Were Engineering Design Faults Responsible for Chernobyl?
Abstract
This project investigates the causes of the 1986 Chernobyl disaster to assess the relative influence of engineering design flaws, human error, and institutional failures. Drawing on technical reports, such as the IAEA's INSAG-7, alongside historical accounts by Higginbotham, Plokhy, and Brown, the project evaluates the RBMK reactor's design flaws, including its positive void coefficient and graphite-tipped control rods. These design choices rendered the reactor unstable at low powers and contributed to an uncontrollable power surge that destroyed Unit 4.
The analysis also examines the operators' decisions on the night of the disaster, including disabling critical safety systems, removing additional control rods, and authorising an unauthorised safety test, which triggered a chain of events. However, the project argues that these decisions cannot be understood without first considering the wider Soviet institutional culture, which normalised unsafe practices, withheld critical design information, and placed political pressure on workers to meet production targets.
Additional sources include Medvedev's (1991) technical-institutional analysis, Josephson's (1999) history of Soviet nuclear culture, Schmid's (2015) study of the pre-Chernobyl nuclear industry, and Perrow's (1984) theoretical framework of normal accidents to further contextualise the argument. The Soviet government's initial INSAG-1 report is also examined as a primary source, though it has been determined to be politically motivated.
These findings conclude that although human error was the decisive step in the series of failures at Chernobyl, it was predetermined engineering design and systemic institutional failure that were the deep-rooted issues that shaped the disaster and made it inevitable.
Introduction
The Chernobyl disaster, which occurred in the early hours of the 26th of April 1986, in Soviet Ukraine, remains one of the most significant technical failures in modern history. Its causes have been debated for decades, with particular focus on the incident's engineering design flaws, human error, and institutional failures. Understanding the connection between these factors is important not only historically but also academically, as both are relevant to engineering safety, risk management, and the overall study of high-risk systems. The disaster provides a unique case study that showcases how technical design, operator behaviour, and organisational culture interact under certain constraints.
The central research question was to answer the extent to which engineering design flaws were inherently responsible for the explosion. From researching sources, this meant investigating these three connected areas to determine the root causes. First, it examines the RBMK-1000 reactor's engineering design, including the positive void coefficient and the graphite-tipped rods, which made the reactor unstable at lower operating conditions. Second, it analyses how human decisions made on the night of the incident, such as disabling safety systems and continuing with an unplanned safety test, can be directly attributed to the conditions that caused the explosion. Third, it explores the broader Soviet institutional culture, which shaped the reactor's design and the operator's actions, in which political pressure, Soviet secrecy, and a lack of independent oversight normalised unsafe practices.
As such, this research question requires a balanced, evidence-based approach, as engineering failures alone cannot be directly attributed to the accident, nor can operator behaviour be understood without first understanding the institutional pressure that surrounded them. By drawing on technical reports such as INSAG-7, historical accounts, and operator testimonies, the project aims to determine whether the reactor was inherently unsafe, whether the operators could have prevented the incident, and how Soviet institutional culture shaped the disaster and the events leading up to it.
The research question is also significant beyond historical interest; academically, as Perrow (1984) argues in his framework, a study of complex technical systems shows that disasters in tightly coupled, high-risk environments are rarely the product of any single cause. Instead, they are formed by the interaction of engineering design failures, human decisions, and organisational cultures, as Perrow calls them, a "normal accident." The Chernobyl disaster is a prime example of this kind of systemic failure, and analysing it through this framework helps explain why assigning blame to the operators or to Soviet culture is both misleading and an incomplete assumption from an analytical and historical perspective.
This project will not cover the environmental or health impacts of the explosion, nor the long-term political decisions. Instead, it will focus on the immediate short-term effects of the reactor's destruction. Upon doing so, the project aims to deepen understanding of engineering failure and the significance of safety culture in preventing catastrophic failures, thereby contributing to sound engineering principles and design methodology.
