Digital Instrumentation and Controls Research

The U.S. Nuclear Regulatory Commission (NRC) Office of Nuclear Regulatory Research (RES) performs research related to tools, methods, procedures, acceptance criteria, and guidance to assess the safety and security of digital instrumentation and controls (DI&C) systems in the U.S. nuclear industry.  RES provides technical information to support licensing decisions and prepares for the future by evaluating the safety implications of new technologies and designs.  RES coordinates research and development activities with other NRC offices and external stakeholders (e.g., universities, national laboratories) to address DI&C issues and support the use of consensus standards.  RES collaborates research efforts domestically and internationally to support the sharing of issues encountered and resolution devised in other regulatory environments.  RES’ collaboration extends internationally, including sharing operational experience data and developing analysis techniques.

Following are summaries of past and ongoing research grouped by topics, as follows:

Since 1993, research on the safety and security of DI&C systems has influenced regulatory practice. Notable examples include providing the technical basis to support BTP 7-14, BTP 7-19, standard review plan chapter 7 sub-chapter 9, Appendix 7-A in the Design-Specific Review Standard (DSRS) for small modular reactors, and revision 3 of the chapter 19 of the standard review plan (SRP-19), Section III Design-Specific probabilistic risk assessment (PRA) (Procedures for Specific PRA Audit Topics).  See Figure 1.  RES also assisted with development of Regulatory Guide 5.71 to pilot the implementation of 10 CFR 73.54.

representation of Research contributions to support licensing activities, consisting of a horizontal stack of colored blocks, each sectioned off with examples of the four catetgories provided: Licensing Successes; Key Licensing Guidance; Highlights: Topics -- all which contribute to Digital Instrumentation and Controls Research.

Figure 1: Research contributions to support licensing activities

Safety of DI&C Systems

Past research has included characterizing failure and fault modes and mechanisms, analyzing operational experience, risk informing the safety evaluation process, methods to test software, method to perform and evaluate a DI&C hazard analysis, and emerging technologies such as embedded digital devices. Ongoing DI&C systems safety research topics include common-cause failure, risk-Informed reviews, assurance case approaches, and causality-based techniques for performing hazard analysis and learning from events encountered during operation.

To learn from experiences outside of the commercial nuclear power industry, such as defense, space flight, commercial aviation, medical devices, automobiles, telecommunications, and railways, NRC has engaged with experts outside the NRC and continues to elicit knowledge from experts with safety-critical software and systems research experience in non-nuclear application domains.  The NRC coordinates research with the Electric Power Research Institute (EPRI) under a Memorandum of Understanding for exchanging technical information.  International collaboration includes the OECD/NEA Halden Reactor Project ‒ now focused on the Human, Technology and Organization (HTO) aspects. The NRC has hosted many Halden workshops to learn about the common needs and issues experienced by industry and to learn about best practices and the state-of-the-art in DI&C safety assurance, including a series of six workshops in 2020.

Uncertainties in the assurance of DI&C systems for safety functions in a variety of application domains are increasingly emanating from systemic causes. Many of the challenges experienced in the licensing reviews were rooted in hazards from systemic causes. Table 1 summarizes the research performed to address these uncertainties, obtain risk insights, and provide decision support for safety evaluation.

Table 1: Decision support for Safety Evaluation of DI&C Systems: Uncertainties; Risk Insights
Document Identifier,
Year
Title; Contribution to licensing reviews or other outcome
NUREG/CR-6101, 1993 Title: Software Reliability and Safety in Nuclear Reactor Protection Systems.

Contribution: Technical basis of BTP 7-14 rev 4, 1997
NUREG/CR-6303, 1994 Title: Method for Performing Diversity and Defense in Depth Analyses of Reactor Protection Systems.

Contribution: Serves as a reference for BTP 7-19, ML20339A647.
NUREG/CR-6090, 1993 Title: The programmable logic controller and its application in nuclear reactor systems.

Contribution: Identified a qualitative hazard analysis technique, because of the difficulty in quantifying the risk contribution of software.
NUREG/CR-6082, 1993 Title: Data Communications

Contribution: Technical basis for standard review plan chapter 7 sub-chapter 9 (SRP7.9).
NUREG/CR-6263, 1995 Title: High Integrity Software for Nuclear Power Plants – Candidate guidelines, technical basis, and research needs.

