View
13
Download
1
Category
Preview:
Citation preview
COMMISSION BRIEFING SLIDES/EXHIBITS
BRIEFING ON DIGITAL INSTRUMENTATION AND CONTROL
JULY 18, 2007
I
Digital I&C- Industry Per
July 18, 2O
Amir Shahkarami
Sr. VP Engineering,& Technical SehExelon Corporation.
N U C l E A R
I N S T IR T ( U T
I
Topics
* Objective
* Communication
* Project Plan
~*C••onclusions
2
Objective
* Safety-focused application of digital technology
Design certification
- Current operating plants
- New plants
S facilities
-Stable, predictable and timely licensing process
aguianceEnrc aTety availability and reliability
3
Communication
* NEI Digital I&C and Human Factors
Working Group
- Reports to industry Chief Nuclear Officers
-Participate on the Digital I&C Steering Committee
- Coordinate with NEI New Plant Working Group
aj-r•vendor participation
ntfecrated, focused attention to ensure safety-
f se tabe and predictable licensing process
4
Project Plan
* Disciplined Framework
- Issue scope and definition
- Deliverables
- Milestones
-Accountability
tegr~ate d approaches to resolution
jdiidne~n~ta'I tool for management oversight
5
Conclusions
* Progress has been made
* Project plan provides a framework going
forward- Integrate lessons learned and other improvements
* ~tntairin focused management attention
kui?1A, th e lonrer term
1
6
ELECTRIC POWERRESEARCH INSTITUTE
Digital Instrumentation &Control - EPRI Role
July 18, 2007
Chuck. WeltyTechnical Executive
Electric Power Research Institute
AcronymsEPRII&CR&DMCRPRAHFEANTSERPLCASICFPGACCF
- Electric Power Research Institute- instrumentation and control- research and development- main control room- probabilistic risk assessment- human factors engineering- advanced nuclear technology- safety evaluation report- programmable logic controller- application specific integrated circuit- field programmable gate array- common-cause failure
n.lrhrsvLECTRIC POWER
c. All rights reserved. 2 II S*ARCHI4NSTITUTE© 2007 Electric Power Research Institute, In
EPRI Digital I&C R&D
*Substantial past/ongoing activities.on digital I&C,MCR, risk and human factors
° Guided by extensive utility advisory structure- Expertise - I&C, PRA, HFE and ANT
° Several products with SERs* Basis for industry technical positions*Areas of information exchange and interactionwith NRC
EPRI has substantial, expertise and proven capabilities•....... ....... ...... • I
'RESCTRIC POWERer2ii RI MARCH INSTITUTE
© 2007 Electric Power Research Institute, Inc, All rights reserved. 3
EPRI R&D on Digital I&C
* Licensing digital upgrades* Verification & validation* Electromagnetic interference
° Commercial devices - PLCs,ASICs, FPGAs, wireless, etc.
" Control room/human factors" Defense-in-depth and diversity" Applying risk methods
1111
992-2004
992-1998992-993-
2001-2002-2002-
ELECTRIC POWERRESEARC INTTT© 2007 Electric Power Research Institute, Inc. All rights reserved.
Current EPRI Support
" Defense-in-depth and ,diversity
-Use design and diversity for CCF protection
" Risk-informed methods
Existing methods provide insights to focusdesign and review efforts
• Human factors
- Bases for minimum inventory of interfaces,computerized procedures, graded HFE designapproach
* Ongoing evaluation of operating experience
© 2007 Electric Power Research Institute, Inc..All rights reserved. 5 RESEARCH NI s U
Future EPRI Activities
* Interaction with NRC Research has not been asextensive as it could be - we want to helpimprove this
* Interim Staff Guidance documents are only astart - our advisors expect us to continue to workwith NRC to resolve the issues completely
2007 Electric Power Research Institute, Inc. All rights reserved. RESEARCH INSTITUTE
invensys. I-
Process Systems
Digital Modernization Hurdlesand Solutions
7- 18-07
Ken Brown
Vice President Invensys
1
NkREG(1 -
nvensysoProcess Systems C-2
About InvensysInvensys'PLC- 30,000 employees, in 60countries
-I nvensys. Process Systems (IPS)Comprised of Foxboro, Triconex,Wonderware, Simsci-Esscor, Avantis,Validation Technologies
• IPS is presently providing input to theindustry -working groups and the NRC
2
,nvensys®Process Systems
,ýNkREG~j
4, 0
Digital Instrumentation and ControlIssues in the Nuclear Industry
e Diversity, Defense in Depth - D3
* Risk Informed Digital I&C
" -Operator Training
* Cyber Security
* Lessons Learned from other Industries
3
NcFt,•1 REGjj,
nvensys r tProcess Systems Co.
