| INSTRUMENTATION & CONTROL
centrifuges by implanting malware into Siemens S7-417 and S7-315 controllers. This compromised the cascade protection system to over-pressure the centrifuges, and the centrifuge drive system to over-speed the centrifuge rotors. Because of the concern over cyberattacks on digital I&C nuclear plant, many organisations and authorities have developed guidance and best practices to safeguard the cybersecurity. In the USA, 10 CFR 73.54, included in the physical protection system of 10 CFR 73.1, requires a cybersecurity plan from a licensee that satisfies the requirements for NRC review and approval to ‘protect digital computer and communications systems and networks’. NRC also provides Regulatory Guide 5.71 (RG5.71) to detail the method and approach to protect the digital hardware, system and networks from cyber threat and attack. In the UK, the ONR has released a Technical Assessment Guide on nuclear security (CNS-TAST-GD-7.1), providing general advice and guidance to ONR inspectors on how aspects of cybersecurity should be assessed. It guides the licensees in developing security arrangements to meet legal obligations for cybersecurity and information assurance. To prevent, detect and respond to cybercrime aimed at
nuclear facilities, IAEA issues Nuclear Security Series No. 17 and No. 33 to provide guidance for the protection of digital I&C systems at nuclear facilities against malicious acts and hostile attacks. The International Electrotechnical Commission publishes the standards IEC62645 and IEC62859 for the development and management of effective secured computer programmes to eliminate the vulnerability of I&C programmable digital systems in nuclear power plant. Under the guidance of national and international
standards and regulations, nuclear plant operators can develop a security policy that provides a framework of risk management, security management, verification and validation management to defend digital I&C systems from cybersecurity threats. That may include an ‘air gap’ between the corporate network and safety-critical control network; prohibiting remote updates and disabling portable storage device access; requiring encrypted authorisation for flash memory updates; and minimising employees’ privileges for modifying and updating the control software, using a stringent authentication procedure. The passive heat removal functions in some small modular reactor designs can perform a shutdown without external safety-related pumps or fans. The simplified I&C design for the reactor control system inherently reduces the concern from cybersecurity threats, which gives the SMR I&C system leverage in favour of digitalisation.
Upskilling and training The digital I&C system is becoming the norm in modernised and new plant, so the industry needs to act swiftly to upskill its workforce and train the new generation to work with these emerging technologies. The knowledge and skills related to digital I&C — in areas including digital electronics, smart instruments, software, cybersecurity, machine learning and artificial intelligence — have to be developed to align with digitalisation and automation in plant operation to uphold nuclear safety principles. There are also new requirements for the supply chain to develop their staff with digital technologies, so they can provide safe and reliable design, systems and components. The current fleet operators will continue to train their
staff, particularly those who work in the main control room, with the latest digital technology and associated knowledge. Security awareness and advanced training helps strengthen the cybersecurity chain, empowering employees to become proficient in protecting the system against attack. Alongside on-the-job training, digital mock-up simulators can be used to train staff to mitigate and eliminate operational risks in a range of adverse events. For the future workforce, a digital I&C curriculum should
be taught in qualification programmes for graduates with the latest industrial digitalisation technologies. The curriculum should not only cover knowledge of electrical systems, instrumentation, control and automation, but also data science, machine learning, virtual reality and augmented reality. Otherwise, the skill shortage and lack of competence in the field of digital I&C will impose a danger to a modern nuclear power plant operating at high standard of safety.
The adoption of digital technology in the nuclear industry
is lagging behind other industrial sectors such as aerospace and automotive, because of the sector’s unique safety features. People may question the safety and complexity of deploying digital I&C systems in nuclear plant, and we need to demystify these fears and confusions. Vendors, licensees, regulators and relevant organisations should work together in developing standards, guidance, and best practices. Bodies such as IAEA, EPRI, Nuclear Energy Agency and state regulatory authorities could publish a series of documents to guide and advise the preparation of digital I&C in new builds, SMRs and AMRs. With these good practices, digital I&C systems will bring significant benefits and efficiencies in managing the safer operation of nuclear power plants. ■
Far left: Control room at a Russian nuclear power plant
Left: The first digital I&C modernisation in the USA was carried out at Oconee nuclear power plant Photo credit: Duke Energy
www.neimagazine.com | February 2022 | 53
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61