Outcome: Identified approximately 200 guidelines, their technical basis, and the research needed to improve the technical basis. This study was focused on issues identified by the NRC in the 1991-1995 timeframe. Peer reviewed by a panel of 17 international experts.
ISBN: 0-309-52444-X, 1997 Title: "Digital Instrumentation and Control Systems in Nuclear Power Plants: Safety and Reliability Issues" Committee on Application of Digital Instrumentation and Control Systems to Nuclear Power Plant (NPP) Operations and Safety, National Research Council.

Outcome:
  1. Criteria for the NRC's review and acceptance of digital applications in NPPs, focusing on the following:
    • Software quality assurance
    • Common-mode software potential
    • Systems aspects of DI&C technology
    • Human factors and human-machine interfaces
    • Safety and reliability assessment methods
    • Dedication of commercial-off-the-shelf hardware and software
    • Case by case licensing process
    • Adequacy of the technical infrastructure
  2. Promising approaches for further actions by the USNRC beyond the committee's report.
  3. Suggestions for avoiding dead-ends
  4. Mechanics for improving communication and strengthening technical infrastructure at the USNRC.
NUREG/CR-1275, 2000 Title: Causes and Significance of Design-Basis Issues at U.S. Nuclear Power Plants.

Outcome: Analysis of 1985-1997 NPP events for design basis issues, finding that most were rooted in the original design. Confirmed staff concern that more engineering content (as in software-dependent DI&C systems) could increase the hazard space, relative to failures in traditional I&C hardware.
NUREG/CR-6991, 2009 Title: Design Practices for Communications and Workstations in Highly Integrated Control Rooms.

Outcome: Technical basis for review guidance to evaluate effect of digital interconnections and enabled interactions across redundant elements, safety and non-safety elements.
NUREG/CR-7006, 2010 Title: Review Guidelines for Field-Programmable Gate Arrays (FPGA) in Nuclear Power Plant Safety Systems

Outcome: Guidance for reviewing FPGA-based safety systems. Basis for developing FPGA-specific review procedures and acceptance criteria.
NUREG/CR-7007, 2010 Title: Diversity Strategies for Nuclear Power Plant Instrumentation and Control Systems.

Contribution: Serves as a reference for BTP 7-19 ML20339A647.
RIL-1001, 2011 Title: RESEARCH INFORMATION LETTER 1001: Software-Related Uncertainties in the Assurance of Digital Safety Systems—Expert Clinic Findings, Part 1.

Contribution: Identified the dominating sources of uncertainties in safety assurance (see Figure 2) and promising approaches to address them, focusing on software and other manifestations of complex logic. Served as a platform for RIL-1002, RIL-1003, and RIL-1101.
NUREG/IA-0254, 2011 Title: International Agreement Report, "Suitability of fault modes and effects analysis for regulatory assurance of complex logic in digital instrumentation and control systems".

Outcome: The Institut de Radioprotection et de Surete Nucleaire (IRSN) and the NRC jointly investigated and evaluated the suitability of applying fault modes and effects analysis as a technique for identifying faults attributable to software and other forms of logic in DI&C for NPP safety functions, for which it is not practicable to ensure the correctness of all behaviors through verification alone. The report concludes that the contribution of failure modes and effects analysis (FMEA) to regulatory assurance of such logic is marginal.
MIT research report
 NRC-HQ-11-6-04-0060, 2012
Title: Evaluating the Safety of Digital Instrumentation and Control Systems in Nuclear Power Plants

Outcome: Application of MIT-developed hazard analysis technique, STPA, to a simplified subset of a NPP DI&C component.
RIL-1002, 2013 Title: RESEARCH INFORMATION LETTER 1002: Identification of Failure Modes in Digital Safety Systems – Expert Clinic Findings, Part 2.

Contribution:
  • Identified generic failure modes of DI&C safety systems.
  • Findings on the efficacy of Software Fault Modes and Effects Analysis as a method for identifying faults leading to system failures impairing a safety function. NUREG/IA-0254, listed below, provides additional supporting information.
RIL-1101, 2015 Title: RESEARCH INFORMATION LETTER 1101:

Technical Basis to Review Hazard Analysis of Digital Safety Systems.

