Digital upgrades in nuclear plants
InTech, Jul 2005 by Blanchard, Dave, Fink, Robert, Lang, Glenn, Stringfellow, Jack, Et al
In response to growing challenges of obsolescence and increasing maintenance costs and looking ahead to license renewal, nuclear plant operators are upgrading their existing instrumentation and control (I&C) systems. Preferred upgrade solutions typically apply digital technology due to its ready availability, operational flexibility, and potential for performance and reliability improvements. However, the use of digital equipment has raised technical and licensing issues, primarily centered on the potential for new behaviors and failure modes that software or other digital system design flaws cause.
Of particular concern is the potential for common-cause failures that could disable multiple equipment trains or systems using identical software-based components. We can address these concerns using defensein-depth and diversity (D3) evaluations that assess the susceptibility of the plant systems to digital failures and digital common-cause failures (CCFs) and determine whether the plant has sufficient coping capability to adequately deal with such failures in terms of their effects on plant safety.
Most replacements and upgrades of aging and obsolete instrumentation and control systems involve transitions from analog to digital technology. The current regulatory guidance requires performing a defense-indepth and diversity evaluation for digital upgrades to safety systems. This largely deterministic approach sometimes results in significant utility and Nuclear Regulatory Commission (NRC) resources spent on events, components, and backup systems that do not 1) contribute significantly to plant risk, 2) address other events that may be significant contributors, or 3) improve plant safety. EPRI published a guideline that proposes three methods to help utilities perform such evaluations and submitted it to the NRC for review and endorsement.
Deterministic method
Deterministic method uses the approach outlined in current regulatory guidance, but it also considers designed-in defensive measures and use-of-risk insights when assessing susceptibilities to common-cause failure. It addresses potentially risk-significant events the current approach may overlook. The Standard Risk-Informed method and the Simplified Risk-Informed method take into account risk insights provided by the plant-specific probabilistic risk assessment. The EPRI approach examines three factors that determine the impact of a digital. I&C upgrade on plant risk:
1. Impact of the upgrade on I&C channel reliability;
2. Potential for digital common-cause failure introduced by the upgrade;
3. Plant design and mitigating systems available to respond to specific events the upgrade affects (sometimes called the plant safety model).
The combined effects of these factors determine impact on plant risk.
Current regulatory guidance recommends performing a D3 evaluation for upgrades to selected systems and in a predetermined manner. This deterministic approach sometimes results in spending significant utility and NRC resources on events, components, and backup systems that do not contribute to plant risk or address other events that may be significant contributors. It also doesn't improve plant safety. The industry needs a D3 approach for digital upgrades that maintains a better focus on plant safety, while ensuring any added backups provide value in terms of plant safety or risk.
A 1994 EPRI-published guideline helps utilities perform D3 evaluations for digital upgrades and offers guidance on determining when a D3 evaluation is necessary; identifying susceptibilities to digital failures and digital CCFs; evaluating resulting plant vulnerability; and determining the need for additional defense.
Using risk insights can help focus the D3 effort on areas of greatest potential benefit in terms of plant safety. It also gives credit to the positive impacts of modern digital equipment on system reliability and safety. Finally, it can help avoid adding unnecessary backup systems that don't control plant risk.
Regulatory context, deterministic approach
The NRC is concerned software design errors are a credible source of CCFs, which could degrade the existing defense-in-depth provided by the four echelons of defense: control systems, the reactor trip system (RTS), engineered safety features actuation system (ESFAS), and monitoring and indications. It states four points to address this concern in Branch Technical Position (BTP)-19:
1. The applicant/licensee should assess the defense-in-depth and diversity of the proposed instrumentation and control system to demonstrate they have addressed vulnerabilities to common-mode failures.
2. In performing the assessment, the vendor or applicant/licensee shall analyze each postulated common-mode failure for each event evaluated in the accident analysis section of the safety analysis report (SAR) using best-estimate methods.
3. If a postulated common-mode failure could disable a safety function, then we should require a diverse means (with documentation it's unlikely to fail the same way again) to perform either the same function or a different function. A nonsafety system could perform a diverse function if the system is of sufficient quality to perform the necessary function under the associated event conditions.
- 5 Rules for Immediate Annuities
- Death in the Family: 12 Things to Do Now
- Dumbest Things You Do With Your Money
- 6 Online Networking Mistakes to Avoid
- 401(k) Mistakes to Avoid
- 5 Economic Scenarios to Keep You Up at Night
- The Real ‘Best Places to Retire’
- Best Credit Cards for You
- 12 Tough Questions to Ask Your Parents
- The Real ‘Best Colleges’
- Home Buyer Tax Credit: How to Cash In
- Why You Shouldn’t Bash Cash
- 8 Phony 'Bargains' and Better Alternatives
- Danger: 3 Debit Card Scams to Avoid
- 6 Myths About Gas Mileage
- 29 Fees We Hate Most
- Quick and Easy Ways to Boost Returns
- Best Stocks to Buy Now
- Lower Your Taxes: 10 Moves to Make Now
- New Jobs: 8 Lessons from Real-Life Career Switchers
- The New Job Market: Who Wins and Who Loses?
- Health Care Reform's Public Option: Everything You Need to Know
- Volunteer Work When Unemployed: Should You Work for Free?
- Whose Recovery Is This?
- Long-Term-Care Insurance: 4 Biggest Risks to Avoid
Content provided in partnership with
Most Recent Technology Articles
- INTERVIEW WITH BEN BUTTERS, DIRECTOR OF EUROPEAN AFFAIRS AT EUROCHAMBRES : "A PERFECT ROAD MAP FOR EU CLUSTERS DOES NOT EXIST".
- AGENDA.(Brief article)(Conference notes)
- FIGHT AGAINST INTERNET PIRACY.
- INTERNET : AUTHORS' SOCIETIES URGE ACTION AGAINST PIRACY.
- TELECOMMUNICATIONS : BUSINESSEUROPE HOSTILE TO FURTHER CONTRACTUAL OBLIGATIONS.(Brief article)
Most Recent Technology Publications
Most Popular Technology Articles
- BizRate to monitor in-store customer satisfaction for Office Depot stores - Market Intelligence
- Speed control of separately excited DC motor
- Effects of creative, educational drama activities on developing oral skills in primary school children
- Failed businesses in Japan: a study of how different companies have failed, and tips on how to succeed, in the Japanese market
- Political stability and economic growth in Asia
Presented by American Express