An Integrated Risk Assessment Process of Safety-Related Digital I&C Systems in Nuclear Power Plants

TL;DR

This paper presents an integrated risk assessment process for safety-related digital I&C systems in nuclear power plants, addressing software CCFs and supporting digital upgrades through a comprehensive safety analysis framework.

Contribution

It introduces the IRADIC process for evaluating digital-induced failures and software CCFs in nuclear safety systems, enhancing risk assessment methods for digital upgrades.

Findings

Identification of key digital failure modes

Reliability analysis of digital safety systems

Evaluation of unexamined failure sequences

Abstract

Upgrading the existing analog instrumentation and control (IC) systems to state-of-the-art digital IC (DIC) systems will greatly benefit existing light-water reactors (LWRs). However, the issue of software common cause failure (CCF) remains an obstacle in terms of qualification for digital technologies. Existing analyses of CCFs in I&C systems mainly focus on hardware failures. With the application and upgrading of new DIC systems, design flaws could cause software CCFs to become a potential threat to plant safety, considering that most redundancy designs use similar digital platforms or software in their operating and application systems. With complex multi-layer redundancy designs to meet the single failure criterion, these IC safety systems are of particular concern in U.S. Nuclear Regulatory Commission (NRC) licensing procedures. In Fiscal Year 2019, the Risk-Informed Systems Analysis (RISA) Pathway of the U.S. Department of Energy (DOE) Light Water Reactor Sustainability (LWRS) Program initiated a project to develop a risk assessment strategy for delivering a strong technical basis to support effective, licensable, and secure DIC technologies for digital upgrades and designs. An integrated risk assessment for the DIC (IRADIC) process was proposed for this strategy to identify potential key digital-induced failures, implement reliability analyses of related digital safety IC systems, and evaluate the unanalyzed sequences introduced by these failures (particularly software CCFs) at the plant level. This paper summarizes these RISA efforts in the risk analysis of safety-related DIC systems at Idaho National Laboratory.