PPC Replacement Regulatory Impacts - …famos.scientech.us/PDFs/2012_Symposium/CENG_2012_Symposium.pdfppc replacement regulatory impacts. 2 confidential. proprietary ceng information

CONFIDENTIAL. PROPRIETARY CENG INFORMATION. DISTRIBUTION/USE PROHIBITED WITHOUT CENG PERMISSION

PPC Replacement Regulatory Impacts

2


Agenda

What is ‘Qualified’ Data? Emergency Response Data System Meteorological Measurement System Safety Parameters Display System Steam Tables What do the Regulations say? Compare CCNPP’s planned implementation other Symposium Attendees

Questions?

2

3


Aspects of ‘Qualified’ Data

On what cyber security layer does the data source reside?

Is Data not directly from the PPC still valid for use in the target function?

What Configuration Control is in place on the data source?– Design Controlled– BIT vs. PIT

What is the availability of the data source?

3

4


Emergency Response Data System

Provides plant parameters to NRC Obsolete hardware Data Supplied by obsolete PPC Design Controlled Data Point Library Currently under going NRC driven migration to VPN

4

5


ERDS Commitments

10CFR50 Appendix E– Refers to NUREG 1394 for guidance

NUREG 1394 Revision 1– Revision 1 issued in May 1991

Federal Information Security Mangement Act of 2002

Emergency Response Data System and Cyber Security ‐ML100130359– ERDS not within scope of 10CFR 73.54

NEI 08‐09– Protect ‘Critical Digital Assets’

5

6


Current ERDS Implementation

6

7


Target ERDS Implementation

7

8


Meteorological Information and Dose Assessment System

Acquisition and calculations on Meteorolgy Data from Met Tower

Displays Met data for Control Room and Emergency Response.

Provides ‘Remote Interrogation’ to State and Local Authorities

Design Controlled Hardware and Software

8

9


MIDAS Commitments

NUREG 0654– Provide remote interrogation

NUREG 0696– Met data available at TSC and EOF

Reg Guide 1.97– Type E Variables for Meteorolgy Data

Safety Guide 23, Feb 1972– Implementation details

Reg Guide 1.23 Revision 1– Updated guidance

NEI 08‐09– Protect critical digital assets

9

10


Current MIDAS Implementation

10

11


MIDAS Implementation Example #1

11

12


MIDAS Implementation Example #2

12

13


SPDS Commitments

NUREG‐0737; TMI Action Plan Requirements (1980) NUREG‐0696; Function Criteria for Emergency Facilities (1981)

NUREG‐0737; Clarification of TMI Action Plan Requirements Supp 1 (1982)

NUREG‐1342; SPDS Implementation Evaluation (1989)

13

14


NUREG‐696 Basic Design

15


CCNPP implementation of NUREG‐696

SPDS was combined with PPC functions– Not separate system

SPDS does not have a dedicated location– This is sometimes required because NUREG 696 requires variables x, y & x to be displayed. If z is not available then SPDS must be located such that z can be viewed while assessing its associated safety function

– True SPDS is extended into the TSC• Future implementation will not have the PPC proper in the TSC• Implementation will communicate with the PSS

16


NUREG‐696

Actions you will need to consider– HFE reviews

• Recommend limiting design changes that will screen out of the full 50.59 evaluation.

– Basis documentation is a challenge– Down time must meet 0.01 unavailability during hot conditions and 0.2 during cold conditions

• Where unavailability = down time / operating time• SPDS must be restored within 30 minutes during planed maintenance

• < 16 hours per quarter

17


NUREG‐696

Have your licensing department determine which requirements you are not committed to– Examples will include:

• Seismic requirements• Monitor placement• Tech Spec requirements

– Need to consider all the requirements; not just NUREG‐696

18


NUREG‐696 (cont)

There’s no substitute for reading 696– However, you need to understand to what you committed – 696 contains DAS performance requirements– Documentation requirements– Verification and Validation criteria“The DAS hardware and software shall be protected against unauthorized

manipulation of or interference with input signals, data processing, data storage, and data output.”

(Sounds like cyber security; but from 1980)

19


NUREG‐696 (cont)

“The design, development, qualification, and installation of the SPDS, TSC, EOF & NDL facilities and systems shall be independently verified and validated by qualified personnel other than the original designers and developers.”

NDL?

“The licensee’s quality assurance organization may be used for the verification and validation program if it meets the independence criteria and is technically capable of performing these functions.”

20


NUREG‐0737 Sup 1

Not to be used as requirements?– Only to be used as guidelines

“If the changes do not involve an un‐reviewed safety question or a change a change in the technical specifications, the licensee may implement such changes without prior approval.”

Un‐reviewed safety question– 50.59 screening!

21


Industrial Formulations

IFC‐67 (produced the 1967 steam tables) 1984 Formulation of Haar, Gallagher & KellInternational Association for the Properties of Water and Steam (IAPWS)

IAPWS‐95 (mostly used by the scientific community. Very accurate but requires large computing power)

IAPWS‐IF97 (Used by the steam power industry. Less accurate but it uses simplified code to support. Produced the 97 steam tables that we know today. But not adopted until 1999 by ASME)

22


Temperature Scales

International Practical Temperature Scale (IPTS)– IPTS‐48– IPTS‐68International Temperature Scale (ITS)– ITS‐90

All of these scales were promulgated by the International Committee of Weights and Measure

23


So who’s using what?

67’ Steam Table

IFC‐67

IPTS‐68

97’ Steam Table

IAPWS‐IF97

ITS‐90

24


What is the impact to change temperature scales?

All RTDs will need to be calibrated to the standard that is being implemented (at least critical ones)– Re‐evaluation of all related Design Calcs– Cleanest solution– Most expensive to implementOR

Temperatures that are acquisitioned may have post processing– NIST offers algorithms to do this– Be careful with this; any changes in the field will have to be corrected in the post processing

25


Mixing standards

Do I need to change my temperature scale if I update to the 97’ steam table?– Many algorithms may not care– Do the exercise and make sure– At CCNPP the difference was 0.3 MWth by using the 97’ steam tables without also changing the temperature scale

– Older plants may be using the IPTS‐48 scale. Using the 97’ steam tables with IPTS‐48 will exaggerate the inaccuracies

– At least account for the uncertainties

26


Steam Table Conclusion

So what to take away– Before changing your steam table, ask yourself:

• which temperature scale am I using?• Which algorithms will be affected?• Are the algorithms sensitive to the inaccuracies that will be introduced by not using the associated temperature scale for the steam table?

• How will the configuration on field loops be controlled to ensure the proper algorithm response?

– Test algorithms for response to mixed standards– Document uncertainties

27


Emergency Resonse Data Conclusion

Ask yourself:– If any information system is used to meet a regulatory commitment (SPDS, TSC, EOF, ERDS)

• AND

– That information system is satisfied by a business application

• Does the configuration control of the application meet the regulatory requirements (or your station requirements for the intended function?

28


Questions?

Dwayne Cox– I&C Design Engineer– [email protected]– 410‐495‐2395

Ron Triplett– Reactor Operator– [email protected]– 410‐495‐3349

28

Documents

PPC Replacement Regulatory Impacts - …famos.scientech.us/PDFs/2012_Symposium/CENG_2012_Symposium.pdfppc replacement regulatory impacts. 2 confidential. proprietary ceng information