Literature Review
Overview
Analysing the Chernobyl disaster requires navigating a mix of technical evidence, eyewitness testimonies, political narratives, and interpretation. As noted in the project submission, "one of the main challenges of this project is separating fact from interpretation, allocating blame, and examining the Soviets' narrative-shaping to cover up the incident." This literature review will categorise each source as factual, expert interpretative, or subjective judgement, and evaluate its reliability and relevance to answering the overarching research question.
The most authoritative technical source is the International Atomic Energy Agency's (IAEA) INSAG-7 report, which provides a detailed engineering analysis of the RBMK reactor and the sequence of events leading up to the explosion, which is complemented by secondary sources, such as a technical summary from the World Nuclear Association (WNA) report. Historical and narrative accounts of the incidents, including Higginbotham's Midnight in Chernobyl, Plokhy's Chernobyl: The History of a Nuclear Catastrophe, and Brown's Manual for Survival, are also scrutinised, providing insight into operator behaviour and Soviet institutional culture. These sources vary in reliability: technical reports offer factual evidence, while narrative accounts are open to interpretation and subject to judgment.
Additional sources used in this project include the Soviet Union's initial INSAG-1 report, which was submitted to the IAEA (1986), and has been categorised as primarily a politically influenced source. Mahaffey's (2014) comparative engineering analysis of nuclear accidents, Josephson's (1999) institutional history of the Soviet nuclear industry, Schmid's (2015) study of the pre-Chernobyl nuclear industry, Perrow's (1984) theoretical framework for understanding how complex systems fail, Medvedev's (1991) technical-institutional account, and Shcherbak's (1989) documentary featuring operator testimonies. Together, these twelve sources provide a range of factual, interpretive, and subjective perspectives of the disaster.
INSAG-1 (IAEA, 1986)
The Soviet Union submitted their report of the incident to the IAEA in 1986, published as INSAG-1, which attributed the disaster almost entirely to operator error, citing the crew's actions as a "gross violation of operating procedures." As a document produced immediately after the disaster, it is historically significant. However, its reliability as a factual technical source is incredibly limited, as the Soviet delegation was known to withhold critical information, particularly regarding the engineering designs of Chernobyl, including the positive void coefficient and the behaviour of the graphite-tipped control rods. Read against INSAG-7 (International Atomic Energy Agency 1992), INSAG-1 reveals the Soviet Union's political priorities at the time more than any other information surrounding the accident.
Therefore, INSAG-1 is classified as a politically motivated primary source rather than a factual technical report. Its value lies in revealing how the Soviets managed information, and cross-referencing with INSAG-7 has been done before drawing any factual conclusions.
INSAG-7 (IAEA, 1992)
INSAG-7 has been classed as the definitive international technical analysis of the disaster. The technical report states that the RBMK reactor was "unstable at low power" and highlights two critical engineering failures. These included, first, the large positive void coefficient, in which reactivity increased as steam bubbles formed in the coolant, and second, the graphite-tipped displacers on the control rods, which increased reactivity when inserted as the graphite tips entered the core before the boron absorber.
These findings are based on genuine engineering data, reactor physics, and post-accident analysis, making INSAG-7 a factual and highly reliable source. It provides the strongest evidence that engineering design flaws played a significant part in the accident.
INSAG-7 also documents the AZ-5 emergency shutdown button, which was intended to halt the reactor, but instead triggered a rapid, uncontrollable power surge as the graphite tips entered the core first. This supports the project submission of "the reactor's mechanical systems⦠help explain why the reactor rapidly increased power after an operator pressed the emergency button AZ-5."
Overall, the source is reliable, as it is based on factual technical data, has been peer-reviewed internationally, and lacks political bias. However, the report is limited by the information initially released by the Soviet Union. As such, INSAG-7 will serve as the primary technical source throughout this project. Where other sources disagree with its conclusions, they do so on interpretive or subjective grounds rather than on evidential grounds.
Higginbotham β Midnight in Chernobyl (2019)
Adam Higginbotham's Midnight in Chernobyl is a well-researched narrative account that synthesises declassified KGB documents and IAEA reports and includes interviews with surviving witnesses. It is valuable for conveying the human element of the disaster, as it includes first-hand accounts from the operators who made the decisions in the control room on the night of the incident, alongside the institutional pressures that shaped their decisions.
