IEEE Transactions on Nuclear Science, Vol. NS-28, No. 1, February 1981

A REVIEW OF NRC INSTRUMENTATION NEEDS

R. M. SATTERFIELD

UNITED STATES NUCLEAR REGULATORY COMMISSION

WASHINGTON, D. C. 20555

Abstract

The accident at Three Mile Island highlightedthe need to make improvements in nuclear powerplant instrumentation. Since the accident, theNuclear Regulatory Commission has required theinstallation of new equipment aimed at improvingboth post accident monitoring capability andthe operator/equipment interface.

Replacement of some existing equipment withqualified, highly reliable sensors and process-ing equipment will satisfy many of the new require-ments. But implementation of other requirementswill be more difficult. New measurement tech-niques must be developed or use of new technologiesmust be judged acceptable for safety purposes beforesome instrumentation needs can be satisfied. Thelack of commercially available equipment has causedreassessment of the importance of other instrumenta-tion needs.

Looking beyond those modifications neededto correct deficiencies discovered as a resultof the TMI experience, improvements in the reli-ability of normal plant operating equipment shouldbe considered to reduce the frequency of safetysystem challenges. Advanced i nstrumentationpresently available or under development may beuseful in identifying equipment degradation, therebypreventing major equipment failures and consequentplant upsets.

There is also a need for better diagnostictools for improving the operator's response cap-ability following plant upsets. Some of thesetools are now available but others which showconsiderable promise require more developmenteffort.

Although significant improvements in safetymay be possible through implementation of improvedinstrumentation, those improvements can be madeonly if the industry supports the developmenteffort with both money and manpower. The NRC,too, must be more receptive to the implementationof new technologies.

Introduction

In the nineteen months since the TMI event, theCommission has required modifications affectingmost aspefts of nuclear power plant design andoperation. Not surprisingly, many of these require-ments call for improvements in instrumentation.

While we have already implemented many reasonablysimple changes, over the next two years we expect tomake substantial modifications. But to do so,we will have to solve some difficult technicalproblems. We must also resolve what appear to beconflicting needs and goals.

In the first portion of my talkwill discuss some examples of newthat we believe are needed and pointdifficulties which have hindered

this morning, Iinstrumentationout some of theimpl ementation.

In the time remaining, I will offer you some ofmy own views on where we go from here. An importantlesson learned from the TMI experience was thatneither NRC nor the industry had been doing a (loodjob of applying advanced technology to improvenuclear power plant safety. In the past severalyears, there have been significant advances ininstrumentation designs and concepts which could beapplied to enhance safe operation. I will discusssome examples that I believe show considerablepromise and describe how they might satisfy futureNRC instrumentation needs.

Background

Recognizing that, for many of you here thismorning, the details of the Three Mile IslandAccident may be unfamiliar or receding in memory, Iwould like to spend a few minutes describing vwhathappened and some of what we learned.

The event was initiated by failure of a pumpsupplying feedwater to the secondary side of theplant steam generators. This led to an increase inprimary system pressure, causing a relief valve, orPORV, to open and the reactor to trip on Highpressure. Up to this point, about 30 seconds intothe event, the plant response to the upset wasnormal.

The auxiliary feedwater system started auto-matically when the loss of main feedwater flovw tothe steam generator was sensed. That action shouldhave ensured delivery of additional water to thesteam generators, but the flow paths were blocked byvalves which had been left closed following testsperformed prior to the event. The val ves were notopened until eight minutes later. More importantly,the PORV, which should have closed as reactorpressure decreased following the trip, remainedopen. However, the open PORV went un-noticeddespite several indications that the valve had

U.S. Government work not protected by U.S. copyright. 25

failed.

As reactor pressure dropped, the high pressureinjection system started automatically as designedand injected cold water into the reactor. Butshortly thereafter, the operator began to throttle,and at times terminated, high pressure injectionflow. As this flow was needed to compensate forcoolant being lost through the open PORV, andthereby to help maintain adequate core cooling, thisaction was one of the more significant factorscontributing to subsequent core damage. Theoperators took this action because they misinter-preted the instrument reading used to determine thestatus of coolant inventory. Further, they ignoredprimary system pressure readings which were belowthe value at which such flow is required. At thispoint, the accident had been underway for approxi-mately four minutes.

The relief valve remained open and systempressure and temperature continued to fall.Although coolant inventory was being lost duringthis period, circulation of the remaining coolantthrough the core and the steam generators continuedto provide core cooling for the first hour into theevent.

