By Ron Legrand
The nation’s fleet of nuclear power plants was originally built with analog instrumentation and control systems. Upgrading to a digital system is an important consideration for power producers as dome original equipment manufacturers discontinue support for analog systems. Photo courtesy: Areva
As utilities across the country begin making decisions about pursuing a second license renewal for their nuclear power facilities, an important consideration is the component and system maintenance and upgrades necessary to ensure sustained reliable and efficient operations. Because the facility’s instrumentation and control (I&C) system is a fundamental element of operations, utilities should evaluate this system for a digital upgrade.
The operating U.S. nuclear power plant fleet was originally built with analog I&C systems. However, these systems are becoming increasingly costly to maintain and some original equipment manufacturers (OEMs) are discontinuing support for them. In other cases, OEMs have gone out of business, creating costly challenges for operators to maintain and to support their systems.
Understanding Options for I&C Upgrades
When it comes to replacing a facility’s I&C system, operators have two options. One option is to replace their system with a digital solution. The operator of a nuclear power facility on the U.S. East Coast chose this option and decided to make significant upgrades to its overall safety-related systems. The facility was the first U.S. commercial nuclear station to employ digital technology for a comprehensive safety system upgrade and has been operating with the digital I&C system safely and reliably for nearly five years.
The second option is to re-engineer the analog system. Operators may choose this path due to cost or regulatory uncertainty, including how the regulator defines digital and re-engineering in terms of common cause failure, cyber security and defense in depth. Designed to replace obsolete components, re-engineered systems require specialized expertise to integrate digital and analog components. In some cases, re-engineering the analog system is necessary to meet the facility’s unique requirements.
AREVA recently re-engineered an off-gas system control for a U.S. nuclear power facility. The off-gas system is designed to remove hydrogen and other gases from the primary reactor coolant system, which transfers heat from the reactor to the steam generator. Along with integrating digital and analog control components based on the facility’s unique requirements, the new re-engineered system was customized to improve the way operators interpret and manipulate the controls for improved safety performance.
Realizing the Benefits of a Digital System
Upgrading to a digital I&C system helps facility operators overcome obsolescence issues. It also enhances operational excellence, safety, availability and performance by allowing for optimized tasks and processes, and by diagnosing issues faster and earlier. The digital system performs surveillance tasks automatically and will trigger an alarm if an anomaly is detected. This automation mitigates human error, improves performance and allows the control room operator to focus on other critical tasks.
Digital systems also make more information available for maintenance personnel to identify issues with a specific piece of equipment or component. They track data on pumps and motors to determine vibration levels, power and flow. The system creates graphs of this data for maintenance personnel to readily evaluate the results and determine if maintenance or operational actions are required.
Redundancies built into digital systems self-diagnose discrepancies and protect against hardware failures. Self-diagnostics report on each system component and highlight any potential issues for the operator to assess and address, such as defining a maintenance resolution.
With an analog I&C system, three to four hours are often required to analyze each operation monitored by the system. With a digital system, these activities may only take 30 minutes. As a result, the digital system helps to increase safety, reliability and efficiency, and can reduce the costs passed on to the ratepayer.
Deciding to Pursue a Digital Upgrade
When considering a digital I&C upgrade, a clear vision with well-defined functional requirements is critical to ensure a safe and successful project. Building on previous experience with digital I&C upgrades, it’s important to work closely with the U.S. Nuclear Regulatory Commission (NRC) throughout the process. Engaging them in day-to-day discussions enhances the process and moves the project forward with transparent and open dialogue. As a result, concerns can be addressed in a timely manner with little to no schedule impact.
In addition to maintaining open communication with the regulator, two important success factors are to allow adequate planning time and to draw on industry expertise. This allows the facility operator to define and to plan for the future system maintenance early in the process, taking into account the need to train personnel and to update documentation. Operators should allot up to two years to train all maintenance personnel, facility operators and system engineers, and to complete procedures and user manual revisions. Further, since digital components are subject to cyber security regulations, threat mitigation plans need to be defined and understood.
There are a number of factors that a facility’s owner needs to consider when deciding whether to upgrade to a digital I&C system, including:
- Amount and type of information available to ensure the data supports keeping the facility running.
- Amount of work that can be automated to reduce the control room operator burden. Analog systems have a finite number of items to monitor, while digital systems can monitor thousands of systems based on the facility’s needs.
- Training requirements when switching from analog to digital. Training maintenance personnel, facility operators and system engineers is vital to the success of a digital I&C upgrade.
- Ways in which the system can be customized, such as the types of computer screens available, to meet the needs of the facility environment and workforce. For example, computer screens can be custom-designed with color and content configurations.
- Human factors engineering needs to be incorporated into the control room. Mining the pattern of human behavior in the control room and developing systems to mimic daily activities improves the safety and performance of control room operations.
- Which procedures and surveillances can be automated. While all procedures and controls can be automated, each digital I&C system is specific and unique to each facility. In addition, with an analog system, a change in a procedure required physically updating all printed files. However, with a digital system, all revisions are made immediately and automatically.