Diversity, Defense in Depth" IPS - install a highly available, highly
reliable Triple Modular Redundant (TMR)controller for Reactor Protection andESFAS with a diverse digital controller I/Aseries
" Use technology to solve this issue- notchallenge the license base or operationposition
4
inverProcess Sy
r,,\P REGQ•
isys®•fstems 0
Diversity, Defense. in Depth" Invensys and our customers need a
workable and understandable position onissues of concern - causing. confusion anddelays
" Common Cause Failure - extensivediagnostics and a highly developedplatform substantially reduce this risk
5
t' 1REG&4
invensAys..Process Systems C
Risk Informed Digital I&C" Consultative teaming relationship" TMR technology - deployed on safety,
mission critical, and life critical systems* This technology currently supports High
Probabilistic Reliability Analysis numbers* Need to evaluate and take credit for
.methodologies used in other countries andindustries
6
NtREGI/ -,
!nvensys ,5o
Process Systems 00
Operator Training
° TMR, Fault Tolerant, High Diagnosticsystems allow for minimal training forOperations
* Can be used on Important To Safety andSafety Related applications minimizingtraining
7
invensys®Process Systems ~"p' SIV0
Cyber Security
* Invensys is committed to industry leadingcyber security initiatives
* Utilize Wurldtech Securities AchillesLevel 1 assessment testSecurity benchmark
as Cyber
8
* Nft RE04/4
'4,o
Invensys®• •Process Systems
Lessons Learned from otherIndustries
e Triconex is by far the most trusted safety systemin the continuous process industries
9 Make obsolescence "Obsolete* Provide Digital Commercial Off The Shelf
Technology (COTS) Solutions under a I OCFRAppendix B program
* IPS safety platform meets safety criteria forHydro Carbon Industry and Rail SignalingIndustry
9
ý,pkREGU4
invensys®Process Systems
Conclusion* We are pleased with the progress being
made by the recent working groups* Facilitate technology transfer from other
Mission Critical / High Reliability industries
* Staff should continue to developconsultative relationships with keytechnology providers
10
_\v,ýV REG&j4
nvensys °Process Systems -
Conclusion* IPS encourages the staff to engage I&C
design early in COL phase for new builds
* IPS is committed to the industry, to helpresolve I&C issues, on existing and newplant designs to accelerate therenaissance of nuclear power
11
API 000
Digital Instrumentation and
Control
July 18, 2007Cynthia McGinnis
Westinghouse Electric Company*GWestinghouseAPIOOO
1
AP1000 DesignCertification Finality* Functional Design* Applicable codes and
standards-* Basic architecture* Diversity/Defense-in-
Depth
* Minimum Inventory" Diverse Actuation
Functions* Design Acceptance
Criteria
2
APIO00 I&C Design andLicensing Efforts* Plant Simplicity Drives I&C SafetySystem Simplicity-One-time component actuation
* Common Q Platform*"Simple" digital I&C
implementation" Technical Reports* Existing requirements and
Guidance remain applicable
3
Fundamentals the Same asOperating Plants
* Functional Basis Simplistic andTransparent
* Architecture Basis- Divisional Independence- Safety/Non-Safety Separation
Isolation* Communications and Architecturedriven from operating plant design and
experience* Analog to Digital Implementation does
not impact Fundamental Philosophy
4
AP1000 I&C Evolutions •ooo
* Diverse Actuation FunctionsFunctionality resolved in DesignCertificationSeparate sensors/actuators from,those used by the Safety'SystemNew Plant (clean sheet) flexibilities
" Priority for safety system actuation* Cyber Security Issues
API000 Technical ReportConsistent with NEI-04-04
5
APIOOO Licensing Efforts
* Design Certification resolved many I&Cissues for the APIOOO Design
* Technical Reports/DCD Revision 16 toresolve I&C DAC
* NRC interactions to establish sufficientinformation for reasonable assurance
* Simplistic digital I&C application resultsin acceptable use of existing regulatoryrequirements and guidance
6
AP1 000 Licensing Efforts
" Development of Cyber Security PlanTR is developed and submittedContinued work with Industry andStaff to resolve the issues/concerns
- Consistent with NEI-04-04" Westinghouse-proposed schedule for
resolution by Spring 2008
7
Conclusions/Comments9 Design Certification resolved many I&C issues
for API 000* Existing NRC regulatory requirements and
guidance sufficient to evaluate AP1000 I&Csafety. system
" Licensing basis for I&C in the designcertification rule
" Propose to resolve I&C DAC in DCDamendment currently under NRC staff review
* Result in elimination of the DAC from theAP1000 Design Certification Rule uponsuccessful NRC reasonable assuranceconclusion
e Operating plant upgrade issues different
8
U
DIGITAL I&C
Grid Operations
July 1 8 th 2007Tom Bowe
PJM Interconnectionbowet@pjm .,c,om
pAPjm PJM's MISSION
* Maintain the safety, adequacy,reliability and security of the bulkpower system
" Create and operate a robust,competitive, and non-discriminatoryelectric power market
• Ensure that no Member or groupof Members has undue influence
RTO = Regional Transmission Operator
2
PJM's Area of Operations
V I1 '7
•
PJM RTO (Post-intearatlons)
Generating UnitsGeneration CapacityPeak LoadAnnual EnergyTransmission MilesArea (Square Miles)CustomersPopulation ServedStates (+ D.C.)
