Hyun Gook Kang

An analysis of safety-critical digital systems for risk-informed design

Abstract This paper quantitatively presents the results of a case study which examines the fault tree analysis framework of the safety of digital systems. The case study is performed for the digital reactor protection system of nuclear power plants. The broader usage of digital equipment in nuclear power plants gives rise to the need for assessing safety and reliability because it plays an important role in proving the safety of a designed system in the nuclear industry. We quantitatively explain the relationship between the important characteristics of digital systems and the PSA result using mathematical expressions. We also demonstrate the effect of critical factors on the system safety by sensitivity study and the result which is quantified using the fault tree method shows that some factors remarkably affect the system safety. They are the common cause failure, the coverage of fault tolerant mechanisms and software failure probability.

Information theoretic approach to man-machine interface complexity evaluation

We analyze the interactions between human operators and control room equipment and find that several factors affect the information-gathering and decision-making processes of operators: contents of the provided information, the way information is provided, and knowledge of the operators. These factors contribute to the perceived cognitive complexity by human operators in plant operation. Based on the information theory concept, we propose an integrated framework for evaluating this complexity. The proposed framework is designed to be applied to various types of control room equipment which have different types of man-machine interface and contain different types of information. An experimental verification for the proposed framework is performed and its result shows that the framework successfully integrates various aspects of man-machine interface systems and estimates the mental workload of human operators.

FAULT DETECTION COVERAGE QUANTIFICATION OF AUTOMATIC TEST FUNCTIONS OF DIGITAL I&C SYSTEM IN NPPS

Analog instrument and control systems in nuclear power plants have recently been replaced with digital systems for safer and more efficient operation. Digital instrument and control systems have adopted various fault-tolerant techniques that help the system correctly and safely perform the specific required functions regardless of the presence of faults. Each fault-tolerant technique has a different inspection period, from real-time monitoring to monthly testing. The range covered by each faulttolerant technique is also different. The digital instrument and control system, therefore, adopts multiple barriers consisting of various fault-tolerant techniques to increase the total fault detection coverage. Even though these fault-tolerant techniques are adopted to ensure and improve the safety of a system, their effects on the system safety have not yet been properly considered in most probabilistic safety analysis models. Therefore, it is necessary to develop an evaluation method that can describe these features of digital instrument and control systems. Several issues must be considered in the fault coverage estimation of a digital instrument and control system, and two of these are addressed in this work. The first is to quantify the fault coverage of each fault-tolerant technique implemented in the system, and the second is to exclude the duplicated effect of fault-tolerant techniques implemented simultaneously at each level of the system’s hierarchy, as a fault occurring in a system might be detected by one or more fault-tolerant techniques. For this work, a fault injection experiment was used to obtain the exact relations between faults and multiple barriers of faulttolerant techniques. This experiment was applied to a bistable processor of a reactor protection system.

Application of condition-based HRA method for a manual actuation of the safety features in a nuclear power Plant

A practical approach to develop a more realistic fault-tree model with a consideration of various conditions endured by a human operator is proposed. In safety-critical systems, the generation failure of an actuation signal is caused by the concurrent failures of the automated systems and an operator action. These two sources of safety signals are complicatedly correlated. The failures of sensors or automated systems will cause a lack of necessary information for a human operator and result in error-forcing contexts such as the loss of corresponding alarms and indications. It is well known that the error-forcing contexts largely affect the operators performance. An automated system which consists of multiple processing channels and complex components is also affected by the availability of the sensors. This paper proposes a condition-based human reliability assessment (CBHRA) method in order to address these complicated conditions in a practical way. We apply the CBHRA method to the manual actuation of the safety features such as a reactor trip and auxiliary feedwater actuation in Korean Standard Nuclear Power Plants. Even the human error probability of each given condition is simply assumed, the application results prove that the CBHRA effectively accommodates the complicated error-forcing contexts into the fault trees.

AN OVERVIEW OF RISK QUANTIFICATION ISSUES FOR DIGITALIZED NUCLEAR POWER PLANTS USING A STATIC FAULT TREE

Risk caused by safety-critical instrumentation and control (I&C) systems considerably affects overall plant risk. As digitalization of safety-critical systems in nuclear power plants progresses, a risk model of a digitalized safety system is required and must be included in a plant safety model in order to assess this risk effect on the plant. Unique features of a digital system cause some challenges in risk modeling. This article aims at providing an overview of the issues related to the development of a static fault-tree-based risk model. We categorize the complicated issues of digital system probabilistic risk assessment (PRA) into four groups based on their characteristics: hardware module issues, software issues, system issues, and safety function issues. Quantification of the effect of these issues dominates the quality of a developed risk model. Recent research activities for addressing various issues, such as the modeling framework of a software-based system, the software failure probability and the fault coverage of a self monitoring mechanism, are discussed. Although these issues are interrelated and affect each other, the categorized and systematic approach suggested here will provide a proper insight for analyzing risk from a digital system.