However, as coolant loss through the openrelief valve continued, the steam void fractionin the coolant increased, leading to a gradual lossin efficiency of the coolant pumps. Also, pumpvibration began to increase and, at about seventyminutes into the event, two of the four pumps wereshutdown to prevent pump damage. This caused coretemperatures to increase. Thirty minutes later theother two pumps were turned off. Significant fueldamage began to occur at that point and continuedfor the next eight hours.

Two and one-half hours into the event,operators finally recognized that the PORV was stillopen and closed a block valve located upstream ofthe PORV. It was another thirteen hours beforeadequate core cooling was reestablished.

Since the accident, groups within the NuclearRegulatory Commission and outside the agency havere-thought most aspecis34f 5nuclear power reactordesign and operation.''' The lessons learnedhave been many. A significant conclusion reachedfollowing the accident was that the control roominstrumentation displays available to the operatorcould have provided the information needed todiagnose the event. However, the available instru-mentation was not fully utilized due, in part,to insufficient training and poorly written pro-cedures.

Further, as all studies and investigations ofthe event have shown, the operators had difficultyinterpreting control room displays because insuffi-cient attention had been given to human factors inthe design of those displays. The information wasthere but the operators had difficulty absorbing anddigesting it. That hindered diagnosis, causingdelay in the recognition of the significance of theevent and prompting the operators to take actionwithout fully understanding the implications of whatthey were doing.

Correction Of TMI Deficiencies

The Commission reacted promptly to remedy someinstrumentation deficiencies. An operator's primaryresponsibility during a major reactor accident is tosee that adequate core cooling is maintained. Ifcooling problems are detected the operator mustinitiate mitigating measures promptly. To keep theoperator better informed about the status of plantsystems, particularly as that status relates tomaintaining adequate core cooling, the Commissionrequired:

O new instrumentation to monitor directly theposition of primary system relief and safetyvalves; and

O a subcooling meter to provide continuousindication of the degree of subcooling ofthe coolant in the reactor vessel to warnthe operators that conditions for voiding inthe coolant are being approached.

In the longer term, the Commission has requiredor is considering a variety of plant modifications.Many are aimed at further improving post accidentmonitoring instrumentation and enhancing theoperator/equi pment interface.

Some of this instrumentation will be difficultto implement. It will require the development ofnew measurement techniques or involve the employmentof new technologies not now widely used for safetyrelated purposes in nuclear power plants. There-fore, these modifications present special challengesfor both the industry and the NRC.

Post Accident Monitoring Instrumentation

A major activity that the Commission beganfollowing the TMI event was to reassess the instru-mentation needed to monitor plant process variablesfollowing accidents. The objective was to ensurethat all variables of interest were monitored andthat the sensors and signal processing equipmentwere of sufficiently high quality and reliability.

This issue is not new. In 1977, the NRCpublished Regulatory Guide 1.97, which described thestaff position related to instrumentation needed tomonitor plant variables and systems during andfollowing postulated accidents. For a numberof reasons that are beyond the scope of thismorning's discussion, this guide was never fullyimplemented.

Following the TMI accident, a task group wasformed to revise this guidance, incorporatinglessons learned from the event. As a result of somevery productive industry involvement, this revisedguide is almost ready for publication.

In considering the instrumentation to beincluded in the guide, it was necessary to matchneeds against the availability of instrumentation.While most plant variables of interest are routinelymonitored at nuclear power plants, demonstrated

26

monitoring techniques do not exist for some para-meters. This difficulty has forced us to postponeimplementation dates, allowing time for developmentwork to proceed, or to delete monitoring require-ments. I would like to discuss some examplesto highlight those implementative difficulties.

Inadequate Core Cooling Instrumentation

To better aid the operator in identifyinginadequate core cooling conditions and to promoterecovery from those conditions, we have requiredthat additional instrumentation be installed to moredirectly indicate deteriorated core thermal conditions.

To satisfy this requirement, we believe thatowners of pressurized water reactors must installinstrumentation to monitor water level in thereactor vessel. This presents some interestingchallenges to the instrumentation designer.

First, to hold down costs, installation mustbe as compatible as feasible with the existingdesign. Second, the complexity of reactor internalslimits the flexibility available to the designer ininstalling additional sensors inside the reactorvessel. Third, the design problem is made moredifficult by the need to ensure highly reliableoperation under extremely harsh environmentalconditions.

