U.S. Nuclear Regulatory Commission Testimony on Year 2000 Readiness
June 12, 1998
- The NRC Strategy for Addressing the Year 2000 Problem
Mr. Chairman, members of the Committee, I am pleased to be here today on behalf of the Commission to discuss with you the status of the U.S. Nuclear Regulatory Commission (NRC) response to the Year 2000 computer problem for nuclear power plants. Our efforts can be divided into three basic areas: our actions internal to the NRC, our interactions with our reactor licensees and the nuclear power industry, and our broader actions to address the issue of a reliable electrical grid.
The NRC Strategy for Addressing the Year 2000 Problem
Actions Internal to the NRC
With respect to power reactor licensees, the NRC is working to ensure that all of our mission-critical systems (seven in total) will be Year 2000 compliant so that our communications and data interfaces will continue to function properly. The one mission-critical system that is directly linked to operating nuclear power plants is our Emergency Response Data System (ERDS). This application performs the communication and data transmission functions that provide near real-time data to NRC incident response personnel during declared emergencies. The NRC currently is upgrading ERDS to be Year 2000 compliant in order to maintain the same communication protocol as the current system. Once upgraded, either a 2-digit or a 4-digit date field will be accepted. The upgrade is on schedule to be completed, tested, and implemented by March 4, 1999. This effort is being conducted under the NRC Year 2000 effort and is overseen by
Mr. Tony Galante, the NRC Chief Information Officer. All of our other mission-critical systems also are on schedule to be Year 2000 compliant in accordance with OMB guidelines, with three currently being repaired, and three being replaced.
NRC Interaction With Reactor Licensees
Since 1996, the NRC has been working with industry organizations to address the Year 2000 problem. After discussions with the Nuclear Energy Institute (NEI) in 1997, NEI agreed to take the lead in developing industry-wide guidance for addressing the Year 2000 problem at nuclear power reactors. Last November NEI sent a framework document, which NRC had reviewed, to all power reactor licensees. We believe that the guidance in that framework document, "Nuclear Utility Year 2000 Readiness" (NEI/NUSMG 97-07), when properly augmented and implemented, presents nuclear power plant licensees with an acceptable approach for addressing the Year 2000 problem. We will continue to work closely with other Federal agencies and industry groups, and to participate in interagency working groups, to ensure that we stay abreast of emerging Year 2000 concerns and that we take appropriate action to protect public health and safety and the environment. We strongly encourage licensees to share information regarding identified remediation and implementation activities, so that Year 2000 problems are identified early and addressed in a cost-effective manner.
In order to obtain confirmation that licensees are addressing the Year 2000 problem effectively with regard to compliance with the terms and conditions of their licenses and NRC regulations, the NRC is requiring that all operating nuclear power plant licensees submit a written response stating how they plan to address the Year 2000 problem. The written response is required by a Generic Letter issued on May 11, 1998, which has been developed and refined over the past six months.
A copy of that Generic Letter is being provided for the record. This Generic Letter refers to the NEI guidance document (NEI/NUSMG 97-07) as an example of an acceptable approach for addressing the Year 2000 issue at nuclear power plants.
By the middle of August 1998, the initial written response to the Generic Letter is due. In that response, nuclear power plant licensees will indicate whether they are pursuing a Year 2000 program based on the NEI program or a different program. Licensees who elect to use a different program are required to present a brief description of that program, to ensure that the computer systems at their facilities will be ready for the Year 2000. In addition, all operating nuclear power plants are required to submit a written response no later than July 1, 1999, confirming that the facility is, or will be, Year 2000 ready by the Year 2000. If their program is incomplete as of July 1, 1999, their response must contain a status report, including completion schedules, for work remaining to ensure Year 2000 readiness.
In addition to the written responses, we plan to conduct inspections, on a sampling basis, to assess licensee preparedness for the Year 2000. Any Year 2000 program used at a nuclear facility must be tailored to meet the specific needs and requirements of that facility and should, in general, comprise the following phases: awareness, assessment, remediation, validation, and implementation. Completion of the Year 2000 program means that the licensee has attained their program objectives. These program objectives could range from having all computer systems and applications, including embedded systems, being Year 2000 compliant, to having some systems Year 2000 compliant and the remaining systems retired or having permanent and/or temporary compensatory measures in place.
