used in submarines, icebreakers, and at a power plant in southern Russia (Novo-Voronezh).¹¹

Among the advantages of the RBMK was its relatively simple assembly—in contrast to the VVER, which had an expensive pressure vessel and involved sophisticated factory manufacturing. Furthermore, the operating experience acquired earlier at graphite moderated reactors (the RBMK’s military predecessors) guaranteed the availability of an initial cohort of skilled operators and a well-established supply industry. The first RBMK at Sosnovy Bor, near Leningrad, went critical in September 1973—and, up until the Chernobyl disaster, 14 RBMKs followed suit, operating near Kursk, Smolensk, Chernobyl, and in Lithuania. Built after the first Soviet nuclear power plant safety regulations took effect, reactor number four at Chernobyl reached criticality in 1983; it represented an advanced version of the original RBMK design and featured several important safety improvements.¹²

One of the most prominent Soviet nuclear scientists, Anatolii Aleksandrov, endorsed the RBMK from the start. Aleksandrov had been a close collaborator of Igor Kurchatov, the “father” of the Soviet atomic bomb, important public scientist, and director of the country’s leading nuclear research institution. Aleksandrov succeeded Kurchatov as director of the Institute of Atomic Energy in 1960, and in 1975 he was elected president of the Soviet Academy of Sciences. He also chaired the Interdepartmental Technical Council (MVTS), the single most powerful decision-making body for Soviet nuclear energy policy.¹³ Aleksandrov was later criticized for simultaneously holding too many leadership positions at the time of the Chernobyl disaster.¹⁴ More importantly, Aleksandrov was accused of ignoring complaints about operational problems with RBMKs while he was head of MVTS.¹⁵

After Chernobyl, critics of the RBMK-type reactor specifically condemned the design of its control rods, which were intended to increase the reactor’s economic performance. Evidence showed that this particular design made it much more difficult to handle the reactor at low power levels—that is, at critical moments right after start-up and especially before shut-down.¹⁶ When the control rods were extracted too far, their re-insertion into the core, under certain conditions, could cause an initial surge in power, before shutting down the reactor.¹⁷ In April 1986, this design feature (in conjunction with atypical core conditions and operating errors) may have turned a normal “scram”—a rapid shut-down of the reactor—into a catastrophe (Diatlov, 2003; Karpan, 2005; Sidorenko, 2003).

Organizing knowledge

None of these problems were completely new, however, or unknown to Soviet nuclear scientists. The physicists at the Kurchatov Institute, who provided scientific support for the RBMK, and the engineers at the Research and Development Institute of Power Engineering (NIKIET), who designed it, understood the nature of graphite moderated reactors well, and at least some of them also knew about the potential danger of improperly operating the RBMK’s control rods (Asmolov et al., 2004; Sidorenko, 2002). A brief flash in reactivity had been observed in the first RBMK units at Leningrad, where it triggered an incident in 1975 in which one channel was destroyed and about 30 others (out of 211) were damaged.¹⁸ So why did they not act upon this knowledge and modify the design, or at least alert the operators? During the internal post-Chernobyl investigation, Soviet reactor designers acknowledged that they had considered it virtually impossible for an unstable core to ever combine with operating violations in a way that would destroy the reactor—that is, even in the highly unlikely event that the technology failed, there were still instructions to follow that would rectify any hazardous situation. Unimpressed, the Central Committee of the Communist Party, the Soviet Union’s highest government body, fired several leading scientists, engineers, and managers.¹⁹ But the assumption that such an accident would simply not occur was to some extent reasonable: It was grounded in the sense of duty, discipline, and secrecy that the reactor designers took for granted.

Reactor designers worked for the secret Ministry of Medium Machine Building (Minsredmash), an organization that its employees fondly remember as a “state within the state.” Created in 1953 as successor to the First Main Department, the organization responsible for the first Soviet nuclear weapon, Minsredmash was run by veterans of the Soviet atomic bomb project. This ministry combined science, government, and intelligence in systematic form to develop and grow the country’s nuclear arsenal, and it oversaw the myriad enterprises comprising the gigantic nuclear complex (Holloway, 1994; Nasonov, 1998). Minsredmash was a place of dedicated commitment to nuclear deterrence and the source of extraordinary camaraderie. In addition to extreme levels of secrecy, strict rules and personal accountability governed its internal operations. But nuclear power plants were hybrid organisms: Though affiliated with the nuclear complex, they also belonged to the country’s dynamic, competitive power industry. By 1986, the Ministry for Energy and Electrification (Minenergo) operated most of the country’s nuclear plants.²⁰ This civilian agency was accountable not to the KGB, but to the Planning Commission (Gosplan), the Soviet economy’s principal coordinating agency, and its priority was not national security but economic productivity. Executives focused on meeting ambitious production targets and on fulfilling “the plan”; their recruitment strategies reflected the needs of a rapidly growing industry.

