Creating Programs That Sustain Digital Applications
The nuclear industry has developed preventative maintenance programs and in-service inspection programs to support the continued operation of nuclear plants. In addition, the Institute for Nuclear Power Operations has created engineering program guidelines for 18 different areas. Some of these are setpoint control, fire protection, flow-accelerated corrosion, valves, heat exchangers, welding, and motors. Unfortunately, there is little definitive program guidance available to those responsible for nuclear plant digital control system upgrades. Lacking such guidance, the following are a few suggestions to help you bridge this digital information gap.
Software Development Programs. In the past, utilities have developed software without formal programs. IEEE Standard 7.4.3-2 described the various phases of software development for safety systems; however, it does not apply to systems that are not safety-related. This gap is a concern that needs to be addressed.
The nuclear power industry should look to the software industry in order to improve its software development process. The primary purpose of the nuclear power industry is to generate and market electricity in a safe and economical manner. In contrast, the primary purpose of software companies is to develop and market software. As such, the software industry has dedicated resources and funding for software development at a much higher level than the nuclear industry has. Because of the competitiveness of the software industry, however, it may be difficult to benchmark these type of companies. If benchmarking efforts are not effective, then another alternative is to hire people from the software industry.
No doubt, utilities would find it beneficial to develop more formal programs that provide guidance on writing specifications, requirements documents, and design description documents for both software and hardware. Also, organizations are beginning to see the need to integrate data from different control systems into their work processes, which means that data definition documents are being written. By using open protocols and defining data, companies are able to transfer information from one database to another database relatively easily.
Software Testing Programs. Traditionally, the design and licensing of nuclear plants have been very deterministic. Since the design was deterministic, the testing philosophy could also be very deterministic. Essentially, testing was very simple. If certain inputs are present, then a given outcome should be expected. With digital technology, the controllers can now handle more than one or two inputs. The possible combinations of inputs become hard to manage very quickly.
Therefore the testing philosophy has to change because of the complexity of the design. In the future, testing will have to be expanded beyond proving that two inputs will cause a specific output. Testing will have to prove that the processor can do 25 tasks at one time without any degradation in performance. Also, testing will have to look at degradation of functions if there is heavy network traffic.
Another issue with software testing is deciding how large to make the test platform or test bed. The test bed consists of processors, inputs, outputs, communication networks, and test equipment. In the past, test beds have been very small — perhaps only one processor along with a few inputs and outputs. This meant that personnel often could only test a portion of the code at one time. Now that applications are dependent upon much more robust networks, testing becomes more complex. To prevent a complete failure of an application due to a partial network failure, functions are partitioned across multiple processors. The test beds now have to be large enough to test the communications between multiple processors in order to test the partitioning portion of an application.
One possibility is for individual plants or utilities is to pool resources and develop a common test bed. This last option can result in a test bed with higher fidelity but at a reduced cost for companies. Therefore, each utility has to balance the cost of an enlarged test bed against the risk of a latent software flaw.
Software Quality Assurance Programs. A great deal of software at nuclear plants is outside the scope of the formal quality assurance plan for that plant. The reason is that most software is not safety-related. With the advent of safety-related digital controls, organizations have to revisit the issue of quality assurance for software.
There are other drivers for an expansion of the quality assurance program as it relates to software. As utilities increasingly use software to prove the design basis of a plant, or as an input to their operational decision-making, questions are being raised about the quality assurance levels of that software. Certain applications may have been developed for non-nuclear parts of a company but are now being used by nuclear organizations for licensing or for engineering justifications. Because this non-nuclear software was never formally verified and validated, the question becomes whether or not the results of this software should be accepted for use by nuclear power plants.
Another area where this is becoming an issue is the reactivity excursions caused by nonsafety-related equipment. In the past, many organizations have deemed software for nonsafety-related equipment to be a lower quality assurance level or possibly outside of the quality assurance program altogether.
Software Configuration Management Programs. How and where should organizations store backup copies of their software? The answers vary from embedding software in a document to storing disks in a document control safe. The same standard for software configuration management does not need to be implemented across the nuclear industry. However, each company needs to develop a standard way of handling, storing, and revising software.
Electromagnetic Interference and Radio Frequency Interference (EMI/RFI) Programs. Almost all of the U.S. nuclear operating fleet was designed and constructed prior to the issuance of the landmark EPRI Technical Report (TR-102323), Guidelines for Electromagnetic Interference Testing in Power Plants. Since that report, organizations have used these guidelines to assist them in qualifying equipment that is potentially susceptible to, or that could radiate, EMI/RFI. The strategy for plants has been to address qualification issues as they happen.
Now a shift is beginning to occur in the nuclear industry. As more and more digital equipment is added to plants, the need for a comprehensive strategy is more apparent. This includes the use of a spectrum or frequency management program for EMI/RFI. The program would review each room or area of the plant to determine which frequencies are used. When any anomalies are documented in a test report, they can be compared with the known frequencies for that room to determine if there is a problem or not. The result is a simpler and faster qualification process for new pieces of equipment. The use of a comprehensive strategy also makes it easier for companies to justify large communication modifications such as a replacement of the entire security radio system.
Cyber Security Programs. The poster child for programs that are needed for digital upgrades is cyber security. In 2009, the Nuclear Regulatory Commission (NRC) developed regulatory guidance on this issue, and each nuclear plant submitted a cyber security plan to the NRC. Recently, The U.S. Department of Energy (DOE) created the National Supervisory Control and Data Acquisition (SCADA) Test Bed, which enhances cyber security of control systems used throughout the electricity, gas, and oil industries. The National SCADA Test Bed is a joint effort between the Idaho National Laboratory and Sandia National Laboratory. With so many resources being diverted for cyber security, and given all the publicity that it has garnered, it can easily be seen that cyber security will be one of the programs that has to be in place to support a digital upgrade.
--James H. Flowers (jhflower@southernco.com) is the I&C supervisor in nuclear development for the Southern Nuclear Operating Co. in Birmingham, Ala.
Email
Comments
Print
Reuse
