Title: INTERNATIONAL ATOMIC ENERGY AGENCY Technical Committee Meeting of the Technical Working Group on Nuc
1INTERNATIONAL ATOMIC ENERGY AGENCYTechnical
Committee Meeting of the Technical Working Group
on Nuclear Power Plant Control and
Instrumentation(TWG-NPPCI)Biennial Regular
Meeting, Vienna, 23 25 May 2005IAEA Nuclear
Power Engineering SectionDivision of Nuclear
PowerDepartment of Nuclear Energy
- German National Report on Current Activities,
Achievements, and Challenges in Instrumentation
and Control of Nuclear Power Plants - Dieter Wach
- Institut für Sicherheitstechnologie (ISTec) GmbH
- Research Campus
- D-85748 Garching, Germany
- Dieter.Wach_at_GRS.de
2IAEA TWG '05
Actual Situation of Nuclear Power Plants in
Germany
19 plants in 2003 (13 PWR, 6 BWR), power (netto)
together 21087 MWe, 29 of total electrical
energy 17 plants in May 2005, Stade off Nov.
2003, Obrigheim off May 2005 Priority political
objective of the German (red-green) Federal
Government since Oct 1998 was and still is
the phase-out of nuclear energy. June 2000
Atomic Consensus agreement between red-green
government and utilities Limitation of the
life-time of each atomic power plant (as a
rule ca. 32 years). Fig. 1 shows the resulting
dead-lines for the end of operation of each
German plant. In fact the remaining electricity
volumes in GWh are limited per plant. The
Federal Office BfS is controlling the integrated
amount every month. When the limit is reached
the operation licence will vanish
automatically. July 2002 Confirmation of the
agreement in a Law on phase-out of nuclear energy
for use of electricity production. Therefore,
modernization of IC in German NPP is influenced
not only by technical or safety needs, but also
by constraints resulting from policy or
ideology. Election of the federal government is
every four years. The next is in fall of 2006.
3IAEA TWG '05
German NPP Phase-out
Fig. 1 Remaining operational life-times of
German plants as agreed in the Atomic Consensus
forced by the red-green government
On the right the first nuclear power plant
Obrigheim (340 MW PWR) which was switched off
beginning of May 2005. This was celebrated as a
great success by the Green Party.
4IAEA TWG '05
IC Modernization in German Plants
5IAEA TWG '05
Industry IC Projects
Framatome-ANP (Siemens Erlangen)
BNFL - Westinghouse (ABB Mannheim)
6IAEA TWG '05
AREVA
Performance Tianwan Project
- Main IC for two WWER-1000/428 units
- Trilateral contract between JNPC, Atomstroiexport
and Siemens AG - Supply contract between JNPC and Siemens AG for
main IC and main and remote control room - Commissioning in 2004 / 2005
- Option for two other units
Value approx. 140 million
- Customer JNPC (Jiangsu Nuclear Power
Corporation) - NSSS St. Petersburg ATOMENERGOPROJECT
- IC Siemens Aktiengesellschaft
7IAEA TWG '05
AREVA
PerformanceBohunice V2 Upgrade
- Stepwise upgrade of two WWER 440/213 units in
Bohunice - Upgrade of reactor protection, ESFAS and
limitation system - Process requirement specifications elaborated by
SE - Design requirements elaborated by VUJE
- Hardware engineering and manufacturing by
- Stepwise installation 2004 - 2007
Value approx. 25 million
- Customer SE (SLOVENSKE ELEKTRANE)
- General Designer VUJE
- Hardware-Supply FRAMATOME ANP
8IAEA TWG '05
AREVA
PerformanceLoviisa Upgrade
- Comprehensive upgrade of two WWER 440/213 units
- Stepwise upgrade of whole IC in four outages
- Stepwise upgrade of main control room
- Two additional buildings to install new IC
- Installation of new IC during power operation
- Switch over to new IC during regular outages
Value approx. 100 million
- Customer FORUM
- Supplier FRAMATOME ANP GmbH
9IAEA TWG '05
AREVA
ProductsModern Control Room Study
Safety Control Panel
Plant Overview
Auxiliary Control Panel
Reactor- and Turbine Control Panel
Chief Operator
10Hahn-Meitner-Institut Berlin GmbH
BERII (IC Westinghouse ABB)
Reaktorwarte
Großbildschirm
Gemeinsam
Bedienplatz 1
Bedienplatz 2
Schichtleiterplatz
Kommunikationsbus
AS 160OS Server
AS 160OS Server
AF100 Automatisierungsbus
AC160 Station
AC160 Station
Kleiner E-Schaltraum
Großer E-Schaltraum
11Hahn-Meitner-Institut Berlin GmbH
BERII (IC Westinghouse ABB)
Notsteuerstelle
Überwachungs-Raum
KNQ - Warte
Drucker
AS 160ESEngineering und Diagnosestation
AC160 Stationen für Klasse 1 Meldungen
S800-E/A-Geräte
AC160 Station
Machinenhaus 2
12IAEA TWG '05
RD Projects in IC
- Recent Projects of BMWA and BMU
- Requirements for computer-based peripheral
devices of the safety-system in NPPs - Development of a generic set of questions as
examples - answers for six types of devices and
FMEA - Normative requirements for computer-based IC
systems important to safety (requirement data
bank) - Consulting project to BMU including COMPSIS and
ARMONIA successor - Basic method development for safety analysis and
assessment of pre-existing software selected to
be applied in the safety IC of NPP - Benchmark exercise of safety evaluation of
computer-based systems BE-SECB (Germany, France,
Finland) - Online diagnostic methods for early fault
detection and condition monitoring (component
vibration, accustic impacts, process anomalies) - BMWA Federal Ministry (Economy, Labour, Reactor
Safety Research) - BMU Federal Ministry (Environment, Nature,
Reactor Safety)
13IAEA TWG '05
RD Projects in IC
- On-going Projects of BMWA and BMU
