1 February 2007
Nuclear Power Plant Construction Returns
Tending to the instrumentation and control issues for plant deployment is underway
By Ray Torok, Joseph Naser, Layla Sandell, and Tony Harris
The U.S. nuclear industry is making significant progress toward overcoming financial, regulatory, and technical barriers to deployment of new nuclear power plants.
Progress toward overcoming financial barriers is happening by reducing the uncertainties around capital costs for new nuclear plants.
The Energy Bill of 2005 offers key financial incentives for new nuclear power plant construction in three forms, including loan guarantees, production tax credits, and standby support-risk insurance to cover cost associated with delays that are beyond the control of plant sponsors.
Regulatory barriers are lessening what with efforts to demonstrate the new plant licensing process. The Nuclear Regulatory Commission (NRC, a U.S. government agency) has certified four plant designs, one design application is currently under review, and four other designs have started their pre-application review.
The NRC is also reviewing three utility Early Site Permit applications. Several individual utilities and consortia (groups of utility companies and vendors) are planning to submit Combined Construction & Operating License (COL) applications in 2007-2008, including consortia that have received Department of Energy co-funding to demonstrate the licensing process.
Technical barriers are under the scope of industry research including significant work managed by Electric Power and Research Institute (EPRI).
Specifically, in the instrumentation and control (I&C) area, an industry initiative for new plants was recently started that will identify and prioritize large generic issues, establish resolution paths and schedules, and identify the roles of various stakeholders, including utility companies, EPRI, Nuclear Energy Institute (NEI), vendors, and the NRC.
The initiative addresses I&C issues for both existing and new plants. Here are some key I&C related technical and regulatory issues and their implications for new plants.
New plant reviews more active
There are several unsettled technical and licensing issues in the areas of I&C, human factors, and control rooms that need coordinated, proactive industry attention.
The issues are unsettled in the sense that there is limited guidance and no consensus among utilities, suppliers, and the NRC about what solutions are technically appropriate and would be acceptable in regulatory space.
Some of these issues are already causing protracted regulatory reviews for existing plants, and left untreated, they will likely cause substantial delays and increased costs for new plant COL approvals.
Both industry and the NRC will have roles in resolving the key issues and addressing them in future design efforts and regulatory reviews. Where needed, the industry will want to minimize costs and risks by defining industry consensus solutions with corresponding technical bases.
NEI is forming an industry-working group to coordinate industry efforts and communications with NRC staff. The working group will also help determine priorities and coordinate both new and existing plant resources.
In order to be able to conduct reviews in a timely fashion, the NRC will likely need to enhance and expand staff resources as existing plants upgrade and new plant reviews become more active.
Nine or more combined license applications may go into the NRC in 2007 and 2008. If new plants are to get licenses in a timely, cost-effective manner, the industry and the NRC need to move forward now to develop effective, generic solutions that can work before individual plant COL applications happen.
The following sections explain the most prevalent issues, proposed resolution strategies, and describe the status of ongoing activities to address them.
Technical and regulatory
The issues are in five categories, combining those that involve closely related technical disciplines and resolution approaches.
For all the issues, additional industry and/or regulatory guidance is needed to establish a clear, common understanding in regard to what solutions are technically appropriate and would be acceptable in regulatory space.
While the primary motivation here is to look at issues that could delay new plant approvals, it is important to note these same issues are also relevant for existing plant upgrades, and the technical and regulatory solutions for the two groups should be compatible, if not identical.
To a great extent, these issues flag the need for an overall shift from the analog I&C technology paradigm of existing plants, to the digital paradigm and design approaches that will characterize new plants.
Control rooms and digital control system architectures: New plants will use all or nearly all digital systems for control, communication, and human-system interfaces (HSIs). As a result, they will face a number of issues for which there is limited technical guidance and regulatory precedent. Extensive upgrades to existing plants will test the same issues.
Licensing digital control rooms: New plants will all use digital control rooms, but no one has built or licensed any in the U.S., and the licensing issues, acceptance criteria, and process are not well defined. For example, what minimum inventory of fixed position and continuously available indicators and controls is appropriate? What technical and regulatory requirements are appropriate for qualified HSIs for accident mitigation, display evaluation, soft controls, computerized procedures, automation, etc? What criteria should apply to assure appropriate teamwork between operating crewmembers and between automation and operators? What types of verification and validation are appropriate for human factors features, and how should their scope and rigor be graded based on complexity and/or safety significance and/or other criteria?
Licensing distributed control system (DCS) architectures: DCS-based plants have not been built and licensed in the U.S., so specific, practical solutions for a number of digital technology concerns have not been developed in detail or reviewed and approved by the NRC, for example:
Separation of safety and non-safety systems: Digital systems often share information between channels and systems for purposes of data validation, control, calibration, data collection for condition monitoring, and the like. Various software and hardware-based schemes are available for controlling such communication to preclude undesired impacts, but there is no guidance, consensus, or precedent on requirements or acceptance criteria for such methods.
New communications technologies: New plants will likely use communications technologies and solutions (like wireless, fieldbus, and Ethernet) that were developed and demonstrated in other industries or are still emerging/evolving, but have not been demonstrated or reviewed for nuclear applications.
Failure management for new HSIs: Practical criteria and methods are necessary for addressing partial or large-scale failures of the HSIs normally used by the operators. This is especially applicable to new plant control rooms, which will be more integrated and digital than operating plant control rooms. Specific issues include appropriate operation under degraded I&C and HSI conditions, what backups should be provided, when to switch to backups, and the human factors engineering issues associated with switching to backups, as well as integration of backups into the overall control room design.