Contribution:
  • Source for the following sections in Appendix 7-A in the Design-Specific Review Standard (DSRS) for small modular reactors: Hazard Analysis (HA) Scope; Information to be reviewed; Evaluation Topics; Control of contributory hazards;.
  • Served as a reference for input to Appendix D of Institute of Electrical and Electronic Engineers (IEEE) Std 7-4.3.2.
  • Identified conditions to address the (contributory) hazards and reduce the hazard space. These conditions to reduce the hazard space represent the technical basis for potential review criteria.
  • Served as a reference for SRP-19-III, Design-Specific PRA (Procedures for Specific PRA Audit Topics) items 3.B and 3.J and additional steps A, B, C, D, E, I.
NUREG/IA-0463, 2015 Title: International Agreement Report, "(Availability of) An International Report on Safety Critical Software for Nuclear Reactors by the Regulator Task Force on Safety Critical Software (TF-SCS)".

Outcome: A technical reference for developing future improvements to NRC's regulatory guidance framework.. The NUREG includes the TF SCS report titled "Licensing of Safety-Critical Software for Nuclear Reactors - Common Position of International Nuclear Regulators and Authorized Technical Support Organisations" and an NRC-authored appendix,

Figure 2 - diagram of Major sources of uncertainty in the assurance of a DI&C system design

Figure 2: Major sources of uncertainty in the assurance of a DI&C system design (source: RIL-1001

To top of page

Risk Quantification and Risk-informing

The current I&C regulatory infrastructure is based on compliance with the Institute of Electrical and Electronic Engineers (IEEE) design and quality standards and the NRC's defense in depth policy. The NRC staff routinely applies engineering judgment, e.g. on safety importance, and operating experience, in evaluating individual designs against regulatory standards. The NRC seeks additional technical methods and tools to better quantify risks and integrate risk insights into technical reviews and inspections of digital systems, consistent with the principles defined in Regulatory Guide (RG) 1.174 and other relevant guidance. Table 2 summarizes the research, spanning almost two decades, to quantify the risk contributed through software.

Table 2: Safety of DI&C systems – Quantifying software contribution to risk
Document Identifier,
Year
Title; Contribution to licensing reviews or other outcome
NUREG/GR-0019, 2000 Title: Software Engineering Measures for Predicting Software Reliability in Safety Critical Digital Systems.

Outcome: Approach to predict and estimate the reliability of I&C software using software engineering measures, but to estimate accuracy quantitatively, further experiments are required.

Reference for revision 3 of the chapter 19 of the standard review plan (SRP-19), Section III Design-Specific PRA (Procedures for Specific PRA Audit Topics) item 3.
NUREG/CR-5500, 2002 Title: Reliability study: Combustion Engineering Reactor Protection System, 1984-1998.

A statistical study of Availability-data, incl. estimate of observed Unavailability, based on fault-tree models of the systems studied. Common-cause failures (CCFs)-relevant data fed into NUREG/CR-6268.

Outcome:
1. CCFs contribute approximately 99 percent to the overall unavailability of the various designs.
2. The vast majority (80 percent) of Reactor Protection System (RPS) CCF events can be attributed to either normal wear or out-of-specification conditions.
NUREG/CR-6848, 2004 Title: Preliminary Validation of a Methodology for Assessing Software Quality.

Outcome: Limited experimental evaluation of the method proposed in NUREG/GR-0019, treating Quality as Reliability identified need for further research including full-scale experiment.
NUREG/CR-6901, 2006 Title: Current State of Reliability Modeling Methodologies for Digital Systems and Their Acceptance Criteria for Nuclear Power Plant Assessments.

Outcome: 
  • Identified limitations of the static modeling methods (e.g.: event tree; fault-tree), because these do not reflect the dynamic interactions enabled through digital technology and may not support risk quantification.
  • Identified the need for research to reflect dynamic behavior of the system in the model used for safety analysis.
NUREG/CR-6942, 2007 Title: Dynamic Reliability Modeling of Digital Instrumentation and Control Systems for Nuclear Reactor Probabilistic Risk Assessments.

Outcome:
  • A proof-of-concept study. Synthesizes a DI&C system for benchmarking different dynamic modeling methods.
  • Identifies limitation – validity of failure frequency data. No consensus in the technical community on how software reliability should be quantified and, in fact, whether such a concept is appropriate at all.
Identifies promise in using dynamic modeling to yield qualitative information.
NUREG/CR-6268, 2007 Title: Common-Cause Failure Database and Analysis System: Event Data Collection, Classification, and Coding

Outcome:
  • Identified equipment failures that contribute to CCF events.
  • Used to estimate probabilistic risk assessment CCF parameters.
NUREG/CR-6962, 2008 Title: Traditional Probabilistic Risk Assessment Methods for Digital Systems.

