Yukun Tian,Jianghai Li,Xiaojin Huang

DOI: https://doi.org/10.1115/icone29-93395

2022-01-01

Abstract:Abstract Cyber security risk analysis can identify and assess factors that may damage to the system such as digital instrumentation and control system of nuclear power plants. Performing cyber security risk analysis is important for instrumentation and control system of nuclear power plants because it could assess overall impacts of risks and help to identify vulnerabilities to determine next steps to address security risks. With the integration of information system and physical system, cyber security of information system and functional safety of physical system interact with each other, resulting in a type of new comprehensive security problem and introducing serious security risks. Most of the existing cyber security risk analysis methods pay more attention to cyberattacks like attack tree analysis method, Petri net method, and Bayesian network method. STPA-SafeSec is a top-down security risk analysis method focusing on the system itself based on system theory, which starts from unacceptable losses of the system and pays attention to the causal factors that produce unsafe control. In this paper, STPA-SafeSec is applied to the primary circuit pressure control system of high temperature gas-cold reactors in order to perform the hazard analysis of integrated risk assessment for both functional safety and cyber security. The application details are given and a part of the hazardous scenarios tree is obtained for the formulation of mitigation strategies.

Zhaohui Liu,Longtao Liao,Zhiqiang Wu,Xiaohua Yang

DOI: https://doi.org/10.1299/jsmeicone.2015.23._icone23-1_76

2015-01-01

The Proceedings of the International Conference on Nuclear Engineering (ICONE)

Abstract:The digitalized Instrumentation and Control (I&C) system of Nuclear power plants can provide many advantages. However, digital control systems induce new failure modes that differ from those of analog control systems. While the cost effectiveness and flexibility of software is widely recognized, it is very difficult to achieve and prove high levels of dependability and safety assurance for the functions performed by process control software, due to the very flexibility and potential complexity of the software itself. Software safety analysis (SSA) was one way to improve the software safety by identify the system hazards caused by software failure. This paper describes the application of a software fault tree analysis (SFTA) at the software design phase. At first, we evaluate all the software modules of the reactor power regulating system in nuclear power plant and identify various hazards. The SFTA was applied to some critical modules selected from the previous step. At last, we get some new hazards that had not been identified in the prior processes of the document evaluation which were helpful for our design.

chao guo,duo li,huasheng xiong

DOI: https://doi.org/10.1007/978-3-642-28314-7_41

2012-01-01

Abstract:Digital instrumentation and control (I&C) systems, such as digital Reactor Protection System (RPS), are being employed gradually at newly-built and upgraded Nuclear Power Plants (NPPs). The reliability analysis of digital I&C system turns to be a research focus. This paper proposes a preliminary study on reliability analysis for the digital RPS of High Temperature Gas-Cooled Reactor-Pebble bed Module (HTR-PM). We first introduce the function and structure of RPS in HTR-PM; then the processes of failure mode and effect analysis (FMEA) at system level are given; finally we present the FMEA of a computer device as an example and introduce the future work. This study analyses all possible safety-relevant implications arising from failures in RPS and promotes the reliability analysis of the digital RPS in HTR-PM.

Chao Guo,Duo Li,XIONG Hua-sheng

DOI: https://doi.org/10.7538/yzk.2013.47.11.2063

2013-01-01

Abstract:Digital reactor protection system (RPS) is gradually replacing analog counterparts and being applied in newly-built and upgraded nuclear power plant (NPP), and the analysis of digital RPS reliability is one of the hot topics in the research field of NPP I&C. Based on RPS of high temperature gas-cooled reactor pebble bed module (HTR-PM), the research of this paper focused on development and analysis of digital RPS fault tree model, which was outlined as following: The top event for a fault tree was chosen; the method to build a fault tree model based on failure modes and effects analysis (FMEA) was studied, specially focusing on the sub-tree of redundant channel "2-out-of-4" logic and the fault tree under one channel bypass; the qualitative analysis of fault tree, such as RPS weakness according to minimal cut sets was summarized. The research is important to analyze digital RPS reliability and to improve its design.

