INTERNATIONAL ATOMIC ENERGY AGENCY Technical Committee Meeting of the Technical Working Group on Nuc

1
INTERNATIONAL ATOMIC ENERGY AGENCYTechnical
Committee Meeting of the Technical Working Group
on Nuclear Power Plant Control and
Instrumentation(TWG-NPPCI)Biennial Regular
Meeting, Vienna, 23 25 May 2005IAEA Nuclear
Power Engineering SectionDivision of Nuclear
PowerDepartment of Nuclear Energy

• German National Report on Current Activities,
  Achievements, and Challenges in Instrumentation
  and Control of Nuclear Power Plants
• Dieter Wach
• Institut für Sicherheitstechnologie (ISTec) GmbH
• Research Campus
• D-85748 Garching, Germany
• Dieter.Wach_at_GRS.de

2
IAEA TWG '05
Actual Situation of Nuclear Power Plants in
Germany
19 plants in 2003 (13 PWR, 6 BWR), power (netto)
together 21087 MWe, 29 of total electrical
energy 17 plants in May 2005, Stade off Nov.
2003, Obrigheim off May 2005 Priority political
objective of the German (red-green) Federal
Government since Oct 1998 was and still is
the phase-out of nuclear energy. June 2000
Atomic Consensus agreement between red-green
government and utilities Limitation of the
life-time of each atomic power plant (as a
rule ca. 32 years). Fig. 1 shows the resulting
dead-lines for the end of operation of each
German plant. In fact the remaining electricity
volumes in GWh are limited per plant. The
Federal Office BfS is controlling the integrated
amount every month. When the limit is reached
the operation licence will vanish
automatically. July 2002 Confirmation of the
agreement in a Law on phase-out of nuclear energy
for use of electricity production. Therefore,
modernization of IC in German NPP is influenced
not only by technical or safety needs, but also
by constraints resulting from policy or
ideology. Election of the federal government is
every four years. The next is in fall of 2006.
3
IAEA TWG '05
German NPP Phase-out
Fig. 1 Remaining operational life-times of
German plants as agreed in the Atomic Consensus
forced by the red-green government
On the right the first nuclear power plant
Obrigheim (340 MW PWR) which was switched off
beginning of May 2005. This was celebrated as a
great success by the Green Party.
4
IAEA TWG '05
IC Modernization in German Plants
5
IAEA TWG '05
Industry IC Projects
Framatome-ANP (Siemens Erlangen)
BNFL - Westinghouse (ABB Mannheim)
6
IAEA TWG '05
AREVA
Performance Tianwan Project

• Main IC for two WWER-1000/428 units
• Trilateral contract between JNPC, Atomstroiexport
  and Siemens AG
• Supply contract between JNPC and Siemens AG for
  main IC and main and remote control room
• Commissioning in 2004 / 2005
• Option for two other units

Value approx. 140 million

• Customer JNPC (Jiangsu Nuclear Power
  Corporation)
• NSSS St. Petersburg ATOMENERGOPROJECT
• IC Siemens Aktiengesellschaft

7
IAEA TWG '05
AREVA
PerformanceBohunice V2 Upgrade

• Stepwise upgrade of two WWER 440/213 units in
  Bohunice
• Upgrade of reactor protection, ESFAS and
  limitation system
• Process requirement specifications elaborated by
  SE
• Design requirements elaborated by VUJE
• Hardware engineering and manufacturing by
• Stepwise installation 2004 - 2007

Value approx. 25 million

• Customer SE (SLOVENSKE ELEKTRANE)
• General Designer VUJE
• Hardware-Supply FRAMATOME ANP

8
IAEA TWG '05
AREVA
PerformanceLoviisa Upgrade

• Comprehensive upgrade of two WWER 440/213 units
• Stepwise upgrade of whole IC in four outages
• Stepwise upgrade of main control room
• Two additional buildings to install new IC
• Installation of new IC during power operation
• Switch over to new IC during regular outages

Value approx. 100 million

• Customer FORUM
• Supplier FRAMATOME ANP GmbH

9
IAEA TWG '05
AREVA
ProductsModern Control Room Study
Safety Control Panel
Plant Overview
Auxiliary Control Panel
Reactor- and Turbine Control Panel
Chief Operator
10
Hahn-Meitner-Institut Berlin GmbH
BERII (IC Westinghouse ABB)
Reaktorwarte
Großbildschirm
Gemeinsam
Bedienplatz 1
Bedienplatz 2
Schichtleiterplatz
Kommunikationsbus
AS 160OS Server
AS 160OS Server
AF100 Automatisierungsbus
AC160 Station
AC160 Station
Kleiner E-Schaltraum
Großer E-Schaltraum
11
Hahn-Meitner-Institut Berlin GmbH
BERII (IC Westinghouse ABB)
Notsteuerstelle
Überwachungs-Raum
KNQ - Warte
Drucker
AS 160ESEngineering und Diagnosestation
AC160 Stationen für Klasse 1 Meldungen
S800-E/A-Geräte
AC160 Station
Machinenhaus 2
12
IAEA TWG '05
RD Projects in IC

