TY - GEN
T1 - Modernizing approches to address common cause failure in digital instrumentation and control systems
AU - Alvarado, Rossnyev
AU - Arndt, Steven A.
N1 - Publisher Copyright:
© 2018 Westinghouse Electric Company LLC All Rights Reserved
PY - 2019
Y1 - 2019
N2 - As microprocessor-based safety systems were first introduced in nuclear power plants in the US in the 1980s, the U.S. Nuclear Regulatory Commission (NRC) recognized that digital instrumentation and control (DI&C) can provide advantages in reliability and functionality, but that it also creates the potential for a new vulnerability to a common cause failures (CCFs) among systems in which functions are performed by identical software executed in identical hardware. Specifically, the staff recognized that a latent, systemic fault in design or implementation of software could result in the concurrent failure of essential safety or compensating systems. The potential for pervasive and latent systemic faults resulting in a CCF could be more significant for DI&C systems because of increased resource sharing and the potential for unspecified interactions or unanalyzed conditions. In SECY-93-087, “Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advanced Light-Water Reactor (ALWR) Designs,” dated April 2, 1993 [1], the NRC staff identified policy, technical, and licensing issues pertaining to evolutionary and advanced light water reactor designs, one of which was defense against CCF in DI&C systems. The staff presented position recommendations for addressing the potential for CCFs in DI&C safety systems. In the Staff Requirements Memorandum (SRM) to SECY SECY-93-087 [2], the Commission approved, in part, and disapproved, in part, the staff's recommendation. The NRC staff implemented the Commission direction into staff guidance for the review of digital I&C systems in a Branch Technical Position (BTP) 7-19, “Guidance for Evaluation of Defense-in-Depth and Diversity in Digital Computer-Based Instrumentation and Control Systems,” [3] in the Standard Review Plan used for new digital systems for new reactors and operating reactors. In the SRM to SECY 16-0070 [4], “Integrated Strategy to Modernize the Nuclear Regulatory Commission's Digital Instrumentation and Control Regulatory Infrastructure”, dated October 25, 2016, the Commission approved implementation of the staff's integrated action plan (IAP) to modernize the NRC's digital instrumentation and control regulatory infrastructure. As part the work outlined in the IAP NRC staff has reviewed the current NRC position on defense against CCF in digital I&C systems. This paper outlines the high level principles the staff will be using to update the CCF guidance based on current Commission direction.
AB - As microprocessor-based safety systems were first introduced in nuclear power plants in the US in the 1980s, the U.S. Nuclear Regulatory Commission (NRC) recognized that digital instrumentation and control (DI&C) can provide advantages in reliability and functionality, but that it also creates the potential for a new vulnerability to a common cause failures (CCFs) among systems in which functions are performed by identical software executed in identical hardware. Specifically, the staff recognized that a latent, systemic fault in design or implementation of software could result in the concurrent failure of essential safety or compensating systems. The potential for pervasive and latent systemic faults resulting in a CCF could be more significant for DI&C systems because of increased resource sharing and the potential for unspecified interactions or unanalyzed conditions. In SECY-93-087, “Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advanced Light-Water Reactor (ALWR) Designs,” dated April 2, 1993 [1], the NRC staff identified policy, technical, and licensing issues pertaining to evolutionary and advanced light water reactor designs, one of which was defense against CCF in DI&C systems. The staff presented position recommendations for addressing the potential for CCFs in DI&C safety systems. In the Staff Requirements Memorandum (SRM) to SECY SECY-93-087 [2], the Commission approved, in part, and disapproved, in part, the staff's recommendation. The NRC staff implemented the Commission direction into staff guidance for the review of digital I&C systems in a Branch Technical Position (BTP) 7-19, “Guidance for Evaluation of Defense-in-Depth and Diversity in Digital Computer-Based Instrumentation and Control Systems,” [3] in the Standard Review Plan used for new digital systems for new reactors and operating reactors. In the SRM to SECY 16-0070 [4], “Integrated Strategy to Modernize the Nuclear Regulatory Commission's Digital Instrumentation and Control Regulatory Infrastructure”, dated October 25, 2016, the Commission approved implementation of the staff's integrated action plan (IAP) to modernize the NRC's digital instrumentation and control regulatory infrastructure. As part the work outlined in the IAP NRC staff has reviewed the current NRC position on defense against CCF in digital I&C systems. This paper outlines the high level principles the staff will be using to update the CCF guidance based on current Commission direction.
KW - Common cause failure
KW - Defense-in-depth
KW - Digital technology
KW - Diversity
KW - Instrumentation and control system
KW - Software
UR - http://www.scopus.com/inward/record.url?scp=85070969505&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85070969505
T3 - 11th Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2019
SP - 983
EP - 992
BT - 11th Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2019
PB - American Nuclear Society
T2 - 11th Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2019
Y2 - 9 February 2019 through 14 February 2019
ER -