One reactor vendor has proposed using differen-tial pressure transmitters connected to sensinglines tied into existing pressure taps in theprimary system. Although the design of this systemis reasonably straightforward, there is a questionregarding the validity of the correlation betweenmeasured pressure difference and vessel water levelwhen the reactor coolant pumps are running or forcertain types of breaks in the primary systempiping.

A design proposed by a second reactor vendoremploys a string of heated thermocouples insertedthrough a penetration in the top of the reactorvessel. Level detection is based on measurement ofheater current which varies with the degree ofwetting of the heated junction. Even this ruggedand reasonably simple measurement device haspossible drawbacks in that droplet condensation onan otherwise dry junction could give a false indica-tion of level.

Another design which has been evaluated at OakRidge National Laboratory under NRC sponsorshipemploys ultrasonic wave propagation techniques. Itis proposed that a twisted metal ribbon be insertedat the top of the vessel and traverse the coreregion. The vessel level is inferred from thetraverse time of an ultrasonic wave along the ribbonas that time varies with fluid density. In thiscase, the electromagnetic pulsing devices used toproduce the ultrasonic wave have not yet beendeveloped to withstand the harsh environmentalconditions they could be exposed to during majoraccidents. Current activities are directed towarddeveloping a method of generating the ultrasonicwaves outside containment.

Perhaps the most innovative design is a devicebeing promoted by a company specializing in micro-wave systems, but with no previous nuclear exper-ience. The design requires that a microwave waveguide be inserted into the reactor vessel head,permitting microwave pulses to be reflected off thewater surface. The problems here are in choosing anoptimum microwave frequency and in designingthe containment and vessel penetrations. Thepenetration must maintain containment and vesselintegrity but also must efficiently transmit thesignal.

Al l these designs, and others I do not havetime to describe, were recently discussed at an NRCsponsored information exchange meeting held atIdaho National Engineer Laboratory. The meeting wasattended by representatives of the utilities,instrument supply firms, the national laboratories,EPRI, and by observers from overseas. At theconclusion of this meeting, NRC invited participantsto coordinate their efforts in proposing testprograms for promising instrument systems andoffered to make available various governmenttest facilities for such tests, where appropriate.Also, I understand that ad hoc industry groups wereorganizing to address some of the unresolved designproblems discussed.

We are presently requiring that water levelinstrumentation, and the procedures necessary forits use, be implemented by January 1, 1982. To meetthat date will require considerable effort by boththe industry and the NRC staff.

Effl uent Monitoring

Prompt analysis of plant radioactive effluentscan provide information important to the assessmentof an event involving fuel damage. Assessment ofthe quantity of radionuclides gives an indication ofthe severity of fuel damage, permitting, at the sametime, a determination of the radiological impact ofthe release on people down wind of the plant.

Yet experience has shown that effluent moni-toring systems are in many respects inadequate foron-line post accident monitoring. Because of thecomplexities in differentiating among noble gases,radioiodines and particulates in potential plantreleases, effluent monitor indications producedduring actual releases have led to over-estimatingthe severity of these events and, in a few instan-ces, have been responsible for causing considerablesiderable but warranted alarm.

During the TMI event, gaseous radioactiveeffluents were sufficient to drive the effluentmonitors offscale, or produce erroneous readings,thereby further complicating the task of the oper-ations personnel in assessing the need for offsiteemergency actions.

Gaseous effluent-monitors usually consist ofthree components -

O gross activity detection as an indicator ofnoble gas releases,

27

O radioiodine detection, usually by collectionand detection of the i odi nes on charcoal,and

O particulate detection through determinationof activity collected on a filter element.

The detection of noble gases is reasonablystraightforward. Technological problems exist,however, in monitoring of particulates and radio-iodines in plant releases during accidents. Theaccident results in the presence of comparativelylarge concentrations of short-lived noble gases,which the detectors of the particulate and iodinemonitor components record as particulates andradioiodines. The problem is further compounded bythe preferential absorption of noble gases inthe charcoal cartridges. Although the noble gasesare not retained for any substantial time, the neteffect of a continuous flow of gases through thecharcoal cartridge is a localized concentration ofnoble gases, which is recorded as radioiodine.In addition, accident levels of I-131 concentratedon the charcoal cartridge in close proximity to thedetector can accumulate, saturating the detector.

At this time, there are no demonstrated tech-niques and no equipment available on the commercialmarket that will accurately interpret radioiodinesor particulates in plant gaseous effluents underaccident conditions.

In the absence of on-line monitoring cap-ability, we have concluded that sampling of plantgaseous effluents, with laboratory analysis ofsamples subsequent to release, is the only validtechnique for monitoring accidental releases ofradioiodines and particulates. There is a pressingneed for a better on-line detection capability.

