NATIONAL ACADEMY PRESS
2101 Constitution Avenue, N.W. Washington, D.C. 20418
NOTICE: The project that is the subject of this report was approved by the Governing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competencies and with regard for appropriate balance.
This report has been reviewed by a group other than the authors according to procedures approved by a Report Review Committee consisting of members of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine.
This report and the study on which it is based were supported by Contract No. NRC-04-94-055 from the U.S. Nuclear Regulatory Commission.
This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, or any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for any third party's use, or the results of such use, of any information, apparatus, product or process disclosed in this report, or represents that its use by such third party would not infringe privately owned rights. The views expressed in this paper are not necessarily those of the U.S. Nuclear Regulatory Commission.
The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal government on scientific and technical matters. Dr. Bruce M. Alberts is president of the National Academy of Sciences.
The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its members, sharing with the National Academy of Sciences the responsibility for advising the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievements of engineers. Dr. William A. Wulf is interim president of the National Academy of Engineering.
The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Kenneth I. Shine is president of the Institute of Medicine.
The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy's purposes of furthering knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in providing services to the government, the public, and the scientific and engineering communities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Bruce M. Alberts and Dr. William A. Wulf are chairman and interim vice chairman, respectively, of the National Research Council.
Limited copies of this report are available from:
Board on Energy and Environmental Systems
National Research Council (HA-270)
2101 Constitution Avenue, N.W.
Washington, DC 20418
(202) 334-3344
bees@nas.edu, http://www2.nas.edu/bees
Additional copies are available for sale from:
National Academy Press
Box 285 2101 Constitution Avenue, N.W. Washington, DC 20055 800-624-6242 or 202-334-3313 (in the Washington Metropolitan Area) http://www.nap.edu
Library of Congress Catalog Card Number 97-66084
International Standard Book Number 0-309-05732-9
Copyright 1997 by the National Academy of Sciences. All rights reserved.
Printed in the United States of America.
COMMITTEE ON APPLICATION OF DIGITAL INSTRUMENTATION AND CONTROL SYSTEMS TO NUCLEAR POWER PLANT OPERATIONS AND SAFETY
DOUGLAS M. CHAPIN (chair),
MPR Associates, Alexandria, Virginia
JOANNE BECHTA DUGAN,
University of Virginia, Charlottesville
DONALD A. BRAND,
NAE, Pacific Gas and Electric Company (retired), Novato, California
JAMES R. CURTISS,
Winston and Strawn, Washington, D.C. (from October 1995)
D. LARRY DAMON,
Bechtel Research and Development, San Francisco, California
MICHAEL DeWALT,
Federal Aviation Administration, Seattle, Washington (from October 1995)
JOHN D. GANNON,
University of Maryland, College Park
ROBERT L. GOBLE,
Clark University, Worcester, Massachusetts
DAVID J. HILL,
Argonne National Laboratory, Argonne, Illinois
PETER E. KATZ,
Calvert Cliffs Nuclear Power Plant, Lusby, Maryland
NANCY G. LEVESON,
University of Washington, Seattle
CHRISTINE M. MITCHELL,
Georgia Institute of Technology, Atlanta
CARMELO RODRIGUEZ,
General Atomics Company, San Diego, California
JAMES D. WHITE,
Oak Ridge National Laboratory, Oak Ridge, Tennessee
Project Staff
TRACY D. WILSON, study director,
Board on Energy and Environmental Systems (BEES)
SUSANNA E. CLARENDON, senior project assistant,
BEES (from May 1996)
THERON FEIST, project assistant,
BEES (until June 1995)
HELEN JOHNSON, administrative associate,
BEES (until July 1995)
WENDY LEWALLEN, senior project assistant,
BEES (June 1995 to May 1996)
MAHADEVAN MANI, associate executive director,
Commission on Engineering and Technical Systems (from January 1996)
JAMES J. ZUCCHETTO, director,
BEES (from January 1996)
BOARD ON ENERGY AND ENVIRONMENTAL SYSTEMS
ROBERT L. HIRSCH (chair),
Energy Technology Collaborative, Inc., Washington, D.C.
RICHARD MESERVE (vice chair),
Covington and Burling, Washington, D.C.
JAN BEYEA, Consultant,
New York, New York
E. GAIL de PLANQUE,
NAE,
Consultant,
Potomac, Maryland
LINDA C. DOLAN,
Lockheed Martin Electronics and Missiles, Orlando, Florida
WILLIAM FULKERSON,
University of Tennessee, Knoxville
JACQUES GANSLER,
TASC, Inc., Arlington, Virginia
ROY S. GORDON,
NAS, Harvard University, Cambridge, Massachusetts
FRANCOIS E. HEUZE,
Lawrence Livermore National Laboratory, Livermore, California
LAWRENCE T. PAPAY,
NAE, Bechtel Group, Inc., San Francisco, California
RUTH A. RECK,
Argonne National Laboratory, Argonne, Illinois
JOEL SPIRA,
NAE, Lutron Electronics Co., Inc., Coopersburg, Pennsylvania
JAMES LEE SWEENEY,
Stanford University, Stanford, California
IRVIN L. WHITE,
UTECH, Inc., Fairfax, Virginia
Former Members Active during Reporting Period
H.M. (HUB) HUBBARD (chair),
Pacific International Center for High Technology Research (retired), Honolulu, Hawaii
ROBERT D. BANKS,
World Resources Institute, Washington, D.C.