Comparing it with the INSAG-7 report, Higginbotham's account is broadly consistent with the technical aspects of the incident. Still, it adds detail on the human and institutional factors that the engineering report does not, providing insight into decision-making and Soviet institutional culture.
Overall, the source is reliable as it has transparent methodology and has strong citations, but should be relied upon as a secondary narrative source, as it forms an inevitable and inescapable interpretive reconstruction of the events and motivations, particularly due to the operator testimonies, and as such should be treated as an expert interpretation rather than a primary technical source.
Plokhy β Chernobyl: The History of a Nuclear Catastrophe (2018)
Plokhy's work is a historical interpretation with a strong focus on analysing Soviet institutional culture. It primarily focuses on the political and organisational factors, including secrecy, pressure to meet production targets, and the Soviet response to the incident. His work is valuable for understanding the institutional culture that shaped the operator's behaviour on the night of the incident.
Overall, the source is reliable, as it uses a strong methodology that draws on history and cites its sources appropriately. However, it is less technical than the INSAG-7 report and can be influenced by broader political themes in the Soviet Union.
Plokhy's work is most useful for analysing the Soviet institutional culture and how it managed information flow. Any technical claims drawn from his account will be cross-referenced with the INSAG-7 report.
Brown β Manual for Survival (2019)
Brown's work is a subjective judgment of the socio-political and economic issues surrounding the incident. Brown examines the Soviets' response to the incident and the broader social context. Her work is more open to interpretation and sometimes considered controversial. Still, it highlights the systemic issues of the Soviet institutional culture, such as secrecy and control over the flow of information.
Overall, the source is semi-reliable and useful for understanding the Soviet institutional culture that shaped the accident. Still, it is written with a strong interpretive lens and is less relevant to the overall technical factors. For example, Brown claims that some radiation scientists contest radiation exposure levels. However, her institutional analysis is more broadly consistent with that of Plokhy and Higginbotham, and as such, will be used here only for that purpose.
Mahaffey β Atomic Accidents (2014)
James Mahaffey's Atomic Accidents provides a comparative engineering analysis of nuclear reactor accidents. His treatment of the RBMK's design characteristics is technically rigorous and consistent with the INSAG-7 report. He situates Chernobyl within a broader range of reactor accidents attributable to the positive reactivity feedback loop, arguing that such a design represents fundamentally unsafe engineering practices (Mahaffey 2014).
Overall, Mahaffey's comparative analysis is particularly valuable, as it contextualises the RBMK reactor's positive void coefficient within the broader history of nuclear reactor design. His conclusions align closely with those of the INSAG-7 report and have been used to corroborate technical claims in the discussion chapter.
World Nuclear Association β Chernobyl Accident (2020)
The World Nuclear Association's technical summary provides a concise synthesis of the engineering causes of the disaster, drawing on the INSAG-7 report and post-Soviet analysis. It is reliable as a technical secondary source. However, its status as an international industry body representing nuclear operators underscores the organisation's focus on design improvements since 1986 rather than dwelling on past failures, and will be used here primarily as the corroborating technical reference (World Nuclear Association 2020).
Elsewhere, the WNA's industry affiliation may warrant some caution. Still, its technical claims are cross-referenced against the INSAG-7 report, and its summary of the reactor's engineering design is consistent with the primary source used and will be used throughout.
Josephson β Red Atom (1999)
Paul Josephson's Red Atom is a historical study of Soviet history in the nuclear industry, tracing the development from Stalin's atomic bomb programme through to Chernobyl. It provides essential context for understanding how compressing engineering safety to prioritise production targets and political goals, suppressing independent voices, and the culture of secrecy and political pressure, created the systemic conditions for the disaster to become unavoidable (Josephson 1999), and as such, has been classified as expert interpretation.
Josephson's work is the most detailed institutional history in English covering the Soviet nuclear program. It predates a lot of the post-Soviet archives but draws extensively on sources published during the Soviet era to provide a robust historical analysis.