A method for evaluating fault coverage using simulated fault injection for digitalized systems in nuclear power plants

The fault coverage for digital system in nuclear power plants is evaluated using a simulated fault injection method. Digital systems have numerous advantages, such as hardware elements share and hardware replication of the needed number of independent channels. However, the application of digital systems to safety-critical systems in nuclear power plants has been limited due to reliability concerns. In the reliability issues, fault coverage is one of the most important factors. In this study, we propose an evaluation method of the fault coverage for safety-critical digital systems in nuclear power plants. The system under assessment is a local coincidence logic processor for a digital plant protection system at Ulchin nuclear power plant units 5 and 6. The assessed system is simplified and then a simulated fault injection method is applied to evaluate the fault coverage of two fault detection mechanisms. From the simulated fault injection experiment, the fault detection coverage of the watchdog timer is 44.2% and that of the read only memory (ROM) checksum is 50.5%. Our experiments show that the fault coverage of a safety-critical digital system is effectively quantified using the simulated fault injection method.

An information theory-based approach for quantitative evaluation of user interface complexity

Development of effective measures for the complexity of human-computer interface design based on a proper model is desirable in order to improve the human performance and to facilitate the system development. In this paper, the authors propose the task-to-action (TTA) model which can describe the task-performing procedure of human operators. Quantitative interface design complexity measures using an informational entropy concept are also proposed to determine the user interface complexity, i.e., operation complexity, transition complexity, and screen complexity. Two experiments are performed in this work to show the validity of the proposed model and the measures: one is to test the validity of the TTA model with the case of information-seeking problem and the other for the suggested entropy measures.

Input-profile-based software failure probability quantification for safety signal generation systems

The approaches for software failure probability estimation are mainly based on the results of testing. Test cases represent the inputs, which are encountered in an actual use. The test inputs for the safety-critical application such as a reactor protection system (RPS) of a nuclear power plant are the inputs which cause the activation of protective action such as a reactor trip. A digital system treats inputs from instrumentation sensors as discrete digital values by using an analog-to-digital converter. Input profile must be determined in consideration of these characteristics for effective software failure probability quantification. Another important characteristic of software testing is that we do not have to repeat the test for the same input value since the software response is deterministic for each specific digital input. With these considerations, we propose an effective software testing method for quantifying the failure probability. As an example application, the input profile of the digital RPS is developed based on the typical plant data. The proposed method in this study is expected to provide a simple but realistic mean to quantify the software failure probability based on input profile and system dynamics.

PROCEDURE FOR APPLICATION OF SOFTWARE RELIABILITY GROWTH MODELS TO NPP PSA

As the use of software increases at nuclear power plants (NPPs), the necessity for including software reliability and/or safety into the NPP Probabilistic Safety Assessment (PSA) rises. This work proposes an application procedure of software reliability growth models (RGMs), which are most widely used to quantify software reliability, to NPP PSA. Through the proposed procedure, it can be determined if a software reliability growth model can be applied to the NPP PSA before its real application. The procedure proposed in this work is expected to be very helpful for incorporating software into NPP PSA.

ADVANCED MMIS TOWARD SUBSTANTIAL REDUCTION IN HUMAN ERRORS IN NPPS

This paper aims to give an overview of the methods to inherently prevent human errors and to effectively mitigate the consequences of such errors by securing defense-in-depth during plant management through the advanced man-machine interface system (MMIS). It is needless to stress the significance of human error reduction during an accident in nuclear power plants (NPPs). Unexpected shutdowns caused by human errors not only threaten nuclear safety but also make public acceptance of nuclear power extremely lower. We have to recognize there must be the possibility of human errors occurring since humans are not essentially perfect particularly under stressful conditions. However, we have the opportunity to improve such a situation through advanced information and communication technologies on the basis of lessons learned from our experiences. As important lessons, authors explained key issues associated with automation, man-machine interface, operator support systems, and procedures. Upon this investigation, we outlined the concept and technical factors to develop advanced automation, operation and maintenance support systems, and computer-based procedures using wired/wireless technology. It should be noted that the ultimate responsibility of nuclear safety obviously belongs to humans not to machines. Therefore, safety culture including education and training, which is a kind of organizational factor, should be emphasized as well. In regard to safety culture for human error reduction, several issues that we are facing these days were described. We expect the ideas of the advanced MMIS proposed in this paper to lead in the future direction of related researches and finally supplement the safety of NPPs.