Bounding the Year 2000 Concern for Nuclear Power Plants
The potential impact of the Year 2000 problem on nuclear power plants varies with the types of computer systems in use. Licensees rely upon: (1) software to schedule maintenance and technical specification surveillance, (2) programmable logic controllers and other commercial off-the-shelf software and hardware, (3) digital process control systems, such as a feedwater control or valve control, (4) digital systems for collecting operating data, and (5) digital systems to monitor post-accident plant conditions.
In addition to the reporting requirements in the Generic Letter, NRC regulations (10 CFR Part 21, 10 CFR 50.72, and 10 CFR 50.73) also require licensees to notify the NRC of significant deficiencies, significant non-conformances, and failures, such as some of those which could result from the Year 2000 problem in safety-related systems. To date, the NRC staff has not identified or received notification from licensees or vendors that a Year 2000 problem exists with safety-related initiation and actuation systems. However, some problems have been identified in computer-based systems that, while non-safety-related, are nonetheless important. Such systems, primarily databases and data collection processes necessary to satisfy license conditions, technical specifications, and NRC regulations that are date driven, may need to be modified for Year 2000 compliance.
Some examples of systems and computer equipment that are most likely to be affected by Year 2000 problems include:
- Plant security computers;
- Plant process systems (data scan, log, and alarm and safety parameter display system computers); and
- Radiation monitoring systems.
Because of the limited time remaining in which to address the problem, the majority of the program remediation, validation, and implementation activities should be completed at a facility by mid -1999, leaving only a few such activities scheduled for the third and fourth quarters of 1999. In addition, we recognize that despite every reasonable effort by licensees to identify and correct Year 2000 computer system problems at their facilities, some software, applications, equipment, and systems may remain susceptible to the problem. Additionally, software, data, and systems external to the facility could potentially affect the facility adversely. Therefore, to ensure continued safe operation of the facility into the Year 2000 and beyond, licensees should formulate contingency plans for affected systems and equipment. The concept of Year 2000 readiness includes the planning, development, and implementation of appropriate contingency plans or compensatory actions for items that are not expected to be Year 2000 compliant, to address the possible impact that unrecognized problems may have on safe plant operation.
Interactions with the Nuclear Power Industry
The NRC has been involved actively with the nuclear industry in addressing the Year 2000 problem, and we are reasonably encouraged by industry efforts. We expect continuation of this effort in the response to the NRC Generic Letter that I mentioned earlier.
To ensure that senior level management at nuclear power plant licensees were aware of the Year 2000 problem, the first industry-wide NRC action was to issue Information Notice (IN) 96-70, "Year 2000 Effect on Computer System Software," on December 24, 1996. In that Information Notice, the NRC staff described the potential problems that nuclear power plant computer systems and software may encounter during the transition to the new century. The NRC staff also encouraged licensees to examine their uses of computer systems and software well before the turn of the century, and suggested that licensees consider appropriate actions for examining and evaluating their computer systems for Year 2000 vulnerabilities.
At the Nuclear Utilities Software Management Group (NUSMG) Year 2000 Workshop, an industry workshop held in July 1997, selected nuclear power plant licensees described their Year 2000 programs and gave examples of areas in which they had addressed Year 2000 issues in order to ensure the safety and operability of their plants on and after January 1, 2000. Some of the issues discussed included: (1) the evaluation of the impact of the Year 2000 problem on plant equipment; (2) the assessment process involved in the identification of components, vendors, and interfaces; (3) the development of Year 2000 testing strategies; and (4) the identification of budget needs to address the Year 2000 problem.
In August 1997, the NRC staff incorporated recognition of the Year 2000 concern in the updated Standard Review Plan, NUREG-0800, Chapter 7, "Instrumentation and Control." This document provides guidance to NRC staff reviewers of computer-based instrumentation and control systems, to ensure that the Year 2000 issue was addressed in any new systems or modifications proposed by licensees.
Also in August 1997, the Nuclear Energy Institute (NEI) met with NUSMG and nuclear plant utility representatives to formulate an industry-wide plan to address the Year 2000 issue. On October 7, 1997, representatives of NEI and NUSMG met with the NRC staff to discuss the actions that NEI was taking to help utilities make their plants "Year 2000 ready." NEI presented the framework document discussed earlier. That document makes a distinction in terminology between the expressions, "Year 2000 ready," and "Year 2000 compliant." "Year 2000 compliant" is defined as those computer systems or applications that accurately process date/time data (including but not limited to calculating, comparing, and sequencing) from, into, and between the 20th and 21st centuries, the years 1999 and 2000, and leap-year calculations. "Year 2000 ready" is defined as a computer system or application that has been determined to be suitable for continued use into the year 2000 even though the computer system or application is not fully "Year 2000 compliant."