Perrow β Normal Accidents (1984)
Charles Perrow's Normal Accidents provides a theoretical framework for understanding complex technological failures. His argument is that in tightly coupled, complex systems, such as the Chernobyl accident, accidents are statistically predictable outcomes of systems interacting with one another, rather than of a singular individual failure (Perrow 1984). This framework guides the project's conclusion, helping explain why assigning singular blame to any such factor would be misleading.
Perrow's theoretical framework will be used here for analytical purposes rather than as evidence, as it provides a conceptual basis for understanding why no single factor was sufficient to cause the disaster.
Schmid β Producing Power (2015)
Sonja Schmid's Producing Power examines the Soviet nuclear industry through the lens of science and technology studies, focusing on how institutional and professional cultures are shaped by the design and operation of Soviet-era nuclear reactors. Her analysis of the relationships between reactor designers, ministry officials, and plant operators offers relevant insight into why the RBMK's engineering design flaws were not addressed before 1986 (Schmid 2015) and, as such, is classified as expert interpretation.
Schmid's work provides the most rigorous view of Soviet institutional culture at the time. It is particularly useful for understanding the Soviet power dynamics that prevented design information from ever reaching the operators.
Medvedev β The Legacy of Chernobyl (1991)
Zhores Medvedev was a Soviet nuclear scientist who wrote one of the earliest independent accounts of the disaster. His work draws on scientific knowledge of reactor physics and the Soviets' history in the nuclear industry to argue that the disaster resulted from a combination of reactor design issues and cultural secrecy that prevented operators from understanding the risks they faced (Medvedev 1990). As a primary expert witness, he provides valuable insight that bridges engineering analysis and institutional culture from a first-hand perspective.
Medvedev's account predates the post-Soviet archives and is therefore less comprehensive in its institutional detail than Plokhy's or Higginbotham's. However, his technical knowledge lends credibility due to his assessment of the engineering.
Shcherbak β Chernobyl (1989)
Yuri Shcherbak's documentary, a compilation of interviews with operators, plant directors, and emergency responders, was conducted shortly after the disaster and provides primary testimony that would otherwise be difficult to access. Shcherbak provides perspectives of participants before their accounts could be shaped by Soviet institutional culture (Shcherbak 1989), and, as such, will be used as a primary source for corroborating operators' decisions and actions on the night of the incident.
Shcherbak's interviews were conducted between 1987 and 1988, when the Soviet political reform movement had created an opening for honest discussion, though the full story remained politically sensitive. The testimonies are treated as cautionary evidence, with the awareness that some may not be giving the full truth to protect themselves.
Analysis
Across all 12 sources, a consistent finding emerges: no single factor directly caused the disaster. Instead, the literature review identifies three interacting factors:
- Engineering design flaws created an inherently unstable reactor.
- Human error triggered the final sequence of events.
- Institutional culture made both engineering flaws and human error more likely.
A significant interpretive issue arises between sources that emphasise engineering (International Atomic Energy Agency 1992; Mahaffey 2014; World Nuclear Association 2020) and those that discuss institutional and human factors (Plokhy 2018; Higginbotham 2019; Josephson 1999; Schmid 2015). As such, this project will argue that this tension is less about facts than about differences in analysing the disaster from different perspectives, with this triangulation underpinning the discussion chapter.
Discussion
Engineering Design Flaws
The root cause of the Chernobyl disaster was the RBMK-1000 reactor's engineering design flaws. Unlike Western reactors, which use water as a coolant and moderator, the RBMK reactor used graphite as a moderator and some water as a coolant. These design choices produced a high positive void coefficient.
In a reactor, the void coefficient is the change in power output resulting from the formation of steam bubbles, or voids, in the coolant. In a reactor, a loss of coolant or an increase in steam will reduce the reaction, unlike the RBMK-1000 reactor, where the positive void coefficient meant that as more water boiled into steam, it absorbed fewer neutrons. Thus, the core's reactivity began to increase.
