 |
 |
 |
 |
 |
 |
|
|||
 |
 |
 |
|||||||
| Copyright © 2012. National Academy of Sciences. All rights reserved. Terms of Use and Privacy Statement |
Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page R1
Digital Instrumentation and Control Systems in Nuclear Power Plants
SAFETY AND RELIABILITY ISSUES
Final Report
Committee on Application of Digital Instrumentation and Control Systems to Nuclear Power Plant Operations and Safety
Board on Energy and Environmental Systems
Commission on Engineering and Technical Systems
National Research Council
NATIONAL ACADEMY PRESS
Washington, D.C.
1997
OCR for page R2
NATIONAL ACADEMY PRESS
2101 Constitution Avenue, N.W. Washington, D.C. 20418
NOTICE: The project that is the subject of this report was approved by the Governing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competencies and with regard for appropriate balance.
This report has been reviewed by a group other than the authors according to procedures approved by a Report Review Committee consisting of members of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine.
This report and the study on which it is based were supported by Contract No. NRC-04-94-055 from the U.S. Nuclear Regulatory Commission.
This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, or any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for any third party's use, or the results of such use, of any information, apparatus, product or process disclosed in this report, or represents that its use by such third party would not infringe privately owned rights. The views expressed in this paper are not necessarily those of the U.S. Nuclear Regulatory Commission.
The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal government on scientific and technical matters. Dr. Bruce M. Alberts is president of the National Academy of Sciences.
The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its members, sharing with the National Academy of Sciences the responsibility for advising the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievements of engineers. Dr. William A. Wulf is interim president of the National Academy of Engineering.
The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Kenneth I. Shine is president of the Institute of Medicine.
The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy's purposes of furthering knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in providing services to the government, the public, and the scientific and engineering communities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Bruce M. Alberts and Dr. William A. Wulf are chairman and interim vice chairman, respectively, of the National Research Council.
Limited copies of this report are available from:
Board on Energy and Environmental Systems
National Research Council (HA-270)
2101 Constitution Avenue, N.W.
Washington, DC 20418
(202) 334-3344
bees@nas.edu, http://www2.nas.edu/bees
Additional copies are available for sale from:
National Academy Press
Box 285 2101 Constitution Avenue, N.W. Washington, DC 20055 800-624-6242 or 202-334-3313 (in the Washington Metropolitan Area) http://www.nap.edu
Library of Congress Catalog Card Number 97-66084
International Standard Book Number 0-309-05732-9
Copyright 1997 by the National Academy of Sciences. All rights reserved.
Printed in the United States of America.
OCR for page R3
COMMITTEE ON APPLICATION OF DIGITAL INSTRUMENTATION AND CONTROL SYSTEMS TO NUCLEAR POWER PLANT OPERATIONS AND SAFETY
DOUGLAS M. CHAPIN (chair),
MPR Associates, Alexandria, Virginia
JOANNE BECHTA DUGAN,
University of Virginia, Charlottesville
DONALD A. BRAND,
NAE, Pacific Gas and Electric Company (retired), Novato, California
JAMES R. CURTISS,
Winston and Strawn, Washington, D.C. (from October 1995)
D. LARRY DAMON,
Bechtel Research and Development, San Francisco, California
MICHAEL DeWALT,
Federal Aviation Administration, Seattle, Washington (from October 1995)
JOHN D. GANNON,
University of Maryland, College Park
ROBERT L. GOBLE,
Clark University, Worcester, Massachusetts
DAVID J. HILL,
Argonne National Laboratory, Argonne, Illinois
PETER E. KATZ,
Calvert Cliffs Nuclear Power Plant, Lusby, Maryland
NANCY G. LEVESON,
University of Washington, Seattle
CHRISTINE M. MITCHELL,
Georgia Institute of Technology, Atlanta
CARMELO RODRIGUEZ,
General Atomics Company, San Diego, California
JAMES D. WHITE,
Oak Ridge National Laboratory, Oak Ridge, Tennessee
Project Staff
TRACY D. WILSON, study director,
Board on Energy and Environmental Systems (BEES)
SUSANNA E. CLARENDON, senior project assistant,
BEES (from May 1996)
THERON FEIST, project assistant,
BEES (until June 1995)
HELEN JOHNSON, administrative associate,
BEES (until July 1995)
WENDY LEWALLEN, senior project assistant,
BEES (June 1995 to May 1996)
MAHADEVAN MANI, associate executive director,
Commission on Engineering and Technical Systems (from January 1996)
JAMES J. ZUCCHETTO, director,
BEES (from January 1996)
NAE: Member, National Academy of Engineering
OCR for page R4
BOARD ON ENERGY AND ENVIRONMENTAL SYSTEMS
ROBERT L. HIRSCH (chair),
Energy Technology Collaborative, Inc., Washington, D.C.
