I&C Status in France&
Recommendations to IAEA
IAEA TWG-NPPIC Meeting24-26 May 2011
Vienna
Patrick Salaün – EDF
2 - IAEA TWG-NPPIC - 24 - 26 May 2011
Nuclear Power Plants in France
PWR 900 MW series : 34 units 6 CP0, 18 CP1, 10 CP2 unitsConnection to the grid: 1977 - 19883rd ten-yearly outage: 2008 – 20184th ten-yearly outage : 2018 - 2028
PWR 1300 MW series : 20 Units6 P4 / 14 P’4 unitsConnection to the grid: 1985 - 19942nd ten-yearly outage: 2005 - 20133rd ten-yearly outage: 2015 – 2023
PWR 1450 MW series : 4 unitsConnection to the grid: 1996 - 19992nd ten-yearly outage: 2017 - 2019
PWR EPR series : The first unit currently being builtA second unit is planned (some uncertainty)
Gravelines
ChoozCattenom
Nogent
Fessemheim
St-Laurent
Belleville
Bugey
St-Alban
CruasTricastin
Golfech
Le Blayais
Civaux
Chinon
Flamanville
Paluel
Penly
Dampierre
Life time extension : up to 60 years, for most units
3 - IAEA TWG-NPPIC - 24 - 26 May 2011
I&C Technologies in the NPPs in France
TurbineControl
Analog Automation
Logic Automation
Reactor Protection
Control Room Systems
900 1300 N4
Electronic components (REC 70)
Analogue electronic components(8720 & 9020 series)
Electromagnetic relays
Electromagn. RelaysAnalogue electronic components
Conventional panelComputerized aids
REC 70Digital eq. (MicroRec)
Digital equipment. (MicroRec)
9020 seriesCOTS DCS (Micro Z)
DCS (Contronic E)Specific PLC (SCAP)
COTS PLC (Controbloc)
DCS (Contronic E)Specific 1E PLC (CS3)
Specific 1E digital system (SPIN)
Specific 1E digital system (SPIN-N4)
Conventional panelComputerized aids
Computerized CRConventional panels (Remote & back-up)
EPR
Digital equipment (P320)
DCS (T2000)
DCS (T2000)
Specific F1A digital system (TXS)
Computerized CRConventional panels (Back-up. )
Global initial strategy regarding “critical” I&C systems: Spare part of componentsLong term agreement with the suppliers : competencies and tools
4 - IAEA TWG-NPPIC - 24 - 26 May 2011
I&C modernization projects in operating French NPPs : The 900 MWe Series (1)
The 3rd ten-yearly outage in progress, from 2008 (Head unit) up to 2018. The I&C ageing observation phase results (2003) : Good long-term agreement with suppliers. No major modernization projects.
Partial modernization of the Rod Control system(IPS-NC) : No modification of the instrumentation (1E) and of the power modules (gripper coil currentgenerator). The new system is based on PLCs (computation), networks and FPGA-Based modules (slave cycler. Time constraint : 1 ms).Renovation of the In-Core Instrumentation system. New system based on PLCs (same as for RCS)and a supervisor shared with the Rod Control system.Some modules of the Process Instrumentation System(Bailey 8720 on CP0 : discrete analog technology) were replaced (redesign with new components but same technology)The relay-based systems (logic automation) were not replaced: the I&C ageing observation phase has considered that they could last up to the next ten-yearly outage (40 yrs), at least.
5 - IAEA TWG-NPPIC - 24 - 26 May 2011
I&C modernization projects in operating French NPPs : The 900 MWe Series (2)
Renovation of the Rod Control System
Renovation of the In-core Instrumentation system
6 - IAEA TWG-NPPIC - 24 - 26 May 2011
I&C modernization projects in operating French NPPs : The 900 MWe Series (3)
During the 3rd ten-yearly outage.Modernization of the Turbine Control system (on CP0, only)Same architecture : Card-by-card replacement. Redesign with new analog components.Renovation of Diesel Alarm System : replacement of the relay-based system by a PLC
Preparation of the 4th Ten-Yearly Outage (2018 – 2028)Objective : extension of the lifetime up to 60 yrsConstraints : all the important modernization projects must be done during this outage, not during the 5th ten-yearly outage (ROI)Ageing & Obsolescence observation phase started (end: mid-2012)Benchmarking of old NPPs with relay-based systems still on duty outside EDF, started.