Furthermore, the design of the control rods, intended to slow or stop a nuclear reaction, was flawed. While the boron rods absorb neutrons, they have graphite tips, also known as displacers, where, when AZ-5 was pressed to drop all of the control rods into the core, the graphite tips entered first. Instead of slowing down a nuclear reaction, the graphite increased reactivity in the reactor's lower core. When operators attempted an emergency shutdown on the 26th of April, these design flaws caused an uncontrollable power surge that damaged the fuel channels. They jammed the control rods in place, triggering an explosion as reactivity continued to increase.
The scale of this power surge is documented by Mahaffey (Mahaffey 2014), who calculates that reactivity rose to approximately 33,000 MW, more than ten times the reactor's rated power, within seconds of AZ-5 being pressed. This is further corroborated by the INSAG-7 report, which confirms that the graphite tip on the control rods was a deliberate, albeit classified, design choice of the RBMK reactor (International Atomic Energy Agency 1992). Critically, a 1983 memorandum from the Kurchatov Institute, cited by Josephson (1999), acknowledged that the positive void efficiency became dangerous below 700 MW of operating power, which was within the range Unit 4 operated during its unauthorised safety test. This information was, at the time, classified as a state secret and never communicated to the plant operators.
Comparing the RBMK reactor design to that of Western reactors can help us understand why its positive void coefficient was an exception. Western reactors typically use Pressurised Water Reactors (PWRs), which use light water under high operating pressure, acting as both the moderator and coolant. This means that if coolant is ever lost, the moderating function is lost as well, and the chain reaction naturally slows. Compared to the positive feedback loop found at Chernobyl, this is a built-in negative feedback loop, in which the RBMK's graphite moderator separates these two functions by removing the self-correcting mechanism that Western reactors rely on. Mahaffey (Mahaffey 2014) describes this design choice as a fundamental difference: Western reactors were built around a design that operates passively and can intervene, whereas the Soviet reactor at Chernobyl relied on active operator intervention at any given moment, where the engineering at Chernobyl entered a runaway state as there was no passive mechanism to stop it. Once the operators pressed AZ-5, their only way to stop the safety test, the graphite tips made the situation worse. This comparison demonstrates that the RBMK reactor's instability was not a technical fault, but a consequence of a radically different, albeit more hazardous, design philosophy.
A counterargument to the engineering design flaws of the RBMK reactor, which were widespread across the Soviet Union since 1973, and to the suggestion that a comparable disaster on the scale of Chernobyl suggests the engineering design flaws were not a determining factor. Schmid (Schmid 2015) notes that some of the contributing factors in the post-Soviet debate argue that the accident requires a specific combination of low power, rod configuration, and operator action to manifest. This view presents the engineering design flaws as rather latent, more of a side-effect than a cause of the disaster.
This counterargument has weight but is unpersuasive. The 1975 partial fuel melt that occurred at the Leningrad RBMK plant, which was caused by the same engineering design flaw of the positive void coefficient, demonstrated that the design of the reactor was capable of runaway behaviour (Plokhy 2018). This incident was classified, and no design correction was ever mandated, making it itself evidence of institutional failure by the Soviets that compounded an engineering risk that, while real and documented, remained unaddressed for over a decade before the Chernobyl disaster.
Human Error
While the RBMK-1000 reactor was a temperamental system, the catalyst for the explosion was human error, down to the decision-making on the night of the incident. The operators were tasked with running an unauthorised safety test to determine whether the turbines could supply sufficient electricity to the cooling pumps in the event of an outage.
In preparing for the test, the reactor's power dropped too low due to xenon absorption, which built up xenon-13 that absorbed the neutrons in the graphite. It stalled the reaction, briefly dropping power. To restore power to the required levels for the test, the operators removed nearly all the control rods from the reactor core, violating safety regulations that require the rods to maintain the reaction.
Additionally, to ensure the test could be completed without interference from automatic systems, the operators disabled critical safety systems, including the Emergency Core Cooling System (ECCS). By disabling the safety systems, the reactor became vulnerable, operating in an unstable, low-power state, while the operators, coincidentally, pushed it to its limits. When the emergency button, AZ-5, was finally pressed, it was too late, as the operator's actions had triggered a power surge.
