On March 11, Japan was hit with the largest earthquake in its recorded history and one of the five strongest earthquakes ever recorded anywhere on earth. This quake and the ensuing tsunami crippled Japan's Fukushima nuclear power plant, about 150 miles north of Tokyo. Within days, three of the plant's six reactors had suffered severe fuel damage—and possibly even melted down—raising fears of radiation dispersal in Japan and around the world. This week, small quantities of plutonium have been detected in the soil around the plant, though it is not yet certain how much came from atmospheric nuclear weapons testing during the 1950s and 1960s and how much might be a result of this accident.

When the emergency struck, Fukushima's operators went through the standard shutdown procedure to try to stem the crisis. Here is what should have happened—and what went wrong with the textbook version in Japan.

Fukushima Basics

The Fukushima reactors use both uranium and plutonium as fuel (in fact, one of the isotopes of uranium turns into plutonium during fission, so all nuclear reactors have some plutonium present). Those atoms are large—so large that they barely hold together. Tap them with a neutron and they're likely to fall apart. When fission occurs, those atoms release at least two more neutrons, and if one of these neutrons goes on to cause more fuel to fission, then the reactor is said to be "critical." (Forget what you've seen on TV and in the movies: All nuclear reactors are critical when they are operating.) This chain reaction of colliding and splitting atoms produces energy as heat.

The Fukushima reactors are of a type called a boiling water reactor (BWR). Water is used as a coolant to draw heat away from the reactor core; when it boils, the water forms huge quantities of high-temperature steam. This steam is a far cry from the fluffy white stuff coming out of a teakettle: After passing through moisture separators (because even tiny water droplets can wreck a turbine), it is a gas hot and dry enough to slice through a broomstick. The steam spins turbines, which drive generators to produce electric power. Altogether, fission plants generate 16 percent of the world's electrical energy.

After passing through the turbines, the steam enters a condenser where it navigates a welter of tubes filled with cooling water. The steam condenses into water, now 400 degrees F cooler, and is pumped back into the reactor, where the whole cycle begins again.

This cooling process is crucial because fission produces an incredible amount of heat, and that heat has to go somewhere. Most modern reactors use water both as a coolant and as a moderator to prime the nuclear reaction—it's a safety measure ensuring that if water can't reach the reactor, the chain reaction won't continue. If something goes wrong, the nuclear reaction automatically shuts down. But then what?

How the Reactor was Supposed to Shut Down

In an emergency, there is a fail-safe mode so that when in doubt, the reactor shuts itself down in a scram. (The acronym SCRAM dates back to the first nuclear reactor: A single control rod—which absorbs neutrons in order to stop the nuclear reaction—was held by a rope, and a Safety Control Rod Ax Man stood by with an ax to cut the rope if the reaction threatened to spiral out of control.) In a scram, control rods slam into the reactor core and bring fission to a halt. But the fission products continue to decay into radioactive isotopes, producing heat. If this "decay heat" is not removed, the temperature of the fuel will rise—possibly to the melting point. This is the meltdown that has so many people worried: Melting fuel can no longer contain its highly radioactive fission fragments.

To head off this crisis, a reactor's cooling pumps run even after it has been shut down. This requires electricity, usually supplied by the local power grid. All reactors have backup power supplies as well—at least two diesel generators—that automatically kick on if off-site power is lost. The No. 1 priority for them is to continuously circulate cool water through the core, removing the decay heat so that the fuel does not melt.

Because the reactor is still creating heat from radioactive decay even when shut down, there are three barriers in place to keep it in check: the fuel cladding (a thin layer of zirconium alloy that surrounds each fuel rod), the reactor vessel (a thick steel vessel that contains the fuel rods and the high-pressure coolant) and the containment structure (usually a thick shell of reinforced concrete). And because pressure in the reactor rises with the water temperature, the vessel has safety valves that are designed to vent pressure—in the form of radioactive steam or water—into specially designed holding tanks, or sometimes into the containment structure.

This containment structure—the dome, cylinder or sphere often associated with nuclear plants—provides the ultimate safety boundary. It is designed to be airtight and hold radioactive steam and water discharged during even the direst circumstances. As long as the structure remains intact, people outside the plant should be protected even if the reactor itself is ruined. In many plants—including the Fukushima reactors—the containment structure is surrounded by yet another building, and it is this building that holds the pools of water where spent fuel is stored.

All of these safety systems—water pumps, diesel generators, fuel cladding, pressure vessel and containment structure—are designed to withstand disaster... up to a point. If a plant is hit with something utterly unprecedented, there can be a major release of radioactivity.