Project in progress: renovation of the Primary Pump Speed Control (1E). Analog discrete system replaced by a PLD-based system. 1E Qualification in progress (IEC 62566)
7 - IAEA TWG-NPPIC - 24 - 26 May 2011
I&C modernization projects in operating French NPPs : The 1300 MWe Series (1)
The 3rd ten-yearly outage in preparation. Head of series in 2015. The I&C Ageing Observation phase and Preliminary studies (2007-2009) gave their results: Some I&C modernization projects are decidedOn going projects. :
Modernization of the Main Control Room. Same design, hardwired panels are kept but some improvement of the Information System are decided : new tools and HIS for helping the operators (real-time control)
New supervisor with more screens and with new or improved mimic diagrams, video…Improvement of the alarm management, together with therenovation of part of the Controbloc (automation system) New systems with functionalities added for monitoring the reactor behavior (connected to the power up rate) : Core 3D_monitoring… Replacement of the paper recorders by digital recorders (cat. B)
8 - IAEA TWG-NPPIC - 24 - 26 May 2011
I&C modernization projects in operating French NPPs : The 1300 Mwe Series (2)
Modernization of the RPS, RCS, NIS with SPINLine4 (RRCN) technologyRPS: Partial modernization at computation level. Keep the global architecture, the I/0 racks and the cabling RCS: Total modernizationNIS: Partial modernization at computation level. keep the I/0 racks and cablingCommon Maintenance tool for the 3 systems
Logic Automation system (Controbloc) : No problem (aging, obsolescence…) for the next ten years New functionalities/alarms may be added, but not enough marginSome improvement at the system level to be considered: interface with a PLC…
Some modernization projects :Development of a “bridge” between the existing (proprietary) Controbloc and a PLC (first installation : Flamanville)Re-design of a module URN (FPGA-based solution, in cat.B): improving the link with the plant computer (TCI) and (re)capitalize the knowledge on the original design.
Renovation of the part of the system (UGA/B) in charge of collecting and dispatching alarms to the control room. New system based on Alstom P320 : same architecture with 2 trains (next slide).
9 - IAEA TWG-NPPIC - 24 - 26 May 2011
I&C modernization projects in operating French NPPs : The 1300 Mwe Series (3)
X8 max
X8 max
Serveurs de données temps réel redondants
Type CIS Safety
Passerelles type CE3000S
Voie A Voie B
Passerelle type CE3000S
8 Gestionnairesd’écran
60 Châssis ControblocN20
20 Châssis ControblocN20
2 Gestionnairesd’écran
Gestionnaired’écran
de rechange
La passerelle 19 " redondante CE3000S Comporte 2 Cartes UT156 et 10 slots:5-7 cartes GLM1-4 cartes I/O1 carte liaison serie
Câblage E/S existantCâblage E/S
existant
Réseau S8000 Safety - fibre optique Réseau S8000 Safety - fibre optique
Liaison série optique safety
Architecture du système
Serveurs de données temps réel redondants
Type CIS Safety
10 - IAEA TWG-NPPIC - 24 - 26 May 2011
I&C systems being installed in EPR Flamanville (NPP under construction) (1)
EPR : Generation III+ PWR Design. Based on N4 (F) and KONVOI (D) experience : Fully digitalized I&C system and 4 divisions. In operation in 2014
I&C Architecture : T2000/S5, TXS & P320 (Turbine)
11 - IAEA TWG-NPPIC - 24 - 26 May 2011
I&C systems being installed in EPR Flamanville (NPP under construction) (2)
Main Control Room
Implementation in different rooms
12 - IAEA TWG-NPPIC - 24 - 26 May 2011
I&C research and development projects; new I&C technologies (1)
Projects concerning the next NPPs (EPR)Independent Confidence Building :
Formal verification (software, FPGA)Test : functional test coverage, statistical testsVerification of the sizing of the I&C architecture : allocation of the functions, time performance, Safety…Cyber Security (I&C systems and connected tools)
Basic Design:Proposal for a basic/generic architecture (Industrially reasonable, Acceptable in all the countries)Contribution of FPGA-based solutions (safety systems, diversity…)
Integration of operation needs (Integration of information but also separation of safety classes )
Harmonics Project (China-Europe): Harmonized Assessment of the Reliability of MOdern Nuclear I&C Software
Objective : to ensure that the nuclear industry has well founded and up-to-date methods and data for assessing software of computer-based safety systems of Gen-II and Gen-III NPPs.the project should foster an international consensus based on a sound scientific and technical approach, and hopefully provide a good basis for harmonization. »
Next generation of HIS: new functionalities for operation, Human Factor, classified products (requirements & development)…
13 - IAEA TWG-NPPIC - 24 - 26 May 2011
I&C research and development projects; new I&C technologies (2)
Impact (benefit & risk) of the new technologies: Wireless, FPGA…
Model Driven Engineering: methods & tools
To ensure the continuity of the studies:Throughout the project lifecycleBetween functional and equipmentFrom plant design to plant operation
To have an updated knowledge database:To understand design choicesTo pass knowledge across generations
“Concept PLM (Product Lifecycle Management)”: clarification of justifications in the documentary reference frame. Requirements Traceability. Multi-views diagrams.
