DIVERSITY AND DEFENSE-IN-DEPTH OF DIGITAL SYSTEMS FOR NUCLEAR POWER PLANTS

摘要

Analog instrumentation has been used in nuclear power plants prior to the use of digital systems. Analog systems were designed and tested in a manner in which they were designed to operate and the failures in analog systems were usually unrelated to other failures and were found to be random in nature. In certain instances some common hardware flaw were discovered. For safety systems such a flaw was reported under 10CFR50 Part 21 and appropriate actions were taken to resolve the reported flaw that could affect plant safety. Generally speaking, analog systems were not subject to a common cause failures and hence there was no specific requirement for diverse systems. The need for diversity was identified in 1980's when it was found that under certain anticipated transients the reactor protection system may fail to trip and insert the rods to shut down the reactor. In response to this type of events, Nuclear Regulatory Commission issued 10CFR50.62, "Requirements for Reduction of Risk from Anticipated Transients without Scram (ATWS) Events for Light-water-cooled Nuclear Power Plants", which in part requires various diverse methods for responding to ATWS. The digital systems in nuclear power plants provide many benefits due to the integrated nature of the digital systems. The digital systems provide ease in design, control, monitoring and trouble shooting among other benefits. The digital systems however, use software which is usually designed for one channel and then copied and used in other redundant channels. The basic software design is usually common to all channels even though channel specific parameters such as equipment tag numbers are modified as needed.