Reliability Assessment of Safety-Critical Network Communication in a Digitalized Nuclear Power Plant
- Department of Nuclear and Quantum Engineering, KAIST, Yuseong-gu, Daejeon, 305-701 (Korea, Republic of)
In analog instrumentation and control (I and C) systems for nuclear power plants (NPPs), most connections are comprised of hardwired point-to-point types. Since they are based on analog technologies, they are fragile to noise and require analog-to-digital conversion time. Therefore, many NPPs have adopted communication network for the exchange of safety-critical data between programmable logic controllers (PLCs) in digital I and C systems to effectively accommodate a huge number of field controllers. However, the primary issue of digital network communication in a safety-critical system involves potential hazards, such as partial or total loss of communication between PLCs, which may result in a failure of safety critical signal generation when it is needed. Therefore, the probability that a safety-critical system in digitalized NPP becomes unsafe due to a network failure must be evaluated to quantify the risk of digital I and C system. In Korea, the Engineered Safety Feature-Component Control System (ESF-CCS) was developed as one of the digital safety-critical system in Advanced Power Reactor- 1400 (APR-1400). The function of a digital engineered safety feature (ESF) actuation system and field actuator controllers of conventional NPPs are performed by the ESF-CCS. In this system, safety-critical network, High Reliable- Safety Data Network (HR-SDN), was employed for the safety-critical data transmission from group controllers (GCs) to loop controllers (LCs). In this study, a framework for assessing the reliability of a HR-SDN network communication between GCs and LCs in the ESF-CCS in addition to a fault-tree model for ESF components considering network failure between GCs and LCs were developed to assess the plant risk effect of a newly developed digitalized ESF-CCS. Based on the case studies and cut set analysis, the risk effect of network failure on plant risk and the important risk contributors of network failure were quantitatively addressed. A framework for identifying the potential hazardous states of network communication in the ESFCCS was proposed. In addition, a fault-tree model for network communication failure was developed to estimate the risk effects of network failure between the GCs and LCs on ESF-CCS signal failure. The developed fault-tree model was then applied to several case studies. The fault-tree model of ESF-CCS signal failure for ESF components required for various mitigation actions regarding NPP DBAs was designed by considering the identified hazardous states of network failure that would result in a failure to provide input signals to the corresponding LC. As a sensitivity study, three case studies were performed based on the periodic test methods for hardware components in HR-SDN module and their test intervals in this study. The quantitative results for three case studies demonstrated that the probability of overall network communication failure, which was calculated as the sum of the failure probability associated with each failure cause, contributed up to 1.58% on the Small-LOCA CD frequency. The results also revealed the important basic events related to network failure in the case studies which included CCF of hardware and software in HR-SDN module. This study is expected to provide insight into the development of the fault-tree model for the network failure in digital I and C system and into the quantification of the risk effect of network failure for safety-critical data transmission in NPPs. As a further study, the risk effects of network failure in the ESF-CCS on the plant risk can be estimated in a more detailed manner by analyzing the failure modes and causes in a sub-component level and the fault detection coverage of the fault tolerance techniques for network failure implemented in ESF-CCS after the detailed configuration of ESF-CCS is decided. In terms of the failure of manual ESF actuation, the relationship among the human action failures must be investigated to consider multiple human error condition since ESF-CCS provides multiple manual actuation to assure the diversity of the system. Since the conventional HEP method cannot accommodate the multiple conditions in a fault tree, condition-based human reliability assessment (CBHRA) method or the dynamic human reliability modeling approach can be applied to include a complex relationship among the automated safety signal generation and the human operator's manual actuation, avoiding the optimistic estimation of HEP of the human action failure.
- OSTI ID:
- 22991958
- Journal Information:
- Transactions of the American Nuclear Society, Vol. 114, Issue 1; Conference: Annual Meeting of the American Nuclear Society, New Orleans, LA (United States), 12-16 Jun 2016; Other Information: Country of input: France; 13 refs.; Available from American Nuclear Society - ANS, 555 North Kensington Avenue, La Grange Park, IL 60526 United States; ISSN 0003-018X
- Country of Publication:
- United States
- Language:
- English
Similar Records
An Integrated Risk Assessment Process for Digital Instrumentation and Control Upgrades of Nuclear Power Plants
Failure Mechanism Traceability and Application in Human System Interface of Nuclear Power Plants using RESHA
Related Subjects
46 INSTRUMENTATION RELATED TO NUCLEAR SCIENCE AND TECHNOLOGY
COMPUTER CODES
CONTROL SYSTEMS
DATA TRANSMISSION
FAILURES
FAULT TREE ANALYSIS
HAZARDS
LOSS OF COOLANT
MITIGATION
NOISE
NUCLEAR POWER PLANTS
PROBABILITY
PWR TYPE REACTORS
SAFETY
SENSITIVITY ANALYSIS
SIMULATION