INSAG-7 (International Atomic Energy Agency, 1992) documents that, during this, approximately six to eight control rods remained in the core, which was against the minimum safety requirement of 15. The operator testimony in Shcherbak (Shcherbak 1989) confirms that Chernobyl foreman Leonid Toptunov raised concerns that the rod count was overruled, as the operators were under pressure to complete the test. This is significant as it suggests that human error was not due to ignorance, but to institutional culture, a point developed further in the next section.
A counterargument raised by Medvedev (Medvedev 1990) and supported by Perrow's (Perrow 1984) framework of normal accidents holds that the operators' decisions, while violating procedures, were rational given the information available to them at the time. They did not know about the positive void coefficient at low power beforehand due to Soviet secrecy; they were unaware of the 1975 Leningrad incident of the same nature. The operators received no warning that the AZ-5 emergency button would essentially act as a detonator. From the operator's perspective, it was making the necessary call to complete a required safety test, not slowly approaching a catastrophe they had no knowledge or ability to prevent.
This counterargument classifies that the moral weight of the incident can be placed on operator error. As Higginbotham (2019) concludes, the Unit 4 crew were trained professionals operating a complex system that was fatally flawed from the beginning, and its flaws were hidden from them. Their errors were not just errors of ignorance but also of judgment, and the source of their ignorance was institutional culture.
Examining the operators' specific actions during the incident more closely reveals how the three factors coincided in real time. The initial power drop in the xenon reaction was a consequence of operating a reactor whose own designers had deemed dangerous (Josephson 1999). The decision to continue with the unauthorised safety test despite the drop in power was due to the institutional pressure placed on the operators to not miss the maintenance window (Higginbotham 2019), where the final sequence of events to press AZ-5, which the operators believed would terminate the safety test, instead triggered catastrophe as they were unaware of the graphite-tipped control rods (International Atomic Energy Agency 1992). At every event leading up to the incident, institutional secrecy and engineering design turned a manageable situation into an inevitable one, where procedural violations due to human error occurred while they operated entirely within their judgment, unaware of the other two factors at play.
Institutional Failure
To view the accident as a combination of engineering design failure and reckless operator action is to ignore the overarching systemic failures of the Soviet Union. The institutional culture and political pressure of the era created the conditions that made such a disaster, albeit inevitable.
The Soviet Union prioritised the use of cheap electricity, rapid industrial expansion, and plutonium production for the reactor, valuing production over safety. Prior incidents involving the RBMK's positive void coefficient and graphite-tipped control rods, such as the 1975 incident at the Leningrad nuclear power plant, were classified as state secrets, and the design was carried over from Chernobyl, making Chernobyl fatally flawed from the start. Consequently, the operators at Chernobyl were unaware of the flaws hidden within the reactor and did not know that pressing the emergency shutdown button would act as a detonator.
Furthermore, the pressure to meet production targets meant that Chernobyl directors and operators were under political pressure to complete the safety test before the approaching May Day holidays. This culture of pressure, combined with a lack of independent oversight, fostered an environment in which bypassing safety culture to meet production targets and fulfil quotas set by the State became normalised. Therefore, the disaster was not just a failure of the complex system itself or its crew, but a catastrophic failure of the Soviet institutional culture.
Josephson (1999) analyses this, tracing the Soviet institutional culture back to the origins of the nuclear programme under Stalin, in which the priority was rapid industrial expansion, driven by increasing Cold War tensions with the United States, rather than safety. Schmid (2015) demonstrates that the relationship among the bureau that oversaw the reactor, the Kurchatov Institute,e and Dollezhal's NIKIET, including plant operators, was one-directional. Design information about the reactor was treated as state information, not as safety-critical information that operators had a right to be made aware of. In the West, nuclear reactor designers are required to provide operators with a comprehensive safety analysis, including potential engineering design flaws, whereas no equivalent existed in the Soviet system.
