| INSTRUMENTATION & CONTROL
I&C systems in a digital era
As nuclear plants continue to transition from analogue to digital instrumentation & control systems, Dr Li Li discusses some of the challenges associated with digital systems
HIGH-INTEGRITY RELIABLE INSTRUMENTATION AND control (I&C) systems are vitally important to safely operate a nuclear power plant or nuclear material-related facility. The architecture of I&C system includes hardware (such as sensors, programmable logic controllers, hardwired logic, cabling, supervisory control and data acquisition equipment), software (control system, application) and human-system interfaces across every part of the nuclear facility. It supports safety and non-safety-related functions under normal operation and designated abnormal situations. It may be called the nervous system of a nuclear facility. Since the UK’s first commercial nuclear plant at Calder
Hall, conventional I&C systems with analogue devices and related technologies have been predominant. However, analogue I&C systems experience several disadvantages. Analogue signals generally have a lower quality than digital signals with less accurate reading. Signals acquired from analogue electronics are more prone to distortion in response to noise than those from digital instruments. The biggest challenge for nuclear I&C systems to
continue using analogue devices is managing obsolescence. When analogue devices are at the end of their service life, or discontinued by the original vendors, parts replacement becomes difficult or impossible. Digitised devices and modern I&C systems are needed in the nuclear industry now and for the future.
Dr Li Li
Head of control & instrumentation group, Nuclear AMRC
Digital trends Digital I&C systems have become more popular and desirable, in line with the rapid development of microprocessor chips and computerised technology. The first digital I&C system for a nuclear power plant
was reported at Kashiwazaki-Kariwa 6, an advanced boiling water reactor in Japan, which began commercial operations in 1996. Digital multiplex controllers are used throughout the plant, including in the main control room, for the reactor control system and for other safety systems. Analogue signals are collected from field sensors, converted into a digital format by remote multiplexing units, then sent to the main control room via optical fibres. In the late 2000s, digital I&C systems were included during upgrades and modernisation of several nuclear plants around the world, including Russia’s Kalinin 3 (commissioned in 2004) and Japan’s Ikata 1&2 (commissioned in 2009). The USA’s first digital I&C system modernisation was at Oconee in 2011. The UK, South Korea, France and China are among other countries which have also implemented digital I&C systems in their nuclear power plants in recent years.
The US Nuclear Regulatory Commission (NRC) has now made its first approval of a full-scale digital I&C system for small modular reactors (SMRs) when it approved the NuScale design. For safety related I&C systems in its SMR, NuScale has introduced a digital platform including a highly integrated protection system based on a proprietary field programmable gate array. I&C systems in SMRs will be digitalised, with the latest
technologies and modularised design. In the event of plant upgrades, modernisation, life extension and obsolescence management, more large-scale plants will also adopt digital I&C for safer and reliable operations and cost savings.
Challenges of digital I&C Safety and reliability An I&C system depends on the same four defence-in-depth (DiD) principles as does any nuclear design - redundancy, independence, deterministic behaviour and with diversity. Independence will prevent a failure propagating from
system to system or between the components within a system. The different algorithms or different technologies will provide diversified ways of monitoring, actuation and control to achieve a required I&C function. Redundancy means that alternative systems and components can perform the required function if the first fails. The design of digital I&C systems is guided by documents
of safety fundamentals, specific safety requirements and the specific safety guides issued by the International Atomic Energy Agency (IAEA). These govern the safety classifications of I&C functions, based on the requirements from the plant safety design base. The architecture of the digital I&C system is impelled by the class of functions to be implemented by the DiD concept. The greater the complexity of a digital I&C system,
the greater the probability that a common cause failure (CCF) could occur among the subsystems, and allowing a system malfunction to be caused by a single failure event. Compared to physical assets in a nuclear plant, CCFs can happen more often to software or software-controlled devices. However, there are many ways to prevent common cause failures, with the tools of failure analysis and risk management. In a DiD-based digital I&C system, the safety principles of redundancy, diversity and independence are implemented to ensure the safety and reliability of system operation. IAEA safety standard SSR-2/1 defines five layers in
the concept of defence-in-depth (Table 1). The design of a digital I&C system’s architecture should employ DiD techniques to constitute the layers of defence for preventing failures and faults within the system. U
www.neimagazine.com | February 2022 | 51
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61