Digital Instrumentation and Control December 17, 2015
Speakers Speakers • Victor McCree, Executive Director for Operations, NRC • John Lubinski, Acting Deputy Office Director for Engineering, NRR • Richard Stattel, Senior Electronics Engineer, NRR • John Tappert, Director of Division of Engineering, NRO • Deanna Zhang, Senior Electronics Engineer, NRO 2
Agenda Agenda • Background of Digital I&C and Lessons Learned • Incorporation by Reference of IEEE 603-2009 • Other Key Regulatory Initiatives 3
Background Background — Why is Digital Why is Digital Technology Unique? Technology Unique? • Different principles of operation • Different hazards for digital vs. analog • Communications independence challenges • Increased potential for latent errors 4
Early Actions Taken Early Actions Taken to Address Digital to Address Digital • Development of guidance to address unique aspects of digital – Regulatory guides on digital I&C system development – Standard review plan revision 5
Formation of the Digital I&C Formation of the Digital I&C Steering Committee Steering Committee • Task working groups initiated to address digital I&C licensing process • Issuance of digital I&C interim staff guidance 6
What We Learned What We Learned — Operating Reactors Operating Reactors • Digital I&C licensing processes can be improved – Early communications and identification of required documentation works well – Graded review approach needs to be improved 7
What We Learned What We Learned — New New Reactors Reactors • Utilize highly integrated digital I&C systems • Challenged in providing sufficient design information and analysis to demonstrate safety with initial designs • Addressing requirements at architectural level was effective 8
What We Learned What We Learned — Other Key Issues Other Key Issues • Current I&C requirements should be updated to address digital • Ambiguities in 10 CFR 50.59 guidance need to be revised • Diversity and defense-in-depth criteria need to be re-evaluated 9
The Role of IEEE 603 The Role of IEEE 603 • Criteria for I&C safety systems – Tech Technolog nology y neu neutral tral – Perfor Performa manc nce base based • Incorporated into regulation – Inco Incorp rpor orate ted by by refe referen ence ce – Gene General ral Design Design Crite Criteria ria 10
What Changed in the What Changed in the Standard Standard • New version of the standard adds: – Guidance for digital technology – Annex on electromagnetic compatibility – Guidance for connected equipment – Communication independence criteria 11
Applicability of Applicability of New New Standard Standard • Cond Conditions for itions for a applicability o pplicability of th f the e new new and and prev previously iously incorp incorporat orated ed version versions – New plant designs required to comply with IEEE 603-2009 – Impacts operating plants and existing design certifications if changes meet threshold 12
System Integrit System Integrity • Amplify “System Integrity” requ requirement irements • Cond Condition ition adde added: d: – In order to assure the integrity and reliable operation of safety systems, safety functions shall be designed to operate in a predictable and repeatable manner. 13
Examp Example le Reac Reactor tor Prote Protectio ction n Syste System Plant Process Inputs Non Safety Related Systems Safety Safety Safety Safety Division Division Division Division (A) (B) (D) (C) Coincidence Voting Processor Coincidence Voting Processor (Two of Four) (Two of Four) Actuation Components (Reactor Trip Breakers / ESF) 14
Independe Independence nce • Amplify “Independence” requ requirement irements – Between redundant portions of safety systems – Between safety systems and other systems 15
Independe Independence (cont.) nce (cont.) • Amplify “Independence” requ requirement irements A. Manne A. Manner r of of processi processing ng data data B. Detec B. Detection tion an and d mitigation mitigation ca capa pabilities bilities 16
Independe Independence (cont.) nce (cont.) • Amplify “Independence” requ requirement irements C. For C. For curr current nt reac reacto tors, rs, Sign Signals als mus must s t sup uppo port rt safe safety ty or or pro provide vide a safety a safety ben benefit. efit. 17