When Minsredmash transferred the management and operation of nuclear plants to Minenergo in 1966, nuclear scientists and engineers settled into the role of technology supplier, start-up supervisor, and creator of rules and regulations. These scientists and engineers left routine operations to plant managers, while keeping control over the processes they considered too sensitive to relinquish. But for the Soviet nuclear industry, 1966 marked only the beginning of a long process of continuous re-evaluation and re-organization—not exactly what one would expect in a rigid command-administrative economy, and during a period later referred to as “stagnation.” This constant restructuring indicates changes in the understanding of nuclear safety (prompted by increasing international cooperation), and it suggests ongoing discussions about adequate operator training and about what degree of secrecy was necessary in the civilian nuclear power industry.

Socio-technical systems

The growing number of specialized organizations in the Soviet nuclear industry was a sign of its professionalization, but this process sometimes differed from that in the West. A nuclear power plant combines human agency and technical operations to form a complex, entangled socio-technical system. Actual operating experience and specific political, economic, and cultural contexts determine how the parts of this system get weighed and what kinds of interactions are allowed. In the United States, for example, recurring incidents of human error in nuclear plants led to increased automation.²¹ In the Soviet Union, by contrast, encounters with highly unreliable instrumentation at the first nuclear installations led to drastic improvements in the training of nuclear experts and a deliberate increase in the reliance on human expertise, experience, and intuition in the control room. When nuclear plants multiplied and the practice of diligent on-the-job training became difficult to maintain, new organizational mechanisms were created to ensure that specialists from other plants, senior colleagues, and experts from research, design, and regulatory institutes assisted reactor operators, especially during difficult transitory periods (such as start-up and scheduled shut-downs). In addition, operating procedures were codified in substantial instruction manuals, and operators had to pass rigorous re-certification exams, the results of which directly affected their salaries. In other words, Soviet nuclear plant employees were given responsible positions, but they also received incentives, support, and monitoring.

When problems with the control rods first came to light, the RBMK’s designers reacted by modifying operating instructions for control room staff—that is, they revised regulations and insisted that instructions be followed to the letter. They never explained to the operators why this was important, or what might happen if these rules were ignored or bent.²² They also did not modify the physical design until after Chernobyl (Anisinov, 1994; Nadezhdina, 1996). In other words, they tried to fix a socio-technical system by addressing neither the social (operator expertise) nor the technical (the design specifications). Instead, they focused on the organizational mechanisms that governed the interaction between man and machine.²³ Again, this was not an illegitimate move per se, but it reflected norms and routines rooted in the specific institutional traditions of the secret nuclear weapons complex. These norms and routines, however, did not transfer easily to a different organizational culture (Schmid, 2008).

From today’s standpoint it seems obvious that if human operators were key to the safe operation of the RBMK, they needed to have access to all information, including that pertaining to problems and accidents. Alas, the Cold War made tight information control seem not only necessary but also reasonable—especially where nuclear materials were involved. Fear of espionage and sabotage influenced the decisions about how much knowledge, and what kind of knowledge, reactor designers were willing to share with reactor operators. Profound differences in organizational culture, like those between Minenergo and Minsredmash, were taken too lightly in the pre-Chernobyl Soviet nuclear industry, and they are still being underestimated today in other parts of the world.²⁴

Communicating organizations

In a short foreword to INSAG-7 (1992), Hans Blix, then the IAEA’s director general, bemoaned flaws in the Soviet nuclear industry’s communication, training, and organization: “the lack of feedback of operating experience and the inadequacy of communication between designers, engineers, manufacturers, constructors, operators and regulators … , coupled with a lack of clear lines of responsibility, were critical factors in the events leading up to the Chernobyl accident. … the lessons from the Three Mile Island accident had not been acted upon in the USSR: in particular, the importance of systematic evaluation of operating experience; the need to strengthen the on-site technical and management capability, including improved operator training; and the importance of the man-machine interface.”²⁵ Blix’s account represents a tendency to blame organizational problems, including those of operator training, industrial management, and inter-agency cooperation, on the character of the Soviet system. During and after the disintegration of the Soviet Union, Western and Soviet experts castigated the repressive nature of the Soviet police state, the exaggerated secrecy in the nuclear sector, and the absence of a free press that could have provided a forum for whistleblowers (for example, Josephson, 1991; Medvedev, 1989).