Outcome:
  • Traditional PRA methods inadequate for DI&C.
  • No consensus methods at present for quantifying the reliability of DI&C systems.
  • Reveals limitations in modeling digital systems using traditional PRA methods.
  • Additional R&D needed to risk-inform DI&C evaluation.
NUREG/CR-6985, 2009 Title: A Benchmark Implementation of Two Dynamic Methodologies for the Reliability Modeling of Digital Instrumentation and Control Systems.

Outcome:
  • Implements the benchmark defined in NUREG/CR-6962 on two dynamic modeling methods applied to a feed-water control system. Demonstrated integration with plant PRA model.
  • Quantitative aspects of the study results are preliminary and incomplete. It does not address the uncertainty in digital "failure probability and failure rate estimations".
NUREG/CR-6997, 2009 Title: Modeling a Digital Feedwater Control System Using Traditional Probabilistic Risk Assessment Methods.

Outcome: Demonstration of traditional reliability modeling methods on feed-water control system. Side conclusions:
  • The potential for digital systems failures to be contributors to plant risk cannot be ruled out.
  • Did not advance the state-of-the-art in quantification of software reliability.
  • Additional research is needed, e.g., modeling of software failures
Transcript of the ACRS DI&C SC meeting, Feb 20, 2008 Title: Transcript of the Advisory Committee on Reactor Safeguards (ACRS) DI&C Subcommittee meeting

Outcome: RES' review of the following and presentation to the ACRS led to the conclusion that the data was insufficient to support a "CCF not credible" conclusion – supports SRP-19-III, Design-Specific PRA (Procedures for Specific PRA Audit Topics) additional steps G-H.

NRC/RES presented its review comments to the ACRS DI&C SC on the following report prepared for: Nuclear Energy Institute (NEI) Digital I&C and Human Factors Working Group by authors: Bruce Geddes, Southern Engineering Services, Thuy Nguyen, Electricité de France, David Blanchard, Applied Reliability Engineering; and Ray Torok, Electric Power Research Institute,

U.S. Commercial Nuclear Power Plant Digital I&C System Operating Experience, Rev. 0, June 13, 2008,
NUREG/CR-7042, 2011 Title: A Large Scale Validation of a Methodology for Assessing Software Reliability.
NUREG/CR-7044, 2011 Title: Development of Quantitative Software Reliability Models for Digital Protection Systems of Nuclear Power Plants. Draft report for comment.
NUREG/CR-7151, 2012
Volume 1
Volume 2
Volume 3
Volume 4
Title: Development of a Fault Injection-Based Dependability Assessment Methodology for Digital I&C Systems

Outcome: Fault injection based quantitative assessment method, developed for the purpose of evaluating its potential to support probabilistic risk assessment (PRA) and risk-informed review of processor based digital I&C systems.

Contribution: Supports revision 3 of the chapter 19 of the standard review plan (SRP-19), Section III Design-Specific PRA (Procedures for Specific PRA Audit Topics) item 3.
NUREG/CR-7234, 2017 Title: Development of A Statistical Testing Approach for Quantifying Safety-Related Digital System on Demand Failure Probability.

Outcome: Supports revision 3 of the chapter 19 of the standard review plan (SRP-19), Section III Design-Specific PRA (Procedures for Specific PRA Audit Topics) item 3.
NUREG/CR-7233, 2018 Title: Developing a Bayesian Belief Network Model for Quantifying the Probability of Software Failure of a Protection System.

Outcome: Method to estimate software failure frequency using Bayesian Belief Network based upon software characteristics such as size, complexity, and other development characteristics.
ML20296A259
2020
Title: Assessment of Technical Feasibility of Risk-Informed Approaches and Gaps Associated with Further Integrating Risk Insights into Regulatory Reviews for Digital I&C Systems and Components

Contribution: Report serves as a technical reference on the subject topic, which may be useful when discussing future plans for application of PRAs to digital I&C systems, including pilot applications.

To top of page

Embedded Digital Devices and Emerging Technologies

Embedded digital devices (EDDs) and related emerging technologies may introduce new hazards or other safety concerns, as presented in Regulatory Issue Summary 2016-05, "Embedded Digital Devices in Safety-Related Systems," dated April 29, 2016.  Table 3 summarizes research reports on these topics. Ongoing research aims to develop the technical basis for evaluating EDDs and emerging technologies, along with relevant observations, based on their classification, functionality, configurability, consequences of failure, and potential for common-cause failure (CCF). This research reviews how other agencies worldwide, both nuclear and non-nuclear, regulate, approve the use of, and apply EDDs.

