You can turn every technical argument on its head by arbitarily setting system bounderies. Well, systems engineering explicitly includes the managerial and regulating systems affecting the purely technical aspects. And as both, Chernobyl and Fukushima, showed those two aspects are usually pretty far up the list in every disaster. E.g. Soviet investigations into Chernobyl showed that applicable regulations were ignored, starting during construction of the plant and ending with the botched test that caused the accident.

At Fukushima, the flood barrier was too low. Saying it was the highest tsunami in recoded history would be an argument, if that was something nobody considered (that would indicate defficiencies in the regulatory aspects), but regulations actually had provisions for such Tsunami. Meaning, the managerial system of nuclear power screwed up.

And finally, there is the risk assessment aspect. People usually get that wrong. Risk is calculated by evaluating the detectability of an issue, the propability of an issue, the effectiveness of counter-measures and the impact of an issue. And as history has shown twice, the likelyhood of a nuclear disaster is rather low, the one for smaller accidents is significantly higher so. We also had to learn the hard way, that there is only so much we can do to mitigate those risks on the technical side (physical and cost limits, managerial and regulatory defficiencies and so on). And we also saw that the impact of a nuclear disaster can, and has been, huge. Not doing a proper risk analysis allows you to pretend everything is fine, an attitude explicitly called out by the Soviet investigation, the second report is much better than first one and both are available im English online, into the Chernobyl disaster. No idea why people interested in nuclear energy don't read those, or the IAEA report. Those reports, and Chernobyl itself, should be mandatory reading, and teaching, for every engineering program, there is so much to learn here!

> Concerning Fukushima the problem would have been averted, if managers actually did what they were told by engineers:

This is an often cited claim with no realistic value. TEPCO did run simulations in 2008 that showed that the current safety measures were not sufficient were an 8.4 magnitude earthquake to happen that management ignored. But we have to be careful here and ask the appropriate followup question. Why did they ignore it? Easy to say money, and I'd be lying if I said that wasn't part of it. After all, we can always build bigger and better, there's no end to this. The reason management felt comfortable ignoring this simulation is because there was no evidence that such an earthquake could actually happen. I can simulate a magnitude 15 earthquakes all day, but that doesn't mean you should prepare for them, since there's no mechanism to explain how this could happen and no historical data to suggest it. This was the situation. You have to remember that the Tohoku earthquake was the 4th largest ever recorded. EVER. The simulation was based on an 8.4M 1933 earthquake (the 20th largest ever recorded) and in a different region of Japan. There was good reason to not act quickly on this simulation. Now, there were scientific advancements during that time and it was learned that the potential for such an earthquake that large could happen, before it did, but I'm also not sure how quick you expect people to react. Even when it was learned it was clearly known to be an unlikely event.

For your fun, here's the list of the strongest earthquakes since 1500s[0], which still puts Fukushima as #6. There's <20 that are >9M and you'll notice that Japan only shows up on that list twice.

There's a danger to this kind of thinking that is concerning to me and appears like it should be concerning to you as your concerns are safety. This narrative encourages companies to not run such hypothetical scenarios because if they do and the situation turns from imagination to reality blame arises and we create a narrative of how we should have acted. But this isn't a Shell/Exon situation where they were measuring and modeling realistic data. Do not conflate the two. I understand the frustration, we want to know things could have been different. But this is also why we want entities to run hypothetical scenarios, because if knowledge updates then some of the work to improve systems already exist. It is a hedge. But we need to be careful to not put unrealistic expectations on others or to move the bar based on post hoc understanding. Don't be captain hindsight. It'll just discourage performing such hypothetical scenarios in the future. Post hoc blaming is counter to your actual goals.

[0] https://en.wikipedia.org/wiki/Lists_of_earthquakes#Largest_e...