1,400170,807 MW144,000 MW648,000 GWh55,000186,00021 Million50+ Million13 states + D.C.
I
r w - ~f
/
/
PJrM 66m flde. t;J©2003 PJM3v
Generation Svstem Operator
4
I Transmission System Operations
5@2003 PJM
*pJ m Back-Up Capability
* We Must Maintain Situational Awareness& a Wide Area View- Y2K- September 11 th 2001-August 14th 2003
* PJM exists on its data streams- Multiple and Diverse Communication Paths
* Digital I&C Provides for Greater Visibilityand Flexibility
* Creative Training
6
9pj*,lj m1 Cyber Security
9 Starts with Defining - "What is Critical?"
9 If everything is critical than nothing is a 0
" Must also define the "Electronic Perimeter"- Defense in Depth
- Network Segmentation
" Conduct Independent VulnerabilityAssessments
" NERC Critical Infrastructure ProtectionStandards (CIP 002-009) and/or ISO 17799
7
44pjmII PJM's Advanced Control Center Concepts
" Visualization with a focus on human factorsand role vs. function based displays
" The evolution of intelligent event processingand intelligent agents
" Improvements in control through advancedalgorithms, improved visualization, advancedlook ahead, modeling of heuristics.
" Synchronized control centers for rapidrecovery
8
COMPUTING SUBSYSTEMS(Safety and Reliability Challenges)
July 18, 2007
Homayoon Dezfuli, Ph.D.,Manager, System Safety
Office of Safety. and Mission AssuranceNASA Headquarters
Role of Computing Subsystems -I
Perform safety-critical and mission-criticalfunctions- Power management- Telemetry
Data and information handlingCommunicationHardware'automation and control
* Have contributed to several spacecraftaccidents- Software data specification errors- Software design specification errors
2
'd
What is NASA Doing? U
* Improving system engineering (SE)processes to better handlehardware/software, software/human andsoftware/software interfaces and designtrade studies
" Improving software assurance processes
" Exploring the applicability of riskassessment techniques to risk-inform the SEand software assurance processes
3
01
Challenges for Risk-informingSoftware Safety
" Need: Ability to predict (or bound) with agiven level of. confidence the likelihood ofmission failure due to latent softwaredefects to support
- Risk management decisions (e.g., designing SWtesting regimes for risk significantconfigurations)Risk acceptability decisions (e.g., showing that aprobabilistic safety criterion is being met)
" Based on results to-date, it appears that acombination of techniques is needed tosatisfy this need
4
.• I . I
Exploratory Ideas
Risk management decisions- Application of scenario-based accident modeling
techniques to identify system-critical configurations, flightmode changes, and flight transients
- Risk-informed testing regimes
* Risk acceptability decisions- Assignment of initial reliability levels (ranges) based on
* attributes such as design complexity, and SW quality V&Vprocess considerations (risk classification of softwareelements)
- Adjustment of reliability levels based on V&V and risk-informed test process findings (updating of initial reliabilitylevels)
* Continue focused research- Beneficial to work with NRC
15
UNITED STATES NUCLEAR REGULATORY COMMISSION
Protecting People and the Environment
Briefing on Digital Instrumentationand Controls
Update on New ReactorsUpdate on Digital Research Platform
July 18, 2007Luis Reyes
Executive Director for Operations
Acronyms
ABWRACRSAPWRBWRCOLD3DCDOEEISEPREPREPUESPESBWRFPGAFPLFYGDCI&CINPOITLLTF
