Digital Instrumentation and Control December 17, 2015 Speakers - - PowerPoint PPT Presentation

Digital Instrumentation and Control

December 17, 2015

Speakers Speakers

• Victor McCree, Executive Director for

Operations, NRC

• John Lubinski, Acting Deputy Office Director

for Engineering, NRR

• Richard Stattel, Senior Electronics Engineer,

NRR

• John Tappert, Director of Division of

Engineering, NRO

• Deanna Zhang, Senior Electronics Engineer,

NRO

2

Agenda Agenda

• Background of Digital I&C and

Lessons Learned

• Incorporation by Reference of

IEEE 603-2009

• Other Key Regulatory Initiatives

3

Background Background—Why is Digital Why is Digital Technology Unique? Technology Unique?

• Different principles of operation
• Different hazards for digital vs.

analog

• Communications independence

challenges

• Increased potential for latent

errors

4

Early Actions Taken Early Actions Taken to Address Digital to Address Digital

• Development of guidance to

address unique aspects of digital

– Regulatory guides on digital I&C system development – Standard review plan revision

5

Formation of the Digital I&C Formation of the Digital I&C Steering Committee Steering Committee

• Task working groups initiated to

address digital I&C licensing process

• Issuance of digital I&C interim

staff guidance

6

What We Learned What We Learned— Operating Reactors Operating Reactors

• Digital I&C licensing processes

can be improved

– Early communications and identification of required documentation works well – Graded review approach needs to be improved

7

What We Learned What We Learned— New New Reactors Reactors

• Utilize highly integrated digital

I&C systems

• Challenged in providing sufficient

design information and analysis to demonstrate safety with initial designs

• Addressing requirements at

architectural level was effective

8

What We Learned What We Learned— Other Key Issues Other Key Issues

• Current I&C requirements should

be updated to address digital

• Ambiguities in 10 CFR 50.59

guidance need to be revised

• Diversity and defense-in-depth

criteria need to be re-evaluated

9

The Role of IEEE 603 The Role of IEEE 603

• Criteria for I&C safety systems

– Tech Technolog nology y neu neutral tral – Perfor Performa manc nce base based

• Incorporated into regulation

– Inco Incorp rpor

• rate

ted by by refe referen ence ce – Gene General ral Design Design Crite Criteria ria

10

What Changed in the What Changed in the Standard Standard

• New version of the standard adds:

– Guidance for digital technology – Annex on electromagnetic compatibility – Guidance for connected equipment – Communication independence criteria

11

Applicability of Applicability of New New Standard Standard

• Cond

Conditions for itions for a applicability o pplicability of th f the e new new and and prev previously iously incorp incorporat

• rated

ed version versions

– New plant designs required to comply with IEEE 603-2009 – Impacts operating plants and existing design certifications if changes meet threshold

12

System Integrit System Integrity

• Amplify “System Integrity”

requ requirement irements

• Cond

Condition ition adde added: d:

– In order to assure the integrity and reliable operation of safety systems, safety functions shall be designed to

• perate in a predictable and

repeatable manner.

13

Examp Example le Reac Reactor tor Prote Protectio ction n Syste System

14

Safety Division (A) Safety Division (B) Safety Division (C) Safety Division (D) Actuation Components (Reactor Trip Breakers / ESF)

Coincidence Voting Processor (Two of Four) Coincidence Voting Processor (Two of Four)

Plant Process Inputs Non Safety Related Systems

Independe Independence nce

• Amplify “Independence”

requ requirement irements

– Between redundant portions of safety systems – Between safety systems and other systems

15

Independe Independence (cont.) nce (cont.)

• Amplify “Independence”

requ requirement irements

• A. Manne
• A. Manner

r of

• f processi

processing ng data data

• B. Detec
• B. Detection

tion an and d mitigation mitigation ca capa pabilities bilities

16

Independe Independence (cont.) nce (cont.)

• Amplify “Independence”

requ requirement irements

• C. For
• C. For curr

current nt reac reacto tors, rs, Sign Signals als mus must s t sup uppo port rt safe safety ty or

• r pro

provide vide a safety a safety ben benefit. efit.

17

Independe Independence (cont.) nce (cont.)

• Amplify “Independence”

requ requirement irements

• D. For
• D. For new

new reac reacto tors rs, (1) (1) One One-way way—ha hardwa ware re en enforc forced (2) On (2) Only ly signals to signals to pe perfor rform m safety safety funct function ions s are are allowed allowed

18

Independe Independence (cont.) nce (cont.)