Areas of interest include the types of components in safety-related applications most likely to have EDDs, methods used by other industries and countries to regulate the use of EDDs, and potential issues noted in industry. This information serves to support the technical basis for a graded approach in the selection and use of EDDs. A tangential supply chain issue is the use of replacement parts or parts in upgrades that may contain an undeclared digital device, as it may not meet the requirements for the safety-related application in which it is being used.

Other attributes such as reliability (the ability to perform with correct, consistent results), diagnostics, operating experience, and failure modes were reviewed because of their use in risk informing the acceptance of the use of EDDs. Emerging technologies associated with EDDs were noted during this work and are described. Table 3 summarizes research concerning EDDs.

Table 3: Embedded digital devices, including Emerging Technologies associated with EDDs
Document Identifier,
Year
Title
NUREG/CR-6812, 2003 Emerging Technologies in Instrumentation and Controls 
NUREG/CR-6888, 2006 Emerging Technologies in Instrumentation and Controls: 
NUREG/CR-6992, 2008 Instrumentation and Controls in Nuclear Power Plants: An Emerging Technologies Update
NUREG/CR-7273, 2021 Developing a Technical Basis for Embedded Digital Devices and Emerging Technologies 

To top of page

Environmental Effects

This research addresses the effects of fire, smoke and other environmental effects on equipment.  Fire is a design-basis event. To demonstrate that it can be handled, licensees perform a post-fire safe-shutdown analysis to assure that a train of shutdown structures, systems, and components remains free of fire damage for a single fire in any single plant fire area.  Industry has developed methods for evaluating the effects of fire-induced circuit failures on safe-shutdown capability.  Nuclear Energy Institute report NEI-00-01, Revision 2, "Guidance for Post-Fire Safe Shutdown Circuit Analysis," May 2009, provides one acceptable method for performing a post-fire safe-shutdown circuit analysis when used with RG 1.189, Revision 3, "Fire Protection for Nuclear Power Plants," issued February 2018.

The NRC has sponsored research to support the development of the agency position in this area.  Table 4 summarizes research concerning effects of fire-related (e.g., smoke, heat) environmental conditions.
 

Table 4: Smoke and other environmental effects on electronic equipment
Document Identifier,
Year
Title; Outcome
NUREG/CR-6220, 1995 Title: "An Assessment of Fire Vulnerability for Aged Electrical Relays" (March 1995)

Outcome: Aged relays' performance was not significantly different from that of the unaged relays, based on testing Agastat and General Electric relays for fire vulnerability. Aged relays were subjected to operational cycling underrated load and thermally aged for 60 days.  All relays were exposed to one of three different fire temperature profiles.  
NUREG/CR-6476, 1996 Title: Circuit Bridging of Components by Smoke

Outcome: Smoke can adversely affect digital electronics; in the short term, it can lead to circuit bridging and in the long term to corrosion of metal parts.  Factors that can influence the effect of smoke include: component technology; packaging; physical board protection; environmental conditions such as the amount of smoke, temperature of burn, and humidity level.  Hermetically sealed ceramic packages were more resistant to smoke than plastic packages.  Coating the boards with an acrylic spray provided some protection against circuit bridging.  The smoke generation factors that affect the resistance the most are humidity, fuel level, and burn temperature.  The use of carbon dioxide as a fire suppressant, the presence of galvanic metal, and the presence of polyvinyl chloride did not significantly affect the outcome of these results.
NUREG/CR-6543, 1997 Title: Effects of Smoke on Functional Circuits

Outcome: Conformal coatings and the characteristics of chip technologies affect smoke-tolerance of digital circuits, as indicated by exposing basic functional circuits to smoke created by burning cable insulation.
  • For high-resistance circuits, the smoke lowered the resistance of the surface of the board and caused the circuits to short during the exposure.  These circuits recovered after the smoke was vented.
  • For low-resistance circuits, the smoke caused their resistance to increase slightly.
  • A polyurethane conformal coating substantially reduced the effects of smoke.
  • A high-speed digital circuit was unaffected.
  • A second experiment on different logic chip technologies showed that the critical shunt resistance that would cause failure was dependent on the chip technology and that the components used in the smoke exposures were some of the most smoke tolerant.
NUREG/CR-6597, 2001 Title: Results and Insights on the Impact of Smoke on Digital Instrumentation and Control

Outcome: Smoke can cause interruptions and upsets in active electronics.  Major effects of smoke:
  •  Increase in leakage currents (through circuit bridging across contacts and leads)
  • Momentary upsets and failures in digital systems.
Smoke damage can be mitigated through digital system design, fire barriers, ventilation, fire suppressants, and post-fire procedures.