RICHARD MESERVE (vice chair),
Covington and Burling, Washington, D.C.
JAN BEYEA, Consultant,
New York, New York
E. GAIL de PLANQUE,
NAE,
Consultant,
Potomac, Maryland
LINDA C. DOLAN,
Lockheed Martin Electronics and Missiles, Orlando, Florida
WILLIAM FULKERSON,
University of Tennessee, Knoxville
JACQUES GANSLER,
TASC, Inc., Arlington, Virginia
ROY S. GORDON,
NAS, Harvard University, Cambridge, Massachusetts
FRANCOIS E. HEUZE,
Lawrence Livermore National Laboratory, Livermore, California
LAWRENCE T. PAPAY,
NAE, Bechtel Group, Inc., San Francisco, California
RUTH A. RECK,
Argonne National Laboratory, Argonne, Illinois
JOEL SPIRA,
NAE, Lutron Electronics Co., Inc., Coopersburg, Pennsylvania
JAMES LEE SWEENEY,
Stanford University, Stanford, California
IRVIN L. WHITE,
UTECH, Inc., Fairfax, Virginia
Former Members Active during Reporting Period
H.M. (HUB) HUBBARD (chair),
Pacific International Center for High Technology Research (retired), Honolulu, Hawaii
ROBERT D. BANKS,
World Resources Institute, Washington, D.C.
ALLEN J. BARD,
NAS, University of Texas, Austin
DAVID E. DANIEL,
University of Texas, Austin
THOMAS O'ROURKE,
NAE, Cornell University, Ithaca, New York
Liaison Members from the Commission on Engineering and Technical Systems
RICHARD A. CONWAY,
NAE, Union Carbide Corporation, South Charleston, West Virginia
JERRY SCHUBEL,
New England Aquarium, Boston, Massachusetts
Staff
JAMES J. ZUCCHETTO, director (since January 1996)
SUSANNA E. CLARENDON, administrative assistant
WENDY LEWALLEN, senior project assistant (until May 1996)
JILL WILSON, senior program officer
TRACY D. WILSON, senior program officer
NAE: Member, National Academy of Engineering
NAS: Member, National Academy of Sciences
OCR for page R5
Preface
The nuclear industry and the staff of the U.S. Nuclear Regulatory Commission (USNRC) have worked for several years on how best to safely introduce digital instrumentation and control systems into nuclear power plants. But together they have failed to reach consensus. This lack of consensus led the USNRC to request the National Research Council, through its Board on Energy and Environmental Systems of the Commission on Engineering and Technical Systems, to conduct the study whose results are reported here. The National Research Council's Computer Science and Telecommunications Board and the Council's Division on Education, Labor, and Human Performance provided additional technical support.
The Committee on Application of Digital Instrumentation and Control Systems to Nuclear Power Plant Operations and Safety (see Appendix A) was appointed by the National Research Council on December 20, 1994, to examine the use of digital instrumentation and control systems in nuclear power plants. This work was to be conducted in two phases. The final report summarizes the work of both Phase 1 and Phase 2.
In Phase 1, the committee was charged to define the important safety and reliability issues (concerning hardware, software, and human-machine interfaces) that arise from the introduction of digital instrumentation and control technology in nuclear power plant operations, including operations under normal, transient, and accident conditions. In response to this charge the committee identified eight key issues associated with the use of digital instrumentation and control (I&C) systems in existing and advanced nuclear power plants. The eight issues separate into six technical issues and two strategic issues. The six technical issues are: systems aspects of digital I&C technology; software quality assurance; common-mode software failure potential; safety and reliability assessment methods; human factors and human-machine interfaces; and dedication of commercial off-the-shelf hardware and software. The two strategic issues are the case-by-case licensing process and the adequacy of the technical infrastructure. The committee recognizes that these are not the only issues and topics of concern and debate in this area. Nevertheless, the committee considers that developing consensus on these key issues will be a major step forward and accelerate the appropriate use and licensing of digital I&C systems in nuclear power plants.