Natural Circulation Flow

Since the TMI event, the importance of naturalcirculation has been highlighted as a primary meansof heat deposition to the secondary system ofpressurized water reactors. Calculations of thermalhydraulic effects which follow as a consequence ofsmall breaks in the primary system piping have shownthe need to trip the main reactor coolant pumpsearly in events of this type. As a result ofactions taken by the NRC staff more than a year ago,all licensees with operating PWRs are required totrip these pumps manually when small break condi-tions are detected and promptly ensure that naturalcirculation cooling has been established.

There are a number of parameters which theoperator can use to confirm the existence of suchcooling. Present procedures call for the operatorto monitor existing resistance temperature detectorsinstalled in the hot and cold legs, incore thermo-couples, and secondary side steaming rates. Howevera more direct indication of natural circulation flowis needed and, in writing Regulatory Guide 1.97, weconsidered requiring that all licensees installprimary coolant flow detection capability sufficientto detect the low flow rates, for both normal andreverse flow conditions, that can be expected duringnatural ci rcul ati on.

While there are demonstrated techniques avail-able for this purpose, the ruggedness of this

instrumentation is questionable. This instrumen-tation would be expected to meet safety graderequirements and, therefore, would be required to beboth environmentally and seismically qualified.As we recognized that compliance with these require-ments will be difficult, this instrument has notbeen included in the guide.

Operator-Process Interface

As I mentioned earlier, the TMI event andstudies which followed clearly identified the needto change the design of nuclear power plant controlrooms to improve the operator's capability torespond to plant upsets. Since the event, therehave been many references both in the scientificliterature and in the press to the thousands ofalarms, switches and displays which the operatorsmust -rely on to assess plant conditions and takemitigating actions.

No one questions the validity of these criti-cisms -- the need for prompt action to correctcontrol room display and arrangement problems isobvious to anyone who has spent any time in anaverage power reactor control room. There i s,however, considerable question as to timing ofactions to be taken and the degree to which theymight complement improvements which might beimplemented later.

Safety Parameter Display System

One of the major modifications related tooperational displays which the Commission hasrequired be installed at all nuclear power plants isa Safety Parameter Display System. The purpose ofthis system is to provide the operator with acontinuous display, at one point in the controlroom, of the safety status of the plant. While notintended as a diagnostic system, it must be capableof displaying trends in important variables to allowcontrol room operating personnel to assess plantstatus rapidly. It is expected that the operatingpersonnel will rely primarily on normal control roominstrumentation in taking subsequent mitigatingaction and monitoring the effectiveness of theseactions.

There is general agreement within industry thatsuch a display system is needed. Yet considerabledebate continues on how complex the system shouldbe and on the basic design requirements that shouldapply. For example, there were those who arguedthat a hardwired display system that was reasonablysimple and collected signals from a limited numberof sensors was desired as it could be installedquickly. However, we were of the view that useshould be made, where a licensee desired, of themore sophisticated information-processing capabilityprovided by process computer technology and we haverelaxed our implementation schedule for this item tohelp promote that application.

Draft design guidelines for this and otheremergency support facilities required by theCommission were published for public comment in Julyof this year. We are not requiring redundancy,but instead believe that the processing and displaydevices should be of proven high quality and reli-ability with the total system designed to achieve an

28

unavailability goal of .001. That number wasadmittedly selected somewhat arbitrarily andindustry feedback has suggested that a computerbased system cannot meet this goal without relyingon redundancy.

We have also required that the system continueto function during and following an earthquake. Ourreasoning was that the operators may have thegreatest need for the system during an earthquake asthe effects of such an event will probably be feltplantwide and may result in considerable confusionin the control room.

Again, industry comment suggests that, bycomplying with seismic qualification criteria,certain desirable design features may have to bedeleted. As a severe earthquake is a very lowprobability event at most plant sites, we mustcarefully balance the benefits to be gained throughseismic qualification against possible losses insystem capabilities which may also result.

We are sensitive to the possibility that, byapplying too stringent design requirements to asystem of this sort, we may make it impossible toimplement a system that could substantially add tothe operator's response capabilities during anaccident. Industry must work together with the NRCto develop system requirements so that the systemgoals -- both functional capability and performancereliability -- can be optimized.

Future Instrumentation Needs

I would now like to turn to a discussion offuture NRC instrumentation needs, as I see them, andnew instrumentation which may play an important rolein satisfying these needs.