Advanced Boiling Water ReactorAdvisory Committee on Reactor SafeguardsAdvanced Pressurized Water ReactorBoiling Water ReactorCombined LicenseDiversity and Defense-in-DepthDesign CertificationDepartment of EnergyEnvironmental Impact StatementEvolutionary Power ReactorEvolutionary Power ReactorExtended Power UprateEarly Site PermitEconomic Simplified Boiling Water ReactorField-Programmable Gate ArrayFlorida Power & Light CompanyFiscal YearGeneral Design CriteriaInstrumentation and ControlInstitute for Nuclear Power OperationsInformation TechnologyLessons Learned Task Force
NFPANMSSNRCNRONRRNSIRNUREGOGCPRAPWRRAIRESRGRISSRMSRPSWPTVATXUSERSGITWG
National Fire Protection AssociationOffice of Nuclear Material Safety and SafeguardsNuclear Regulatory CommissionOffice of New ReactorsOffice of Nuclear Reactor RegulationOffice of Nuclear Security and Incident Responsetechnical report (Nuclear Regulatory Commission)Office of General CounselProbabilistic Risk AssessmentPressurized Water ReactorRequest for Additional InformationOffice of Nuclear Regulatory ResearchRegulatory GuideRegulatory Issue SummaryStaff Requirements MemorandumStandard Review PlanStrategic Workforce PlanningTennessee Valley AuthorityTexas Utilities Energy CorporationSafety Evaluation ReportSafeguards InformationTask Working Group
2
Agenda
IntroductionReadiness for New Reactors
Digital I&C Research Platform
Digital I&C Steering Committee
Diversity and Defense-in-Depth
Highly-Integrated Control Room
Digital Risk Assessment
L. Reyes
W. BorchardtR. CroteauJ. GrobeM. MayfieldM. CunninghamM. Cunningham
3
~U.S.NRCUNITED STATES NUCLEAR REGULATORY COMMISSION
Protecting People and the Environment
Readiness for NewReactors
William BorchardtOffice of New Reactors
New Reactor Licensing ApplicationsAn estimated schedule by Fiscal Year
U Y I I I I
2005 12006 2007 2008 12009 2010 1 2011 2012 12013 12014 IU 4
APIOOO Fqrogram R~view- U I -,
I w I
LU~arb~>Dei-n I Prnrjrpq-,; Fnprnv - H:;rricz INM
FI 'Fer-~
* Schedules depicted forfuture activities representnominal assumed reviewdurations based on submittaltime frames in letters of intentfrom prospective applicants.Actual schedules will bedetermined when applicationsare docketed.
~EU , W~k....LL~.g.LiLi~ -
S.-
I Hearina>I + - 4,.I--.
ESBWR Rrogram R~viewI-
.U
iiI~Ir
ndGUý2SP~ HeaijIH-earibd:-
-n-I H~~rinnI Hearinuj
Legend:
OM .r - .
Hearin ost SEREISHearing (other hear ng activitiesoccur during ESPIC )L safetyande vironmental eviews)
III
EPR Program Revi w F
- ~ .. -
Hear[oq,ý*,'>
rJea
HeaEl! r7---- I-.-
4 4 4- 4-I t"I
IABWR Poogram Reiew UI LLLW- II
4 I 1- 4 4 .- 1-I
USAPWF Program Review
I I
U nspeci~ied M H~a~Hearia I 625/0
7FHearing 6/25/07
New Reactor Infrastructure
e Approved Rulemakings: Part 52and Limited Work Authorizations
* Finalized Regulatory Guide 1.206"Combined License Applicationsfor Nuclear Power Plants"
6
New Reactor Infrastructure
* Completed final wave of stafftransfers from NRR
• Populating Licensing ProgramPlan
* Developed Combined Licenseapplication acceptance reviewguidance
7
Pre-application Activities
" Pre-Combined License interactionsand site visits, and applicationreadiness assessment visits
" Public outreach* Design Centered Working Group
meetings* International interactions" Orders imposing safeguards
information protection requirements
8
US.N NRCUNITED STATES NUCLEAR REGULATORY COMMISSION
Protecting People and the Environment
Research Platform
Rick CroteauOffice of Nuclear Regulatory Research
Test Facility
" Develop a defined set of concepts- Input from interested stakeholders
Investigating other similar facilities" Conduct a public workshop
- September 6 & 7 - technical issues- September 11 - non-technical issues
i Prepare Commission paper- Results of workshop- Recommendations on path forward
10.