The Soviet Union also lacked any independent oversight. The equivalent of the nuclear regulatory authority, Gosgortekhnadzor, meant operators had to answer to the same ministry that oversaw nuclear production, creating a conflict of interest (Josephson 1999) in which safety concerns were suppressed, as all agency regulators answered to the same ministry. Independent reviews of the reactor design were also not possible under this framework, which explains why the RBMK's known positive void coefficient issue remained uncorrected in the operating information for over a decade after it was first identified.
A counterargument to this institutional culture is that Soviet-designed nuclear power plants operated for years without a Chornobyl-scale disaster, suggesting that institutional failures alone were not a determining factor. Schmid (Schmid 2015) notes that some critics argue that framing the failure in terms of institutional culture is too broad, an attempt to explain everything that explains nothing. However, the claim, not that the Soviet culture made the disaster any more inevitable, but that it made the specific engineering design flaws of the RBMK reactor more likely, by preventing both the design corrections and giving operators the needed knowledge, could have broken that chain, and prevented any such disaster.
Comparing this with the Soviets' aviation safety reinforces this point. The Soviet aviation industry faced similar institutional pressures to those of the nuclear industry, in which production targets, secrecy, and political bias led to a higher accident rate per passenger mile than in Western countries throughout the 1970s and 1980s (Brown 2019). This suggests that the institutional failures at Chernobyl were not unique to the nuclear industry but reflected a feature of the Soviet system that prioritised high risk for high reward. The nuclear industry was a particular danger in this culture of institutional failure, which was catastrophic rather than serious, as engineering design flaws offered no margin of safety once the system entered a runaway state, creating a feedback loop.
Conclusion
The Chernobyl disaster demonstrates how engineering, human behaviour, and institutional culture can merge to have devastating consequences in a high-risk system. The evidence indicates that the RBMK reactor was inherently unsafe due to engineering flaws, such as the positive coefficient and graphite-tipped control rods. These design choices created a system that became uncontrollable under certain operating conditions, particularly at low power.
Human error also played a significant role in triggering the final sequence of events. Operators removed too many control rods, disabled critical safety systems, and continued an unauthorised safety test despite clear warning signs. However, these actions cannot be fully understood without first considering the institutional culture in which they occurred. The Soviet system prioritised production targets, secrecy, and political bias over safety; operators were not informed of critical design flaws, where unsafe practices had become normalised.
To answer the research question of whether engineering design flaws were the primary cause of the disaster, it can be said, in a design sense, that they were responsible for a large part of the disaster, particularly in its severity. However, this is only because institutional failures prevented such flaws from being corrected. Because human errors are inevitable, they were created under conditions in which those flaws had become prevalent. Therefore, classifying Chernobyl as the result of precisely engineered failures would be inappropriate, as no single factor stood alone; all three were needed, catalysing one another. This verdict is supported by twelve of the sources consulted, ranging from the engineering data of the INSAG-7 report to the institutional history of Soviet culture, as noted by Schmid (Schmid 2015), and the theoretical framework of Perrow (Perrow 1984) and his analysis of complex systems.
The implications of this conclusion extend beyond one historical case. The disaster contributed to the creation of the World Association of Nuclear Operators (WANO) in 1989 and caused the IAEA to strengthen their safety regulations. Future research of this project could pursue two directions. Firstly, a comparative study of Chernobyl and Three Mile Island found that both were systemic failures, but with markedly different outcomes and safety cultures. This analysis would isolate the institutional culture factor from the accident's severity. Second, the analysis of declassified Soviet documents held in the respective Ukrainian and Russian archives may provide a more complete picture of the design decisions made at the Kurchatov Institute in the 1970s and 1980s.
Ultimately, the disaster resulted from a complex, direct interaction among flawed engineering, pressured operators, and a dysfunctional institutional culture. The lessons learned at Chernobyl have influenced the culture surrounding nuclear safety and emphasised the need for transparency, robust design, and a strong safety culture.