In the light of a closer historical analysis of the Soviet nuclear industry, however, a much more disconcerting interpretation becomes possible: Soviet nuclear specialists had in fact set up a tremendously sophisticated system, and they worked tirelessly to improve technology, training, and management. They did evaluate feedback, they did react to accidents (including Three Mile Island), and they did strive to refine the inter-organizational system of communication and cooperation. Yet they were not always successful: They wrote safety regulations and updated reactor designs, but the implementation of such changes often took longer than was warranted. They trained highly qualified nuclear experts for all levels and branches of their nuclear industry, but sometimes cooperation among these experts was less than ideal. Finally, they did pay great attention to the transfer of sensitive knowledge among the agencies involved with nuclear energy: Some of their methods of addressing these challenges were successful, others less so. In sum, the Soviet nuclear complex, far from being an inert apparatus, was a dynamic system run by intelligent people who were committed to science and their homeland. And yet, their system failed to prevent Chernobyl.

Conclusion

How reactors are designed and what we consider their safe operation is always embedded in and shaped by specific historical, cultural, and institutional contexts. Which design to adopt, how to train nuclear specialists, whether to increase automation, and who to put in charge of managing nuclear power plants—these decisions are all based on experience. As a nuclear industry grows, the complex interplay of national preferences and international conventions results in specific technical choices, operating conventions, and safety norms. Soviet reactor designers developed the RBMK because it made sense at the time and in the context of the Soviet system. They had a group of qualified operators, a capable supply industry, and experience operating graphite moderated reactors. By 1986, the Soviet industry had successfully launched 15 RBMKs, with continuous improvements to their safety systems. Reactor number four at Chernobyl was neither old, nor fundamentally flawed; for all intents and purposes, it was “safe enough.” The operators at Chernobyl were trained to control a reactor that regularly required manual intervention. They realized that even the highest level of automation could not relieve them of making the occasional decision under uncertainty (Perin, 1998, 2005). They understood the rules, and they knew that sometimes they might have to bend these rules in the interest of safety. These operators were neither under-qualified, nor irresponsible; they simply made a bad call at a critical time. And lastly, the reactor designers who knew about the design problems but did not fix them, and those scientists who knew about the possibility of a catastrophic failure but did not go public, were not deviant careerists pretending to guard state secrets; they weighed risks against benefits in the realm of what they considered normal within the limits of their “state within the state” and ended up making a series of decisions that backfired in the world beyond their reach.²⁶

Read this way, the Chernobyl disaster was indeed Soviet through and through. The choice of reactor design, the training of operators, and the organization of the nuclear industry—together with the character of the planned economy and the political system—enabled this catastrophe. By the same token, however, Chernobyl is only one example of how technical choices, political and economic pressures, and organizational idiosyncrasies may combine to produce disaster. It is a chilling reminder that our notions of rationality, safety, and reliability may not automatically protect us from unanticipated failure, especially when dealing with high-risk technologies and complex socio-technical systems.

Footnotes

Acknowledgements

This essay is based on research supported by the US National Science Foundation Grant No. SES-0240807.

1

Publications on the consequences of Chernobyl tend to peak in five-year intervals; a recent exception is .

2

Updates on the underlying causes for the disaster are typically published in Russian, Ukrainian, or Belorussian and are available only to insiders, as the number of hard copy editions is very limited, or in obscure places on the Internet (e.g., Diatlov, 2003; Dmitriev [n.d.]; Dollezhal’, 2002; Fain, 1998; Karpan, 2005; Polivanov [n.d.]; Sidorenko, 2002, 2003). A series of online forums archive an ever-growing collection of original documents, personal photographs, and press reports relating to Chernobyl (one prominent example is Pripyat.com, which also features an English version, http://pripyat.com/en/; the official Chernobyl nuclear power plant site has a truncated English version: ).

3

Organization theory offers vastly different strategies to prevent accidents: Normal Accident Theory advocates reducing complexity, loosening tightly coupled systems, and abandoning technologies where this proves impossible (e.g., Perrow, 1999); Theorists of High Reliability Organizations, by contrast, recommend learning from organizations that rarely fail (e.g., LaPorte et al., 1989). Scholars in Science and Technology Studies (STS) advocate transparency, public engagement, flexible structures of governance, and even organized distrust, but they also caution that predictions rarely do justice to tremendously complex interactions between science, technology, and social order (e.g., Wynne, 1996; Jasanoff, 1994; Ezrahi, 1990).

