IEEE Nuclear Power Engineering Committee January 2013 Meeting Emergence of New Regulatory Technical Requirements and Review Standards for Small Modular Reactor I&C Systems January 23, 2013 Troy V. Nguyen, Ph.D., P.E. Senior Advisory Systems Engineer mPower I&C Design Team Northrop Grumman Corporation Summary • Background • Small Modular Reactor (SMR) Design • Potential Policy, Licensing, & Technical Issues • Key I&C Technical Issues • Emergence of New Technical Requirements and Review Standards • Conclusion • Q&A 2 Background • Addressing the Nation’s Increasing Need for Electrical Power – – – – – U.S. demand rising 28% by 2030 (Ref: Energy Information Administration 2010) Higher cost to build fossil plants due to tighter emission regulation Retirement of many small to mid-sized coal-fired plants in next 20 years Renewable (Wind, Solar) not capable of base load generation Natural gas prices historically volatile, domestic production technically and politically challenged • Advanced Nuclear Reactor Designs & Technologies – Small Modular Reactors (SMRs) • Integral PWR (B&W mPowerTM) – Next Generation Nuclear Plants • High temperature gas-cooled reactors • Liquid-metal-cooled reactors • IRIS PWR 3 Nuclear Power is Necessary to Maintain Energy Security Background – B&W mPower™ • B&W mPower Reactor – Commercial SMR design to address market for small and midsize (< 500 MWe) units – Design suitable for both conventional power generation and process heat (desalination, refinery, etc.) applications – Standardized design to streamline licensing approval process – Plant capacity allows components to be factory-built and tested – Each unit can be packaged into multi-module plant – Expected first of a kind to be licensed by NRC 4 B&W mPower SMR Design • Primary Systems Contained within the Reactor Vessel – Fewer vessel penetrations – Expensive safety related piping connections greatly reduced or eliminated • Vessel Sized for Shipment by Rail – Factory assembly instead of expensive onsite construction – Economies of quantitative scale – More effective manufacturing capitalization – Improved quality control 5 © 2012 Babcock & Wilcox Nuclear Energy, Inc. All rights reserved. B&W mPower Architectural Safety Benefits • Control Rod Drives Inside the Reactor Vessel – Eliminates control rod ejection scenario – Gravity-driven fail-safe protection • Limited Vessel Penetrations Reduce Probability of High-Pressure Leak Accidents • Passive Safety Features – Large coolant volume and vessel surface area – Safe shutdown maintained with natural circulation even without primary coolant pumps – Only water and gravity are needed to prevent core damage 6 © 2012 Babcock & Wilcox Nuclear Energy, Inc. All rights reserved. Generation mPower Plant Exemplar • Two B&W mPower SMR Units • Fully-Underground Containment Building – More readily secured – Improved natural disaster resilience © 2012 Babcock & Wilcox Nuclear Energy, Inc. All rights reserved. • Standardized Plant Footprint and Arrangement – “Cookie Cutter” strategy reduces capital expense and facilitates the design approval process – Savings in both recurring and non-recurring construction costs – Security, maintenance and operational processes for one plant can be applied to other Generation mPower plants 7 Generation mPower Plant Scalability Advantages • Administrative Management, Security, and Non-Reactor Maintenance – Largely independent of the number of SMRs at the site – Adding more units reduces overall per-unit operational costs • Control Operations Consolidated Into a Single Control Center – Better personnel utilization • Multiple SMRs at a Site Deliver Higher Plant Capacity Factor – If one unit in a six-reactor plant is refueling, site still operates at 83% of capacity • A Two-Unit Plant Can Replace Many Aging Coal Fired Plants – Distribution grid already in place – Close match for capabilities of the existing switchyard and high voltage cables • Incremental Capitalization Strategies are Possible – Site can begin with two units – As demand grows, proceeds from generating capacity already in place can be used to add more SMR units 8 High Scalability – Reduced Capital & Operation Costs Potential Policy, Licensing, Technical Issues (SECY-10-0034 & SECY-11-0112) • Change in Defense-In-Depth (DID) Philosophy for Advanced Reactors – Non-LWR SMR may have different approach in DID barriers – Integral PWRs like mPower employ traditional DID • Appropriate Source Term, Dose Calculations, and Siting for multimodule SMR Plants – Effectiveness of the containment – Plant mitigation features, site suitability, and emergency planning • Nuclear-Generated Process Heat Facilities – Interface requirements and regulatory jurisdiction issues • Requirements for Operator Staffing for Multi-Module Facilities – Current regulations do not address the possibility of more than two reactors being controlled from one control room • Security and Safeguards Requirements for SMRs – Physical & cyber security – SMR-related fuel cycle and transportation activities 9 B&W mPower I&C System Challenges • Operator Staffing – Current NRC regulations require a