Chao Guo,Huasheng Xiong,Duo Li,Shuqiao Zhou

DOI: https://doi.org/10.1115/icone24-60535

2016-01-01

Abstract:Nuclear safety is one of the key issues for a nuclear power plant (NPP). Digital instrumentation and control (I&C) systems have been employed gradually in the newly-built and upgraded NPPs, while the reliability of software brings great challenges to the Probability Risk Assessment (PRA) of NPPs. Software testing is regarded as one of the most important methods to guarantee the quality of safety software. The testing data can then be adopted to assess the coding quality by reliability modelling. As the variety of digital I&C systems, software modelling methods corresponding to particular I&C system, as well as a model which is suitable in all situations, are both expected.The Reactor Protection System (RPS) in High Temperature Gas-Cooled Reactor - Pebble bed Module (HTR-PM) is the first digital RPS designed and to be operated commercially in China. As the designer, we also took part in the software testing work of this digital I&C system. In this paper, we gave a comprehensive introduction to the software testing and reliability modelling research of RPS in HTR-PM, including the objective, tools, methods, testing strategy, organizational structure, and the implementation phases.During the testing experience of safety software of RPS in HTR-PM, we collected the software abnormal reports which could be employed for the reliability analysis to evaluate the quality of the safety software. We introduced the data mining and reliability modelling research according to the abnormal reports. Different characteristics of faults could be used for software reliability modelling, such as software version, fault severity, test stage, submission date, debugging data, and so on. In the end we introduced a software modelling method based on severity analysis of the abnormal reports.The work we showed in this paper can contribute to improve the process of testing and reliability analysis for other digital I&C systems in NPPs.

Shiyu Yan,Hua Liu,Zhaohui Liu,Xiaohua Yang,Meng Li,Zhi Chen

DOI: https://doi.org/10.1115/icone26-81879

2018-01-01

Abstract:In view of control rod ejection accident of the traditional pressurized water reactor, the safety thought of the design phase is to validate reliability and availability of DCS I&C in the severe accidents. Now the most important and effective means is simulation calculation and analysis. It is applied for the imaginary accident of the nuclear power plant by using computer software. The new safety analysis steps based on the analysis of cause-and-effect logic failure: firstly, the composition and working principle of control rod drive mechanism is analyzed; secondly, a list of factors-the dynamics and structure, environmental reasons, the function of the control rod drive mechanism and status analysis-are all taken into account, the initial cause of failure modes with causal logic analysis is carried out; thirdly, based on cause-and-effect logic failure, the prevention and improvement measures of accidents, the new criterion of design are put forward. The advantages of cause-and-effect logic failure safety analysis: 1.be based on causal logic. 2. the system aspects is added compared with the past method that is only based on simulation calculation and analysis of the hypothetical accident, the accident the transient process of the key security parameters as the acceptance criteria. 3. The verification and audit of the lack of safety design criteria, completeness of design content, sufficiency problem are performed before the simulated calculation and analysis. 4. The coverage of safety analysis is expanded. Some good advices are provided for the design, operation and maintenance of nuclear power plant.

Xingyu Xing,Tangrui Zhou,Junyi Chen,Lu Xiong,Zhuoping Yu

DOI: https://doi.org/10.1109/iv48863.2021.9575425

2021-01-01

Abstract:Hazard analysis is a quite significant step to ensure vehicle safety in the early stage of vehicle development according to current standards. However, the complexity of the Advanced Driving Assistance System (ADAS) and Automated Driving Systems (ADS), which consist of various software and hardware components, makes it difficult to identify system hazards. Nowadays, System-Theoretic Process Analysis (STPA), a hazard analysis method for complex systems, is applied to ADAS, and simple ADS gradually and proved applicable. This paper introduced Finite State Machine (FSM) to complement the STPA for its weakness in analyzing high-level autonomous vehicles with multiple automated modes and functions. Firstly, previous applications of STPA to ADAS and ADS and their limitations are analyzed. Secondly, the hazardous event is defined. An extended method combining STPA and FSM is proposed to model the vehicle states and environmental conditions and analyze unexpected behaviors. Finally, a case study on an autonomous vehicle is given to compare the traditional STPA and the extended method. Comparing with the traditional STPA, the proposed method can identify more hazardous events and give more detailed information about hazardous events to generate testing scenarios.

