Kee-Choon Kwon

Development of advanced I&C in nuclear power plants: ADIOS and ASICS

In this paper Automatic Startup Intelligent Control System (ASICS) that automatically controls the PWR plant from cold shutdown to 5% of reactor power and Alarm and Diagnosis-Integrated Operator Support System (ADIOS) that is integrated with alarms, process values, and diagnostic information to an expert system focused on alarm processing are described. Nuclear Power Plant is manually controlled from cold shutdown to 5% according to the general operation procedures for startup operation of nuclear power plant. Alarm information is the primary sources to detect abnormalities in nuclear power plants or other process plants. The conventional hardwired alarm systems, characterized by one sensor-one indicator may lead the control room operators to be confused with avalanching alarms during plant transients. ASICS and ADIOS are designed to reduce the operator burden. The advances in computer software and hardware technology and also in information processing provide a good opportunity to improve the control systems and the annunciator systems of nuclear power plants or other similar process plants. It is very important to test and evaluate the performance and the function of the computer- or software-based systems like ASICS and ADIOS. The performance and the function of ASICS and ADIOS are evaluated with the real-time functional test facility and the results have shown that the developed systems are efficient and useful for operation and operator support.

TECHNICAL REVIEW ON THE LOCALIZED DIGITAL INSTRUMENTATION AND CONTROL SYSTEMS

This paper is a technical review of the research and development results of the Korea Nuclear Instrumentation and Control System (KNICS) project and Nu-Tech 2012 program. In these projects man-machine interface system architecture, two digital platforms, and several control and protection systems were developed. One platform is a Programmable Logic Controller (PLC) for a digital safety system and another platform is a Distributed Control System (DCS) for a non-safety control system. With the safety-grade platform PLC, a reactor protection system, an engineered safety feature-component control system, and reactor core protection system were developed. A power control system was developed based on the DCS. A logic alarm cause tracking system was developed as a man-machine interface for APR1400. Also, Integrated Performance Validation Facility (IPVF) was developed for the evaluation of the function and performance of developed I&C systems. The safety-grade platform PLC and the digital safety system obtained approval for the topical report from the Korean regulatory body in February of 2009. A utility and vendor company will determine the suitability of the KNICS and Nu-Tech 2012 products to apply them to the planned nuclear power plants.

A study on water level control of PWR steam generator at low power and the self-tuning of its fuzzy controller

The water level control system of the steam generator in a pressurized water reactor and its control problems are analysed. In this work, a stable control strategy during low power operation and transient states is studied. The control strategy employs substitutional information using the bypass valve opening instead of incorrectly measured signal at the low flow rate as the fuzzy variable of the flow rate during low power operation, and includes the flexible scale adjusting method for fast response at a large transient. A practical self-tuning algorithm based on the control performance and the descent method is also suggested and applied to tuning the membership function scale of the flow error.

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security.. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS

The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the nstrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the lifecycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

The real-time functional test facility for advanced instrumentation and control in nuclear power plants

Testing and validation of the functions and performance of the digital instrumentation and control (I&C) system should be done prior to installation in nuclear power plants. The objective of the I&C Functional Test Facility (FTF) is to test and validate the functions of developed digital control and various monitoring systems. The FTF provides the simulated testing environment as an experimental test bed. The FTF software consists of a mathematical modeling program which simulates a three-loop 993 MWe pressurized water reactor and a supervisory program that comprises all the instructions necessary to run the FTF. The hardware equipment provides an interface between a host computer and a simple test panel or the developed target systems to be tested. The graphical user interface supports an easy and friendly interface between the FTF and users. It is implemented through a Picasso-3 graphic tool developed by the Halden Reactor Project. The FTF is applied to an advanced I&C system prototype, such as an automatic start-up intelligent control system, dynamic alarm system, accident identification system, and intelligent logic tracking system, to test its algorithm or performance. The results of the test show good operational performance of the FTF in normal and transient conditions.

Safety analysis of safety-critical software for nuclear digital protection system

A strategy and relating activities of a software safety analysis (SSA) are presented for the software of a digital reactor protection system where software modules in the design description are represented by function blocks (FBs). The SSA, as a part of the verification and validation activities, was activated at each phase of the software lifecycle. For the SSA of the FB modules, the software HAZOP was performed and then the SFTA (Software Fault Tree Analysis) was applied. Both methods are redundant and complementary because the software HAZOP is a forward broad-thinking analysis method and the SFTA is a backward step-by-step local analysis method. The software HAZOP with qualitative properties for a deviation evaluated all the software modules and identified various hazards. The SFTA with well-defined FB fault tree templates was applied to some critical modules selected from the software HAZOP analysis and it identified some hazards that had not been identified in the prior processes of the document evaluation and the formal verification.

Hidden Markov model-based real-time transient identifications in nuclear power plants

In this article, a transient identification method based on a stochastic approach with the hidden Markov model (HMM) has been suggested and evaluated experimentally for the classification of nine types of transients in nuclear power plants (NPPs). A transient is defined as when a plant proceeds to an abnormal state from a normal state. Identification of the types of transients during an early accident stage in NPPs is crucial for proper action selection. The transient can be identified by its unique time‐dependent patterns related to the principal variables. The HMM, a double‐stochastic process, can be applied to transient identification that is a spatial and temporal classification problem under a statistical pattern‐recognition framework. The trained HMM is created for each transient from a set of training data by the maximum‐likelihood estimation method which uses a forward‐backward algorithm and the Baum‐Welch re‐estimation algorithm. The transient identification is determined by calculating which model has the highest probability for given test data using the Viterbi algorithm. Several experimental tests have been performed with normalization methods, clustering algorithms, and a number of states in HMM. There are also a few experimental tests that have been performed, including superimposing random noise, adding systematic error, and adding untrained transients to verify its performance and robustness. The proposed real‐time transient identification system has been proven to have many advantages, although there are still some problems that should be solved before applying it to an operating NPP. Further efforts are being made to improve the system performance and robustness in order to demonstrate reliability and accuracy to the required level.

Software safety lifecycles and the methods of a programmable electronic safety system for a nuclear power plant

This paper describes the relationship between the overall safety life-cycle and the software safety lifecycle during the development of the software based safety systems of Nuclear Power Plants. This includes the design and evaluation activities of the components as well as the system. This paper also compares the safety lifecycle and planning activities defined in IEC 61508 with those in IEC 61513, IEC 60880, IEEE 7-4.3.2, and IEEE 1228. Using the Korean KNICS (Korean Nuclear Instrumentation and Control System) project as an example, the software safety lifecycle is described by comparing it to the software development, testing, and safety analysis processes of international standards. The safety assessment of the software for the KNICS Reactor Protection System and Programmable Logic Controller is a joint Korean/German project. The assessment methods applied in the project and the experiences gained from this project are presented.

Testing of Timer Function Blocks in FBD

Testing for time-related behaviors of PLC software is important and should be performed carefully. We propose a structural testing technique on function block diagram (FBD) networks including timer function blocks. In order to test FBD networks including timer function blocks, we generate templates for timer function blocks and transform a unit FBD into a flow-graph using the proposed templates. We apply existing testing techniques to the generated flowgraph and describe how the characteristics of timer function blocks are reflected in the testing process. By the proposed method, FBD networks including timer function blocks can be tested thoroughly without the intermediate code which was essential in the previous FBD testing. To demonstrate the effectiveness of the proposed method, we use a trip logic of bistable processor of digital plant protection systems which is being developed in Korea.