IEEE Nuclear Power Engineering Committee
January 2013 Meeting
Emergence of New
Regulatory Technical
Requirements and Review
Standards for Small Modular
Reactor I&C Systems
January 23, 2013
Troy V. Nguyen, Ph.D., P.E.
Senior Advisory Systems Engineer
mPower I&C Design Team
Northrop Grumman Corporation
Summary
• Background
• Small Modular Reactor (SMR) Design
• Potential Policy, Licensing, & Technical Issues
• Key I&C Technical Issues
• Emergence of New Technical Requirements and Review
Standards
• Conclusion
• Q&A
2
Background
• Addressing the Nation’s Increasing Need for Electrical Power
–
–
–
–
–
U.S. demand rising 28% by 2030 (Ref: Energy Information Administration 2010)
Higher cost to build fossil plants due to tighter emission regulation
Retirement of many small to mid-sized coal-fired plants in next 20 years
Renewable (Wind, Solar) not capable of base load generation
Natural gas prices historically volatile, domestic production technically and
politically challenged
• Advanced Nuclear Reactor Designs & Technologies
– Small Modular Reactors (SMRs)
• Integral PWR (B&W mPowerTM)
– Next Generation Nuclear Plants
• High temperature gas-cooled reactors
• Liquid-metal-cooled reactors
• IRIS PWR
3
Nuclear Power is Necessary to Maintain Energy Security
Background – B&W mPower™
• B&W mPower Reactor
– Commercial SMR design to address market for small and midsize
(< 500 MWe) units
– Design suitable for both conventional power generation and process heat
(desalination, refinery, etc.) applications
– Standardized design to streamline licensing approval process
– Plant capacity allows components to be factory-built and tested
– Each unit can be packaged into multi-module plant
– Expected first of a kind to be licensed by NRC
4
B&W mPower SMR Design
• Primary Systems Contained within the
Reactor Vessel
– Fewer vessel penetrations
– Expensive safety related piping connections
greatly reduced or eliminated
• Vessel Sized for Shipment by Rail
– Factory assembly instead of expensive onsite construction
– Economies of quantitative scale
– More effective manufacturing capitalization
– Improved quality control
5
© 2012 Babcock & Wilcox Nuclear Energy, Inc. All rights
reserved.
B&W mPower Architectural Safety Benefits
• Control Rod Drives Inside the Reactor
Vessel
– Eliminates control rod ejection scenario
– Gravity-driven fail-safe protection
• Limited Vessel Penetrations Reduce
Probability of High-Pressure Leak
Accidents
• Passive Safety Features
– Large coolant volume and vessel surface area
– Safe shutdown maintained with natural
circulation even without primary coolant pumps
– Only water and gravity are needed to prevent
core damage
6
© 2012 Babcock & Wilcox Nuclear Energy, Inc. All rights
reserved.
Generation mPower Plant Exemplar
• Two B&W mPower
SMR Units
• Fully-Underground
Containment Building
– More readily secured
– Improved natural disaster resilience
© 2012 Babcock & Wilcox Nuclear Energy, Inc. All rights reserved.
• Standardized Plant Footprint and Arrangement
– “Cookie Cutter” strategy reduces capital expense and facilitates the
design approval process
– Savings in both recurring and non-recurring construction costs
– Security, maintenance and operational processes for one plant can be
applied to other Generation mPower plants
7
Generation mPower Plant Scalability Advantages
• Administrative Management, Security, and Non-Reactor Maintenance
– Largely independent of the number of SMRs at the site
– Adding more units reduces overall per-unit operational costs
• Control Operations Consolidated Into a Single Control Center
– Better personnel utilization
• Multiple SMRs at a Site Deliver Higher Plant Capacity Factor
– If one unit in a six-reactor plant is refueling, site still operates at 83% of capacity
• A Two-Unit Plant Can Replace Many Aging Coal Fired Plants
– Distribution grid already in place
– Close match for capabilities of the existing switchyard and high voltage cables
• Incremental Capitalization Strategies are Possible
– Site can begin with two units
– As demand grows, proceeds from generating capacity already in place can be used
to add more SMR units
8
High Scalability – Reduced Capital & Operation Costs
Potential Policy, Licensing, Technical Issues
(SECY-10-0034 & SECY-11-0112)
• Change in Defense-In-Depth (DID) Philosophy for Advanced
Reactors
– Non-LWR SMR may have different approach in DID barriers
– Integral PWRs like mPower employ traditional DID
• Appropriate Source Term, Dose Calculations, and Siting for multimodule SMR Plants
– Effectiveness of the containment
– Plant mitigation features, site suitability, and emergency planning
• Nuclear-Generated Process Heat Facilities
– Interface requirements and regulatory jurisdiction issues
• Requirements for Operator Staffing for Multi-Module Facilities
– Current regulations do not address the possibility of more than two reactors being
controlled from one control room
• Security and Safeguards Requirements for SMRs
– Physical & cyber security
– SMR-related fuel cycle and transportation activities
9
B&W mPower I&C System Challenges
• Operator Staffing
– Current NRC regulations require a Reactor Operator, a Senior
