Keeping the Safe in New Digital Safety System Designs

1
Keeping the Safe in New Digital Safety System
Designs
Dr. Peter B. Lyons, Commissioner U.S. Nuclear
Regulatory Commission IAEA International
Conference on Common-Cause Failures of Digital
Instrumentation and Control Systems in Nuclear
Power Plants June 19, 2007
2
Common-Cause Failure (CCF) of Digital IC Safety
Systems

• Practical Solutions Already Implemented
  Throughout the World
• Increasing Worldwide Interest in All Digital
  Nuclear Plants
• Continue Identifying Practical and Safe Solutions

3
U.S. Historical Perspective

• 1980s some digital components within larger
  analog safety systems
• CCF not a significant concern
• 1990s questions during reviews of advanced LWR
  designs
• Could failure probabilities be estimated?
• Was analog backup needed for CCFs?

4
National Academies of Science and Engineering
Study Panel (1997)

• To address CCFs, emphasize diversity of inputs
  and algorithms, hardware, and operating systems
• Agreed with NRC position that CCF could be
  addressed using a variety of diversity approaches
  dependent on each plant design, including diverse
  digital systems

5
Historical Summary

• Very real safety benefits can be achieved
• Regulatory questions have been addressed in past
  designs, but continue to persist today
• Future Senior NRC/industry attention to
  establish a project plan to address these
  questions for new designs

6
Defense-in-Depth

• Greater inter-connection and coupling of digital
  channels raise regulatory questions regarding the
  adequacy of defense-in-depth
• Are familiar defense-in-depth approaches
  applicable to digital IC?

7
Defense-in-Depth
Redundancy
Diversity
Independence
8
The Basic Rules for Inter-connections

• 1 Determine there will actually be a safety
  benefit
• 2 The greater the inter-connection, the more
  attention must be paid to preventing adverse
  results while preserving the intended benefits

9
Key Safety Concepts

• Independence and Diversity
• Presently no other safety concepts to take their
  place

10
What is Sufficient?

• How timely can we address all the new questions
  raised by using digital safety system design
  concepts that differ significantly from past
  digital system designs?
• NRC is actively updating regulatory guidance, but
  will we become too prescriptive for this rapidly
  changing technology?

11
The Big Picture

• PRA is a Big Picture tool that helps us better
  understand overall system failure as a function
  of individual failures where it is impossible to
  test overall system reliability
• PRA requires that we know how the various parts
  of a system can fail

12
A Catalogue of Failures

• Hardware Failures
• Software Failures
• Combined/Interactive Hardware/Software Failures
• A SYSTEMATIC APPROACH

13
Operating Experience

• Gathering, Sharing, and Using It
• Safety-related and Non-Safety-Related
• Nuclear Industry and Other Industries

14
Operating Experience

• Important for systems where testing cannot be
  expected to shake out all the potential failure
  causes and modes

15
Test and Evaluation Facilities

• Todays NRC approach
• National Laboratories
• Universities
• International Research Centers
• Case-by-case
• Not Efficiently Integrated
• Not Keeping Pace with the Technology

16
A New Concept?

• A U.S. Research, Test, and Evaluation Facility
  for digital safety systems
• Attract new graduates and experienced
  professionals
• Participation of other government agencies and
  industries

17
A New Concept?

• Public Workshop to discuss the concept of a U.S.
  Research, Test, and Evaluation Facility
• Location Atlanta, Georgia (tentative)
• Dates September 6-7, 2007 (tentative)
• Further Information Steven Arndt,
  NRC/RES
• (301) 415-6502

18
Closing Key Points

• Digital Technology can improve safety
• Achieving Defense-in-Depth requires redundancy,
  diversity, independence
• Need to identify and catalogue the ways that
  digital systems can fail and increase our
  knowledge-base with operating experience
• Need to find better ways of evaluating new
  digital safety system designs

19
THANK YOU!