NEI/NUSMG issued the framework document to all licensees in November 1997. The document recommends methods for nuclear utilities to attain Year 2000 readiness and thereby ensure that their facilities remain safe and continue to operate within the requirements of their licenses. The scope of the document includes software, or software-based systems or interfaces, whose failure (due to the Year 2000 problem) would (1) prevent the performance of the safety function of a structure, system, or component, or (2) degrade, impair, or prevent compliance with the nuclear facility license and/or NRC regulations. After reviewing the document, the NRC has endorsed this document as an acceptable approach for dealing with the Year 2000 problem at nuclear power plants.
NEI/NUSMG 97-07 also suggests a strategy for developing and implementing a Year 2000 program for nuclear utilities. The strategy recognizes management, implementation, quality assurance (QA) measures, regulatory considerations, and documentation as the fundamental elements of a successful Year 2000 project. The document contains examples of strategies that licensees currently are using, and also recommends that the Year 2000 program be administered through standard project management techniques.
The recommended components for management planning are as follows: (1) management awareness, (2) sponsorship, (3) project leadership, (4) project objectives, (5) the project management team, (6) the management plan, (7) project reports, (8) interfaces, (9) resources, (10) oversight, and (11) quality assurance. The suggested phases of implementation are awareness, initial assessment (which includes inventory, categorization, classification, prioritization, and analysis of initial assessment), detailed assessment (including vendor evaluation, utility-owned or utility-supported software evaluation, interface evaluation, and remedial planning), remediation, Year 2000 testing and validation, and notification.
The QA measures specified in NEI/NUSMG 97-07 apply to project management QA and implementation QA. Regulatory considerations include the performance of appropriate reviews, reporting requirements, and documentation. Documentation of Year 2000 program activities and results includes documentation requirements, project management documentation, vendor documentation, inventory lists, checklists for initial and detailed assessments, and record retention. NEI/NUSMG 97-07 also contains examples of various plans and checklists as appendices, which may be used or modified to meet the licensee-specific needs and/or requirements.
It should be recognized that NEI/NUSMG 97-07 is programmatic, and does not address fully all the elements of a comprehensive Year 2000 program. In particular, augmented guidance in the area of risk management, business continuity and contingency planning, and remediation of embedded systems is needed to fully address some Year 2000 issues that may arise in licensee program implementation. The NRC staff believes that the guidance in NEI/NUSMG 97-07, when properly augmented and implemented, presents an example of one acceptable approach for licensees when addressing the Year 2000 problem at nuclear power plant facilities.
The NRC Role In Ensuring Electrical Grid Reliability
Although the primary focus with our licensees has been on public health and safety related to reactor operations, we recognize the concern that the Year 2000 problem may potentially affect the reliability of electrical grids. Our regulatory focus in electrical grid reliability primarily relates to the challenges to plant safety systems that might result from a transient on the electrical grid, such as a loss of offsite power. Nuclear power reactors have two independent sources of offsite power, and are designed to safely shut down if a loss of all offsite power were to occur. In the event of a loss of offsite power, onsite electric power systems provide adequate electrical power to safely shutdown and cool down the reactors. As you know, NRC regulatory oversight and authority does not extend to the offsite electrical grid system.
Notwithstanding our regulatory limits, we recognize the national importance of a broader focus that helps to ensure that potential concerns with electrical grid reliability are identified and resolved. We support the efforts of the President's Council on Year 2000 Conversion and are members of the Energy Working Group. We are working closely with representatives from the Federal Energy Regulatory Commission and the Department of Energy to give assistance with, and share information on, potential problems associated with the Year 2000.
The NRC and the nuclear power industry are addressing the Year 2000 computer problem in a thorough and deliberate manner. To date, we have not identified or received notification from licensees or vendors that a Year 2000 problem exists with safety-related initiation and actuation systems. Further, we believe that we have, through Generic Letter 98-01 and the planned follow-up inspections, established a framework that appropriately assures us that the Year 2000 problem will not have an adverse impact on the ability of a nuclear power plant to safely operate or safely shut down. We recognize the importance of maintaining a reliable electrical grid, and we will continue to work with the President's Council on Year 2000 Conversion Energy Working Group, the Federal Energy Regulatory Commission, and the Department of Energy to give assistance and share information regarding potential problems associated with the coming of the Year 2000.
We look forward to working with the Special Committee and welcome your questions.