Nuclear Power Plant Control Research Articles

Computer Security of NPP Instrumentation and Control Systems: Computer Security Assessment

The paper is devoted to the issues of computer security assessment of instrumentation and control systems (I&C systems) of nuclear power plants (NPPs). The authors specified the main areas of assessing the computer security of NPP I&C systems, especially the assessment of cyber threats, vulnerabilities of I&C computer security, sufficiency of applied measures for ensuring I&C systems computer security, risks of I&C system computer security as well as periodic reassessment of I&C computer security. The paper considers the assessment of I&C computer security vulnerabilities, sufficiency of applied measures for ensuring I&C computer security (assessment of cyber threats and the risks of I&C computer security are discussed in detail in other publications from the series “Computer Security of NPP Instrumentation and Control Systems”).
 Approaches to assessing the computer security vulnerabilities of I&C systems and software at each stage of I&C life cycle are considered. The recommendations for assessing vulnerabilities regarding technical and software protection against unauthorized access or connection to I&C, protection of local networks, implementation of organizational measures and procedures for computer security are provided.
 The paper describes the scope and procedures for the initial assessment and periodic reassessment of NPP I&C computer security. Recommendations for the formation of an appropriate evaluation team are provided. Methods of assessing I&C computer security are considered, namely: analysis of documents (computer security policy, program, plan, reports, etc.), survey of staff (administrative, operational, service and computer security experts), direct review of I&C systems, their components and local networks. The evaluation stages (collection of information, detailed analysis, reporting) and the scope of work at each stage are described.
 General information about the possibility and necessity of assessing the computer security risks of I&C systems in the case of using risk-informed approaches is provided.
 The need to document the results of the assessment is noted separately and specific proposals about the procedure for developing relevant reports are made.

The intelligent system for daily nuclear power plants loading control

The average share of nuclear generation in a power balance of Russia approximates 20%, in some parts of a power supply system of the country the contribution of the nuclear power plants (NPP) significantly above. NPP output is increasing (despite the decommissioning of RBMK units) and is provided by the commissioning of capacities of new advanced generation III+ units operating under the Power Delivery Program (power supply contracts). Power unit No. 4 of Beloyarsk NPP, No. 6 and 7 of Novovoronezh NPP, and No. 5 of Leningrad NPP have been commissioned recently. The power unit №6 on the Leningrad NPP will be put into operation in 2020. The dynamic construction of VVER-TOI at Kursk site is underway. An increase in the share of power generated by a nuclear power plant leads to the need for their regulation and frequency response in accordance with the daily load pattern and management of emergency situations in power systems. This means that operation of NPP power units in a load following mode to ensure the stable operation of the power system is a resent challenge. The paper analyzes the existing possibilities of daily control of the plant load, and also proposes to arrange a system of daily loading control of nuclear power plants based on the experience gained.

Dynamic Matrix Based Thermal Power Tracking Control of Nuclear Power Reactor

power control of nuclear power plant is an important technology to ensure the safe and efficient operation of nuclear power unit. Because the power system of nuclear power reactor belongs to nonlinear system, there are many factors affecting the distribution of thermal power, which leads to the uncertainty of the tracking target of thermal power of nuclear power reactor. Therefore, this paper proposes a dynamic matrix-based thermal power tracking control method for nuclear power reactors. The dynamic matrix algorithm is used to establish the prediction model of the controlled object, to determine the tracking target value, to design the dynamic matrix controller, and to formulate the switching strategy combined with the minimum value of the cumulative prediction error, and to realize the thermal power tracking control of the power reactor. Simulation results show that the proposed method has different target values under different working conditions in accordance with the actual control value, it has better engineering value and practical significance for reducing the working intensity of operators and improving the performance of load tracking.