UNITED STATES NUCLEAR REGULATORY COMMISSION
Protecting People and the Environment
Digital Instrumentationand Controls Steering
Committee
Jack GrobeOffice of Nuclear Reactor Regulation
Background
• November 8, 2006, Commissionbriefing
* December 6, 2006, StaffRequirements Memorandum
• January 12, 2007, memorandumestablished the Digital I&CSteering Committee
12
Key Challenges
* Assuring predictability throughrefined Regulatory Guidance
* Anticipating future needs
- Evolving technology
- Industry priorities
* Improving stakeholder interactions
* Expanding domestic andinternational interactions
13
Digital l&CFuture Workload
* Operating reactor modifications" Design Certification* Combined License" Fuel-cycle facilities
14
Steering Committee
[NRC Line Organizations
4" - " Industry Contacts
rnteractiort with NRC Line Organtzations
Public Interaction with Industry Contacts
15
Structure of Project Plan
" Defined problem statements undereach Task Working Group( Developrn Interim. Staff Guidance.(near-'term)
" Interactive effort with industry* Revise Regulatory Guides and
industry standards (long-term)
16
Stakeholder Interactions
• Conducted 30ipublic meetings withthe industry since November 2006-5 Public Steering Committee
meetings-25 Public Task Working Group
meetings* ACRS interactions* Expanded domestic and
international interactions
17
~U.S.NRCi UNITED STDATES NUCLEAR REGULATORY COMMISSION
Protecting People and the Environment
Diversity andDefense-i'n-Depth
Michael MayfieldOffice of New Reactors
Diversity and Defense-in-Depth
• Common-cause failures arecredible
* Current guidance has beensuccessfully used
* Staff is working to improveexisting guidance
19
Diversity and Defense-in-Depth
* Seven key issues being addressed:- Adequate diversity- Operator action- Component vs. system level
actuation- Effects of common-cause failures-Common cause failure applicability- Echelons of defense- Single failure
20
Diversity and Defense-in-Depth
* Development of Interim StaffGuidance is well underway-Acceptable diversity and
defense-in-depth criteria-Criteria on remaining issues
under internal review
21
Diversity and Defense-in-Depth
• Path forward
- Issuance of Interim StaffGuidance
-Continued interaction withindustry
-Update Regulatory Guides andStandard Review Plan
22
S~U.S.NRC.UNITED STATES NUCLEAR REGULATORY COMMISSION
Protecting People and the Environment
Highly Integrated ControlRoom -- Com unications and
Risk Assessment
Mark CunninghamOffice of Nuclear Reactor Regulation
Highly-Integrated ControlRoom Communications
" Communications issues- Between safety divisions- Between safety, and nonsafety
equipment" Staff is working to improve
guidance
24
Highly-Integrated ControlRoom--Communications
• Four key technical areas
- Inter-divisional communications
- Command prioritization
- Multi-divisional control/displaystations
- Network configuration
25
Highly-Integrated ControlRoom--,Co mmunications
• Improved guidance on schedule
- Inter-divisional communications
- Command prioritization
26
Highly-Integrated ControlRoo m--Commun ications
* Continuing interactions- Multi-divisional workstations
* Non-safety workstations forsafety indication and control
- Network configuration
27
Highly-Integrated ControlRoom--Communications
• Path forward
-Issuance of Interim StaffGuidance
-Continued public interaction withindustry
-Update Regulatory Guides andStandard Review Plan
28
Digital Risk Assessment
* Expanding Use
-Risk insights in designcertifications
- Risk-informing regulatorypractices
* Staff is working to developguidance
29
Digital Risk Assessment
* Risk insights- Information sources
* Industry white papers*NRC research* Operating experience
* Path forward-'Continued public interactions
with industry- Develop Interim Staff Guidance
30
Digital Risk Assessment
* Risk-informing regulatorypractices
- State of technology
-Path Forward
- Continued public interactionswith industry
- Develop guidance
31
Summary
* Steering committee is fueffectively
* Project plan is in place" Interim Staff Guidance is
developed" Stakeholder interactions" Strong industry support" Staff is on'schedule to c
near-term deliverables
nctioning
being
)mplete
32
Recommended