What Happened at Fukushima When the Quake Hit

The magnitude 9.0 earthquake on March 11 was the biggest to hit Japan in recorded history, and it was stronger than any quake Fukushima's builders had anticipated. When the tremors rattled the plant, control rods automatically scrammed the reactor as they were designed to do, cutting off the fission process. Then the plant lost electricity from the grid and the diesel generators kicked on, only to be swamped and disabled by a 30-foot tsunami within the hour.

With no power to keep coolant flowing, the energy from radioactive decay began to build up, raising the pressure within the reactor vessel. Tokyo Electric Power Company (TEPCO) reported on March 12 that safety valves had been triggered in the reactor vessel, and pressure inside the containment structure had increased to double the design limits. Fearing that the containment structure itself might fail, the utility made the calculated decision to vent it through filters and out to the environment (beyond the support building), albeit at the risk of releasing small amounts of radioactivity—mainly the isotopes created by the decay, including iodine-131 and cesium-137.

Over the next few days, it became obvious that the fuel was damaged. The question became whether it would melt, and if it did, whether it would melt through the reactor vessel and into the containment structure. While all of the specifics are not yet known, the fuel certainly suffered severe damage, and at least part of it likely melted. During this time, the spent fuel stored in pools in the support building surrounding the containment structure was also overheating. This presented a grave dilemma: If that spike in temperature wasn't stopped, the spent fuel, which wasn't surrounded by a safety barrier, could release radioactivity directly into the environment.

Finally, in addition to the other problems, Fukushima experienced the buildup of hydrogen gas. This forms when water is exposed to high levels of radiation, or when water comes in contact with hot zirconium—exactly what happens in a reactor in which fuel is melting. When the plant operators vented water and steam out of the reactor, hydrogen gas went along for the ride and began to accumulate in the containment structure and support building. The hydrogen exploded—several times—and these explosions and fires over the course of a week threatened to breach the containment structure of Units 1 and 2, and probably cracked the containment structure of Unit 3.

How Bad is the Damage?

We now know that the first safety barrier—the fuel cladding—has failed and released fission products into the coolant. It is also clear that this radioactivity has escaped the second barrier—the reactor vessel—through the venting of radioactive water and steam into the containment structure, and possibly through leaks in the vessels and pipes. Photographs show that the explosions breached at least one of the containment structures. This damage, along with the deliberate venting of steam into the environment, released the radioactivity that has now been detected around the plant and in trace amounts as far as the east coast of the United States. Over the weekend, the plant's operators decided to release some of the least contaminated water into the Pacific Ocean to make room for water that could contain higher levels of radiation, and admitted officially that dealing with the disaster will be a months-long process.

Despite all this, a truly major release of radioactivity has been averted—a "major release" being a Chernobyl-style accident in which a large fraction of the fission products escape the plant. The amount of radiation that thus far has traveled beyond the immediate area of Fukushima is infinitesimal; it doesn't pose a danger to residents outside the 18-mile radius of the shelter-in-place zone—and certainly not to anyone elsewhere in the world. Even inside the zone, the radiation dose is not immediately damaging. The protective actions Japan is trying to take to minimize exposure are intended to mitigate any increased cancer risk over the next 20 to 30 years for those people. The workers on-site, however, have received higher levels of exposure than is normally allowed: The International Atomic Energy Agency has reported doses of up to about 20 rem—10 times the annual limit of 2 rem, which is still less than the 25-rem limit permitted for emergency operations. But reports thus far indicate that they have not received life-threatening radiation doses. (The skin burns that were reported are akin to a very bad sunburn—painful but not life-threatening.)

When the earthquake hit that fateful day, Fukushima's reactor safety systems did exactly what they were designed to do: The reactors shut down, and the emergency diesel generators started up. They were simply overwhelmed by the scope of the disaster. That's why, on March 30, the Japanese government ordered new safety upgrades for its other nuclear plants—to make them more prepared to deal with the worst, now that engineers have a better grasp of what "the worst" could actually be.

Andrew Karam has over 30 years of experience in health physics (radiation safety), beginning with an eight-year stint as a mechanical operator and radiation safety specialist in the Navy. Since then, Karam has worked for the State of Ohio, the Ohio State University, the University of Rochester and as a private consultant. He is the author of five books and an upcoming eight-part series, Controversies in Science. He currently lives in New York City, where he works on issues related to our response to radiological and nuclear emergencies. Check out his website.