4

For example, Nelkin and Pollak, 1981; Parr, 2006; Jasper, 1990. Diane Vaughan’s work on organizations has been most influential in this area (e.g., Vaughan, 1996, 1999; see also Hutter & Power, 2005).

5

Vremia, 5PM news program, April 28, 1986 (my translation).

6

Legasov was the first deputy director of the Kurchatov Institute of Atomic Energy, and his suicide on the second anniversary of the accident provoked enduring speculations about his earlier testimony. The report to the IAEA was published in the industry’s flagship journal Atomnaia Energiia (Informatsiia ob avarii na Chernobyl’skoi AES i ee posledstviiakh, podgotovlennaia dlia MAGATE, 1986).

7

This report, , was published in September, immediately after the meeting, and was based on working documents prepared by the USSR State Committee on the Utilization of Atomic Energy for the IAEA Meeting of Experts, Vienna, 25–29 August 1986, and on additional material presented by the Soviet experts during the meeting.

8

The semi-public proceedings ended with 10-year prison sentences for the former director, Viktor Briukhanov, the station’s former chief engineer, Nikolai Fomin, whose suicide attempt in pre-trial confinement had delayed the start of the trial for several months, and former deputy chief engineer, Anatoly Diatlov, who had been on duty in the control room during the explosion and who was transferred to prison directly from the hospital. The other three defendants received lesser sentences (Gorbachev, 2004; Illesh and Pral’nikov, 1988; Karpan, 2005; Vozniak and Troitskii, 1993).

9

Shteinberg was appointed chief engineer following the accident. He was involved in the disaster mitigation until he was transferred to Gospromatomnadzor in November 1987. He is currently Ukraine’s deputy minister of fuel and energy.

10

At the time, VNIIAES was the country’s leading research and technology support organization for the operation of nuclear power plants. Among Abagian’s co-authors were Evgenii Adamov from NIKIET, the RBMK’s design institute, Leonid Bol’shov from IBRAE, the Nuclear Safety Institute, and Evgenii Velikhov from the Kurchatov Institute (Report by a working group of USSR experts, 1991).

11

On the development of the RBMK see, e.g., Sidorenko, 1997; Karpan, 2005; Dollezhal’, 2002. RBMKs did not generate weapons-grade plutonium, although they could have switched to plutonium production due to their online-refueling system.

12

Sidorenko, 1997; Gosatomnadzor, 1974. Improvements included upgrades to the emergency core cooling system and the accident localization and emergency power supply systems, and modifications in the facility layout (Sidorenko, 1997).

13

The MVTS was established in September 1971 under the Ministry of Medium Machine Building (Sidorenko, 2001). It represented several ministries, the State Planning Commission (Gosplan), the Academy of Sciences, research institutes, design bureaus, and various industrial enterprises.

14

Aleksandrov resigned as president of the Academy of Sciences in October 1986.

15

On August 16, 1986, in a resolution of no confidence, the Soviet government abolished the MVTS (Sidorenko, 2001).

16

INSAG-7 states: “control of the RBMK-1000 at startup … was different from and much simpler than control of the power density distribution of the non-uniformly poisoned reactor at low power [the situation on April 26, 1986]. … The operators had little or no experience of control under these circumstances” (INSAG-7, 1992: 5). See also Iadrikhinskii, 1989; Polivanov [n.d.]; Semenov, 1995.

17

One of my interviewees compared these control rods to an automobile brake pedal that accelerates the car before stopping it. For illustrations, see http://accidont.ru/rodes.html, and http://www.if.uidaho.edu/∼gunner/Nuclear/LectureNotes/RBMK_Reactors_and_Chernobyl_STD.pdf (p. 3, taken from United States Nuclear Regulatory Commission, 1987: 2–32).

18

The event was immediately classified, but after Chernobyl, details came to light about this and other harbingers of disaster. See, e.g., Dmitriev [n.d.]; Borets [n.d.]; Sidorenko, 2001.

19

V Politbiuro TsK KPSS. Pravda, 20 July 1986, 1.

20

Minsredmash kept control over the reactors at the Leningrad, Shevchenko, and Ignalina plants.

21

22

The idea of a database of incidents and accidents that reactor operators would have access to was shot down by NIKIET (Sidorenko, 2001).