Instrumentation: Evaluation of uncertainties of measurement, Environment of measurement (EMC, Temperature, irradiation…), Innovating systems of measurement (chemical tracer…)
Knowledge management: retrieve, rebuild, and structure useful knowledge to maintain ageing units
Modelling of Operation requirements
Basic design
Detailed I&C specifications
I&C and operation requirements
Platform validation
On site validation
Modelling of I&C specifications
Simulation of specifications
Choice and qualification of I&C platforms
Architecture design
PLC programming
I&C architecture optimization
HILsimulation
Integration tests
Acceptance tests
Non regression tests
Validation of specifications
What-if simulations
Validation of design hypothesis Training
Code verification
Modelling of physical part
14 - IAEA TWG-NPPIC - 24 - 26 May 2011
Recommendation to the IAEA regarding the content and format of future I&C activities (1)
TMI, Chernobyl and now Fukushima : efforts are needed to increase public confidence in nuclear energy; Problems arriving in one unit have a world impact, not only national.Some directions are suggested for piloting activities :
1. Maintaining the existing Nuclear Power Plant with a High Safety levelRising up the Safety Level : The need of increasing the Safety level of old plants is obvious. That doesn’t mean necessary to reach the current Safety level but prove that the best accessible level is achieved.. Arrive at an international consensus which leaves few margins of interpretation to
each country Define a methodology of re-examination of the level of safety of the units before
renovation or periodically: a framework for the audits. Perform audits on current situation and propose risks reduction (process, I&C,
Human…) by an independent entity
15 - IAEA TWG-NPPIC - 24 - 26 May 2011
Recommendation to the IAEA regarding the content and format of future I&C activities (2)
1. Maintaining the existing Nuclear Power Plant with a High Safety levelControl the Obsolescence and Ageing of I&C equipment (analog equipment, digital equipment, cabling, connectors…)
Understanding of ageing mechanisms and factors, in particular for current integrated circuits and electronic boards.Management of spares, long-term storage, verification. Maintenance strategy : e.g. periodic replacement or on failure?Estimation / Extension of remaining lifetime (obsolescence, aging mechanisms…)Evaluation of costs, risks, benefits of different I&C modernization options
Integrate the ageing workforce and inadequate existing documentation in a long-term management of I&C expertise
Identification and documentation of key knowledge, including I&C design basisMeans to retrieve, rebuild, structure and pass the documented knowledge to the new generation
Guidance for Maintaining existing I&C Systems (architecture, component and knowledge)
16 - IAEA TWG-NPPIC - 24 - 26 May 2011
Recommendation to the IAEA regarding the content and format of future I&C activities (3)
2. Building Safe and Efficient new NPPs Safety Aspect
Define more precisely the Safety Level to reach: Between the high level requirements and the National Regulator requirement/IEC Standards. Define a minimal number of unavoidable requirements that all the units must satisfy. For example, the contents of the 2 minimal lines of defense that a system must cover, the characteristics of a standard ATWS, which complementary situations must absolutely be studied...
Common requirements: international consensus to be reached (regulatory requirements)
Efficiency AspectSpecification & Design of I&C architecture taking lifetime into account. Product Lifecycle Management (PLM) : requirements traceability, Modification…Method & tools for the allocation of the functions according to the utility’s requirements (architecture, performance, safety…) and I&C platforms’ characteristicsMethods & tools for Plant performance improvement:
New technologies for reduction of uncertainties in measurements to increase power output while maintaining safety marginsReduction of likelihood of human errorsReduction of operation & maintenance costs (information systems, on-line monitoring, diagnostic…)
17 - IAEA TWG-NPPIC - 24 - 26 May 2011
Recommendation to the IAEA regarding the content and format of future I&C activities (4)
3. New Technologies - Impact Regulatory uncertainties regarding “new” technologies
ASICs / FPGAs : for component/module replacement, for design of new I&C systemsWireless technologies : May avoid / limit need for new cabling for additional monitoring measurements. Could be used to assist and integrate the work and actions of local teamsData communication networks (including fieldbus)Classified HIS : same interface for the operator (HF aspect)Cyber-security
Guidance for a safe use of new technologiesEvaluation of COTS I&C equipment and I&C architecture
I&C platforms, architecture, “smart” devices… (we are at the limits of the acceptable complexity)Representation of digital systems in probabilistic modelsRealistic consideration for assessment of software (system + application) : Verification and Validation (tests) as complementary tools. Test coverage.Realistic consideration of software common cause failures What is common to, and can be shared by, all / most countries to reduce the licensing cost?What can be shared with other safety-aware industries?
Common assessment criteria to reach a minimum certification level acceptable by all the country: international consensus (as in aeronautics)
18 - IAEA TWG-NPPIC - 24 - 26 May 2011
IAEA – TWG-NPPIC 24-26 May 2011
Thank You