In Phase 2 of the study, the committee was charged to identify criteria for review and acceptance of digital instrumentation and control technology in both retrofitted reactors and new reactors of advanced design; to characterize and evaluate alternative approaches to the certification or licensing of this technology; and, where sufficient scientific basis exists, recommend guidelines on the basis of which the USNRC can regulate and certify (or license) digital instrumentation and control technology, including means for identifying and addressing new issues that may result from future development of this technology. Where insufficient scientific basis exists to make such recommendations, the committee was to suggest ways in which the USNRC could acquire the required information.
In carrying out its Phase 2 charge, the committee limited its work to those issues identified in Phase 1. Further, the reader should not form too literal an expectation that the committee has provided a cogent set of principles, design guidelines, and specific requirements for ready use by the USNRC to assess, test, license, and/or certify proposed systems and upgrades. Rather, the results of the committee's efforts are presented in the form of conclusions and recommendations related to each key issue and primarily addressed to the USNRC for their consideration and use for setting detailed licensing criteria and guidelines for digital I&C applications in nuclear power plants. The report discusses the difficult and complex nature of the key issues and directions for developing consensus on assessment of digital technology. The committee outlined criteria where it was possible to do so but focused primarily on (a) process both in developing guidelines and in the short-term acceptance of new technology; (b) identifying promising approaches for further actions by the USNRC beyond the committee's report; (c) suggestions for avoiding dead-ends; and (d) mechanics
OCR for page R6
for improving communication and strengthening technical infrastructure at the USNRC. To carry out its work, the committee held a number of meetings, including site visits to several power plant facilities and simulators (see Appendix B). The committee also held detailed discussions with members of the staff of the U.S. Nuclear Regulatory Commission, the Nuclear Safety Research Review Committee, the Advisory Committee on Reactor Safeguards, members of the U.S. and foreign nuclear industries, and representatives from other safety-critical industries, who provided a variety of perspectives and information on digital instrumentation and control technology and its regulation. The committee is grateful to the many individuals who provided technical information and insights on this topic during briefings and site visits.
The chairman is also particularly grateful to the members of this committee who worked diligently and effectively on a very demanding schedule to meet a very difficult charge and produce this work. Special commendation and thanks are also extended to Tracy Wilson of the staff of the National Research Council, who was a pillar of strength and whose never failing energy and focus greatly facilitated the work of the committee.
Douglas M. Chapin
Committee Chair
OCR for page R7
Contents
LIST OF TABLES AND FIGURES
x
ACRONYMS
xi
EXECUTIVE SUMMARY
1
1
INTRODUCTION
13
Nuclear Power Plant Instrumentation and Control Systems
13
Transition from Analog to Digital Instrumentation and Control Systems
15
Licensing of Instrumentation and Control Systems
17
Challenges to the Introduction of Digital Instrumentation and Control Systems
18
Response of the U.S. Nuclear Regulatory Commission and Nuclear Industry to the Challenges
19
This Study
21
References
23
2
KEY ISSUES
25
Developing the Key Issues (Phase 1)
25
Addressing the Key Issues (Phase 2)
25
Presenting the Key Issues
26
References
26
3
SYSTEMS ASPECTS OF DIGITAL INSTRUMENTATION AND CONTROL TECHNOLOGY
27
Introduction
27
Current U.S. Nuclear Regulatory Commission Regulatory Positions and Plans
28
Developments in the U.S. Nuclear Industry
29
Developments in the Foreign Nuclear Industry
29
Developments in Other Safety-Critical Industries
30
Discussion
30
Conclusions and Recommendations
32
References
32
4
SOFTWARE QUALITY ASSURANCE
33
Introduction
33
Current U.S. Nuclear Regulatory Commission Regulatory Positions and Plans
35
Developments in the U.S. Nuclear Industry
37
Developments in the Foreign Nuclear Industry
37
Developments in Other Safety-Critical Industries
38
Review of Experience
39
Conclusions and Recommendations
41
References
42
OCR for page R8
5
COMMON-MODE SOFTWARE FAILURE POTENTIAL
43
Introduction and Background
43
