A Redundancy-Guided Approach for the Hazard Analysis of Digital Instrumentation and Control Systems in Advanced Nuclear Power Plants

Shorthill, Tate; Bao, Han; Zhang, Hongbin; Ban, Heng

doi:10.1080/00295450.2021.1957659

Cited by 13 publications

(21 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(1) framing the complexity of the redundancy problem in a detailed representation; (2) clarifying the redundancy level using FTA before applying STPA; (3) building a redundancy-guided multilayer control structure; and (4) locating software CCFs for different levels of redundancy. This approach has been demonstrated and applied for the hazard analysis of a four-division digital RTS [86] and a four-division, digital, engineered safety features-actuation system [87].…”

Section: Integrated Risk Assessment Strategy For Digital Iandc Systemsmentioning

confidence: 99%

Uncertainty quantification and software risk analysis for digital twins in the nearly autonomous management and control systems: A review

Lin

Bao

Dinh

2021

Annals of Nuclear Energy

Self Cite

View full text Add to dashboard Cite

Section: Integrated Risk Assessment Strategy For Digital Iandc Systemsmentioning

confidence: 99%

Uncertainty quantification and software risk analysis for digital twins in the nearly autonomous management and control systems: A review

Lin

Bao

Dinh

2021

Annals of Nuclear Energy

Self Cite

View full text Add to dashboard Cite

“…Building upon the HAZCADS methodology, Idaho National Laboratory (INL) created redundancyguided systems-theoretic hazard analysis (RESHA) [13][14][15] to further address and clarify issues and potential sCCF across multiple redundant components. INL developed and demonstrated RESHA under a project initiated by the Risk-Informed Systems Analysis Pathway of the U.S. Department of Energy's Light Water Reactor Sustainability Program [16,17]. The aim of the project is to develop a strong technical basis for risk assessment strategies to support effective, reliable, and licensable DI&C technologies.…”

Section: Technical Backgroundmentioning

confidence: 99%

Systems-Theoretic Hazard Analysis of Digital Human-System Interface Relevant to Reactor Trip

Chen¹,

Dinh²,

Han³

et al. 2021

12th Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies (NPIC&HMIT 2021)

Self Cite

View full text Add to dashboard Cite

Human-system interface is one of the key advanced design features applied to modern digital instrumentation and control systems of nuclear power plants. The conventional design is based on a compact workstation-based system within the control room. The compact workstation provides both a strategic operating environment while also a convenient display for plant status information necessary to the operator. The control environment is further enhanced through display panels, visual and auditory alarms, and procedure systems. However, just like the legacy control, the HSI should incorporate diversity to demonstrate sufficient defense-in-depth protection against common cause failures of the safety system. Furthermore, the vulnerability of the HSI is affected by a plethora of factors, such as human error, cyberattacks, software common cause failures, etc., that complicate the design and analysis. Therefore, this work aims to identify and evaluate existing system vulnerabilities to support the licensing, deployment, and operation of HSI designs, especially the functions that are relevant to a reactor trip. We performed a systematic hazard analysis to investigate potential vulnerabilities within the HSI design using the novel redundancy-guided systems-theoretic hazard analysis. This method was developed and demonstrated by Idaho National Laboratory under a project initiated by the Risk-Informed Systems Analysis Pathway of the U.S. Department of Energy's Light Water Reactor Sustainability Program. The goal of the project is to develop a strong technical basis for risk assessment strategies to support effective, reliable, and licensable digital instrumentation and control technologies.

show abstract

“…(3) building a redundancy-guided multilayer control structure; and (4) locating software CCFs for different levels of redundancy. This approach has been demonstrated and applied for the hazard analysis of a four-division digital RTS (Shorthill, et al 2020) and a four-division, digital, engineered safety features actuation system (Bao, Shorthill and Zhang, Hazard Analysis for Identifying Common Cause Failures of Digital Safety Systems using a Redundancy-Guided Systems-Theoretic Approach 1 December 2020).…”

Section: Risk Assessment Process For Diandc Systemsmentioning

confidence: 99%

“…Portions of FT for RTS and ESFAS failures with software failures are displayed in Figure 3. More details can be found in (Bao, Shorthill and Zhang, Hazard Analysis for Identifying Common Cause Failures of Digital Safety Systems using a Redundancy-Guided Systems-Theoretic Approach 1 December 2020) and (Shorthill, et al 2020).…”

Section: Redundancy-guided System-theoretic Hazard Analysismentioning

confidence: 99%

Integrated Risk Assessment of Digital I&C Safety Systems for Nuclear Power Plants

Zhang¹,

Han²,

Shorthill³

et al. 2021

12th Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies (NPIC&HMIT 2021)

View full text Add to dashboard Cite

Upgrading the existing analog instrumentation and control (I&C) systems to state-of-the-art digital I&C (DI&C) systems provides the foremost means to improve performance and reduce costs for existing light-water reactors (LWRs). However, qualification of digital technologies remains a challenge-especially the issue of software common cause failure (CCF), which has been difficult to address. Existing analyses of CCFs in I&C systems mainly focus on hardware failures. With the application and upgrading of new DI&C systems, design flaws could cause software CCFs to become a potential threat to plant safety, considering that most redundancy designs use similar digital platforms or software in their operating and application systems. With complex multi-layer redundancy designs to meet the single failure criterion, these I&C safety systems are of particular concern in U.S. Nuclear Regulatory Commission (NRC) licensing procedures. In 2019, the Risk-Informed Systems Analysis (RISA) Pathway of the U.S. Department of Energy's (DOE's) Light Water Reactor Sustainability (LWRS) Program initiated a project to develop a risk assessment strategy for delivering a strong technical basis to support effective, licensable, secure DI&C technologies for digital upgrades and designs. An integrated risk assessment for the DI&C (RADIC) process was proposed for this strategy to identify potential key digital-induced failures, implement reliability analyses of related digital safety I&C systems, and evaluate the unanalyzed sequences introduced by these failures (particularly software CCFs) at the plant level. This paper summarizes these RISA efforts in the risk analysis of safety-related DI&C systems at Idaho National Laboratory.

show abstract

A Redundancy-Guided Approach for the Hazard Analysis of Digital Instrumentation and Control Systems in Advanced Nuclear Power Plants

Cited by 13 publications

References 12 publications

Uncertainty quantification and software risk analysis for digital twins in the nearly autonomous management and control systems: A review

Uncertainty quantification and software risk analysis for digital twins in the nearly autonomous management and control systems: A review

Systems-Theoretic Hazard Analysis of Digital Human-System Interface Relevant to Reactor Trip

Integrated Risk Assessment of Digital I&C Safety Systems for Nuclear Power Plants

Contact Info

Product

Resources

About