ALLEN J. BARD,
NAS, University of Texas, Austin
DAVID E. DANIEL,
University of Texas, Austin
THOMAS O'ROURKE,
NAE, Cornell University, Ithaca, New York
Liaison Members from the Commission on Engineering and Technical Systems
RICHARD A. CONWAY,
NAE, Union Carbide Corporation, South Charleston, West Virginia
JERRY SCHUBEL,
New England Aquarium, Boston, Massachusetts
Staff
JAMES J. ZUCCHETTO, director (since January 1996)
SUSANNA E. CLARENDON, administrative assistant
WENDY LEWALLEN, senior project assistant (until May 1996)
JILL WILSON, senior program officer
TRACY D. WILSON, senior program officer
Preface
The nuclear industry and the staff of the U.S. Nuclear Regulatory Commission (USNRC) have worked for several years on how best to safely introduce digital instrumentation and control systems into nuclear power plants. But together they have failed to reach consensus. This lack of consensus led the USNRC to request the National Research Council, through its Board on Energy and Environmental Systems of the Commission on Engineering and Technical Systems, to conduct the study whose results are reported here. The National Research Council's Computer Science and Telecommunications Board and the Council's Division on Education, Labor, and Human Performance provided additional technical support.
The Committee on Application of Digital Instrumentation and Control Systems to Nuclear Power Plant Operations and Safety (see Appendix A) was appointed by the National Research Council on December 20, 1994, to examine the use of digital instrumentation and control systems in nuclear power plants. This work was to be conducted in two phases. The final report summarizes the work of both Phase 1 and Phase 2.
In Phase 1, the committee was charged to define the important safety and reliability issues (concerning hardware, software, and human-machine interfaces) that arise from the introduction of digital instrumentation and control technology in nuclear power plant operations, including operations under normal, transient, and accident conditions. In response to this charge the committee identified eight key issues associated with the use of digital instrumentation and control (I&C) systems in existing and advanced nuclear power plants. The eight issues separate into six technical issues and two strategic issues. The six technical issues are: systems aspects of digital I&C technology; software quality assurance; common-mode software failure potential; safety and reliability assessment methods; human factors and human-machine interfaces; and dedication of commercial off-the-shelf hardware and software. The two strategic issues are the case-by-case licensing process and the adequacy of the technical infrastructure. The committee recognizes that these are not the only issues and topics of concern and debate in this area. Nevertheless, the committee considers that developing consensus on these key issues will be a major step forward and accelerate the appropriate use and licensing of digital I&C systems in nuclear power plants.
In Phase 2 of the study, the committee was charged to identify criteria for review and acceptance of digital instrumentation and control technology in both retrofitted reactors and new reactors of advanced design; to characterize and evaluate alternative approaches to the certification or licensing of this technology; and, where sufficient scientific basis exists, recommend guidelines on the basis of which the USNRC can regulate and certify (or license) digital instrumentation and control technology, including means for identifying and addressing new issues that may result from future development of this technology. Where insufficient scientific basis exists to make such recommendations, the committee was to suggest ways in which the USNRC could acquire the required information.
In carrying out its Phase 2 charge, the committee limited its work to those issues identified in Phase 1. Further, the reader should not form too literal an expectation that the committee has provided a cogent set of principles, design guidelines, and specific requirements for ready use by the USNRC to assess, test, license, and/or certify proposed systems and upgrades. Rather, the results of the committee's efforts are presented in the form of conclusions and recommendations related to each key issue and primarily addressed to the USNRC for their consideration and use for setting detailed licensing criteria and guidelines for digital I&C applications in nuclear power plants. The report discusses the difficult and complex nature of the key issues and directions for developing consensus on assessment of digital technology. The committee outlined criteria where it was possible to do so but focused primarily on (a) process both in developing guidelines and in the short-term acceptance of new technology; (b) identifying promising approaches for further actions by the USNRC beyond the committee's report; (c) suggestions for avoiding dead-ends; and (d) mechanics
for improving communication and strengthening technical infrastructure at the USNRC. To carry out its work, the committee held a number of meetings, including site visits to several power plant facilities and simulators (see Appendix B). The committee also held detailed discussions with members of the staff of the U.S. Nuclear Regulatory Commission, the Nuclear Safety Research Review Committee, the Advisory Committee on Reactor Safeguards, members of the U.S. and foreign nuclear industries, and representatives from other safety-critical industries, who provided a variety of perspectives and information on digital instrumentation and control technology and its regulation. The committee is grateful to the many individuals who provided technical information and insights on this topic during briefings and site visits.
The chairman is also particularly grateful to the members of this committee who worked diligently and effectively on a very demanding schedule to meet a very difficult charge and produce this work. Special commendation and thanks are also extended to Tracy Wilson of the staff of the National Research Council, who was a pillar of strength and whose never failing energy and focus greatly facilitated the work of the committee.
Douglas M. Chapin
Committee Chair