These findings are based on tests on memory chips and hard drives, using conformal coating and results from NUREG/CR-6476 and NUREG/CR-6543.
NUREG/CR-7123, 2012 Title: A Literature Review of the Effects of Smoke from a Fire on Electrical Equipment

Outcome: The state-of-the-art of smoke production measurement, prediction of smoke impact as part of computer-based fire modeling, and measurement and prediction of the impact of smoke through deposition of soot on and corrosion of electrical equipment.  There is a lack of validated and widely applicable methods to assure survivability of electrical equipment, exposed to smoke from a fire.  Circuit bridging via current leakage through deposited smoke is a potentially important mechanism of electronic and electrical equipment failure during nuclear power plant fires. Damage can be assessed reasonably, based on the airborne smoke exposure concentration and the exposure duration.  Hence, models that can predict the airborne smoke concentration would be sufficient to provide upper limit estimates of potential damage.
NUREG-1635, 2014 Title: Review and Evaluation of the NRC Safety Research Program

Outcome: This Advisory Committee on Reactor Safeguards suggested that "Research projects should address…heat on fiber optic cables, the effects of heat on digital equipment, and the effects of smoke damage to digital signal processing and computation modules" (page 5 and discussed in more detail on pages 27–28).

To top of page

Electromagnetic pulse and space weather effects: RES has examined the impact of electromagnetic pulse (EMP) on U.S. nuclear power plants since the 1980s.  RES continues to monitor developments in this area and update the findings periodically, expanding the scope to include space weather events.  Research efforts support the NRC position that U.S. plants can safely shut down in the aftermath of either occurrence.  The NRC is currently participating in the interagency response to Executive Order (EO) 13865, “Coordinating National Resilience to Electromagnetic Pulses.”  This is a government-wide effort to ensure national infrastructure components will remain functional in the event of an EMP.  Table 5 summarizes research concerning electromagnetic effects.

Table 5: Electromagnetic Effects on Digital Electronic Equipment
Document Identifier,
Year
Title; Outcome
NUREG/CR-5941, 1994 Title: Technical Basis for Evaluating Electromagnetic and Radio-Frequency Interference in Safety-Related I&C Systems

Outcome: Significance of characterizing electromagnetic operating envelope as part of operating experience.
NUREG/CR-6479, 1998 Title: Technical Basis for Environmental Qualification of Microprocessor-Based Safety-Related Equipment in Nuclear Power Plants.

Outcome:
  • Confirmed that smoke is a stressor that can adversely impact digital safety equipment.
  • Identified need for electromagnetic compatibility standard(s) for the nuclear power plant environment.
NUREG/CR-6431, 2000 Title: Recommended Electromagnetic Operating Envelopes for Safety-Related l&C Systems in Nuclear Power Plants

Outcome: Significance of characterizing electromagnetic operating envelope as part of operating experience.
NUREG/CR-6436, 2000 Title: Survey of Ambient Electromagnetic and Radio-Frequency Interference Levels in Nuclear Power Plants.

Outcome: Significance of characterizing electromagnetic operating envelope as part of operating experience.
NUREG/CR-5609, 2003 Title: Electromagnetic Compatibility Testing for Conducted Susceptibility Along Interconnecting Signal Lines.

Outcome: Findings from experimental investigation of relevant existing standards.
 

To top of page

Online Monitoring

Online monitoring refers to automated techniques used to assess instrumentation performance or health while the facility is operating.  Online monitoring seeks to determine whether the equipment has encountered an anomaly or fault or if recalibration is needed.  For example, some systems can detect an eventual bearing failure in a pump by monitoring vibrations; other systems are capable of monitoring safety signals when a protection channel is drifting out of the allowable tolerance.