U.S. Nuclear Regulatory Commission Position
45
Developments in the Foreign Nuclear Industry
45
Developments in Other Safety-Critical Industries
45
U.S. Nuclear Regulatory Commission Research Activities
47
Analysis
47
Conclusions and Recommendations
50
References
51
6
SAFETY AND RELIABILITY ASSESSMENT METHODS
52
Introduction
52
Current U.S. Nuclear Regulatory Commission Regulatory Position and Plans
55
Developments in the U.S. Nuclear Industry
55
Developments in the Foreign Nuclear Industry
55
Developments in Other Safety-Critical Industries
56
Analysis
56
Conclusions and Recommendations
57
References
57
7
HUMAN FACTORS AND HUMAN-MACHINE INTERFACES
59
Introduction
59
Current U.S. Nuclear Regulatory Commission Regulatory Positions and Plans
60
Developments in the U.S. Nuclear Industry
62
Developments in the Foreign Nuclear Industry
62
Developments in Other Safety-Critical Industries
62
Analysis
63
Conclusions and Recommendations
67
References
69
8
DEDICATION OF COMMERCIAL OFF-THE-SHELF HARDWARE AND SOFTWARE
71
Introduction
71
Current U.S. Nuclear Regulatory Commission Regulatory Positions and Plans
72
Developments in the U.S. Nuclear Industry
72
Developments in the Foreign Nuclear Industry
74
Developments in Other Safety-Critical Industries
74
Analysis
75
Conclusions and Recommendations
76
References
76
9
CASE-BY-CASE LICENSING PROCESS
78
Introduction
78
Regulatory Framework for Evaluating Digital Upgrades
79
Overview of Nuclear Applications of Digital Technology
80
Regulatory Response
80
Approaches to Regulation in Other Countries
81
Research and Plans
81
Analysis
81
Conclusions and Recommendations
83
References
84
OCR for page R9
10
ADEQUACY OF TECHNICAL INFRASTRUCTURE
85
Introduction
85
U.S. Nuclear Regulatory Commission Regulatory Positions and Plans
85
Developments in the U.S. Nuclear Industry
86
Developments in the Foreign Nuclear Industry
87
Developments in Other Safety-Critical Industries
87
Analysis
87
Conclusions and Recommendations
89
References
90
11
OVERVIEW AND SUMMARY
91
APPENDICES
A Biographical Sketches of Committee Members
95
B Committee Meetings (Phases 1 and 2)
98
C U.S. Nuclear Regulatory Commission Licensing of Digital Instrumentation and Control Technology
101
D Development of the Final List of Eight Issues
103
E Excerpts from Licensing Regulations
105
F Digital Instrumentation and Control System Features
108
GLOSSARY
111
OCR for page R10
List of Tables and Figures
TABLES
1-1
USNRC Design and Quality Assurance Guidance
17
4-1
U.S. Software-Related LERs between 1990 and 1993
40
4-2
Summary of Canadian Software-Related Event Reports 1980–1993
41
FIGURES
1-1
Illustration of nuclear plant I&C systems
16
7-1
Evolution of Japanese nuclear power plant control rooms
61
7-2
Human factors issues in the control of safety critical systems
64
8-1
Equivalent level of assurance for nuclear grade and commercial digital equipment
73
OCR for page R11
Acronyms
ABB
Asea Brown Boveri
ABWR
advanced boiling water reactor
ACRS
Advisory Committee on Reactor Safeguards
ANS
American Nuclear Society
ANSI
American National Standards Institute
APWR
advanced pressurized water reactor
ASIC
application-specific integrated circuit
ATWS
anticipated transient without scram
BEES
Board on Energy and Environmental Systems
CETS
Commission on Engineering and Technical Systems
CFR
Code of Federal Regulations
CMF
common-mode failure
COTS
commercial off-the-shelf
EDF
Electricité de France
EMI
electromagnetic interference
EPRI
Electric Power Research Institute
EPS
emergency power system
ESFAS
engineered safety features actuation system
FPGA
field programmable gate arrays
FSAR
final safety analysis report
FTA
fault tree analysis
GE
General Electric
GL
generic letter
HCI
human-computer interface
HSI
human-system interface
I&C
instrumentation and control
IEC
International Electrotechnical Commission
IEEE
Institute of Electrical and Electronics Engineers
INPO
Institute for Nuclear Power Operations
ISA
International Society for Measurement and Control
MTTF
mean time to failure
NEI
Nuclear Energy Institute
NRR
Office of Nuclear Reactor Regulation (USNRC)
NSRRC
Nuclear Safety Research Review Committee
NUSMG
Nuclear Utilities Software Management Group
PLC
programmable logic controller
PRA
probabilistic risk assessment
PSA
probabilistic safety assessment
RES
Office of Nuclear Regulatory Research (USNRC)
RFI
radiofrequency interference
RPS
reactor protection system
SAR
safety analysis report
SRP
Standard Review Plan
USNRC
U.S. Nuclear Regulatory Commission
USQ
unreviewed safety question
OCR for page R12
This page in the original is blank.
OCR for page R13
Digital Instrumentation and Control Systems in Nuclear Power Plants
OCR for page R14
This page in the original is blank.