Reactor Operator, a Senior Reactor Operator and a Supervisor at all times for each reactor – Rules established based on legacy fleet of large-core nuclear plants – A multi-SMR plant requires more operators than a large-core reactor of the same total capacity – Challenge lies in designing new I&C system that allows Supervisor & SRO staff to safely oversee multiple units • Consolidating Administrative & Balance-Of-Plant (BOP) systems – Must maintain functional isolation of SMR units • Owner Services vs. Security – Supplying the features expected of a modern marketable SCADA system without leaving the plant vulnerable to cyber threats 10 I&C Key Design Issues • Human Factors Engineering in Control Room / Workstation Design – Synergy between I&C system design, plant operation, and people responsible for operation, maintenance, and troubleshooting – Integration of modern automation with time-tested safety strategies • Alarm Management Strategies - Maximize Operator Effectiveness and Efficiency – Assist in locating and isolating faults – Reduce impact and consequences of failures • Network-Based Systems for Life Cycle Maintainability – Must accommodate unidirectional links for isolation & security – Use of open standards to maximize economy and facilitate integration • Protection of Digital Control Systems from Cyber Attack – Design basis threat evaluations for integrated nuclear plant I&C systems 11 Design-Specific Review Standard (DSRS) for mPower Design • The First of NRC Design-Specific Guidance for SMR Designs (draft available for public comments) • Similar in Structure to the Existing Standard Review Plan (SRP) (NUREG-0800) – Chapter 7: Instrumentation and Controls • Encompasses all Relevant BTPs Contained in Current SRP • Clarifies the Interface Between the I&C Area and Other Disciplines – Human Factors Engineering (Chapter 18) – Quality Assurance (Chapter 17) – Reactor Systems (Chapters 6 and 15) • Emphasizes Simplicity as a “Cross Cutting Principle” in the Design of Digital I&C System – Avoid compromise to design independence – Lead to I&C safety system with high reliability 12 Major Differences Between DSRS & SRP Design Specific Review Standard 13 Standard Review Plan (NUREG0800) Emphasize fundamental I&C design principles (redundancy, independence, diversity, determinism, and simplicity) System focused, i.e. safety systems, power production, BOP, etc. Directly applicable to B&W mPower iPWR Contains regulatory requirements inapplicable to the mPower design. Guidance reflects integrated I&C design using digital technology. System-based guidance with no specific reference to digital technology. Clarifies software development appropriate for design certification (DC) phase. Reflects complete software development cycle. Integrated Hazard Analysis - consistent, comprehensive, and systematic way to address the potential hazards associated with the I&C systems. Contains various methods dealing with hazards in the system. DSRS Referenced Regulations & Standards DSRS Chapter 7 Table of Content 7.1.1 7.1.2 7.1.3 7.1.4 7.1.5 7.2.1 7.2.2 7.2.3 - Safety System Design Basis - Independence - Redundancy - Determinism - Diversity and Defense-in-Depth - Quality (Reserved) - Equipment Qualification - Reliability, Integrity, and Completion of Protective Action 7.2.4 - Operating and Maintenance Bypasses 7.2.5 - Interlocks 7.2.6 - Derivation of System Inputs 7.2.7 - Setpoints 7.2.8 - Auxiliary Features 7.2.9 - Control of Access, Identification, and Repair 7.2.10 - Interaction between Sense and Command Features and Other Systems 7.2.11 - Multi-Unit Stations 7.2.12 - Automatic and Manual Control 7.2.13 - Displays and Monitoring 7.2.14 - Human Factors Considerations 7.2.15 - Capability for Test and Analysis Appendix A - Hazard Analysis Appendix B - I&C System Architecture Appendix C - Simplicity Appendix D - References 14 Applicable Regulations and Standards Partial List of DSRS References 10 CFR Part 50.55a(h) IEEE Std. 603-1991 10 CFR Part 50, Appendix A (GDC) GDC 1, GDC 2, GDC 4, GDC 10, GDC 13, GDC 15, GDC 16, GDC 19, GDC 21, GDC 22, GDC 23, GDC 24, GDC 25, GDC 28, GDC 29. 10 CFR 50.34(f)(2), “TMI Action Items” Regulatory Guides (RGs) Other Regulations… Other IEEE Standards IEEE Std. 7-4.3.2-2003 (Digital Systems) IEEE Std. 379-2000 (Single-Failure Criterion) IEEE Std. 384-1992 (Independence Criteria) Conclusion • Improvement in Traditional NRC Review Process – DSRS is a pragmatic approach to review I&C design • Justification for Reduced Operator Staffing for Multi-Unit Facilities – SMR designers need to demonstrate reduction in staffing without impact to safety – Application of HFE methodologies in control room design & alarm management • Evolving Risks and Vulnerabilities in Security and Safeguards – Need new physical security requirements for refueling cycle and transportation – Need new I&C cyber security design requirements • Potential Changes in Defense in Depth Philosophy – Will be addressed by NRC in the review process for non-LWR designs • Interface issues for SMR in Process Heat Applications – Will be addressed by NRC as DC application is submitted 15