• Amplify “Independence”

requ requirement irements

(3) (3) Signals to suppor Signals to support t diversity diversity and and au autom tomat atic ic an anticipa ticipatory ry rea reacto ctor r trip trip funct function ions (4) (4) Proposed Proposed alterna alternatives tives requ requireme irements ts

19

Potential Impact Potential Impact on

• n

Operating Operating Plants Plants

• Supp

Supports

• rts use of n

use of newer ewer version version of

• f

IEEE IEEE 603 603

• Applican

Applicants a ts already lready perform perform hazard hazard ana analysis lysis

20

Potential Impact Potential Impact on

• n

New Reactors New Reactors

• Commun

Communication ication indepe independen ndence ce demon demonstrat strated ed at h at higher igher level level

• Limit failure

Limit failure modes modes and and unexpected unexpected behaviors behaviors associated associated with communications with communications

21

Stakeholder Stakeholder Engagement Engagement

• NRC staff

NRC staff part participated icipated in in IEEE IEEE 603 603-2009 2009 d develop evelopment ment

• ACRS recomme

ACRS recommended nded adding adding cond conditions itions

• Indust

Industry g ry gener enerally did n ally did not s

• t suppo

upport rt added conditi added conditions

• ns
• NEI d

NEI does not

• es not supp

support

• rt issuan

issuance of ce of proposed rule proposed rule

22

Benefits of Proposed Rule Benefits of Proposed Rule

• Facilitates use of IEEE 603-2009

– Updates for new technology – More effective EMC

• Conditions provide improved

consistency and predictability for licensing

• Issuing the proposed rule will

facilitate external stakeholder feedback

23

Key Regulatory Initiatives Key Regulatory Initiatives— Develop a DI&C Action Plan Develop a DI&C Action Plan

• Address lessons learned and

stakeholder feedback

• Prioritize activities
• Coordinate with industry

initiatives

24

Interface with industry stakeholders Interface with industry stakeholders

10 CFR 50.59

DI&C Action DI&C Action Plan Plan

Review/Comment

• n NEI draft 50.59

guidance Identify impact on NRC policy/guidance documents

Licensing Process

Evaluate guidance based

• n lessons

learned Revise regulatory guidance Interface with industry stakeholders Revise regulatory guidance

Software CCF

Evaluate assumptions in SECY-93-087 Evaluate options for updating NRC policy Prepare technical basis Prepare SECY paper

Cyber Review in Design

Develop options for reviewing cyber- related design information Draft SECY paper to propose options to Commission Revise appropriate documentation in accordance with Commission direction

25

Enhance 10 CFR Enhance 10 CFR 50.59 Guidance 50.59 Guidance

• Non-compliances identified when

upgrades performed

• Ensure updated guidance is

adequate

26

How Software Common Cause How Software Common Cause Failure is Currently Failure is Currently Addressed Addressed

• SRM-SECY-93-087 defines criteria

for addressing software common cause failure

– BTP 7-19: guidance for implementation – NUREG/CR-6303: guidance for performing diversity and defense-in- depth analysis

27

Improve Softwar Improve Software e Common Common Cause Failure Criteria Cause Failure Criteria

• Evaluate existing policy on

software common cause failure

– Incorporate advances in digital technology – Prepare a technical basis paper and a SECY paper – Maintain interfaces with industry stakeholders throughout effort

28

Improve Licensing Proc Improve Licensing Process ess for for Digital I&C Systems Digital I&C Systems

• Enhance licensing process in

ISG-06 to include lessons from the pilot

• Improve guidance for new reactor

licensing processes

29

Review Cyber Security Design Review Cyber Security Design Features During Licensing Features During Licensing

• Cyber security design not

currently reviewed as part of licensing

• Early consideration of cyber

security in the design process is beneficial

• SECY paper under development

30

Digital I&C Action Plan Digital I&C Action Plan

• Additional activities:

– Highly integrated systems – Regulatory infrastructure – Guidance for alternative evaluation – Consistency: licensing and inspections – Topical report process

31

Summary Summary

• Publish proposed rule to obtain

stakeholder feedback

• Ensure Digital I&C Action Plan

includes key regulatory initiatives

• Coordinate with industry digital

I&C working group

32

Acronyms Acronyms

ACRS – Advisory Committee on Reactor Safeguards BTP – Branch Technical Position CFR – Code of Federal Regulations DI&C – Digital Instrumentation and Control EMC – Electromagnetic Compatibility ESF – Engineered Safety Feature I&C – Instrumentation and Control IEEE – Institute of Electrical and Electronics Engineers ISG – Interim Staff Guidance NEI – Nuclear Energy Institute NRC – Nuclear Regulatory Commission NRO – Office of New Reactors NRR – Office of Nuclear Reactor Regulation NUREG – NRC technical report SECY paper – Commission Paper SRM – Staff Requirements Memorandum 33