An initial appraisal of the event-tree methodology used in the Angra 1 nuclear power station probabilistic safety assessment

The event-tree analyses of the Angra 1 nuclear power plant probabilistic safety assessment were performed by means of the explicit method of event-tree modelling of shared-equipment dependencies, from which some insights were drawn. At first, we discuss in this paper the effects of collapsing equal impact vectors (from the quantification point of view also). The second feature discussed is related to a critical analysis of the dependency matrix concept in view of a counterpart to it—namely, the GO methodology in the context of modelling intersystem dependencies. Finally, we discuss the possibility of using our computerized event-tree analysis methodology for assessing the unavailability of the involved standby safety systems, most of which are recognized to be noncoherent structures.     

Development of a dynamical systems model of plant programmatic performance on nuclear power plant safety risk

Application of probabilistic risk assessment (PRA) techniques to model nuclear power plant accident sequences has provided a significant contribution to understanding the potential initiating events, equipment failures and operator errors that can lead to core damage accidents. Application of the lessons learned from these analyses has resulted in significant improvements in plant operation and safety. However, this approach has not been nearly as successful in addressing the impact of plant processes and management effectiveness on the risks of plant operation. The research described in this paper presents an alternative approach to addressing this issue. In this paper we propose a dynamical systems model that describes the interaction of important plant processes on nuclear safety risk. We discuss development of the mathematical model including the identification and interpretation of significant inter-process interactions. Next, we review the techniques applicable to analysis of nonlinear dynamical systems that are utilized in the characterization of the model. This is followed by a preliminary analysis of the model that demonstrates that its dynamical evolution displays features that have been observed at commercially operating plants. From this analysis, several significant insights are presented with respect to the effective control of nuclear safety risk. As an important example, analysis of the model dynamics indicates that significant benefits in effectively managing risk are obtained by integrating the plant operation and work management processes such that decisions are made utilizing a multidisciplinary and collaborative approach. We note that although the model was developed specifically to be applicable to nuclear power plants, many of the insights and conclusions obtained are likely applicable to other process industries.     

Reliability analysis of hierarchical computer-based systems subject to common-cause failures

The results from reliability modeling and analysis are key contributors to design and tuning activities for computer-based systems. Each architecture style, however, poses different challenges for which analytical approaches must be developed or modified. The challenge we address in this paper is the reliability analysis of hierarchical computer-based systems (HS) with common-cause failures (CCF). The dependencies among components introduced by CCF complicate the reliability analysis of HS, especially when components affected by a common cause exist on different hierarchical levels. We propose an efficient decomposition and aggregation (EDA) approach for incorporating CCF into the reliability evaluation of HS. Our approach is to decompose an original HS reliability analysis problem with CCF into a number of reduced reliability problems freed from the CCF concerns. The approach is represented in a dynamic fault tree by a proposed CCF gate modeled after the functional dependency gate. We present the basics of the EDA approach by working through a hypothetical analysis of a HS subject to CCF and show how it can be extended to an analysis of a hierarchical phased-mission system subject to different CCF depending on mission phases.     

Risk analysis of surveillance requirements including their adverse effects

Technical specifications for nuclear power plants require periodic surveillance testing of the standby systems important to safety. This regulatory requirement is imposed to assure that the systems will start and perform their intended functions in the event of plant abnormality. However, operating experience suggests that, in addition to the beneficial effects of detecting latent faults, the tests may have adverse effects on the plant's operation or equipment. This paper defines those adverse effects of testing from a risk perspective, and then presents a method to quantify their associated risk impact, focusing on plant transients and the wear-out of safety systems. The method, based on probabilistic safety assessment, is demonstrated by applying it to several surveillance tests conducted at boiling water reactors. The insights from this evaluation can be used to determine risk-effective intervals for surveillance tests.     

Identification of safety and security critical systems and activities

There are many initiatives taken to identify safety and security critical systems and activities, at different levels and in different contexts, ranging from infrastructures at the societal level to equipment on the production plant level. Different approaches are implemented to define the critical systems and activities. Some of these relate to vulnerabilities, others incorporate the probability dimension and are risk based. We also see approaches taking into account values of the decision-maker and relevant stakeholders. In this paper, we discuss the rationale for these approaches. Is vulnerability an adequate measure to be used as a basis for determining criticality? Is it meaningful to specify safety and security critical systems and activities without addressing risk? How should we take into account the limitations of the risk assessments? Should we extend the concept of criticality to also cover utility aspects? We bring new insights into the discussion by being precise on the key risk concepts—including uncertainty, probability and expected value—and considering alternative risk perspectives. A novel approach is suggested based on expected values and uncertainties in underlying phenomena and processes. Our main concern is activities with potential severe consequences and large uncertainties.     