Qingzhu Liang,Mingxing Liu,Peng Xiao,Yun Guo,Jun Xiao,Changhong Peng

DOI: https://doi.org/10.1155/2020/8839399

IF: 0.849

2020-01-01

Science and Technology of Nuclear Installations

Abstract:The aim of this study is to verify if the reliability of a digital four-channel RPS under the design phase satisfies the specified target and to identify the weakness of system design and potential solutions for system reliability improvement. The event-tree/fault-tree (ET/FT), which is the method used in the current probabilistic safety assessment (PSA) framework of nuclear power plants (NPPs), was adopted to developed reliability modeling for the RPS with the Top Events defined as the system failure to generate reactor trip signal and the system generating spurious trip signal. The evaluation results indicate that the probability of the system failure on demand and the frequency of spurious trip signal generation are 1.47 × 10−6 with a 95% upper bound of 4.63 × 10−6 and 7.94 × 10−4/year with a 95% upper bound of 2.50 × 10−3/year, respectively. The importance and sensitivity analyses were conducted and it was found that undetected unsafe common cause failures (CCFs) of signal conditioning modules (SCMs) dominate the system reliability. Two preliminary optimization schemes relative to reducing periodic test interval and adapting two kinds of diverse SCMs were proposed. Results of the quantitive evaluation of the schemes show that neither of them could determinedly improve the system reliability to the target level. In the future, more detailed optimization analysis shall be required to determine a feasible system design optimization scheme.

Tate Shorthill,Han Bao,Hongbin Zhang,Heng Ban

DOI: https://doi.org/10.1080/00295450.2021.1957659

IF: 1.667

2021-11-05

Nuclear Technology

Abstract:Digital instrumentation and control (I&C) upgrades are a vital research area for the nuclear industry. Despite their performance benefits, deployment of digital I&C in nuclear power plants (NPPs) has been limited. Digital I&C systems exhibit complex failure modes including common cause failures (CCFs), which can be difficult to identify. This paper describes the development of a redundancy-guided application of the Systems-Theoretic Process Analysis and fault tree analysis for the hazard analysis of digital I&C in advanced NPPs. The resulting Redundancy-Guided Systems-Theoretic Hazard Analysis (RESHA) is applied for the case study of a representative state-of-the-art digital reactor trip system. The analysis qualitatively and systematically identifies the most critical CCFs and other hazards of digital I&C systems. Ultimately, the RESHA can help researchers make informed decisions for how, and to what degree, defensive measures such as redundancy, diversity, and defense in depth can be used to mitigate or eliminate the potential hazards of digital I&C systems.

nuclear science & technology

Hu Yuehua,Li Lin,Yan Zhen,Song Lei

DOI: https://doi.org/10.1115/icone25-66454

2017-01-01

Abstract:Systematic multiple spurious operation review is the important basement of Fire PSA Component Selection and Fire Induced Risk Modeling. It is a task of systematically evaluation of all plant systems and identification of equipments susceptible to potential spurious actuation that may challenge safe shutdown capability via spurious operations, which can ensure that the fire PSA model addresses the impacts of single spurious operations (SSOs) and multiple spurious operations (MSOs). In this paper, different methodologies of systematic multiple spurious operation review are studied and it is found that two methodologies are given in literature published at home and abroad: one methodology is development of comprehensive plant specific MSO list by panel review. This methodology is based on generic list of MSOs combined with plant specific information review. This methodology proposes high requirements for the expert panel and hard to avoid missing of some scenarios. Another methodology is review of all plant systems and components to receive SSOs, and then using MSO matrix to evaluate and encode each unique pair to receive MSOs that disable the system function. This methodology can ensure the integrity of MSO list, but the matrixes are too complicated. In this paper, the fault tree method is employed to improve the matrix method in the MSO evaluation process of the latter methodology. Reactor Coolant System (RCS) is taken as an example to describe the application of this method to CAP1000. Engineering practice shows that the fault tree method can effectively avoid omissions of MSO scenarios, and it is more useful and simple for tertiary or quaternary MSO evaluation, as well as more convenient for further MSO evaluation due to cross system issues. Furthermore, MSO fault trees can be directly called by fire PSA model for evaluation, which can lay a foundation for the follow-up work of fire PSA.