Plant Performance Improvements

plant upsets.

Acoustic Monitoring Equipment

Acoustic monitoring techniques have a varietyof applications in this area. Acoustic monitoringsystems have been installed at operating plants tosatisfy the Commission's requirement that theposition of safety and relief valves be monitored.In addition, to monitoring the open-closed status ofthe valve, the systems can be used to detect grad-ually increasing leakage indicative of valve wear-out. Such monitoring capability allows valves to beremoved for maintenance in time to prevent theirbeing the cause of operational difficulties.

Acoustic monitoring techniques have been usedas part of vibration monitoring programs for largerotating machinery such as pumps and turbines. Inmost applications, vibration amplitude is monitored,with alarms being generated when amplitude signalsindicate a dangerous operating condition. Moresophisticated analysis techniques which cal beapplied on-line are now being developed. Ifsuccessful, these techniques may allow the ident-ification of causes of equipment degradation,leading to better maintenance planning and improvedequipment reliability.

At least one reactor vendor has developed anacoustic monitoring system for monitoring theintegrity of the total primary system pressureboundary. Such a system has clear safety benefits.The rapid identification of the occurrence of a leakand its approximate location would enable operatingpersonnel to take appropriate action to isolate theleak and thereby minimize its effects.

Noise Analysis

Traditionally, the NRC has focused its atten-tion on event mitigation rather than prevention.Our regulations are aimed primarily at safety systemdesigns and the performance of those systems; normaloperating systems have not normally been the subjectof review.

However, a review of nuclear power plantoperating experience shows that many events occur --

most of relatively minor significance -- whichresult in reactor trip and, occasionally in actua-tion of emergency core cooling systems. Reliance onbackup safety systems to mitigate minor transientsis, in my view, undesirable as the risk of safetysystem failure is directly related to the rate ofchallenges to those systems. In addition, safetysystem action usually results in abrupt changesin process conditions and system response which canhender the operator's ability to cope with theevent. Steps should be taken by the industry,particularly the utilities responsible for plantoperation, to reduce safety system challengesthrough improvements in operating system performance.

There is instrumentation presently available orunder development, most of which has been madepossible through the introduction of low costcomputers, which would help -the operator in earlyidentifiction of equipment abnormalities, therebypreventing major equipment failures and consequent

Noise analysis techniques may prove to beanother useful tool for identifying impendingprocess equipment failures. Extensive use has beenmade of noise measurements to identify core barrelmotion and monitor the vibration of reactor inter-nal s. Through work being performed for the Com-mission by Oak Ridge National Laboratory, baselineneutron noise spectra are being obtained at a numberof different pressurized water reactor facilities.It is our hope that these spectra will be of use inthe analysis of possible future operational problemsat facilities of this type.

Oak Ridge has also developed a continuouson-line surveillance system for monitoring noisesignals 9from a variety of nuclear power plantsensors. The system calculates the power spectraldensities for the signals monitored as a function oftime and, by using pattern recognition techniques,identifies changes in noise spectra. While not yetfeasible, on-line analyses of such changes could beused someday to detect degradation of plant equip-ment, making noise monitoring systems a powerfulsurveillance tool for the operator.

Through the cooperative efforts of the NRC andTVA, Oak Ridge personnel are presently installing aprototype surveillance system at the SequoyahNuclear Station with the objective of gaining abetter understanding of the relationships betweenthe spectra monitored and the status of the plant

29

equipment and process variables.

Sensor Validation Techniques

theless, the value of alarm suppression calls forcontinued critical examination and testing ofsuppression techniques.

In most nuclear power plants today, the valid-ation of measured data continues to be the opera-

tor's job. Yet evidence suggests that this is a

task that he may perform poorly. Tools are neededthat can be used to alert the operator that sensorshave failed or that instrumentation is supplyingincorrect information. As mentioned earlier, noiseanalysis techniques, if they can be automated, may

prove useful in assessing the health of importantsensors during normal operation.

Work is also underway to develop calculationalmodel s whip~can be used on-line to simulate plantbehavior. The calculational models allow com-

parison of different process variables to eachother, and, with the use of testing techniques, thepossible identification of incorrect measurementdata.

Diagnostic Aids

In addition to improvements aimed at enhancingthe operator's ability to detect degradation ofplant equipment, diagnostic aids to serve theoperator during and following plant upsets areneeded.

Here, noise analysis appears to be a proventechnique. In a post accident situation, automatic,on-line analysis is not longer so important as anengineer can be provided to analyze and interpretdata. This approach was successfully used at TMI,where the health of sensors was determined, sensorfailure was predicted 11and thermal hydraulic cond-itions were confirmed.