Analysis and insights from a dynamical model of nuclear plant safety risk

In this paper, we expand upon previously reported results of a dynamical systems model for the impact of plant processes and programmatic performance on nuclear plant safety risk. We utilize both analytical techniques and numerical simulations typical of the analysis of nonlinear dynamical systems to obtain insights important for effective risk management. This includes use of bifurcation diagrams to show that period doubling bifurcations and regions of chaotic dynamics can occur. We also investigate the impact of risk mitigating functions (equipment reliability and loss prevention) on plant safety risk and demonstrate that these functions are capable of improving risk to levels that are better than those that are represented in a traditional risk assessment. Next, we analyze the system response to the presence of external noise and obtain some conclusions with respect to the allocation of resources to ensure that safety is maintained at optimal levels. In particular, we demonstrate that the model supports the importance of management and regulator attention to plants that have demonstrated poor performance by providing an external stimulus to obtain desired improvements. Equally important, the model suggests that excessive intervention, by either plant management or regulatory authorities, can have a deleterious impact on safety for plants that are operating with very effective programs and processes. Finally, we propose a modification to the model that accounts for the impact of plant risk culture on process performance and plant safety risk. We then use numerical simulations to demonstrate the important safety benefits of a strong risk culture.     

Seismic PSA method for multiple nuclear power plants in a site

The maximum number of nuclear power plants in a site is eight and about 50% of power plants are built in sites with three or more plants in the world. Such nuclear sites have potential risks of simultaneous multiple plant damages especially at external events. Seismic probabilistic safety assessment method (Level-1 PSA) for multi-unit sites with up to 9 units has been developed. The models include Fault-tree linked Monte Carlo computation, taking into consideration multivariate correlations of components and systems from partial to complete, inside and across units. The models were programmed as a computer program CORAL reef. Sample analysis and sensitivity studies were performed to verify the models and algorithms and to understand some of risk insights and risk metrics, such as site core damage frequency (CDF per site-year) for multiple reactor plants. This study will contribute to realistic state of art seismic PSA, taking consideration of multiple reactor power plants, and to enhancement of seismic safety.     

Electronics in nuclear power programme of India—An overview

This paper presents an overview of state-of-the art developments in electronics for nuclear power programme of India. Indigenous activities in instrumentation and control (I&C) in the areas of detector development, nuclear instrumentation, monitoring and control electronics and special sensors paved the way to self-reliance in nuclear industry. Notable among the recent I&C systems developed for 540 MWe reactors are Liquid Zone Control System (LZCS), flux mapping system and advance reactor regulating system. In a nuclear plant, apart from ensuring functional requirements, design of electronics needs to meet high level of reliability, safety and security standards. Therefore, a lot of importance is attached to activities such as design review, testing, operation, maintenance and qualifications of I&C systems. Induction of computer based I&C systems mandated a rigorous verification process commensurate with the safety class of the system as specified in Atomic Energy Regulatory Board (AERB) safety guides. Software reliability is assured by following strict development life cycle combined with zero-defect policy and is verified through verification and validation (V&V) process. Development of new techniques in data transmissions with optical fibres as transmission medium and wireless networks in control systems is being pursued. With new I&C systems, efforts were made to utilize the same hardware and software platforms for various plant applications, i.e., for standardization. Thrust was given to use Field Programmable Gate Arrays (FPGA) and Application Specific Integrated Circuits (ASIC) in order to improve the reliability of system by reducing component count. It has become imperative to develop modern contemporary solutions like ASICs, HMCs, System on Chip (SOC) and detector mounted electronics and towards that various ASICs and HMCs have been developed in-house to meet the challenges.     