PRACTICAL ASPECTS OF OPERATING AND ANALYTICAL RELIABILITY ASSESSMENT OF FPGA-BASED I&C SYSTEMS

Operating reliability assessment of instrumentation and control systems (I&Cs) is always one of the most important activities, especially for critical domains such as nuclear power plants (NPPs). It is an important source of I&C reliability information preferable to lab testing data because it provides information on I&C reliability under real use conditions. That is the reason that now it is a common practice for companies to have an established process of collecting operating reliability data on a large variety of used components on regular basis, maintaining a database with failure information, total operation time, typical failure modes, etc. The intensive use of complicated components like field-programmable gate arrays (FPGAs) in I&C which appear in upgrades and newly-built nuclear power plants makes the task to develop and validate advanced operating reliability assessment methods that consider specific technology features very topical. Increased integration densities make the reliability of integrated circuits the most crucial point in modern NPP I&Cs. Moreover, FPGAs differ in some significant ways from other integrated circuits: they are shipped as blanks and are very dependent on the design configured into them. Furthermore, FPGA design could be changed during planned NPP outage for different reasons. Considering all possible failure modes of FPGA-based NPP instrumentation and control systems at the design stage is a quite challenging task. Therefore, operating reliability assessment is one of the most preferable ways to perform a comprehensive analysis of FPGA-based NPP I&Cs. Based on information in the literature and own experience, operational vs analytical reliability could be pretty far apart. For that reason, analytical reliability assessment using reliability block diagrams (RBD), failure modes, effects and diagnostics analysis (FMEDA), fault tree analysis (FTA), fault insertion testing (FIT), and other techniques and their combinations are important to meet requirements for such systems. The paper summarizes our experience in operating and analytical reliability assessment of FPGA based NPP I&Cs.

An Application of ASP in Nuclear Engineering: Explaining the Three Mile Island Nuclear Accident Scenario

AbstractThe paper describes an ongoing effort in developing a declarative system for supporting operators in the Nuclear Power Plant (NPP) control room. The focus is on two modules: diagnosis and explanation of events that happened in NPPs. We describe an Answer Set Programming (ASP) representation of an NPP, which consists of declarations of state variables, components, their connections, and rules encoding the plant behavior. We then show how the ASP program can be used to explain the series of events that occurred in the Three Mile Island, Unit 2 (TMI-2) NPP accident, the most severe accident in the USA nuclear power plant operating history. We also describe an explanation module aimed at addressing answers to questions such as “why an event occurs?” or “what should be done?” given the collected data.

Python TensorFlow Big Data Analysis for the Security of Korean Nuclear Power Plants

The Republic of Korea also suffered direct and indirect damages from the Fukushima nuclear accident in Japan and realized the significance of security due to the cyber-threat to the Republic of Korea Hydro and Nuclear Power Co., Ltd. With such matters in mind, this study sought to suggest a measure for improving security in the nuclear power plant. Based on overseas cyber-attack cases and attacking scenario on the control facility of the nuclear power plant, the study designed and proposed a nuclear power plant control network traffic analysis system that satisfies the security requirements and in-depth defense strategy. To enhance the security of the nuclear power plant, the study collected data such as internet provided to the control facilities, network traffic of intranet, and security equipment events and compared and verified them with machine learning analysis. After measuring the accuracy and time, the study proposed the most suitable analysis algorithm for the power plant in order to realize power plant security that facilitates real-time detection and response in the event of a cyber-attack. In this paper, we learned how to apply data for multiple servers and apply various security information as data in the security application using logs, and match with regard to application of character data such as file names. We improved by applying gender, and we converted to continuous data by resetting based on the risk of non-continuous data, and two optimization algorithms were applied to solve the problem of overfitting. Therefore, we think that there will be a contribution in the connection experiment of the data decision part and the optimization algorithm to learn the security data.

Stability and steady state analysis of control and safety systems of Nuclear Power Plants

Control Systems are the first layer of safety in Nuclear Power Plants, the failure of which invokes Safety Systems. The failure of safety systems can lead to radiation exposure to the public. Therefore, it is essential to ensure the stability of such systems. This paper proposes an effective methodology for stability and steady state analysis of control and safety systems of Nuclear Power Plants. The methodology includes Petri net modeling and analysis of its dynamic behavior. Despite of its simplicity, it is very accurate. The application of the proposed techniques is shown and validated on a reactor protection system, which is under operation in six Nuclear Power Plants.