Jian Jiao,Yongfeng Jing,Shujie Pang

DOI: https://doi.org/10.3390/systems10050137

2022-01-01

Abstract:With the complexity of the socio-technical system, the requirement for safety analysis is growing. In actuality, system risk is frequently created by the interaction of numerous nonlinear-related components. It is essential to use safety assessment methods to identify critical risk factors in the system and evaluate the safety level of the system. An integrated safety assessment framework combining the system theoretic process analysis (STPA), the analytic network process (ANP) and system dynamics (SD) is suggested to analyze the safety level of socio-technical systems to achieve qualitative and quantitative safety evaluation. Our study constructs an STPA and SD integration framework to demonstrate the practical potential of combining STPA and SD approaches in terms of risk factors and causality. The framework uses the STPA method to define the static safety control structure of the system and analyzes the primary risk factors. The unsafe control actions (UCAs) from the STPA method are transformed into network layer elements of ANP. The ANP method is used to calculate the element weights, which are the impact coefficients between the system dynamics (SD) variables. The SD method is used to assess the safety level of the system. Finally, a specific coal mining system is used to demonstrate how the proposed hybrid framework works. The results indicated that the safety level of the system was low on days 38 and 120 of the simulation cycle (one quarter). Our work can overcome the limitations of conventional STPA quantitative analysis and simplify SD qualitative modeling to serve as a reference for complicated system safety/risk analysis work.

Shu-hua DING,Yan-hua YANG,Xue-nong ZHU,Meng LIN

DOI: https://doi.org/10.3969/j.issn.1000-6931.2007.02.018

2007-01-01

Abstract:In order to improve the security and the margin of safety of nuclear power plant, the research on requirement analysis of digital reactor protection system for advanced pressurized water reactor nuclear power plant was developed. Based on the known technology, a requirement analysis report was performed. A kind of three-levels pyramidal hierarchy was adopted in the requirement analysis, and the design characteristics of the requirement analysis were described in the analysis report. This hiberarchy can directly illuminate the design characters and logical achievement of the requirement analysis for advanced pressurized water reactor digital protection system.

刘涛,玉宇,童节娟,赵军

DOI: https://doi.org/10.3321/j.issn:1000-7857.2009.08.008

2009-01-01

Abstract:The Probabilistic Safety Analysis (PSA) is widly used in engineering practice of Nuclear Power Plant (NPP) and is now a mature technique for Light Water Reactor (LWR) of NPP, Its application for advanced NPP is now under development. This paper studies problems resulting from application of the traditional PSA technology to advanced NPP. The traditional framework of PSA for LWR of NPP is discussed, including its history and limitations. Problems are analyzed in view of the safety characteristics of the advanced NPP. Finally, a case study related to high temperature gas-cooled reactor of NPP is made as an example to explain our suggestions concerning the application of PSA for advanced NPP.

Asim Abdulkhaleq,Stefan Wagner,Nancy Leveson

DOI: https://doi.org/10.48550/arXiv.1612.03109

2016-12-09

Software Engineering

Abstract:Formal verification and testing are complementary approaches which are used in the development process to verify the functional correctness of software. However, the correctness of software cannot ensure the safe operation of safety-critical software systems. The software must be verified against its safety requirements which are identified by safety analysis, to ensure that potential hazardous causes cannot occur. The complexity of software makes defining appropriate software safety requirements with traditional safety analysis techniques difficult. STPA (Systems-Theoretic Processes Analysis) is a unique safety analysis approach that has been developed to identify system hazards, including the software-related hazards. This paper presents a comprehensive safety engineering approach based on STPA, including software testing and model checking approaches for the purpose of developing safe software. The proposed approach can be embedded within a defined software engineering process or applied to existing software systems, allow software and safety engineers integrate the analysis of software risks with their verification. The application of the proposed approach is illustrated with an automotive software controller.

