skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Diversity Strategies for Nuclear Power Plant Instrumentation and Control Systems

Abstract

This report presents the technical basis for establishing acceptable mitigating strategies that resolve diversity and defense-in-depth (D3) assessment findings and conform to U.S. Nuclear Regulatory Commission (NRC) requirements. The research approach employed to establish appropriate diversity strategies involves investigation of available documentation on D3 methods and experience from nuclear power and nonnuclear industries, capture of expert knowledge and lessons learned, determination of best practices, and assessment of the nature of common-cause failures (CCFs) and compensating diversity attributes. The research described in this report does not provide guidance on how to determine the need for diversity in a safety system to mitigate the consequences of potential CCFs. Rather, the scope of this report provides guidance to the staff and nuclear industry after a licensee or applicant has performed a D3 assessment per NUREG/CR-6303 and determined that diversity in a safety system is needed for mitigating the consequences of potential CCFs identified in the evaluation of the safety system design features. Succinctly, the purpose of the research described in this report was to answer the question, 'If diversity is required in a safety system to mitigate the consequences of potential CCFs, how much diversity is enough?' The principal results of this researchmore » effort have identified and developed diversity strategies, which consist of combinations of diversity attributes and their associated criteria. Technology, which corresponds to design diversity, is chosen as the principal system characteristic by which diversity criteria are grouped to form strategies. The rationale for this classification framework involves consideration of the profound impact that technology-focused design diversity provides. Consequently, the diversity usage classification scheme involves three families of strategies: (1) different technologies, (2) different approaches within the same technology, and (3) different architectures within the same technology. Using this convention, the first diversity usage family, designated Strategy A, is characterized by fundamentally diverse technologies. Strategy A at the system or platform level is illustrated by the example of analog and digital implementations. The second diversity usage family, designated Strategy B, is achieved through the use of distinctly different technologies. Strategy B can be described in terms of different digital technologies, such as the distinct approaches represented by general-purpose microprocessors and field-programmable gate arrays. The third diversity usage family, designated Strategy C, involves the use of variations within a technology. An example of Strategy C involves different digital architectures within the same technology, such as that provided by different microprocessors (e.g., Pentium and Power PC). The grouping of diversity criteria combinations according to Strategies A, B, and C establishes baseline diversity usage and facilitates a systematic organization of strategic approaches for coping with CCF vulnerabilities. Effectively, these baseline sets of diversity criteria constitute appropriate CCF mitigating strategies for digital safety systems. The strategies represent guidance on acceptable diversity usage and can be applied directly to ensure that CCF vulnerabilities identified through a D3 assessment have been adequately resolved. Additionally, a framework has been generated for capturing practices regarding diversity usage and a tool has been developed for the systematic assessment of the comparative effect of proposed diversity strategies (see Appendix A).« less

Authors:
 [1];  [1];  [1];  [1];  [1];  [1];  [1];  [1];  [1];  [1];  [1];  [1];  [2]
  1. ORNL
  2. U.S. Nuclear Regulatory Commission
Publication Date:
Research Org.:
Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
Sponsoring Org.:
Work for Others (WFO)
OSTI Identifier:
1000417
Report Number(s):
ORNL/TM-2009/302
401001060; NUREG/CR-7007; TRN: US1100208
DOE Contract Number:  
DE-AC05-00OR22725
Resource Type:
Technical Report
Country of Publication:
United States
Language:
English
Subject:
21 SPECIFIC NUCLEAR REACTORS AND ASSOCIATED PLANTS; CLASSIFICATION; CONTROL SYSTEMS; DESIGN; DOCUMENTATION; EVALUATION; MICROPROCESSORS; NUCLEAR INDUSTRY; NUCLEAR POWER; NUCLEAR POWER PLANTS; SAFETY