Industrial Applications of Cable Diagnostics and Monitoring Cables via Time–Frequency Domain Reflectometry

The demand for cable diagnostics and monitoring techniques has increased significantly in recent decades. Various diagnostic tests such as partial discharge, dielectric loss, and elongation-at-break tests are available in real-world applications. Among the cable diagnostic methods, reflectometry can be used to detect the location of a fault according to the reflected signal at the impedance-discontinuity point. Because it is a nondestructive method and can be applied regardless of the cable type, reflectometry is commonly used for monitoring real-world applications. Time-frequency domain reflectometry, an improved type of reflectometry, is more accurate than conventional reflectometry and employs time-frequency localized signals that are robust to noise. To compensate for the errors occurring in the time-frequency domain reflectometry, several algorithms have been reviewed. In the past, because the signal of time-frequency domain reflectometry contains both time and frequency information, a high-specification signal generator and measurement sensors were required, which made practical application of the method difficult. However, with recent developments in instrumentation and sensing technology, reduction in the instrumentation size and cost facilitates the use of time-frequency domain reflectometry in various industrial applications, e.g., control and instrumentation cables in nuclear power plants, superconducting cables, and submarine cables. This work reviews the use of time-frequency domain reflectometry for cable diagnostics and monitoring in real-world applications. The purpose and results of the experiments on industrial applications are introduced and analyzed. This study also suggests directions for further research to make time-frequency domain reflectometry a diagnostic standard.

Coordination breakdowns in nuclear power plant control rooms: cause identification and behaviour-sequence analysis

This study aims to identify the causes of coordination breakdowns among control crews and to understand their coordination-behaviour patterns during emergencies in nuclear power plants (NPPs). On the basis of in-depth interviews with 18 control-crew operators, we identified 25 causes of coordination breakdown related to work processes, personnel, and situation and organisation. In addition, we observed 12 control-crew training sessions that dealt with emergencies and conducted lag-sequential analysis. The levels of coordination effectiveness were evaluated using the proportion of coordination breakdowns and the anticipation ratio. We found that higher-performing teams exhibited more non-random coordination behavioural patterns than did lower-performing teams. Coordination-behaviour patterns specific to the higher-performing teams included adaptive workload management (from senior operators) and proactive seeking performance monitoring (from junior operators). The findings of the study enrich our understanding of the critical factors and processes that influence coordination effectiveness of NPP control crews. Practitioner summary: Causes of coordination breakdowns among control crews of NPPs were identified based on in-depth interviews with control-crew operators, and behavioural-pattern analysis of control crews in 12 training sessions were analysed to reveal the patterns that differentiate higher- and lower-performing teams. The findings of the study enrich our understanding of the critical factors and processes that influence the coordination effectiveness of NPP control crews. Abbreviations: NPP: nuclear power plant; RO: reactor operator; TO: turbine operator; CO: coordinator; SRO: senior reactor operator

Extended state observer-based adaptive dynamic sliding mode control for power level of nuclear power plant

It is well known that nuclear energy is a clean, safe, and reliable energy resource. Nuclear power plant is one of the prominent applications of nuclear energy. In this paper, aiming at improving the control performance for power level of nuclear power plant, an extended state observer-based adaptive dynamic sliding mode control (ESO-ADSMC) scheme is proposed. The mathematical model of nuclear reactor is firstly constructed based on point-reactor kinetics equations. Then, an extended state observer is designed to estimate both unmeasured states and output disturbances in real time, and the asymptotic convergence of the observer error state space is analyzed according to Routh-Hurwitz and Lyapunov stability theory. Subsequently, an adaptive dynamic sliding mode control approach is proposed for power level control of nuclear power plants in the presence of output disturbances, which is a combination of sliding mode control and backstepping control to enhance disturbance rejection ability. In addition, the chattering phenomenon is eliminated due to the discontinuous sign function contained in the first derivative of actual control input. Finally, simulation studies are carried out to demonstrate the feasibility and effectiveness of the proposed control strategy compared with backstepping control method in terms of the accuracy and rapidity of the response of power level, and robustness against output disturbances.