Zhi-wen WANG,Zhi-huan SONG

DOI: https://doi.org/10.3969/j.issn.1009-6094.2010.01.048

2010-01-01

Applied Mechanics and Materials

Abstract:To improve the objectivity and comprehensiveness of the safety assessments of the thermal power plant, a renovated method of safety assessment for thermal power plants has been proposed here in this paper based on the three dimensions: the maximum limits, the minimum limits and the restrictions on the middle region, as well as the data envelopment analysis (DEA) module. As each indicator can then be subdivided into some sub-indicators, the potential safety degree can be guaranteed by using scores evaluated by the specialists. Thus, the three-dimensional original data can then be uniformly processed into intervals [0,1], in which weight-related indicators relate to the safety parameters so that the potential safety can be determined by the analytic hierarchical parameters. The final results of the safety assessment can thus be denoted by four evaluation grades: the danger grade, slight danger grade, the slight safety and full safety grades by using the graded fuzzy membership functions. The method here mentioned takes full advantage of the power plants' existant quantitative indicators and non-quantifiable indicators by using real-time operating parameters of the equipment installations and human experience, all of which can form a comprehensive organic system to make the evaluation results both comprehensive and objective. The distinguished features of such an evaluation method lies in that it provides a new research idea for safety evaluation both of the objective data and subjective factors organically so that it can serve as a good reference to the other safety assessments of complex systems. And, finally, an example has been given to demonstrate the way on how to use the three-dimensional computational procedure. Thus, it can be concluded that the safety assessment method is fully feasible for the target it is aimed at.

Jingyu Zhu,Huixing Meng,Shaoyu Zhang,Guoming Chen,Rouzbeh Abbassi,Xiangkun Meng

DOI: https://doi.org/10.1016/j.psep.2024.04.110

IF: 7.8

2024-01-01

Process Safety and Environmental Protection

Abstract:The System-Theoretic Process Analysis (STPA) method is a useful approach to analyze system safety, however, it still has inadequate capabilities for quantitative safety analysis. To overcome this limitation, an integrated methodology was investigated for quantitative safety analysis of the complex socio-technical system that combines a system-theoretic approach and numerical simulation. In the proposed methodology, STPA method is utilized to discover potential unsafe control actions (UCAs) and corresponding causes based on the operational principle of the target system from systemic perspective. Moreover, the consequences of identified UCAs can be quantified and certain safety constraints also were improved to prevent UCAs using numerical simulations. The blind shear ram preventers (BSRPs) as complex system, with tightly interacting diverse subsystems or components are, is employed to illustrate the applicability of the methodology. The results verified that the proposed methodology could effectively evaluate potential hazards and quantify the analysis results. These results will be helpful for the design and operations of the BSRP system in deepwater drilling activities. The developed methodology also has a more general application to safety analyses in other process industries.

Jintao Xu,Maolei Gui,Rui Ding,Tao Dai,Mengyan Zheng,Xinhong Men,Fanpeng Meng,Tao Yu,Yang Sui

DOI: https://doi.org/10.1016/j.ress.2023.109147

IF: 7.247

2023-01-01

Reliability Engineering & System Safety

Abstract:Traditional static methods are mostly adopted to analyze the reliability of reactor protection system (RPS) for nuclear power plant (NPP). However, they cannot characterize its dynamic interaction, time correlation, and uncertainty. In order to solve this problem, dynamic fault tree (DFT) analysis was firstly utilized to create the DFT for the RPS to characterize its dynamic interaction. Then, dynamic Bayesian network (DBN) was used to create the DBN model based upon the DFT for the RPS to characterize its dynamic interaction, time correlation, and uncertainty. Furthermore, Latin hypercube sampling (LHS) was employed to define a new Bayesian inference algorithm. Finally, the defined algorithm was applied in a RPS for Hualong-1 (HPR1000) in East China to conduct its dynamic prediction and sensitivity analyses through the Bayesian forward and backward inferences, and a new approach for dynamic reliability analysis of the RPS for HPR1000 was proposed. The research results showed that the proposed approach could be used for the dynamic reliability analysis of the RPS.

