NRC technical basis for evaluation of its position on protection against common cause failure in digital systems used in nuclear power plants - 378
- U.S. Nuclear Regulatory Commission, Washington, D.C. 20555 (United States)
- Department of Nuclear Engineering, University of Tennessee Knoxville, TN 37996 (United States)
Digital technology has advantages over analog systems, including automated monitoring and alerts for standby safety functions, and predictive algorithms to maintain critical safety systems. Additionally, digital technology generally has higher reliability and can be designed to reduce single point vulnerabilities. For these reasons many nuclear plants have applied digital technology to safety and non-safety related applications, including reactor protection system, feedwater and turbine controls, etc. with a corresponding significant improvement in trip reduction. Nonetheless, digital instrumentation and control (I and C) systems also present potential new vulnerabilities that need to be assessed, including potential failures due to increased complexity of digital systems, the introduction of unique failure modes due to software (including software common cause failure (CCF)), and limited operating history of digital systems in nuclear safety related applications compared to analog systems. The fact that software is intangible means that common methods, such as analysis or testing, used for detecting CCF may not be effective when applied to software. Consequently, digital technology is perceived to pose a potential risk from the introduction of undetected systematic faults that could result in CCF. Despite the I and C system upgrades and modifications performed to date, the U.S. Nuclear Regulatory Commission (NRC) and industry stakeholders have identified the need to modernize the regulatory infrastructure to efficiently address risks associated with the use of digital technology for nuclear safety applications and address regulatory uncertainties. The NRC's current position on CCF is guided by the staff requirements memorandum (SRM) on SECY 93-087. The SRM provides specific acceptance criteria for the evaluation of CCF, which the staff implemented in the Branch Technical Position (BTP) 7-19. However, industry stakeholders have proposed using methods to characterize the likelihood of software CCF and eliminate it from further consideration in a defense-in-depth and diversity analysis. The NRC's current position does not consider these alternatives, and thus corresponding acceptance criteria is not currently available. The work discussed in this paper assesses the underlying technical basis associated with CCF, provides technical support for updating the NRC position and considers proposed methods for addressing potential CCF in digital systems while enhancing efficiency, clarity, and confidence. (authors)
- Research Organization:
- American Nuclear Society - ANS, 555 North Kensington Avenue, La Grange Park, IL 60526 (United States)
- OSTI ID:
- 23035463
- Resource Relation:
- Conference: NPIC and HIMIT 2017: 10. International Conference on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies, San Francisco, CA (United States), 11-15 Jun 2017; Other Information: Country of input: France; 27 refs.; available from American Nuclear Society - ANS, 555 North Kensington Avenue, La Grange Park, IL 60526 (US)
- Country of Publication:
- United States
- Language:
- English
Similar Records
A Qualitative Assessment of Current CCF Guidance Based on a Review of Safety System Digital Implementation Changes with Evolving Technology
Comparative Assessment of Experimental Testing of Instrument with an Embedded Digital Device Using Model-Based and Conventional Methods
Related Subjects
22 GENERAL STUDIES OF NUCLEAR REACTORS
ALGORITHMS
ANALOG SYSTEMS
CALIBRATION STANDARDS
COMPUTER CODES
DIGITAL SYSTEMS
FEEDWATER
NUCLEAR POWER PLANTS
RADIATION PROTECTION
REACTOR CONTROL SYSTEMS
REACTOR PROTECTION SYSTEMS
REACTOR SAFETY
RELIABILITY
TESTING
TURBINES