Modeling and simulating the impact of forgetting and communication errors on delays in civil infrastructure shutdowns

Handoff processes during civil infrastructure operations are transitions between sequential tasks. Typical handoffs constantly involve cognitive and communication activities among operations personnel, as well as traveling activities. Large civil infrastructures, such as nuclear power plants (NPPs), provide critical services to modern cities but require regular or unexpected shutdowns (i.e., outage) for maintenance. Handoffs during such an outage contain interwoven workflows and communication activities that pose challenges to the cognitive and communication skills of handoff participants and constantly result in delays. Traveling time and changing field conditions bring additional challenges to effective coordination among multiple groups of people. Historical NPP records studied in this research indicate that even meticulous planning that takes six months before each outage could hardly guarantee sufficient back-up plans for handling various unexpected events. Consequently, delays frequently occur in NPP outages and bring significant socioeconomic losses. A synthesis of previous studies on the delay analysis of accelerated maintenance schedules revealed the importance and challenges of handoff modeling. However, existing schedule representation methods could hardly represent the interwoven communication, cognitive, traveling, and working processes of multiple participants collaborating on completing scheduled tasks. Moreover, the lack of formal models that capture how cognitive, waiting, traveling, and communication issues affect outage workflows force managers to rely on personal experiences in diagnosing delays and coordinating multiple teams involved in outages. This study aims to establish formal models through agent-based simulation to support the analytical assessment of outage schedules with full consideration of cognitive and communication factors involved in handoffs within the NPP outage workflows. Simulation results indicate that the proposed handoff modeling can help predict the impact of cognitive and communication issues on delays propagating throughout outage schedules. Moreover, various activities are fully considered, including traveling between workspaces and waiting. Such delay prediction capability paves the path toward predictive and resilience outage control of NPPs.

Classification of Faults in Multicore Cable via Time–Frequency Domain Reflectometry

Owing to the increasing complexity of electrical systems, diagnostic techniques of cables used for connecting electrical elements are essential for system maintenance in order to prevent a failure that can cause significant impacts on the overall electrical systems. Multicore structures are typically used as control and instrumentation cables in nuclear power plants, and the failure of the control and instrumentation cables can result in a disaster such as a radiation leak. In this paper, a method for the diagnosis of multicore cables is proposed based on the reflectometry. The diagnosis relates to the classification of defective cores in joint, which is one of the weakest parts in cable systems. The reflected signals obtained through reflectometry are converted into images by an advanced image processing algorithm, and the images are classified using artificial neural networks. The proposed method is demonstrated by experimental data using a real-world multicore cable. In the experiment, the faults are emulated similar to real-world defects using a potentiometer. It is expected that the proposed technique will enhance the stability and reliability of multicore cable systems.

Understanding individualistic response patterns when assessing expert operators on nuclear power plant control tasks

We evaluated the performance of three highly practiced participants on three task types that comprised a simulated nuclear power plant control operation. Multiple subjective, physiological, and objective performance measures were collected on these three highly-practiced individuals. Results indicated ceiling effects in terms of performance accuracy, yet each individual adopted a unique response strategy across the respective sub-tasks. Their maximised accuracy was achieved at the expense of longer response times across differing sub-tasks. The measures which proved diagnostic and predictive of performance capacity were explored. The current conclusion presents us with an invidious problem in that performance and workload associations, insensitivities, and dissociations may be unique to each individual operator, and may well depend also upon the overall task in context. Such findings push our science away from seeking nomothetic assertions and toward individuated concerns. In consequence, the age of the idiographic may well be upon us. Practitioner summary: The importance and relevance of nuclear power control is self-evident. Concerns here have centred around the safety of the technology and its operators. Our work informs practitioners in this industry, and in Ergonomics in general, of the response of highly trained individuals in these safety-critical, operational domains. We show that even experts engage in personal and individual strategies, an observation critical to the assessment of this specific workplace, and potentially all others. Abbreviations: NPP: nuclear power plant; ROs: reactor operators; MCR: main control room; LOA: levels of automation; EOP: emergency operating procedure; OP: operating procedures; ISA: instantaneous self-assessment; DSSQ: Dundee stres state questionnaire