Evaluation
This project provided a valuable opportunity to apply engineering principles to a real-world high-risk system. By evaluating primary sources, such as the INSAG-7 report and operator testimonies, I developed critical analysis and research skills. A key challenge of the process was synthesising technical information with historical and institutional analysis, as the disaster cannot be fully understood through engineering alone.
A key strength of the project was its range of sources, including technical reports, historical accounts, and operator testimonies. This enabled the project to reach a balanced argument, though it also posed challenges in assessing reliability. For example, INSAG-1 is a highly technical paper. Still, it shows political bias because it was the initial report released by the Soviets, who were known for their secrecy, compared to the later INSAG-7.
Time management was a particular challenge, due to balancing research and writing with other commitments. If I were to repeat the project, I would begin the literature review earlier and allocate more time to evaluating the reliability of sources. I would also consider incorporating additional technical sources, such as textbooks on reactor physics or engineering analysis, to deepen the discussion of the RBMK design.
The project improved my ability to write clearly about a complex technical topic, such as Chernobyl and greatly strengthened my understanding of the need for learning engineering ethics and safety culture. It also highlighted the importance of institutional culture in engineering and the role of regulatory oversight in the decision-making of complex systems. Overall, the project has prepared me well for my future studies in mechanical engineering and reinforced the importance of an iterative, methodical approach to designing systems from first principles, transparency, and a strong safety culture to ensure adherence to sound engineering principles and design methodology.
In terms of methodology, this project primarily drew on secondary sources rather than direct observation, given that Chernobyl was a historical incident in a different country, which is most appropriate for a technical report. However, this approach introduced a limitation: I was reliant on the accuracy and reliability of those technical reports and operator testimony, some of which, particularly the pre-1991 Soviet-era sources, such as INSAG-1, may have been shaped by political bias. If I were to extend the project, I would seek to engage with archival material, such as declassified KGB documents held in Ukrainian and Russian archives, as referenced by Higginbotham (Higginbotham 2019), to enable a more comparative analysis using historical evidence.
A further limitation of the methodology is the technical depth of the engineering analysis. While I was able to explain the positive void coefficient and the effects of the graphite-tipped control rods at a conceptual level using published sources, I could not discuss reactor physics, such as neutron flux equations and reactivity coefficients, that underpin INSAG-7's overall conclusions. This is a genuine limitation of my project that I acknowledge and represents an area for development that I intend to pursue during my engineering studies at the university level.
The wider implications of this project for my own thinking include engineering ethics and professional responsibility in system design. The Chernobyl disaster demonstrates that engineers are not beholden to social or political considerations and that the decisions made by the designers at the Kurchatov Institute to classify information about the positive void coefficient, rather than address it openly, contributed to a catastrophe that affected millions of people. This has reinforced my understanding that the engineering safety we have today is an achievement of a better cultural and institutional environment than a technical one, and it is a lesson I will carry forward into my future studies and career.
Works Cited
Brown, Kate. 2019. Manual for Survival: A Chernobyl Guide to the Future. Penguin Books.
Higginbotham, Adam. 2019. Midnight in Chernobyl. Simon & Schuster / Bantam Press.
International Atomic Energy Agency. 1986. INSAG-1. International Atomic Energy Agency.
International Atomic Energy Agency. 1992. INSAG-7. International Atomic Energy Agency.
Josephson, Paul R. 1999. Red Atom: Russia's Nuclear Power Program From Stalin to Today. The New York Times.
Mahaffey, James. 2014. Atomic Accidents. Pegasus Books.
Medvedev, Zhores A. 1990. The Legacy of Chernobyl. W. W. Norton & Company.
Perrow, Charles. 1984. Normal Accidents: Living with High-Risk Technologies. Basic Books.
Plokhy, Serhii. 2018. Chernobyl: History of a Tragedy. Allen Lane / Penguin Books.
Schmid, Sonja D. 2015. Producing Power: The Pre-Chernobyl History of the Soviet Nuclear Industry. The MIT Press.
Shcherbak, Iurii. 1989. Chernobyl: A Documentary Story. Palgrave Macmillan.
World Nuclear Association. 2020. "Chernobyl Accident."