TY - GEN
T1 - NRC technical basis for evaluation of its position on protection against common cause failure in digital systems used in nuclear power plants
AU - Arndt, Steven A.
AU - Alvarado, Rossnyev
AU - Dittman, Bernard
AU - Mott, Kenneth
AU - Wood, Richard
N1 - Publisher Copyright:
Copyright © (2017) by American Nuclear Society. All rights reserved.
PY - 2017
Y1 - 2017
N2 - Digital technology has advantages over analog systems, including automated monitoring and alerts for standby safety functions, and predictive algorithms to maintain critical safety systems. Additionally, digital technology generally has higher reliability and can be designed to reduce single point vulnerabilities. For these reasons many nuclear plants have applied digital technology to safety and non-safety related applications, including reactor protection system, feedwater and turbine controls, etc. with a corresponding significant improvement in trip reduction. Nonetheless, digital instrumentation and control (I&C) systems also present potential new vulnerabilities that need to be assessed, including potential failures due to increased complexity of digital systems, the introduction of unique failure modes due to software (including software common cause failure (CCF)), and limited operating history of digital systems in nuclear safety related applications compared to analog systems. The fact that software is intangible means that common methods, such as analysis or testing, used for detecting CCF may not be effective when applied to software. Consequently, digital technology is perceived to pose a potential risk from the introduction of undetected systematic faults that could result in CCF. Despite the I&C system upgrades and modifications performed to date, the U.S. Nuclear Regulatory Commission (NRC) and industry stakeholders have identified the need to modernize the regulatory infrastructure to efficiently address risks associated with the use of digital technology for nuclear safety applications and address regulatory uncertainties. The NRC’s current position on CCF is guided by the staff requirements memorandum (SRM) on SECY 93-087. The SRM provides specific acceptance criteria for the evaluation of CCF, which the staff implemented in the Branch Technical Position (BTP) 7-19. However, industry stakeholders have proposed using methods to characterize the likelihood of software CCF and eliminate it from further consideration in a defense-in-depth and diversity analysis. The NRC’s current position does not consider these alternatives, and thus corresponding acceptance criteria is not currently available. The work discussed in this paper assesses the underlying technical basis associated with CCF, provides technical support for updating the NRC position and considers proposed methods for addressing potential CCF in digital systems while enhancing efficiency, clarity, and confidence.
AB - Digital technology has advantages over analog systems, including automated monitoring and alerts for standby safety functions, and predictive algorithms to maintain critical safety systems. Additionally, digital technology generally has higher reliability and can be designed to reduce single point vulnerabilities. For these reasons many nuclear plants have applied digital technology to safety and non-safety related applications, including reactor protection system, feedwater and turbine controls, etc. with a corresponding significant improvement in trip reduction. Nonetheless, digital instrumentation and control (I&C) systems also present potential new vulnerabilities that need to be assessed, including potential failures due to increased complexity of digital systems, the introduction of unique failure modes due to software (including software common cause failure (CCF)), and limited operating history of digital systems in nuclear safety related applications compared to analog systems. The fact that software is intangible means that common methods, such as analysis or testing, used for detecting CCF may not be effective when applied to software. Consequently, digital technology is perceived to pose a potential risk from the introduction of undetected systematic faults that could result in CCF. Despite the I&C system upgrades and modifications performed to date, the U.S. Nuclear Regulatory Commission (NRC) and industry stakeholders have identified the need to modernize the regulatory infrastructure to efficiently address risks associated with the use of digital technology for nuclear safety applications and address regulatory uncertainties. The NRC’s current position on CCF is guided by the staff requirements memorandum (SRM) on SECY 93-087. The SRM provides specific acceptance criteria for the evaluation of CCF, which the staff implemented in the Branch Technical Position (BTP) 7-19. However, industry stakeholders have proposed using methods to characterize the likelihood of software CCF and eliminate it from further consideration in a defense-in-depth and diversity analysis. The NRC’s current position does not consider these alternatives, and thus corresponding acceptance criteria is not currently available. The work discussed in this paper assesses the underlying technical basis associated with CCF, provides technical support for updating the NRC position and considers proposed methods for addressing potential CCF in digital systems while enhancing efficiency, clarity, and confidence.
KW - Common cause failure
KW - Control system
KW - Defense-in-depth
KW - Digital technology
KW - Diversity
KW - Instrumentation
KW - Software
UR - http://www.scopus.com/inward/record.url?scp=85047823681&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85047823681
T3 - 10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017
SP - 2031
EP - 2045
BT - 10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017
PB - American Nuclear Society
T2 - 10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, NPIC and HMIT 2017
Y2 - 11 June 2017 through 15 June 2017
ER -