Preparing for a Digital Upgrade
Once a facility operator has decided to undertake a digital I&C upgrade, creating detailed functional requirements for the system in advance helps to ensure a successful installation without any rework. Selecting a vendor that has extensive knowledge of all facility operations – from human performance to fire protection – can help ensure that all of the necessary functional requirements are developed. The engineering design change process also must be well understood and used throughout.
Integrating the vendor’s team into the facility’s work processes also provides tremendous value during the transition from analog to digital. This integration allows the vendor’s team to better understand and to meet the facility’s unique needs.
For safety-related digital upgrades, including those to the I&C system, the facility operator must submit to the NRC a License Amendment Request (LAR) before installation. The LAR is the mechanism used to document the changes made to the facility for its operating license. During the process of approving the LAR, the NRC typically performs inspections before, during and after the installation to ensure that license amendment requirements are fulfilled.
Completing Reviews and Testing During the Installation Process
For the physical installation, a site acceptance test should be performed in the same configuration and environment in which the new system will be placed. The personnel performing the installation should also be involved in the work management processes, including the badging and other procedures, used by the vendor and facility personnel.
An upgraded digital system provides both physical and software barriers. During the installation process, thorough reviews of cyber security issues are conducted to ensure compliance with the facility’s cyber security program.
The nuclear industry has been implementing and improving cyber security controls for more than a decade. The NRC has established regulations that thoroughly monitor and inspect cyber security at all U.S. reactors. Cyber security programs for U.S. nuclear power facilities include the following:
- Implement cyber security controls to protect equipment deemed most essential for the protection of the public health and safety.
- Isolate key control systems using either air-gaps or robust hardware-based isolation devices. As a result, the facility’s key safety, security and power generation equipment are protected from any network-based cyberattacks originating from outside the facility.
- Enhance and implement robust controls over the use of portable media and equipment. In instances where devices like thumb drives, CDs and laptops are used to interface with facility equipment, measures need to be put in place to minimize the cyber threat. These measures include minimizing the use of devices that are not maintained at the facility, scanning devices for viruses both before and after being connected to facility equipment, and implementing additional security measures where the source of the data or device originates from outside the facility. As a result of these actions, facilities are well protected from attacks propagated through portable media.
- Enhance defenses against insider threats. Across the nuclear energy industry, training and insider mitigation programs have been enhanced to include cyber attributes. Individuals who work with digital equipment are subject to increased security screening, cyber security training and behavioral observation.
- Implement measures to maintain the effectiveness of the cyber security program. These measures include maintaining the critical digital assets (CDAs) and equipment subject to §73.54 in the plant configuration management program, and ensuring changes to the CDAs are performed in a controlled manner. A cyber security impact analysis must be performed before making changes to the CDAs. The effectiveness of cyber security controls is periodically assessed and enhanced where necessary. Vulnerability assessments also ensure the cyber security posture of the CDAs is maintained.
As facilities experience the advanced system control benefits of digital I&C systems, effectively protecting U.S. nuclear power infrastructure from exploitation and cyberattacks is an industry-wide priority. Evolving threats for both nuclear infrastructure and corporate networks creates an increased need for digital security and technically knowledgeable individuals with a combination of cyber security skills, facility system knowledge and nuclear regulatory experience.
Training Facility Personnel to Use a Digital System
To prepare facility personnel for a digital modification, a successful approach includes a clear and concise training plan that incorporates written training procedures, course work, training documentation, classroom sessions, and system simulations and mockups. Maintenance personnel, facility operators and system engineers may need up to two years to learn the new system and adopt new practices to support the automated control environment.
In addition to classroom-focused training, facility operators benefit from real-life experience through simulations. The simulator, which is located at the facility, is an exact replica of the control room and provides employees with first-hand experience using simulated events. These events mimic real-life facility operations, including extreme situations that personnel would not typically experience during day-to-day operations. The simulator prepares employees for the transition from analog to digital and supports new operator training and preparation for future digital upgrades.
Mockups also provide hands-on training experience and validation for tasks critical to the success of the transition. During a digital I&C upgrade project, AREVA worked with a customer to move a new 1,700-pound cabinet to its new location in the control room. In order to complete this work without damaging the component, a mockup of the cabinet was created and facility operators practiced moving it. This practice ensured that the component could be moved safely and provided a unique and cost-effective training opportunity.
Ensuring Operational Excellence
A successful transition to a digital I&C system must begin with a strong and transparent relationship with all stakeholders, including the facility operator, its vendors and the NRC. The sooner stakeholders get involved in the process and take ownership of its success, the sooner the team can focus on defining the scope and deliverables of the project.
Determining the functional requirements at the beginning of the project has to be the priority. Engaging experts throughout the industry is key, and building a trusted and reliable team with proven experience mitigates project risks.
As a result, the existing fleet of nuclear power facilities can successfully and safely upgrade to advanced digital components – an important part of ensuring their continued efficient and reliable operation for decades to come.
Ron Legrand is division director of Instrumentation and Controls Modernization at AREVA Inc.