In the wake of the Fukushima Daiichi disaster more scrutiny than ever is directed towards the threat of catastrophic failure at nuclear power stations.  It is clear that if we wish to continue to use nuclear power we must find ways to mitigate these risks. From an engineering perspective, the best safety systems are those that require no user input in order to operate. Rather, they are engineered to automatically trip under specified conditions and use only natural forces such as gravity, buoyancy, convection, and conduction to drive flows.  Such safety systems are known by the name "passive safety" in the nuclear industry. In fact, passive safety technology has existed for some time. Commercial light water reactors operate at an extreme minimum in required enrichment levels, meaning that if the water moderator is removed from the system the fission reaction will stop in order to prevent runaway criticality.  However, even after the nuclear reaction stops heat dissipation remains a primary concern. If it is not properly managed, residual heat can easily cause catastrophic failure and release of radioactive material.
Even before the Fukushima disaster, designers of nuclear power stations have been working to include more robust safety measures by incorporating many new passive restraints to ensure control of the nuclear reaction and reliable heat dissipation. For instance, Westinghouse in the United States now sells its AP1000 reactor design around the world. The AP1000 incorporates passive safety measures for core water injection, residual heat removal, and containment vessel cooling. These systems employ no pumps, fans, or other rotating machinery and do not require any AC power. Any valves in these systems require power to stay closed. Should power be interrupted or otherwise fail, safety valves open automatically using mechanical force.  These adjustments have the added benefit of significantly reducing overall complexity of the plant and thereby reducing risk of operator or maintenance accidents. 
Passive safety design methods proposed in the literature are on the whole very simple. For instance, by placing the reactor core at the lowest elevation in the plant, the cooling water can drain into the core through gravity alone. Typically, emergency core cooling water for flooding the core is pumped in. In passive safety designs the core is instead first rapidly vented to atmospheric pressure and flooded via gravity by water in large reservoirs above the core.  In the AP1000 reactor, immediately after an accident the steel containment vessel is doused with water to promote heat transfer via natural convection and maintain adequate pressures inside the vessel and maintain containment. 
The key to understanding passive safety is that it is nothing more than elegant engineering -- it is getting physics to provide the safety measures instead of relying on forced systems. However, these techniques have only recently been included in real reactor designs and only a handful of recently-opened nuclear power stations around the world are currently using this technology. This is at least partially because this elegance in engineering follows from experience, and the nuclear reactors operating today come from an era when safety engineers did not have the depth of experience with nuclear disasters we do today.
© Ian Schultz. The author grants permission to copy, distribute and display this work in unaltered form, with attribution to the author, for noncommercial purposes only. All other rights, including commercial rights, are reserved to the author.
 C. Stephens, "Nuclear Safety after Fukushima," Wall Street Journal, 21 Mar 11.
 T. L. Schulz, " Westinghouse AP1000 Advanced Passive Plant," Nucl. Eng. Design 236 (2006).
 D. Bodansky, Nuclear Energy: Principles, Practices, and Prospects (Springer, 2004), pp. 380-381.
 C. W. Forsberg and A. M. Weinberg, "Advanced Reactors, Passive Safety, and Acceptance of Nuclear Energy," Annu. Rev. Energy 15, 133 (1990).