A logical extension of the Safety ParameterDisplay System discussed earlier is a disturbanceanalysis system which makes use of monitored plantparameters in conjunction with calculated eventsequences to focus tpf operator's attention onthe causes of upsets. Such systems are limitedby the inability of the system designer to predictall possible event sequences. However, in myview, that limitation can be accommodated bydeveloping a system that requires the operatorto interrogate the system for information anddesigning system output so that it promotes diag-nosis by the operator rather than dictating thediagnostic outcome. In this way, the operatorcontinues to be relied upon as the final decisionmaker. But he has available to him a system whichcompensates for his inability to quickly scan manydifferent information inputs and evaluate a wide

variety of possible event sequences.

Closely allied to the need served by thedisturbance analysis system is one for better alarmfiltering. The fact that the operators at ThreeMile Island were inundated with over one hundredalarms immediately following the event was widelypublicized and roundly criticized by the investi-gators looking into the event. A means of suppress-ing non-vital alarm signals during and following an

upset could have substantial safety benefit, but, asdiscussed to ensure that alarms can be discountedrequires a knowledge of the full scope of possibleevent sequences which does not exist today. Never-

30

Conclusions

The Three Mile Island accident highlighted forall of us the need to make improvements in reactorsafety. With the help of industry, the Commissionhas begun to institute changes aimed at accomplish-ing that goal and, as I have indicated this morning,modifications to plant instrumentation have playedan important role in the upgrading action.

Yet more remains to be done. If we accept thestatus quo in reactor design and operation, we missa major lesson of the Three Mile Island event --that the process of instituting safety improvementsmust be a continuing one and should reflect, asearly as practicable, the products of new develop-ments in the technology.

Over the past year, the Commission has takenupon itself the development of requirements with, insome instances, little industry involvement. Thiswas necessary to speed implementation of plantmodifictions. We recognize that such an approach isnot without the risk of error. Operational problemsare better addressed when industry purposes thedesign modifications, and NRC reviews and modifieswhere appropriate. The nuclear industry, part-icularly the utilities, must become more active indeveloping safety improvements -- that will requirea commitment of money and manpower.

Finally, the NRC must make some changes.Traditionally we have been skeptical about imple-menting some advanced technologies for safetypurposes. Thus, we share some of the blame for thelack of progress in upgrading reactor design. Butwe, too, have learned from Three Mile Island and Ibelieve we recognize that advanced techhologies canplay an important role in making safety improvements.

References

1. ANON, "NRC Action Plan Developed as a Resultof the TMI-2 Accident," NRC NUREG-0660, August1980.

2. ANON, "TMI-2 Lessons Learned Task Force StatusReport and Short Term Recommendations," NRCNUREG-0578 July 1978.

3. ANON, "TMI-2 Lessons Learned Task Force FinalReport," NRC NUREG-0585, October 1979.

4. Kemany, J. G., et.al., "The Accident at ThreeMile Island - Report of the President's Com-mission," October 1979.

5. Rogovin, M., et.al., "Three Mile Island -

A Report to the Commissioners and the Public,"Volume I, January 1980.

6. ANON, "Instrumentation for Light Water CooledNuclear Power Plants to Assess Plant ConditionsDuring and Following and Accident," NRCgultory Guide 1.97, Revision 1, August 1977.

7. ANON, "Functional Criteria for EmergencyResponse Facilities," NRC NUREG-0696, July

1980.

8. Frarey, J. L., "Automated Machinery Diag-nostics," 25th International InstrumentationSymposium, Anaheim, California, May 1979.

9. Sides, W. H., et.al., "Automated RecognitionSystems for Noise Analysis," Transactionsof the 1980 Annual Meeting of the AmericanNuclear Society, June 1980.

10. Deyst, J. J., et.al., "Sensor Validation:A Method to Enhance the Quality of the Man-Machine Interface in Nuclear Power Stations,""IEEE Transactions of the 1980 Symposium onNuclear Power Systems, To Be Published.

11. Buhl, A. R., et.al., "Reactor DiagnosticsPassed The TMI Test", Transactions of the1980 Annual Meeting of the American NuclearSociety, June 1980.

12. Meyer, C. H. et.al., "A Disturbance AnalysisSystem for On-Line Power Plant Surveillanceand Diagnosis," Working Conference on AdvancedElectrotechnology_Applications to NuclearPower Plants, Washington, D. C., January1980.

31