Reduction in Number of I/O Cards and Control Cabinets
The candidate field devices using FF technology in a typical circulating water system, which uses cooling towers, require 136 AIs, 70 DIs, and 105 DOs (see Table 1). A total of 61 I/O cards are needed for a CCS to operate under conditions of double redundancy for DI cards and triple redundancy for DO cards. However, if FF technology is used, only 10 I/O cards are needed to achieve double redundancy. FF technology thus decreases the number of I/O cards required by 84% and decreases hardware costs by 74%, as shown in Table 2.
2. Savings in I/O cards and control cabinets. Source: Jack Y. Zhao
In addition to simplified cabling and reduced power requirements, the reduction in I/O cards leads to a significant reduction in the size of the control cabinet. Sixty-one I/O cards with remote-multiplexing unit communications and the associated power supplies for a CCS would require about two double-door 1,600 by 800 mm cabinets, which cost about $108,000. In contrast, 10 FF I/O cards with their related communication cards and power supplies can be contained in one single-door 800 by 800 mm cabinet, which costs about $27,000. In addition to the reduction in required building space; civil design; and heating, ventilation, and air conditioning, the use of FF technology can reduce the cost of control cabinets by 75%.
Reduction in Home-Run Wiring
With a CCS, a total of 311 home-run wires are needed to connect junction boxes to I/O terminations. If FF technology is used, only 21 wires are required to connect H1 segments to I/O terminations, leading to a 93% reduction.
Potential Licensing Implications and Issues for Safety-Related Nuclear Systems
The application of digital fieldbus technology has a successful track record in fossil fuel power and nonsafety-related nuclear systems. However, digital fieldbus technology has not yet been applied to safety-related systems in the nuclear power industry. There are a number of reasons why the industry has been slow to adopt this technology despite its promising features and benefits. First, because of the safety-critical nature of the nuclear power generation process, the industry has historically been slow to adopt new technologies that have a perceived risk to safety, availability, and reliability. Second, the digital fieldbus – based approach can directly affect many aspects of a nuclear power plant, including the regulatory and licensing process, design specifications and equipment procurement, construction, start-up, and operation. Other issues that limit the quick adoption of digital fieldbus technology include a lack of workforce knowledge, regulatory uncertainty, and lack of management and employee acceptance. In addition, this technology is unproven in safety-critical applications.
Considering that other industries have successfully implemented digital fieldbus technology in their operations, the nuclear power industry should not preclude the application of this technology from its safety-related nuclear systems. However, specific regulations or guidelines do not currently exist to address the application of digital fieldbus technology to safety-related nuclear systems. That is why it is important to examine the potential licensing implications and deployment issues for applying this technology to safety-related nuclear systems from a regulatory point of view. The rest of this section addresses some of those issues.
First-of-a-Kind Engineering. Both FF safety-instrumented-functions technology and Profibus PROFIsafe communication protocols have been approved up to International Electrotechnical Commission (IEC) 61508 Safety Integrity Level 3 for their use in safety-related applications. However, these two platforms have not yet been approved and used for safety-related nuclear systems. All the issues related to first-of-a-kind engineering need to be addressed before the technologies can be used in safety-related nuclear systems.
Cyber and Physical Security. Because FF technology control functions are executed in field devices, physical security must be addressed to prevent tampering with those fieldbus field devices. More importantly, an FF-based DCS may have more severe vulnerability issues involving cyber security than a CCS because of the communication features of fieldbus technology, including remote configuration and diagnostics, field execution of control functions, and multiple device connections in the same control loop.
Diversity and Defense-in-Depth Issues and Common-Cause Failure. Although the FF-based DCS can be designed to be redundant, common-cause failure from both hardware and software design features will need to be addressed to meet the separation and independence requirements. If different fieldbus technologies are used to address diversity and defense-in-depth issues, the interoperability of the device within the integrated control system needs to be carefully reviewed.
Safety Analyses. The nuclear power industry needs to analyze selected fast processes to ensure that the communication speed of digital fieldbus devices — especially FF and Profibus-PA — is fast enough to meet plant conformance to safety analyses, such as accident and transient analyses.
Environmental Qualifications. Ideally, fieldbus technology would be effective in Class 1E mild and harsh environments from a maintenance and diagnostics perspective. However, for Class 1E harsh environments inside the containment structure where there are high levels of radiation, the microprocessor-based fieldbus devices usually do not fare well. In addition, if fieldbus devices are to be used in Class 1E environments, they must be qualified to environmental standards such as IEEE Standards 323 and 344, which include testing for seismic effects, thermal aging, radiation aging and hardening, vibration, and loss-of-coolant accidents.
Looking Ahead
Because there is no existing standard or guidance specifically created to address the application of digital fieldbus technology to safety-related nuclear systems, digital fieldbus – based safety control systems shall be developed and validated in the same manner as other existing digital safety control systems according to current regulations and guidelines, However, in the future, specific guidelines or standards will need to be established to address the application of digital fieldbus technology to safety-related nuclear systems.
The information and conclusions presented herein are those of the author and do not necessarily represent the views or positions of the U.S. Nuclear Regulatory Commission. Neither the U.S. Government nor any agency thereof, nor any employee, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for any third party’s use of this information.
—Jack Y. Zhao (jack.zhao@nrc.gov) is senior electronics engineer (digital I&C) for the U.S. Nuclear Regulatory Commission in the Instrumentation, Controls, and Electrical Engineering Branch No. 2 Division in Rockville, Md.
Email
Comments
Print
Reuse
