UPGRADING AND UPRATING | DIGITAL DEVICES
Undetected changes in components is just one of several concerns that nuclear plant operators have to consider around the growth of
low-cost frequent-use EDDs and other technologies. new failure modes may increase the consequences of a malfunction or failure or create the possibility for an accident type different than any previously evaluated
V raised by regulators in the UK’s financial services sector. The regulators and the Bank of England discussed this issue at a recent meeting, according to the UK’s Financial Times newspaper, which quoted minutes saying, “the increasing criticality of the services that critical third parties provide, alongside concentration in a small number of providers, pose a threat to financial stability in the absence of greater direct regulatory oversight.”
Embedded devices in the electricity industry It remains to been seen whether regulators will take any action over cloud storage providers. Meanwhile, it is not surprising that energy asset owners are adopting small embedded devices and the capabilities afforded by big data.
It is a road that the nuclear industry has trodden before
– it was a leader in using an earlier wave of devices, such as vibration monitors, for example. In the nuclear industry, largely inaccessible components and a high down-time cost for inspections or repair quickly made remote monitoring and condition-based maintenance beneficial on both financial and safety grounds. Now, however, the low cost and high capability and connectivity of the new generation of devices makes them financially attractive almost everywhere. In the electricity industry they are becoming common across networks, providing increasingly granular data about conditions that help find and manage network outages, and manage both individual assets and the electrical loading of the grid itself. But embedded devices are spreading across the all the systems used by our economy. Landis+Gyr lists a large number of use-cases, such as smart cities. Why does this matter to the nuclear industry? Nuclear is not an island in the electricity or energy landscape. It is intimately connected with the rest of the system, physically and electrically, and it can no longer rely on lack of connectivity – a so-called ‘air gap’ – to keep it secure. And embedded digital devices often come complete with software and a communication capability that can have unexpected consequences. Such a case was referred to in a 2021 report by the US
NRC, Developing a Technical Basis for Embedded Digital Devices and Emerging Technologies, produced as part of its work to develop guidance for the safe use of EDDs in commercial nuclear power plants in the USA. The report lists a dozen occasions when unexpected
or ill-defined activity in EDDs can result in unanticipated consequences for nuclear operators. Most had little safety implications in themselves. For
example, the report cites an occasion at the UK’s Sellafield fuel cycle site where paperless chart recorders were
36 | June 2022 |
www.neimagazine.com
installed. It says that after installation the recorders started to exhibit faults, mostly “going to sleep” or requiring constant rebooting. “Recorders were swapped with identical spares, returned to the manufacturer, and reconfigured over a period of about 18 months, with no real improvement in reliability.” The cause? “The chart recorders contained a game called Cave Fly that was based on the film Hunt for Red October, and the game could not be deleted from the firmware; it could only locked-out from the operators. After the game was locked out, reliability seemed to improve, but faults were never completely eliminated. Sellafield decided to change the recorders for another make.” What is more, the barrier between what happens on-
site and off-site is more permeable as devices become more communicative, and so does the barrier between safety-related systems and non safety-related systems. The user’s control over how devices act and interact becomes less certain as ‘off the shelf’ devices come with built-in capabilities. And the ability to control the physical deployment of such devices becomes more difficult as it becomes financially attractive to use them across the economy.
NRC reporting In its report last year, the US NRC noted that EDDs can affect safety “by creating new hazards, vulnerabilities, failure modes, triggering mechanisms, and other potential safety concerns at both component and system levels.” It listed 18 types of components that may contain EDDs (see box one). Some concerns are typical of any products being used in the nuclear industry for the first time, such as new vendors in the market who are not familiar with the quality requirements associated with the nuclear power industry, especially for safety related applications. Others are less straightforward. Among them is the potential for undeclared digital
content in devices (as in the example at Sellafield above) – a concern that may extend to apparently familiar components, because now it is cost effective to replace analogue subcomponents with digital versions. For the manufacturer, the change to digital offers
more options and reduces the cost to manufacture, by allowing for more configurations with fewer parts. Digital components in commercial off-the-shelf devices may have embedded software that is not known to the user or assessor and, the NRC warns, “Because the device function remains the same, the product literature and part number for the device may not be revised”. As a result, the new digital version is not quality-assessed appropriately and may have new failure mechanisms and modes.
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45