Combined safety/non-safety HSIs: Use of a single HSI to interface with both safety and non-safety equipment will happen in some new plant designs, and technical solutions are in the pipeline. However, licensing has never happened before, and we will have to address issues regarding protection of safety functions against hardware and software failures in non-safety equipment. This involves developing criteria for use of "priority logic" modules, which ensure equipment that can respond to either safety or non-safety commands will always respond correctly to conflicting instructions, but will not become a single point of failure that can disable the safety function entirely.
Defense-in-depth and diversity, including risk-informed methods: The traditional safety model of a nuclear plant is a combination of diversity, separation of safety and non-safety equipment, and hardware redundancy. Digital technology brings both new concerns and new solutions. For example, it may be possible for a single software-related failure to disable multiple channels or systems (called software common-mode failure or software common-cause failure or digital common-cause failure). Conversely, digital equipment can provide much expanded flexibility concerning functional diversity, but without using diverse hardware. This raises a need for guidance and acceptance criteria that more realistically reflect the behaviors and effects of the I&C and associated digital equipment relative to reliability and safety.
Defense-in-depth and diversity (D3): With digital systems, there is increased concern regarding the potential for digital common-cause failures, including software failures, to disable redundant safety channels or multiple systems that use identical programmable platforms or identical software modules. D3 evaluations are used to assess this issue for I&C modifications, or in the case of new plants, for entire I&C architectures. NRC guidance has been available for several years through the standard review plan. In practice however, the existing guidance is flawed; application to real systems has proven problematic, and the regulatory environment has been variable and unpredictable.
Application of risk-informed methods to I&C: Use of risk insights and risk-informed methods is a solution the industry has proposed, but the NRC has not reviewed or accepted any approaches. Risk informed approaches would be particularly useful in D3 evaluation to determine where it makes sense to add backups to protect against potential software common-cause failure. EPRI has proposed an approach and submitted a guideline document to NRC for review. However, in the current regulatory environment, use of a risk-informed approach or risk insights in D3 evaluation will require significant additional review time compared to that for a deterministic evaluation. (Note that some new plant D3 evaluations are probabilistic risk assessment-based, or PRA.) In a 4 November 2005 presentation to ACRS, NRC Engineering Research Application Branch noted, "NRC does not yet have the needed technical basis to support" risk-informed reviews, and indicates the needed basis might yet be some years in development. Having an accepted approach would help plants (and NRC) focus resources on the most safety-significant areas and facilitate timely reviews. In addition, this issue will need some degree of resolution to establish a common understanding of the capabilities and limitations of plant PRA models in regard to digital I&C.
Cyber security: Cyber security is an important technical and regulatory issue, but requirements and acceptance criteria are not well defined, and practical solutions for nuclear plants do not yet exist. Cyber security details and solutions, especially for advanced programmable I&C and communication systems have not come under the scrutiny of the NRC, and there is no consensus on what is necessary or what would be acceptable-the desired use of wireless technology adds another dimension to this.
Credit for self-testing/monitoring in technical specifications: This issue is about reducing technical specification (TS) surveillance requirements (SR) based on digital technology advances such as self-testing. Current TSs, including those submitted by Westinghouse and GE in their new plant design certifications, use analog systems. As a result, they applied traditional SRs. A technical basis needs to be developed for both new and existing plants that will capture technical advancements with digital technology such that significant reductions in SRs (like channel checks, functional testing, and calibration) may be justifiable.
Emerging technologies: Some designers are looking at use of technologies new to the nuclear industry, such as field programmable gate arrays (FPGAs) or application specific integrated circuits (ASICs). While providing the same functional benefits as solutions based on programmable logic controllers, these technologies could also provide cost-effective solutions for complexity, cyber security, and rapid obsolescence concerns. However, no industry guidance on requirements or acceptance criteria for use in safety applications currently exists, and NRC research to develop such guidance is years off. Therefore, use of emerging technologies such as ASICs or FPGAs in safety related applications has the potential to greatly extend the review time for both new and existing plant applications. In some cases, work by NRC Research may be necessary to develop appropriate acceptance criteria. Licensees may need to plan at least two years in advance to have discussions with NRC staff on approaches that involve new or emerging technologies. What constitutes "new" for this purpose should be a broad proposition and include not just state-of-the-art technology, but anything that has not been previously reviewed, for example, a first-of-its-kind architecture or new way of using a previously reviewed digital platform.
All the issues described so far share characteristics that suggest certain commonalities in the resolution approaches. First, they all concern industry-wide, generic regulatory issues that affect both new and operating plants. This is why the NEI will take a lead role in its capacity as the unified industry voice for regulatory issues.
NEI already has the mechanisms in place to provide the necessary guidance and oversight through their working group/task force processes.
Second, all the issues involve problems with limited or deficient technical basis and/or regulatory guidance information, with the corresponding potential for protracted, unpredictable regulatory reviews.
Therefore, the resolution approaches should focus on establishing the needed guidance in the appropriate forums as expeditiously as possible.
Several document types exist and routinely serve to provide the kinds of generic-independent of plant design type-guidance necessary. See a list of the documents from NRC, EPRI, NEI, ISA, and IEEE with commentary at www.isa.org/link/I&C_Issues, as well as several recurring themes as to resolution of these and relevant issues.
ABOUT THE AUTHORS
Ray Torok, Joseph Naser, and Layla Sandell work at Electric Power Research Institute in Palo Alto. Tony Harris works at the Nuclear Energy Institute in Washington, D.C.
Legislation: Nuclear power was missing from energy equation
The U.S. Congress passed the Energy Policy Act of 2005 as an attempt to combat growing energy problems. It provides tax incentives and loan guarantees for energy production of various types. It establishes a comprehensive, long-range energy policy. It provides incentives for traditional energy production as well as newer, more efficient energy technologies, and conservation.
The Electric Power Research Institute (EPRI)
The Nuclear Energy Institute
A model for nuclear power