23

Another strategy was to transfer trusted individuals to key positions in the nuclear industry, when Minsredmash felt there was not enough in-house expertise.

24

Suffice it to mention the US Navy, whose “safety culture” is often invoked as a model for the US nuclear industry—disregarding their very different organizational traditions.

25

INSAG-7, 1992: foreword.

26

Vaughan identifies this process as “the normalization of deviance” (Vaughan, 1996); but it is often tricky (for both actors and analysts) to identify unambiguously what behavior is “normal” and what is “deviant.”

Author biography

Sonja D. Schmid is an assistant professor in Science and Technology Studies (STS) at Virginia Tech, USA. Her expertise is in history of technology, science and technology policy, and social studies of risk. Fluent in Russian, she investigates the history and organization of nuclear industries in the Former Soviet Union and Eastern Europe and studies the ways national energy policies, technological choices, and nonproliferation concerns shape each other. Her manuscript on the history of Soviet nuclear power, which is currently under review at MIT Press, is based on extensive archival research in Russia and on interviews with veterans of the Soviet nuclear industry.

References

Anisinov

(1994) AES: Stepen’ riska (Beseda s B G Dubovskim). Smena 10: 55–61.

Asmolov

Gagarinskii

AIu

Sidorenko

Chernilin

IuF

(2004) Atomnaia energetika: Otsenki proshlogo, realii nastoiashchego, ozhidaniia budushchego. Moscow: IzdAt.

Borets VI (n.d.) Kak gotovilsia vzryv Chernobylia. Vospominaniia. Available at: http://accidont.ru/LAES_75.html.

Diatlov

(2003) Chernobyl’. Kak eto bylo. Moscow: Nauchtekhlitizdat.

Dmitriev VM (n.d.) Avariia na LAES 75 g. Available at: http://accidont.ru/LAES75.html (additions to the site 2006–2010).

Dollezhal’

(2002) U istokov rukotvornogo mira. Zapiski konstruktora, 3rd edn. Moscow: GUP NIKIET, IzdAt.

Ezrahi

(1990) The Descent of Icarus: Science and the Transformation of Contemporary Democracy. Cambridge, MA: Harvard University Press.

Fain

(1998) Aktivanaia zona: Povest’ ob atomnom institute. Moscow: IIF Skripto.

Goncharov

(2001) Pervyi period razvitiia atomnoi energetiki v SSSR. In: Sidorenko

(ed.) Istoriia atomnoi energetiki Sovetskogo Soiuza i Rossii. Vol. 1. Moscow: IzdAt 16–70.

10.

Gorbachev B (2004) Tainy Chernobyl’skogo suda. Zerkalo nedeli 16(491), 24–29 April. Available at: www.zn.ua/3000/3100/46283/.

11.

Gosatomnadzor SSSR (1974) PBIa-04-74: Pravila iadernoi bezopasnosti atomnykh elektrostantsii. Moscow: Atomizdat. Available at: http://accidont.ru/NREG74.html.

12.

Holloway

(1994) Stalin and the Bomb: The Soviet Union and Atomic Energy 1939–1956. New Haven, CT and London: Yale University Press.

13.

Hutter

Power

(2005) Organizational Encounters with Risk. Cambridge: Cambridge University Press.

14.

Iadrikhinskii

(1989) Iadernaia avariia na 4-om bloke Chernobyl’skoi AES i iadernaia bezopasnost’ reaktorov RBMK. Report. Moscow: Kurchatov.

15.

Illesh

Pral’nikov

(1988) Reportazh iz Chernobylia: Zapiski ochevidtsev. Kommentarii. Razmyshleniia. Moscow: Mysl’.

16.

Informatsiia ob avarii na Chernobyl’skoi AES i ee posledstviiakh, podgotovlennaia dlia MAGATE [Report to the IAEA on the accident in the Chernobyl NPP and its consequences] (1986) Atomnaia Energiia 61(5): 301–320.

17.

INSAG-1 (1986) Summary report on the post-accident review meeting on the Chernobyl accident. Safety Series No. 75-INSAG-1. Vienna: International Atomic Energy Agency.

18.

INSAG-7 (1992) The Chernobyl accident: Updating of INSAG-1. Safety Series No. 75-INSAG-7. Vienna: International Atomic Energy Agency.

19.

Jasanoff

(1994) Learning from Disaster: Risk Management after Bhopal. Philadelphia: University of Pennsylvania Press.

20.