- Qualification of integrated tool environments for
the development of computer-based systems in NPPs
(ISTec, TÜV Nord, Halden HRP) - Solutions for the efficient proof of the safety
and applicability of computer-based IC systems
(TÜV Nord, ISTec, Halden HRP) - Investigation of approaches towards probabilistic
assessment of software-based IC (GRS, ISTec) - Participation in establishing IEC standards for
computer-based IC as a basis for use and
transfer to national standards (ISTec) - Development of standardized small software moduls
for computerized core power distribution
monitoring (University Bochum) - Early fault detection by diagnostic methods with
emphasis on reactor core monitoring (ISTec) - (instrumentation condition monitoring is shifted
to BMWA, proposal is in the pipe-line)
14IAEA TWG '05
Common Cause Failure Study
Study on measures to avoid common-cause-effected
failure in digital safety IC by use of an
appropriate system architecture including the
option of hardware diversity Generic question of
the International State Commission (ILK) of the
south German states (conservative governments)
- Result
- Under the following pre-conditions
- a highly qualified product family is applied
- functional diversity is consequently and
completely used - the Defence-in-Depth principle is consequently
used - methods which guarantee the independence of
partial systems are applied - ? the additional use of computer hardware
diversity is not recommended
15IAEA TWG '05
Recent Challenges of ISTec
In addition to RD projects for BMWA, BMU, ILK
and EU the following projects (recent or
on-going) have been challenging ISTec
- Independent assessment and certification of the
further developed Teleperm XS (new processor, SW
versions) - Independent assessment of components of the new
developed Korean safety IC platform KNICS - Support of the Slovakian TSO in independent VV
of the projekt REKO Bohunice (V1 and V2) - Support of Russian, Ukrainian and Armenian
regulators in digital safety IC projects - Support of the Ungarian authoritiy during
modernization of PAKS 1 - 4 - Safety tasks related to the Finland EPR project
- Safety tasks in VV for the BEZNAU IC
modernization project - Consultancy to LEIBSTADT in specific tasks within
the frame of long-term IC modernization - Independent assessment and qualification of
software-based equipment (TZA4 of HB, MGCplus of
Hottinger, DT 100 of CCI) - Support of BMU/GRS in re-writing regulator
guidelines for safety IC (safety levels vs.
safety categories)
16IAEA TWG '05
RD Projects in IC
- Challenges for Industry and Regulators
- Quantification of reliability of software-based
systems - On-going technological progress in hardware and
software - Short innovation cycles compared with the planned
life time for use of the IC - Safety assessment of software components based on
operational experience - Island solution and use of re-developed
(obsolete) components
17IAEA TWG '05
Themes and Issues for Future Meetings
- Quantification of software reliability
- Operational experiences, data collection and
regulators assessement - Cyber security
- Standardized licensing procedures
- Software changes and corresponding needs for
subsequent VV - Tool qualification
- Third party assessment
- Configuration management
- How to cope with the high innovation rate of
computer equipment in relation to the expected
plant life time - Duties and needs of regulators and inspectors in
maintenance of computer-based IC safety systems - Error-proneness of island solutions
- Re-development of obsolete IC components
(interim components) in order to be able to
postpone refurbishment, i.e. delayed
modernization caused either by management
decision (lack of money) or because of
(artificially) limited remaining plant life time
due to political decisions - Tasks related to inspection (see NEA-WPIC)
18IAEA TWG '05
OECD/NEA-Tasks of WPIC
NEA Working Group of Inspection Practice (WPIC)
is asking via regulators
- which tasks are up to inspectors during testing
of computer-based devices - which computer-specific aspects have to be
considered during inspection - which information and tools are available for
inspection - which specifica have to be considered during
repetititve tests of computer-based devices (e.g.
self-monitoring and self-calibration in relation
to repetitive tests) - which tasks have to be fulfilled when collecting
and assessing operational experiences
The Federal Office BfS requested recently,
whether these topics can be treated by TWG NPPCI
19IAEA TWG '05
Summary German Report
- German industry with advanced IC products
qualified for nuclear application is engaged in
national and (even more) in international NPP
projects - Reactor protection IC (Cat. A) in Germany
- Completed in research reactorsFRM-2 University
Munich by Siemens/Framatome-ANPBER-2 Hahn
Meitner Institut Berlin by ABB/Westinghouse - In planning for several nuclear power plants
- RD projects for computer-based IC are being
financed inspite of reduced budgets and phase-out
decision for NPPs by the government - Remaining issues of computer-based safety IC
need further investigations and common position
in licensing - International cooperation seems to be the means
to share expert and budget capacities and to use
synergisms (IAEA specialist meetings, TECDOCs,
IMPRACIT project of US NRC)