Jinlin LIU,Changhong PENG

DOI: https://doi.org/10.1299/jsmeicone.2015.23._icone23-1_397

2015-01-01

The Proceedings of the International Conference on Nuclear Engineering (ICONE)

Abstract:For long-term application, Probabilistic Safety Analysis (PSA) has proved to be a valuable tool for improving the safety and reliability of power reactors. In China, "Nuclear safety and radioactive pollution prevention "Twelfth Five Year Plan" and the 2020 vision" raises clearly that: to develop probabilistic safety analysis and aging evaluation for research reactors. Comparing with the power reactors, it reveals some specific features in research reactors: lower operating power, lower coolant temperature and pressure, etc. However, the core configurations may be changed very often and human actions play an important safety role in research reactors due to its specific experimental requirement. As a result, there is a necessary to conduct the PSA analysis of research reactors. This paper discusses the special characteristics related to the structure and operation and the methods to develop the PSA of research reactors, including initiating event analysis, event tree analysis, fault tree analysis, dependent failure analysis, human reliability analysis and quantification as well as the experimental and external event evaluation through the investigation of various research reactors and their PSAs home and abroad, to provide the current situation and features of research reactors PSAs.

Sijuan Chen,Zhijian Zhang,He Wang,Min Zhang,Huazhi Zhang,Anqi Xu,Yingfei Ma,Gangyang Zheng

DOI: https://doi.org/10.1115/icone26-82563

2018-07-22

Abstract:In the continuous operation process of Nuclear Power Plant (NPP), its configuration is full of variety over time because of the system’s dynamic characteristics. There is a great need to update the risk/safety analysis models when it becomes necessary to reflect those dynamic characteristics of the system/component. Most of the current methods for risk/safety analysis belong to the scope of safety pre-analyzing, which analyzes the system risk/safety before system being in service. The main purpose of these safety pre-analyzing is to guide system design and optimization, but the real-time operational risk/safety analysis of NPPs is considered little. In order to know well the real-time risk/safety for system, a System Safety Analysis Method based on Real-time Online Risk Monitoring Technology is proposed. The safety risk model is established based on the modular fault tree that is used to represent logic structure of system. The real-time risk/safety is monitored according to the correspondence monitoring signal or data of component/system. Simultaneously the method can account for the change of risks based on the established mapping relationship between the state transition rules and corresponding risk/safety model updating rules. Finally, a case monitoring the safety for the system of two redundant pumps was used to demonstrate the effectiveness of the method.

Feilong Zhang,Liangchao Chen,Bo Zhang,Jianwen Zhang,Qianlin Wang,Pengchao Wang,Jianfeng Yang,Zhan Dou

DOI: https://doi.org/10.1002/prs.12604

2024-04-06

Process Safety Progress

Abstract:The deep integration of information technology and process industry production systems makes system failure increasingly multi‐source and multi‐scale. In contrast to conventional hazard methods, system theoretic process analysis (STPA) can analyze the hazards in system control processes from the perspective of interactions among the system components. Theoretically, this method offers advantages that are better suited for modern production systems. However, as of now, the integration between STPA and process industrial production systems is still lacking. To address this issue, this study improved the original STPA method. First, we propose the "5 flows" concept for the process industrial cyber‐physical systems. The systems are described using multilevel flow modeling (MFM). This leads to the development of the MSTPA method, which is specifically designed to analyze the cyber‐physical hazards in process industrial production systems. Subsequently, the cyber‐physical hazards of a fluidized‐bed catalytic cracking unit are analyzed in detail using the MSTPA method as an example. The results show that MSTPA can identify cyber‐physical hazards in multiple dimensions. It is proved that, compared with the original STPA and traditional hazard methods, the MSTPA method can better identify cyber‐physical hazards in process industrial production systems.

engineering, chemical