United States Nuclear Regulatory Commission - Protecting People and the Environment

Dynamic Reliability Modeling of Digital Instrumentation and Control Systems for Nuclear Reactor Probabilistic Risk Assessments (NUREG/CR-6942)

On this page:

Download complete document

Publication Information

Manuscript Completed:  May 2006
Date Published:  October 2007

Prepared by:
T. Aldemir 1, M.P. Stovsky 1, J. Kirschenbaum 2, D. Mandelli 1,
P. Bucci 2, L.A. Mangan 1, D.W. Miller 1, X. Sun 1, E. Ekici 3,
S. Guarro 4, M. Yau 4, B. Johnson 5, C. Elks 5, and S.A. Arndt 6

1 The Ohio State University
Department of Mechanical Engineering
Nuclear Engineering Program
Columbus, OH 43210

2 The Ohio State University
Department of Computer Science and Engineering
Columbus, OH 43210

3 The Ohio State University
Department of Electrical and Computer Engineering
Columbus, OH 43210

4 ASCA, Inc.
1720 S. Catalina Avenue, Suite 220
Redondo Beach, CA 90277-5501

5 University of Virginia
Department of Electrical and Computer Engineering
Charlottesville, VA 22904

6 U. S. Nuclear Regulatory Commission
Washington, DC 20555-0001

S.A. Arndt, NRC Project Manager

Prepared for
Division of Fuel, Engineering and Radiological Research
Office of Nuclear Regulatory Research
U.S. Nuclear Regulatory Commission
Washington, DC 20555-0001
NRC Job Code K6472

Availability Notice


As part of the U.S. Nuclear Regulatory Commission's (NRC's) effort to advance the state-of-the-art in digital system risk and reliability analysis the NRC Office of Nuclear Regulatory Research is sponsoring research into both traditional and dynamic methods for modeling. The results of a recent study reported in NUREG/CR-6901 indicate that the conventional event-tree (ET)/fault-tree (FT) methodology may not yield satisfactory results in the reliability modeling of digital I&C systems. Using subjective criteria based on reported experience, NUREG/CR-6901 has identified the dynamic flowgraph methodology (DFM) and the Markov methodology as the methodologies that rank as the top two with most positive features and least negative or uncertain features when evaluated against the requirements for the reliability modeling of digital I&C systems. The NUREG/CR-6901 has also concluded that benchmark systems should be defined to allow assessment of the dynamic methodologies proposed for the reliability modeling of digital I&C systems using a common set of hardware/ software/ firmware states and state transition data. This report: a) defines such a benchmark system based on the steam generator feedwater control system of an operating pressurized water reactor (PWR), b) provides procedures to illustrate how dynamic reliability models for the benchmark system can be constructed using DFM and Markov methodologies, and, c) illustrates how the resulting dynamic reliability models can be integrated into the probabilistic risk assessment (PRA) model of an existing PWR using SAPHIRE as an example ET/FT PRA tool. The report also discusses to what extent the DFM and the Markov methodology meet the requirements given in NUREG/CR-6901 for the reliability modeling of digital I&C systems. Some challenges are identified. It is concluded that it may be possible to meet most of these challenges by linking the existing ET/FT based plant PRA tools to dynamic methodologies through user friendly interfaces and using distributed computing. The challenge that is the most difficult to address is the acceptability of the failure data used. While it is also concluded that the proposed methods can be used to obtain qualitative information on the failure characteristics of digital I&C systems as well as quantitative, and, in that respect, can be helpful in the identification of risk important event sequences even if the data issue is not resolved, the report presents only a proof-of-concept study. Additional work is needed to validate the practicality of the proposed methods for other digital systems and resolve the challenges identified.

Paperwork Reduction Act Statement

This NUREG does not contain information collection requirements and, therefore, is not subject to the requirements of the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.).

Public Protection Notification

The NRC may not conduct or sponsor, and a person is not required to respond to, a request for information or an information collection requirement unless the requesting document displays a currently valid OMB control number.

Page Last Reviewed/Updated Thursday, December 19, 2013