United States Nuclear Regulatory Commission - Protecting People and the Environment

Current State of Reliability Modeling Methodologies for Digital Systems and Their Acceptance Criteria for Nuclear Power Plant Assessments (NUREG/CR-6901)

On this page:

Download complete document

Publication Information

Manuscript Completed: October 2005
Date Published: February 2006

Prepared by:
T. Aldemir1, D.W. Miller1, M.P. Stovsky1, J. Kirschenbaum2,
P. Bucci2, A.W. Fentiman1 , L.T. Mangan1

1Nuclear Engineering Program
Department of Mechanical Engineering
The Ohio State University
Columbus, Ohio 43210

2 Department of Computer and Information Science
The Ohio State University
Columbus, Ohio 43210

S.A. Arndt, NRC Project Manager

Prepared for:
Division of Fuel, Engineering, and Radiological Research
Office of Nuclear Regulatory Research
U.S. Nuclear Regulatory Commission
Washington, DC 20555-0001

NRC Job Code K6472

Availability Notice

Abstract

Digital systems offer the potential to improve plant safety and reliability through features such as increased hardware reliability and stability and improved failure detection capability. Because of these advantages and obsolescence issues with current analog systems, there is a desire to use more digital systems in both safety and non-safety systems in nuclear power plants. However there are currently limited guidance and consensus on the reliability modeling of digital systems, which prohibits the use of risk informed regulatory reviews of digital systems. While the static event-tree/fault-tree (ET/FT) approach has been used in the reliability modeling of digital I&C systems in nuclear power plants, numerous concerns have been raised in the reliability literature in the past about the capability of the ET/FT approach to properly account for dynamic interaction between the digital systems and the rest of the plant processes and within the hardware and software of the digital system itself. Any modeling method that is used should be capable of modeling the digital system to a level sufficient to ensure that all risk important interaction are included, as well as, all of the systems features that are required by current regulatory guidance.

This report describes the issues that need to be addressed both in the reliability modeling of digital instrumentation and control (I&C) systems and in the incorporation of the digital I&C system reliability models into existing PRA models for improved risk-informed decision making with regard to a digital system’s contribution to plant risk. The report also outlines the acceptance criteria to be used for the digital I&C system models prior to the implementation in regulatory applications.

All the methodologies reviewed in the report have features that can make them preferable over the others depending on the system under consideration, including the conventional ET/FT approach. The methodologies that rank as the top two with most positive features and least negative or uncertain features (using subjective criteria based on reported experience) are the DFM and dynamic event tree approach/Markov approach, each with different advantages and limitations. Regarding the applicability of the conventional ET/FT approach to digital I&C systems, no actual comparisons to dynamic methodologies have been encountered in the literature. The extrapolation of existing computational evidence based on a few comparative studies on dynamic systems seems to indicate that the ET/FT approach may yield satisfactory results for certain class of systems. It is concluded that no single available methodology satisfies all the requirements. Some promising methodologies are identified and the need for a benchmark exercise for a comparative evaluation of the promising methodologies is indicated.

Page Last Reviewed/Updated Wednesday, December 04, 2013