Citation Formats

Wood, Richard Thomas, Belles, Randy, Cetiner, Mustafa Sacit, Holcomb, David Eugene, Korsah, Kofi, Loebl, Andy, Mays, Gary T, Muhlheim, Michael David, Mullens, James Allen, Poore, III, Willis P, Qualls, A L, Wilson, Thomas L, and Waterman, Michael E. Diversity Strategies for Nuclear Power Plant Instrumentation and Control Systems. United States: N. p., 2010. Web. doi:10.2172/1000417.
Wood, Richard Thomas, Belles, Randy, Cetiner, Mustafa Sacit, Holcomb, David Eugene, Korsah, Kofi, Loebl, Andy, Mays, Gary T, Muhlheim, Michael David, Mullens, James Allen, Poore, III, Willis P, Qualls, A L, Wilson, Thomas L, & Waterman, Michael E. Diversity Strategies for Nuclear Power Plant Instrumentation and Control Systems. United States. https://doi.org/10.2172/1000417
Wood, Richard Thomas, Belles, Randy, Cetiner, Mustafa Sacit, Holcomb, David Eugene, Korsah, Kofi, Loebl, Andy, Mays, Gary T, Muhlheim, Michael David, Mullens, James Allen, Poore, III, Willis P, Qualls, A L, Wilson, Thomas L, and Waterman, Michael E. 2010. "Diversity Strategies for Nuclear Power Plant Instrumentation and Control Systems". United States. https://doi.org/10.2172/1000417. https://www.osti.gov/servlets/purl/1000417.
@article{osti_1000417,
title = {Diversity Strategies for Nuclear Power Plant Instrumentation and Control Systems},
author = {Wood, Richard Thomas and Belles, Randy and Cetiner, Mustafa Sacit and Holcomb, David Eugene and Korsah, Kofi and Loebl, Andy and Mays, Gary T and Muhlheim, Michael David and Mullens, James Allen and Poore, III, Willis P and Qualls, A L and Wilson, Thomas L and Waterman, Michael E.},
abstractNote = {This report presents the technical basis for establishing acceptable mitigating strategies that resolve diversity and defense-in-depth (D3) assessment findings and conform to U.S. Nuclear Regulatory Commission (NRC) requirements. The research approach employed to establish appropriate diversity strategies involves investigation of available documentation on D3 methods and experience from nuclear power and nonnuclear industries, capture of expert knowledge and lessons learned, determination of best practices, and assessment of the nature of common-cause failures (CCFs) and compensating diversity attributes. The research described in this report does not provide guidance on how to determine the need for diversity in a safety system to mitigate the consequences of potential CCFs. Rather, the scope of this report provides guidance to the staff and nuclear industry after a licensee or applicant has performed a D3 assessment per NUREG/CR-6303 and determined that diversity in a safety system is needed for mitigating the consequences of potential CCFs identified in the evaluation of the safety system design features. Succinctly, the purpose of the research described in this report was to answer the question, 'If diversity is required in a safety system to mitigate the consequences of potential CCFs, how much diversity is enough?' The principal results of this research effort have identified and developed diversity strategies, which consist of combinations of diversity attributes and their associated criteria. Technology, which corresponds to design diversity, is chosen as the principal system characteristic by which diversity criteria are grouped to form strategies. The rationale for this classification framework involves consideration of the profound impact that technology-focused design diversity provides. Consequently, the diversity usage classification scheme involves three families of strategies: (1) different technologies, (2) different approaches within the same technology, and (3) different architectures within the same technology. Using this convention, the first diversity usage family, designated Strategy A, is characterized by fundamentally diverse technologies. Strategy A at the system or platform level is illustrated by the example of analog and digital implementations. The second diversity usage family, designated Strategy B, is achieved through the use of distinctly different technologies. Strategy B can be described in terms of different digital technologies, such as the distinct approaches represented by general-purpose microprocessors and field-programmable gate arrays. The third diversity usage family, designated Strategy C, involves the use of variations within a technology. An example of Strategy C involves different digital architectures within the same technology, such as that provided by different microprocessors (e.g., Pentium and Power PC). The grouping of diversity criteria combinations according to Strategies A, B, and C establishes baseline diversity usage and facilitates a systematic organization of strategic approaches for coping with CCF vulnerabilities. Effectively, these baseline sets of diversity criteria constitute appropriate CCF mitigating strategies for digital safety systems. The strategies represent guidance on acceptable diversity usage and can be applied directly to ensure that CCF vulnerabilities identified through a D3 assessment have been adequately resolved. Additionally, a framework has been generated for capturing practices regarding diversity usage and a tool has been developed for the systematic assessment of the comparative effect of proposed diversity strategies (see Appendix A).},
doi = {10.2172/1000417},
url = {https://www.osti.gov/biblio/1000417}, journal = {},
number = ,
volume = ,
place = {United States},
year = {Mon Feb 01 00:00:00 EST 2010},
month = {Mon Feb 01 00:00:00 EST 2010}
}