Independe Independence (cont.) nce (cont.) • Amplify “Independence” requ requirement irements D. For D. For new new reac reacto tors rs, (1) (1) One One-way way — ha hardwa ware re en enforc forced (2) On (2) Only ly signals to signals to pe perfor rform m safety safety funct function ions s are are allowed allowed 18
Independe Independence (cont.) nce (cont.) • Amplify “Independence” requ requirement irements (3) (3) Signals to suppor Signals to support t diversity diversity and and au autom tomat atic ic an anticipa ticipatory ry rea reacto ctor r trip trip funct function ions (4) Proposed (4) Proposed alterna alternatives tives requ requireme irements ts 19
Potential Impact Potential Impact on on Operating Operating Plants Plants • Supp Supports orts use of n use of newer ewer version version of of IEEE IEEE 603 603 • Applican Applicants a ts already lready perform perform hazard hazard ana analysis lysis 20
Potential Impact Potential Impact on on New Reactors New Reactors • Commun Communication ication indepe independen ndence ce demon demonstrat strated ed at h at higher igher level level • Limit failure Limit failure modes modes and and unexpected unexpected behaviors behaviors associated associated with communications with communications 21
Stakeholder Stakeholder Engagement Engagement • NRC staff NRC staff part participated icipated in in IEEE IEEE 603 603-2009 2009 d develop evelopment ment • ACRS recomme ACRS recommended nded adding adding cond conditions itions • Indust Industry g ry gener enerally did n ally did not s ot suppo upport rt added conditi added conditions ons • NEI d NEI does not oes not supp support ort issuan issuance of ce of proposed rule proposed rule 22
Benefits of Proposed Rule Benefits of Proposed Rule • Facilitates use of IEEE 603-2009 – Updates for new technology – More effective EMC • Conditions provide improved consistency and predictability for licensing • Issuing the proposed rule will facilitate external stakeholder feedback 23
Key Regulatory Initiatives Key Regulatory Initiatives — Develop a DI&C Action Plan Develop a DI&C Action Plan • Address lessons learned and stakeholder feedback • Prioritize activities • Coordinate with industry initiatives 24
DI&C Action Plan DI&C Action Plan Software CCF Licensing 10 CFR 50.59 Cyber Review in Process Design Evaluate Develop options for Review/Comment Evaluate guidance based reviewing cyber- on NEI draft 50.59 assumptions in on lessons related design guidance SECY-93-087 learned information Identify impact on Evaluate options Interface with Draft SECY paper NRC for updating NRC industry to propose options policy/guidance policy stakeholders to Commission documents Revise appropriate Interface with documentation in Prepare technical Revise regulatory industry accordance with basis guidance stakeholders Commission direction Interface with Revise regulatory industry guidance stakeholders Prepare SECY paper 25
Enhance 10 CFR Enhance 10 CFR 50.59 Guidance 50.59 Guidance • Non-compliances identified when upgrades performed • Ensure updated guidance is adequate 26
How Software Common Cause How Software Common Cause Failure is Currently Failure is Currently Addressed Addressed • SRM-SECY-93-087 defines criteria for addressing software common cause failure – BTP 7-19: guidance for implementation – NUREG/CR-6303: guidance for performing diversity and defense-in- depth analysis 27
Improve Softwar Improve Software e Common Common Cause Failure Criteria Cause Failure Criteria • Evaluate existing policy on software common cause failure – Incorporate advances in digital technology – Prepare a technical basis paper and a SECY paper – Maintain interfaces with industry stakeholders throughout effort 28
Improve Licensing Proc Improve Licensing Process ess for for Digital I&C Systems Digital I&C Systems • Enhance licensing process in ISG-06 to include lessons from the pilot • Improve guidance for new reactor licensing processes 29
Review Cyber Security Design Review Cyber Security Design Features During Licensing Features During Licensing • Cyber security design not currently reviewed as part of licensing • Early consideration of cyber security in the design process is beneficial • SECY paper under development 30
Digital I&C Action Plan Digital I&C Action Plan • Additional activities: – Highly integrated systems – Regulatory infrastructure – Guidance for alternative evaluation – Consistency: licensing and inspections – Topical report process 31
Recommend
More recommend