Confluent Modeling of Heterogeneous Safety and Operational I&C Systems

Abstract

Individual systems or groups of systems related to the safety and operational I&C, and Electrical Systems (ES) are gradually replaced in existing Nuclear Power Plants (NPPs) as part of modernization projects. Modernizations are usually scheduled over multiple years. Different automation platform generations and safety-related product families are deployed to progressively replace legacy systems. Typically, each of the new I&C platforms and products have their own set of engineering tools. One challenge for the modernization of installed systems is the safety and security approval of these heterogeneous systems by regulatory bodies. A NPP consists of systems manufactured by different vendors which target different application domains, like Category A according to IEC 61226 for a Reactor Protection System, Category C for some Control Room Data Processing Systems or non-classified for auxiliary systems. Thus, replacing a legacy system by introducing a new one might bring in unknown risks, especially when the new system has more complex interfaces, e.g. when replacing an analog system by a digital system. Moreover, considering the time and budget limitations, commercial-off-the-shelf (COTS) hardware and software are also involved in modernization projects. In contrast to specialized equipment, vulnerabilities for COTS are widespread. On the other hand, existing security measures/mitigations are also required to reflect the system’s changes, e.g. mitigations for known vulnerabilities of COTS systems. In order to make an overall and integrated safety analysis after a system change in the frame of a modernization project, it is necessary to jointly consider these I&C systems targeting different application domains, in addition to the physical aggregates, like sensors, pumps and valves that interact with the physical processes. The restrictive deployment of wireless technologies may also be modeled and analyzed. While wireless is not deployed by legacy systems, it is being covered by new nuclear IEC standards, as some utilities intend to simplify selected I&C maintenance procedures that involve temporary data collection. The key modeling concepts consider new developments in the critical infrastructure and industrial automation domain. With the integrated modeling approach, different disciplines can be addressed, like probabilistic and deterministic safety analyses, security assessments, need for testing and specialized trainings.