DEPEND-HRA—A method for consideration of dependency in human reliability analysis

A consideration of dependencies between human actions is an important issue within the human reliability analysis. A method was developed, which integrates the features of existing methods and the experience from a full scope plant simulator. The method is used on real plant-specific human reliability analysis as a part of the probabilistic safety assessment of a nuclear power plant. The method distinguishes dependency for pre-initiator events from dependency for initiator and post-initiator events. The method identifies dependencies based on scenarios, where consecutive human actions are modeled, and based on a list of minimal cut sets, which is obtained by running the minimal cut set analysis considering high values of human error probabilities in the evaluation. A large example study, which consisted of a large number of human failure events, demonstrated the applicability of the method. Comparative analyses that were performed show that both selection of dependency method and selection of dependency levels within the method largely impact the results of probabilistic safety assessment. If the core damage frequency is not impacted much, the listings of important basic events in terms of risk increase and risk decrease factors may change considerably. More efforts are needed on the subject, which will prepare the background for more detailed guidelines, which will remove the subjectivity from the evaluations as much as it is possible.     

Determination of design alternatives and performance criteria for safety systems in a nuclear power plant via simulated annealing

This study presents an efficient methodology that derives design alternatives and performance criteria for safety functions/systems in commercial nuclear power plants. Determination of the design alternatives and intermediate-level performance criteria is posed as a reliability allocation problem. The reliability allocation is performed in a single step by means of the concept of two-tier noninferior solutions in the objective and risk spaces within the top-level probabilistic safety criteria (PSC). Two kinds of two-tier noninferior solutions are obtained: desirable design alternatives and intolerable intermediate-level PSC of safety functions/systems.The weighted Chebyshev norm (WCN) approach with an improved Metropolis algorithm in simulated annealing is used to find the two-tier noninferior solutions. This is very efficient in searching for the global minimum of the difficult multiobjective optimization problem (MOP) which results from strong nonlinearity of a probabilistic safety assessment (PSA) model and nonconvexity of the problem. The methodology developed in this study can be used as an efficient design tool for desirable safety function/system alternatives and for the determination of intermediate-level performance criteria.The methodology is applied to a realistic streamlined PSA model that is developed based on the PSA results of the Surry Unit 1 nuclear power plant. The methodology developed in this study is very efficient in providing the intolerable intermediate-level PSC and desirable design alternatives of safety functions/systems.     

State of the art in reliability of thermal-hydraulic passive systems

In order to address the issues posed by the development of advanced nuclear technologies, this article endeavours to analyse the current state of the art in reliability of passive systems, for their extensive use in future nuclear power plants. Inclusion of failure modes and reliability estimates of passive components for all systems is recommended in probabilistic safety assessment (PSA) studies. This has aroused the need for the development and demonstration of consistent methodologies and approaches for their reliability evaluation, within the community of the nuclear safety research. This report provides the insights resulting from the survey on the technical issues associated with assessing the reliability of passive systems in the context of nuclear safety, regulatory practices and probabilistic safety analysis. Special emphasis is placed on the reliability of the systems based on thermal-hydraulics, for which methods are still in a developing phase. The main achievements of these studies are presented and a viable path towards the implementation of the research efforts is delineated as well.     

Dynamic risk assessment of complex systems using FCM

Analysing risk of today’s complex systems is challenging due to the complex and dynamic nature of systems. The current risk analysis tools are not able to take the complex interactions among risks into account and therefore they can’t predict the behaviour of risks accurately. In an attempt to overcome this shortcoming, this paper proposes an integrated generalised decision support tool using fuzzy cognitive maps for dynamic risk assessment of complex systems. The proposed approach has the ability to prioritise risk factors and more importantly predict and analysis the influences of each individual risk factor/risk set on the other risks or on the outcomes of complex and critical systems by taking into account probability of occurrence and consequences of risks and also considering the complex dependencies between risk factors. These features could provide practitioners with realistic results in critical industries and able them to manage risks more efficiently.     

核电站反应堆冷却剂泵的地震响应分析

核电站反应堆冷却剂泵（又称核主泵）是核岛中的唯一旋转核心设备，其运行的可靠性与否直接影响到核电站的安全性。采用响应谱法，多地震谱，多输入方向对某核电站冷却剂泵进行动力学特性及地震响应分析，得出其模态，并找出地震工况下可能发生破坏的环节以及最不利和有利地震谱输入方向，从而可以使反应堆冷却剂泵在核电站的设计、安装过程中避开地震多发方向对它的最大破坏。为结构的设计、安装提供依据。     

Living PSA program: LIPSAS development for safety management of an LMFBR plant

During construction and subsequent operation of a nuclear power plant, many changes occur in components, systems and operating procedures, which continuously modify the configuration of the power plant. The unique ability of PSA techniques to effect of possible changes to baseline system configurations has been noted. A living PSA program can assess and manage safety-related operations and plant changes by adequately reproducing plant models and structured databases corresponding to the changes in system configuration. A living PSA system, LIPSAS, has been developed for the Japanese prototype liquid metal-cooled fast-breeder reactor (LMFBR), Monju, which is in the preoperation functional test stage. In order to utilize the LIPSAS as a risk management tool, equations for the schematic time history of the plant risk level and the relative risk criteria have been developed. Experience with LIPSAS shows that this program is a prospective tool to support decisions that affect plant safety, although a continuing and significant resource commitment of the operations staff at the site is still required.     