The availability of online monitoring may result in licensees seeking approval to change surveillance and maintenance practices at nuclear facilities.  For this reason, the NRC proactively seeks to ensure that it is prepared to evaluate, provide timely decisions, and offer regulatory guidance on the safe use of online monitoring methods. Table 6 summarizes online monitoring research.

Table 6: Online Monitoring
Document Identifier,
Year
Title; Outcome
NUREG/CR-6895, 2007 Title: Technical Review of On-Line Monitoring Techniques for Performance Assessment.

Volume 1: State-of-the-Art

Outcome: Technical basis for review of licensee changes to surveillance and maintenance practices.
NUREG/CR-6895, 2008 Title: Technical Review of On-Line Monitoring Techniques for Performance Assessment. Volume 2: Identifies theoretical issues.

Outcome: Techniques used to quantify the uncertainty inherent in the empirical process variable predictions.
NUREG/CR-6895, 2008 Title: Technical Review of On-Line Monitoring Techniques for Performance Assessment. Volume 3: Limiting case studies

Outcome: Technical basis to evaluate the contribution of online monitoring of sensors for process variables — effect of modeling assumptions and validity of training data.
ML14274A306, 2014 Title: An Introduction to Advanced Diagnostics and Prognostics for NRC Staff.

Outcome: A knowledge management resource.

To top of page

Wireless Technologies

The nuclear industry has expressed interest in expanding the use of wireless technologies in Nuclear Power Plant applications. Examples include use in industrial control systems (ICS) and data acquisition monitoring systems for plant component/equipment health monitoring that are located near, or even on, safety related/ important-to-safety (SR/ITS) equipment. Expansion of wireless technology use must ensure it does not impact safe operation of the plant through adverse interactions with SR/ITS systems. Table 7 summarizes research concerning Wireless Technology.

Table 7: Wireless Technology including Emerging Technologies
Document
Identifier,
Year
Title; Outcome
NUREG/CR-6812, 2003 Title: Emerging Technologies in Instrumentation and Controls
NUREG/CR-6888, 2006 Title: Emerging Technologies in Instrumentation and Controls: An Update.
NUREG/CR-6882, 2006 Title: Assessment of Wireless Technology in Nuclear Facilities”

Outcome: A knowledge management resource.
NUREG/CR-6939, 2007 Title: Coexistence Assessment of Industrial Wireless Protocols in the Nuclear Facility Environment”

Outcome: A knowledge management resource.
NUREG/CR-6992, 2008 Title:  Instrumentation and Controls in Nuclear Power Plants: An Emerging Technologies Update

To top of page

Cybersecurity of Digital I&C Systems

Following the terrorist attacks on September 11, 2001, the NRC issued a series of security advisories and orders requiring nuclear power plants to take actions to enhance the protection of certain computer systems at nuclear power plants.  In 2009, the NRC issued Title 10 of the Code of Federal Regulations (10 CFR) 73.54, "Protection of Digital Computer and Communication Systems and Network" – also known as the cybersecurity rule. It is a performance-based programmatic requirement to ensure that digital computers, communication systems, and networks, associated with a nuclear power plant's safety, important-to-safety, security, and emergency preparedness functions are protected from cyber-attacks. In support of 10 CFR 73.54, the NRC published Regulatory Guide (RG) 5.71, "Cyber Security Programs for Nuclear Facilities," in 2010.  Table 7 summarizes research on cyber security of DI&C systems.

RES continues to support the review of the revision to RG 5.71, to ensure that DI&C systems can maintain safe operating environments in nuclear facilities.  RES also engages with the U.S. Department of Energy and the Electric Power Research Institute to coordinate and collaborate on future research in cyber security. Ongoing research includes security of wireless technologies in DI&C systems and assessment of emerging methods to assess security in a risk-informed manner.  RES also participates in governmentwide, academic, and industry working groups that provide the latest information and tools to address cyber threats.

Table 8: Cyber Security of Digital I&C Systems
Document
Identifier,
Year
Title; Contribution to Licensing and Oversight Reviews or other outcome
RG 5.71, 2010 Title: Regulatory Guide 5.71 Cyber Security Programs for Nuclear Facilities.

Outcome: One way to satisfy the requirements of 10 CFR 73.54.

Contribution: Used in licensing and oversight reviews.
NUREG/CR-7117, 2012 Title: Secure Network Design

Outcome: Technical criteria for features contributing to secure network designs at nuclear power plants.

To top of page

Page Last Reviewed/Updated Tuesday, June 29, 2021