Reactor Operator and a Supervisor at all times for each reactor
– Rules established based on legacy fleet of large-core nuclear plants
– A multi-SMR plant requires more operators than a large-core reactor
of the same total capacity
– Challenge lies in designing new I&C system that allows Supervisor &
SRO staff to safely oversee multiple units
• Consolidating Administrative & Balance-Of-Plant (BOP)
systems
– Must maintain functional isolation of SMR units
• Owner Services vs. Security
– Supplying the features expected of a modern marketable SCADA
system without leaving the plant vulnerable to cyber threats
10
I&C Key Design Issues
• Human Factors Engineering in Control Room / Workstation Design
– Synergy between I&C system design, plant operation, and people responsible
for operation, maintenance, and troubleshooting
– Integration of modern automation with time-tested safety strategies
• Alarm Management Strategies - Maximize Operator Effectiveness
and Efficiency
– Assist in locating and isolating faults
– Reduce impact and consequences of failures
• Network-Based Systems for Life Cycle Maintainability
– Must accommodate unidirectional links for isolation & security
– Use of open standards to maximize economy and facilitate integration
• Protection of Digital Control Systems from Cyber Attack
– Design basis threat evaluations for integrated nuclear plant I&C systems
11
Design-Specific Review Standard (DSRS) for
mPower Design
• The First of NRC Design-Specific Guidance for SMR Designs (draft
available for public comments)
• Similar in Structure to the Existing Standard Review Plan (SRP)
(NUREG-0800)
– Chapter 7: Instrumentation and Controls
• Encompasses all Relevant BTPs Contained in Current SRP
• Clarifies the Interface Between the I&C Area and Other Disciplines
– Human Factors Engineering (Chapter 18)
– Quality Assurance (Chapter 17)
– Reactor Systems (Chapters 6 and 15)
• Emphasizes Simplicity as a “Cross Cutting Principle” in the Design
of Digital I&C System
– Avoid compromise to design independence
– Lead to I&C safety system with high reliability
12
Major Differences Between DSRS & SRP
Design Specific Review
Standard
13
Standard Review Plan (NUREG0800)
Emphasize fundamental I&C design principles
(redundancy, independence, diversity, determinism,
and simplicity)
System focused, i.e. safety systems, power
production, BOP, etc.
Directly applicable to B&W mPower iPWR
Contains regulatory requirements inapplicable to
the mPower design.
Guidance reflects integrated I&C design using digital
technology.
System-based guidance with no specific reference to
digital technology.
Clarifies software development appropriate for design
certification (DC) phase.
Reflects complete software development cycle.
Integrated Hazard Analysis - consistent,
comprehensive, and systematic way to address the
potential hazards associated with the I&C systems.
Contains various methods dealing with hazards in the
system.
DSRS Referenced Regulations & Standards
DSRS Chapter 7
Table of Content
7.1.1
7.1.2
7.1.3
7.1.4
7.1.5
7.2.1
7.2.2
7.2.3
- Safety System Design Basis
- Independence
- Redundancy
- Determinism
- Diversity and Defense-in-Depth
- Quality (Reserved)
- Equipment Qualification
- Reliability, Integrity, and Completion of Protective
Action
7.2.4 - Operating and Maintenance Bypasses
7.2.5 - Interlocks
7.2.6 - Derivation of System Inputs
7.2.7 - Setpoints
7.2.8 - Auxiliary Features
7.2.9 - Control of Access, Identification, and Repair
7.2.10 - Interaction between Sense and Command Features
and Other Systems
7.2.11 - Multi-Unit Stations
7.2.12 - Automatic and Manual Control
7.2.13 - Displays and Monitoring
7.2.14 - Human Factors Considerations
7.2.15 - Capability for Test and Analysis
Appendix A - Hazard Analysis
Appendix B - I&C System Architecture
Appendix C - Simplicity
Appendix D - References
14
Applicable Regulations and
Standards
Partial List of DSRS References
10 CFR Part 50.55a(h)
IEEE Std. 603-1991
10 CFR Part 50, Appendix A (GDC)
GDC 1, GDC 2, GDC 4, GDC 10, GDC 13, GDC
15, GDC 16, GDC 19, GDC 21, GDC 22, GDC
23, GDC 24, GDC 25, GDC 28, GDC 29.
10 CFR 50.34(f)(2), “TMI Action Items”
Regulatory Guides (RGs)
Other Regulations…
Other IEEE Standards
IEEE Std. 7-4.3.2-2003 (Digital Systems)
IEEE Std. 379-2000 (Single-Failure Criterion)
IEEE Std. 384-1992 (Independence Criteria)
Conclusion
• Improvement in Traditional NRC Review Process
– DSRS is a pragmatic approach to review I&C design
• Justification for Reduced Operator Staffing for Multi-Unit Facilities
– SMR designers need to demonstrate reduction in staffing without impact to safety
– Application of HFE methodologies in control room design & alarm management
• Evolving Risks and Vulnerabilities in Security and Safeguards
– Need new physical security requirements for refueling cycle and transportation
– Need new I&C cyber security design requirements
• Potential Changes in Defense in Depth Philosophy
– Will be addressed by NRC in the review process for non-LWR designs
• Interface issues for SMR in Process Heat Applications
– Will be addressed by NRC as DC application is submitted
15