Algorithm for Autonomous Power-Increase Operation Using Deep Reinforcement Learning and a Rule-Based System

The power start-up operation of a nuclear power plant (NPP) increases the reactor power to the full-power condition for electricity generation. Compared to full-power operation, the power-increase operation requires significantly more decision-making and therefore increases the potential for human errors. While previous studies have investigated the use of artificial intelligence (AI) techniques for NPP control, none of them have addressed making the relatively complicated power-increase operation fully autonomous. This study focused on developing an algorithm for converting all the currently manual activities in the NPP power-increase process to autonomous operations. An asynchronous advantage actor-critic, which is a type of deep reinforcement learning method, and a long short-term memory network were applied to the operator tasks for which establishing clear rules or logic was challenging, while a rule-based system was developed for those actions, which could be described by simple logic (such as if-then logic). The proposed autonomous power-increase control algorithm was trained and validated using a compact nuclear simulator (CNS). The simulation results were used to evaluate the algorithm's ability to control the parameters within allowable limits, and the proposed power-increase control algorithm was proven capable of identifying an acceptable operation path for increasing the reactor power from 2% to 100% at a specified rate of power increase. In addition, the pattern of operation that resulted from the autonomous control simulation was found to be identical to that of the established operation strategy. These results demonstrate the potential feasibility of fully autonomous control of the NPP power-increase operation.

Feasibility of methods for early formative control room system evaluation

In a nuclear power plant, human factors evaluation is an important activity in the design of the control room system to ensure safe operation. The purpose of this study was to test the feasibility of methods for early formative evaluation of nuclear power plant control room systems, that is to say assessment of more general design decisions. Two methods were chosen for the assessment, scenario-based talkthrough and heuristic evaluation, and they were tested in three nuclear power plant control room system modification projects. The two methods were found useful and suitable for early formative evaluation. The combination of the methods makes it possible to take advantage of the strengths of both methods. Using guidelines focuses the evaluation on identifying typical design problems, while using a scenario-based use-focused approach allows identifying problems less typical and more unique for the specific design being evaluated. Doing the latter thoroughly result in a recourse-intensive evaluation, but this can be countered by trading some of the thoroughness for efficiency by using guidelines in the evaluation. Proposals for future work include improving the method combination by providing better support for adapting the implementation of the methods, as well as for the practical execution of the evaluation activity. Future work should also include further investigation of the method combination's usefulness, for example in other domains.

Readings correction and on-line monitoring of fluid level measuring channels at NPP

Presently the international program has gained momentum aimed at increasing the power of nuclear power plants (NPP) with WWER- and PWR-types reactors up to 107% and also at extending the automated process control system (APCS) repair intervals up to 18 months, which places higher requirements to the accuracy of measurements of NPP technological parameters. To enable the implementation of this program, an algorithm for processing the measurement signals has been designed that ensures high precision in readings correction of hydrostatic level sensors for all operating modes of technological equipment. Methods for correction of readings based on the developed algorithm have been implemented in Russian nuclear power industry. In addition to the correction of readings the algorithm also provides online monitoring to identify all possible defects of fluid level measuring channels including hidden defects that are not detected by existing facilities of NPP control system. The paper describes the algorithm and its application it to the tasks of readings correction and on-line monitoring of fluid level measuring channels at NPP. As result the article represents one of the first steps to methodological development of the correction reading and on-line monitoring to detection and minimization of hidden defect on NPP measuring channels of all thermotechnical parameters.

