Digital procurement is nothing to be afraid of. Programmable components are creeping (sometimes unexpectedly) into many devices used by the nuclear industry. It is time for the industry to embrace this technology. To help, here are some pointers for your consideration. Presented by Andrew Nack, PE, Senior Instrumentation & Controls Engineer, ATC Nuclear, on Feb. 10 at the EPRI Procurement Forum in Williamsburg, VA.
2. 2
Overview
Programmable Digital Devices
(PDDs)
Embedded Digital Services
(EDDs)
Electro-Magnetic Compatibility
(EMC)
Cyber Security
3. 3
Safety-Related
Programmable Digital Devices
Manufactured Under A 10CFR50 App B QA
Program
Technical Requirements: IEEE 7-4.3.2
o Verification & Validation (IEEE 1012)
Limited Selection and Availability
Commercial Off The Shelf (COTS)
Technical Requirements: IEEE 7-4.3.2
o Verification & Validation (IEEE 1012) – Very Unlikely
Unlike with non-programmable COTS devices, the development life cycle
activities are evaluated during Commercial Grade Dedication
Built-in Quality & Critical Digital Reviews (CDRs)
EPRI TR-106439 and 1011710
4. 4
Important to Safety
Programmable Digital Devices
Important to Safety (ITS)
Risk Significant
Augmented Quality
What does Augmented Quality mean in terms of Requirements?
IEEE Nuclear Power Engineering Committee (NPEC)
o Working Group 6.6: IEEE P1891 (projected for publishing in 2017)
Apply a graded approach of IEEE 7-4.3.2:
o What level of rigor in Life Cycle Development (includes V&V) investigation is
appropriate?
o What level of hazard analysis is appropriate?
o What elements of CGD style Acceptance Testing are appropriate?
5. 5
Embedded Digital Devices
NRC Regulatory Issues Summary 2013-####
Heighten Awareness Of Embedded Digital Devices existing within procured
safety systems/components that have not been explicitly identified
Increased use of embedded digital devices may increase vulnerability to:
o common cause failure
o challenge equipment electromagnetic compatibility
o degraded equipment reliability
Recent NRC Workshop - October 2014
http://pbadupws.nrc.gov/docs/ML1428/ML14281A546.html
Lesson Learned: During procurement, ask the vendor if there are embedded
digital devices
Examples: Circuit Breakers, Actuators, Pumps, Time-delay Relays
6. 6
Embedded Digital Devices
How Should IEEE 7-4.3.2 be Applied to Devices
That Utilizes EDDs to Perform Simple
Functions?
Mainly COTS items
Measure of Functionally Simple vs.
Complex
Measure of Testability to prove
Deterministic Behavior
What level of rigor in Life Cycle
Development (includes V&V) investigation
is appropriate?
What level of hazard analysis is appropriate?
7. Electro-Magnetic Compatibility
(EMC) Qualification
What Information is Necessary to be Provided by the Utility
to the Vendor?
Is This “One Size Fits All” PO Requirement Sufficient?
“EMI/RFI Qualified in Accordance With EPRI TR-102323”
What are the Functional Requirements?
What is the Acceptance Criteria?
Which tests are needed?
High Frequency Radiated Emissions
Low Frequency Radiated Emissions
High Frequency Conducted Emissions
Low Frequency Conducted Emissions
High Frequency Radiated Susceptibility
Low Frequency Radiated Susceptibility
7
High Frequency Conducted Susceptibility
Low Frequency Conducted Susceptibility
Electrically Fast Transient Susceptibility
Combination Wave Surge Susceptibility
Ring Wave Surge Susceptibility
Electrostatic Discharge Susceptibility
8. Electromagnetic Compatibility
(EMC) Qualification
See EPRI 3002000528 (Revision 4 of TR-102323)
Appendix K (Procurement Specification Guidance)
Testing Details are Device and Application
Dependent
How much EUT Output Signal Error is acceptable?
What type of Cabling is planned to be used?
Proximity of Equipment Under Test (EUT) to Low Frequency
Emitters?
Is Electro-Static Discharge (ESD) a concern?
…
8
9. 9
Cyber Security
Don’t Ask Vendors to Comply With General Industry
Documents
NIST 800-53, NEI 08-09, 10CFR 73.54, US NRC RG 5.71, NERC-CIP
Requirements for Utilities to develop their own Program Requirements &
Methodologies
No Cyber Security Standard is a “One Size Fits All” PO requirement
Vendors Can Work With Utilities by Following Guidance:
EPRI 1025824 Cyber Security (CS) Procurement Methodology
EPRI 3002001735 CS Methodology Application Example 1:
Digital Valve Controller
EPRI 3002001823 CS Methodology Application Example 2:
Feedpump Turbine Speed Control
EPRI 3002002069 CS Methodology Application Example 3:
Digital Feedwater Control
11. 11
About ATC Nuclear
For over 20 years ATC Nuclear has been providing an unmatched level of
commitment as a turnkey resource for our customers’ supply chain needs. Dedicated
to quality, safety, and reliability, ATC Nuclear takes pride in delivering premium
products to our clients by utilizing our superior technical expertise.
Request More Information Now
Are you interested in finding out how ATC Nuclear can work with your company? We
provide commercial grade dedication, seismic and environmental testing, investment
recovery, sourcing, obsolete parts, and more.
http://www.argoturbo.com/Nuclear
Notes de l'éditeur
Thank you for the opportunity to present on this topic to this group
My background
-PE, -BSEE, U of MO, -working on MSCE, U of TN, -IEEE NPEC SC 6 WG 6.6, -@ ATC for 6.5 years
PDDs: variability in requirements due to safety significance
“evil” EDDs: required heightened awareness
EMC & Cyber: importance of tailoring procurement specifications
Brief overview of 10cfr50 app B and cgd of cots
COTS: putting IEEE 1012 as a PO requirement typically does not make much sense
Most interesting area of PDDs
Understanding risk and applying an appropriate level of requirements to it.
WG6.6 is looking to define requirements in this area
What’s the difference between a PDD and an EDD?
-simplicity of function
-coverage of testability
Why are EDDs evil?
-sneaking into large variety of devices and introduce potential unevaluated modes of system failure