Estimation of the importance measures of multi-state elements by Monte Carlo simulation

A generalization of some frequently used importance measures has been proposed by some of the authors for application to multi-state systems constituted by multi-state elements. This paper deals with the Monte Carlo (MC) estimation of these measures, which entails evaluating the system output performance under restrictions on the performance levels of its multi-state elements. Simulation procedures are proposed according to two different performance-restriction approaches. Further, the flexibility of the MC method is exploited to account for load-sharing and operational dependencies among parallel elements. The approach is tested on a multi-state transmission system of literature.     

Dynamic event trees in accident sequence analysis: application to steam generator tube rupture

A dynamic event tree method for analyzing the risk associated with dynamic nuclear power plant accident sequences is presented. The method provides a framework for treating stochastic variations in operating crew states (defined by substrates characterizing the accident diagnosis, the planned actions, and the crew quality) as well as stochastic variations in hardware states. Plant process variables are treated deterministically; they are used when determining the likelihood of stochastic branchings. The method is used in an analysis of a steam generator tube rupture (SGTR) accident; it is shown that a number of important operator behavior patterns can be reasonably represented, and that, comparing with conventional event trees, sources of dependencies between failure events can be better defined.     

Reliability optimization of a redundant system with failure dependencies

In a multi-component system, the failure of one component can reduce the system reliability in two aspects: loss of the reliability contribution of this failed component, and the reconfiguration of the system, e.g., the redistribution of the system loading. The system reconfiguration can be triggered by the component failures as well as by adding redundancies. Hence, dependency is essential for the design of a multi-component system.In this paper, we study the design of a redundant system with the consideration of a specific kind of failure dependency, i.e., the redundant dependency. The dependence function is introduced to quantify the redundant dependency. With the dependence function, the redundant dependencies are further classified as independence, weak, linear, and strong dependencies. In addition, this classification is useful in that it facilitates the optimization resolution of the system design. Finally, an example is presented to illustrate the concept of redundant dependency and its application in system design. This paper thus conveys the significance of failure dependencies in the reliability optimization of systems.     

Varying correlation coefficients can underestimate uncertainty in probabilistic models

In accounting for the dependencies among variables in probabilistic (convolution) models, a sensitivity study that varies a correlation between plausible values, even the extremes of +1 and −1, cannot characterize the possible range of results that could be entailed by nonlinear dependencies. Because a functional modeling strategy that seeks to model mechanistically the underlying sources of the dependencies will often be untenable, a phenomenological approach will often be needed to handle dependencies. We summarize recent algorithmic advances that allow the calculation of results under particular bivariate dependence functions, under only partially specified dependence functions, or even without any assumption whatever about dependence.     

NAROAS: a neural network-based advanced operator support system for the assessment of systems reliability

We have developed and implemented a computerized reliability monitoring system for nuclear power plant applications, based on a neural network. The developed computer program is a new tool related to operator decision support systems, in case of component failures, for the determination of test and maintenance policies during normal operation or to follow an incident sequence in a nuclear power plant. The NAROAS (Neural Network Advanced Reliability Advisory System) computer system has been developed as a modularized integrated system in a C++ Builder environment, using a Hopfield neural network instead of fault trees, to follow and control the different system configurations, for interventions as quickly as possible at the plant. The observed results are comparable and similar to those of other computer system results. As shown, the application of this neural network contributes to the state of the art of risk monitoring systems by turning it easier to perform online reliability calculations in the context of probabilistic safety assessments of nuclear power plants.     

A proposal for including technical failure risk in market-based resource reallocation for spacecraft design

This paper summarizes past efforts to use market-based approaches to reallocate resources during the design of space systems, and it proposes an extension to these previous efforts that would include the risk of system failure as a tradable resource. The proposed approach builds from the Cassini Resource Exchange, a method used to allow instrument developers for the Cassini space mission to trade resources among themselves over the life of the project. Market-based design methods offer potential for increased efficiency in engineering design, and small-scale field trials would be a logical step in further testing and improving these approaches.