Analysis of Operational Events Caused by Faults of NPP Digital Instrumentation and Control Systems

The paper presents the analysis of operational events at nuclear power plants (NPPs) of Ukraine caused by failures and defects of the instrumentation and control systems (I&C systems). The effort contains statistical information about the number and the share of operational events at Ukrainian NPPs due to incorrect performance of analog and digital I&C systems in the general amount of events. The categories of these events according to the international and national classifications have been considered. The paper provides for the brief overview of the recently published EC Joint Research Center Technical Report on digital I&C systems at NPPs of foreign countries based on the information from IAEA and U.S. NRC databases. There are causes of operational events due to defects of the specified systems and main recommendations on their prevention. Using the approach similar to the one in the Technical Report, the paper presents the detailed analysis of direct and root causes, as well as correction measures for the operational events at Ukrainian NPPs from 2013 to 2018 caused by digital I&C systems. The experts considered separately four groups of events due to defects of components in the peripheral part of the digital I&C systems (sensors, actuators), central part of digital I&C systems (software and hardware), cable lines and electronic components of analog I&C systems (built-in components). There is an additional analysis of root causes of events related to digital I&C systems by the types of systems and lifecycle stages (design, mounting, operation) and main sources of occurrences within the systems (software, hardware, cables, etc.).

Virtual Reality-Based Ergonomic Modeling and Evaluation Framework for Nuclear Power Plant Operation and Control

The purpose of this study is to introduce a new and efficient virtual model-based ergonomic simulation framework utilizing recent anthropometric data for a digitalized main control room in an advanced nuclear power plant. The system interface of the main control room has been undergoing digitalization via various information and control consoles. Console operators often face human–computer interactive problems due to inappropriate console design. Computational models with a process of visual perception and variables of anthropometric data are developed for designing and evaluating operator consoles with the requirements of human factor guidelines. From the 3D computational model and simulation application, console dimensions and a designing test module, which would be used for designing suitable consoles with safety concerns in a nuclear plant, are proposed. To efficiently carry out console design and evaluation feedback, an intelligent design review system comprising a virtual modeling and simulation framework is developed. The proposed automated and virtual design review system provides console design efficiency and evaluation effectiveness. This study may influence methods of employing suitable design concepts with various anthropometric data in many areas with safety concerns and may show a feasible solution to designing and evaluating the main control room.

CPN simulation-based test case generation from controlled natural-language requirements

We propose a test generation strategy from natural language (NL) requirements via translation into Coloured Petri Nets (CPN), an extension of Petri Nets that supports model structuring and provides a mature theory and powerful tool support. This approach extends our previous work on the NAT2TEST framework, which involves syntactic and semantic analyses of NL requirements and the generation of Data-Flow Reactive Systems (DFRS) as an intermediate representation, from which target formal models can be obtained for the purpose of test case generation. Our contributions include automating a systematic translation of DFRSs into CPN models, an extension to deal with time aspects, besides an empirical analysis of the CPN-based test generation strategy. The analyses considered examples both from the literature (a vending machine and a nuclear power plant control system), and from the aerospace and the automotive domain (a priority command control system and a turn indicator control system, respectively). We analysed performance and the ability to detect defects generated via mutation. The results provide evidence that the contribution proposed here is more efficient, besides being able to detect at least as many defects as our previous efforts. • Test case generation for timed reactive systems from natural-language requirements. • Coloured Petri Nets (CPN) are used as a hidden formalism in the generation process. • Generation of CPN models is systematised with the aid of the Spoofax framework. • Test generation is performed via simulation of CPN models. • The strategy is evaluated (performance and test strength) using four applications.

Evaluation of ARIMA Models for Human–Machine Interface State Sequence Prediction

In this paper, auto-regressive integrated moving average (ARIMA) time-series data forecast models are evaluated to ascertain their feasibility in predicting human–machine interface (HMI) state transitions, which are modeled as multivariate time-series patterns. Human–machine interface states generally include changes in their visually displayed information brought about due to both process parameter changes and user actions. This approach has wide applications in industrial controls, such as nuclear power plant control rooms and transportation industry, such as aircraft cockpits, etc., to develop non-intrusive real-time monitoring solutions for human operator situational awareness and potentially predicting human-in-the-loop error trend precursors.