Jasper

(1990) Nuclear Politics: Energy and the State in the United States, Sweden and France. Princeton, NJ: Princeton University Press.

21.

Josephson

(1991) Atomic energy and “atomic culture” in the USSR: The ideological roots of economic and safety problems facing the nuclear power industry after Chernobyl. In: Jones

Powell

Connor

(eds) Soviet Social Problems. Boulder, CO: Westview 55–77.

22.

Karpan

(2005) Chernobyl’: Mest’ mirnogo atoma. Kiev: ChP Kantri Laif.

23.

LaPorte

Roberts

Rochlin

(1989) High Reliability Organizations: The Research Challenge. Berkeley, CA: Institute of government studies, UC Berkeley.

24.

Medvedev

(1989) The Truth about Chernobyl. New York: Basic Books.

25.

Nadezhdina

(1996) Zalozhniki reaktora. Trud 3 April.

26.

Nasonov

(1998) EP Slavskii: Stranitsy zhizni. Moscow: IzdAT.

27.

Nelkin

Pollak

(1981) The Atom Besieged: Extraparliamentary Dissent in France and Germany. Cambridge, MA and London: MIT Press.

28.

Parr

(2006) A working knowledge of the insensible? Radiation protection in nuclear generating stations, 1962–1992. Comparative Studies in Society and History 48(4): 820–851.

29.

Perin

(1998) Operating as experimenting: Synthesizing engineering and scientific values in nuclear power production. Science, Technology & Human Values 23(1): 98–128.

30.

Perin

(2005) Shouldering Risks: The Culture of Control in the Nuclear Power Industry. Princeton, NJ: Princeton University Press.

31.

Perrow

(1999) Normal Accidents: Living with High-Risk Technologies, 2nd edn. Princeton, NJ: Princeton University Press.

32.

Polivanov IF (n.d.) Chernobyl’skaia katastrofa. Available at: http://treeofknowledge.narod.ru/chernob.htm.

33.

Report by a working group of USSR experts (1991) Causes and circumstances of the accident at Unit 4 of the Chernobyl nuclear power plant and measures to improve the safety of plants with RBMK reactors. Moscow.

34.

Schmid

(2008) Organizational culture and professional identities in the Soviet nuclear power industry. Osiris 23: 82–111.

35.

Semenov

(1995) Chernobyl’ desiat’ let spustia: Neizbezhnost’ ili sluchainost’?. Moscow: Energoatomizdat.

36.

Sidorenko

(1997) Nuclear power in the Soviet Union and in Russia. Nuclear Engineering and Design 173: 3–20.

37.

Sidorenko

(2001) Upravlenie atomnoi energetikoi. In: Sidorenko

(ed.) Istoriia Atomnoi Energetiki Sovetskogo Soiuza i Rossii, Vol. 1. Moscow: IzdAt 217–253.

38.

Sidorenko

(2002) Istoriia Atomnoi Energetiki Sovetskogo Soiuza i Rossii. Vol. 4: Uroki avarii na Chernobyl’skoi AES. Moscow: IzdAt.

39.

Sidorenko

(2003) Istoriia Atomnoi Energetiki Sovetskogo Soiuza i Rossii. Vol. 3: Istoriia RBMK. Moscow: IzdAt.

40.

United States Nuclear Regulatory Commission (1987) Report on the accident at the Chernobyl nuclear power station, NUREG-1250. Washington, DC: U.S. NRC.

41.

Vaughan

(1996) The Challenger Launch Decision: Risky Technology, Culture, and Deviance at NASA. Chicago: University of Chicago Press.

42.

Vaughan

(1999) The role of the organization in the production of techno-scientific knowledge. Social Studies of Science 29(6): 913–943.

43.

Vozniak

Troitskii

(1993) Chernobyl: Tak eto bylo. Moscow: Libris.

44.

Wynne

(1996) May the sheep safely graze? A reflexive view of the lay–expert divide. In: Lash

Szerszynski

Wynne

(eds) Risk, Environment, and Modernity. London: Sage 44–83.

45.

Yablokov

Nesterenko

Sherman-Nevinger

(2009) Chernobyl: Consequences of the catastrophe for people and the environment. Annals of the New York Academy of Sciences 1181. Boston, MA: Blackwell.

When safe enough is not good enough: Organizing safety at Chernobyl

Abstract

Keywords

Background

Designing reactors

Organizing knowledge

Socio-technical systems

Communicating organizations

Conclusion

Footnotes

Acknowledgements

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

Author biography

References