• Recent Projects of BMWA and BMU
• Requirements for computer-based peripheral
  devices of the safety-system in NPPs
• Development of a generic set of questions as
  examples - answers for six types of devices and
  FMEA
• Normative requirements for computer-based IC
  systems important to safety (requirement data
  bank)
• Consulting project to BMU including COMPSIS and
  ARMONIA successor
• Basic method development for safety analysis and
  assessment of pre-existing software selected to
  be applied in the safety IC of NPP
• Benchmark exercise of safety evaluation of
  computer-based systems BE-SECB (Germany, France,
  Finland)
• Online diagnostic methods for early fault
  detection and condition monitoring (component
  vibration, accustic impacts, process anomalies)
• BMWA Federal Ministry (Economy, Labour, Reactor
  Safety Research)
• BMU Federal Ministry (Environment, Nature,
  Reactor Safety)

13
IAEA TWG '05
RD Projects in IC

• On-going Projects of BMWA and BMU
• Qualification of integrated tool environments for
  the development of computer-based systems in NPPs
  (ISTec, TÜV Nord, Halden HRP)
• Solutions for the efficient proof of the safety
  and applicability of computer-based IC systems
  (TÜV Nord, ISTec, Halden HRP)
• Investigation of approaches towards probabilistic
  assessment of software-based IC (GRS, ISTec)
• Participation in establishing IEC standards for
  computer-based IC as a basis for use and
  transfer to national standards (ISTec)
• Development of standardized small software moduls
  for computerized core power distribution
  monitoring (University Bochum)
• Early fault detection by diagnostic methods with
  emphasis on reactor core monitoring (ISTec)
• (instrumentation condition monitoring is shifted
  to BMWA, proposal is in the pipe-line)

14
IAEA TWG '05
Common Cause Failure Study
Study on measures to avoid common-cause-effected
failure in digital safety IC by use of an
appropriate system architecture including the
option of hardware diversity Generic question of
the International State Commission (ILK) of the
south German states (conservative governments)

• Result
• Under the following pre-conditions
• a highly qualified product family is applied
• functional diversity is consequently and
  completely used
• the Defence-in-Depth principle is consequently
  used
• methods which guarantee the independence of
  partial systems are applied
• ? the additional use of computer hardware
  diversity is not recommended

15
IAEA TWG '05
Recent Challenges of ISTec
In addition to RD projects for BMWA, BMU, ILK
and EU the following projects (recent or
on-going) have been challenging ISTec

• Independent assessment and certification of the
  further developed Teleperm XS (new processor, SW
  versions)
• Independent assessment of components of the new
  developed Korean safety IC platform KNICS
• Support of the Slovakian TSO in independent VV
  of the projekt REKO Bohunice (V1 and V2)
• Support of Russian, Ukrainian and Armenian
  regulators in digital safety IC projects
• Support of the Ungarian authoritiy during
  modernization of PAKS 1 - 4
• Safety tasks related to the Finland EPR project
• Safety tasks in VV for the BEZNAU IC
  modernization project
• Consultancy to LEIBSTADT in specific tasks within
  the frame of long-term IC modernization
• Independent assessment and qualification of
  software-based equipment (TZA4 of HB, MGCplus of
  Hottinger, DT 100 of CCI)
• Support of BMU/GRS in re-writing regulator
  guidelines for safety IC (safety levels vs.
  safety categories)

16
IAEA TWG '05
RD Projects in IC

• Challenges for Industry and Regulators
• Quantification of reliability of software-based
  systems
• On-going technological progress in hardware and
  software
• Short innovation cycles compared with the planned
  life time for use of the IC
• Safety assessment of software components based on
  operational experience
• Island solution and use of re-developed
  (obsolete) components

17
IAEA TWG '05
Themes and Issues for Future Meetings

• Quantification of software reliability
• Operational experiences, data collection and
  regulators assessement
• Cyber security
• Standardized licensing procedures
• Software changes and corresponding needs for
  subsequent VV
• Tool qualification
• Third party assessment
• Configuration management
• How to cope with the high innovation rate of
  computer equipment in relation to the expected
  plant life time
• Duties and needs of regulators and inspectors in
  maintenance of computer-based IC safety systems
• Error-proneness of island solutions
• Re-development of obsolete IC components
  (interim components) in order to be able to
  postpone refurbishment, i.e. delayed
  modernization caused either by management
  decision (lack of money) or because of
  (artificially) limited remaining plant life time
  due to political decisions
• Tasks related to inspection (see NEA-WPIC)

18
IAEA TWG '05
OECD/NEA-Tasks of WPIC
NEA Working Group of Inspection Practice (WPIC)
is asking via regulators

• which tasks are up to inspectors during testing
  of computer-based devices
• which computer-specific aspects have to be
  considered during inspection
• which information and tools are available for
  inspection
• which specifica have to be considered during
  repetititve tests of computer-based devices (e.g.
  self-monitoring and self-calibration in relation
  to repetitive tests)
• which tasks have to be fulfilled when collecting
  and assessing operational experiences

The Federal Office BfS requested recently,
whether these topics can be treated by TWG NPPCI
19
IAEA TWG '05
Summary German Report

• German industry with advanced IC products
  qualified for nuclear application is engaged in
  national and (even more) in international NPP
  projects
• Reactor protection IC (Cat. A) in Germany
• Completed in research reactorsFRM-2 University
  Munich by Siemens/Framatome-ANPBER-2 Hahn
  Meitner Institut Berlin by ABB/Westinghouse
• In planning for several nuclear power plants
• RD projects for computer-based IC are being
  financed inspite of reduced budgets and phase-out
  decision for NPPs by the government
• Remaining issues of computer-based safety IC
  need further investigations and common position
  in licensing
• International cooperation seems to be the means
  to share expert and budget capacities and to use
  synergisms (IAEA specialist meetings, TECDOCs,
  IMPRACIT project of US NRC)