Hedging Against Technology Risks of the Accelerator System of a First-of-a-Kind Accelerator-Driven Subcritical Reactor

Demonstrating the generation of electricity with Accelerator-Driven Subcritical Reactor (ADSR) technology will incur substantial financial risk both from traditional reactor construction uncertainties and new technology uncertainties such as the reliability of the accelerator system. The sensitivity of the economic value of ADSRs to the reliability of the accelerator system is assessed. The economic assessment considers an ADSR with either one or two linear accelerators driving it. The extent to which a second accelerator improves reliability is determined, as are the costs for that improvement. Two Real Options derived flexible designs for the accelerator system are also considered. In one a single accelerator ADSR can be expanded to having two accelerators, in the other an accelerator is constructed and tested before the reactor is designs for the accelerator system are also considered. In one a single accelerator ADSR can be expanded to having two accelerators, in the other an accelerator is constructed and tested before the reactor is constructed. Finally, a phased multiple-reactor park with a single system of multiple integrated accelerators is suggested and discussed

Applying System-Theoretic Accident Model and Processes (STAMP) to Hazard Analysis

Although traditional hazard analysis techniques, such as failure modes and effect analysis (FMEA), and fault tree analysis (FTA) have been used for a long time, they are not well-suited to handling modern systems with complex software, human-machine interactions, and decision-making procedures. This is mainly because traditional hazard analysis techniques rely on a direct cause-effect chain and have no unified guidance to lead the hazard analysis. The Systems Theoretic Accident Model and Process (STAMP) is based on systems theory to try to find out as much as possible about the factors involved in a hazard, and with providing clear guidance as to the control structure leading to the hazard. The Darlington Nuclear Power Generating Station was the first nuclear plant in the world in which the safety shutdown systems are computer controlled. Although FTA and FMEA have already been applied to these shutdown systems, Ontario power generation felt that it is still useful to try recent advances to evaluate whether they can improve on the previous hazard analysis. This thesis introduces the two most common traditional techniques of hazard analysis, FTA and FMEA, as well as two systemic techniques, STPA (which is a hazard analysis method associated with STAMP), and the Functional Resonance Accident Model (FRAM). The thesis also explains why we chose STPA to apply to the Darlington Shutdown System case, and provides an example of the application as well as an evaluation of its use compared with FMEA and FTA.Master of Applied Science (MASc

Comparative Analysis of Nuclear Event Investigation Methods, Tools and Techniques

Feedback from operating experience is one of the key means of enhancing nuclear safety and operational risk management. The effectiveness of learning from experience at NPPs could be maximised, if the best event investigation practices available from a series of methodologies, methods and tools in the form of a ‘toolbox’ approach were promoted. Based on available sources of technical, scientific, normative and regulatory information, an inventory, review and brief comparative analysis of information concerning event investigation methods, tools and techniques, either indicated or already used in the nuclear industry (with some examples from other high risk industry areas), was performed in this study. Its results, including the advantages and drawbacks identified from the different instruments, preliminary recommendations and conclusions, are covered in this report. The results of comparative analysis of nuclear event investigation methods, tools and techniques, presented in this interim report, are of a preliminary character. It is assumed that, for the generation of more concrete recommendations concerning the selection of the most effective and appropriate methods and tools for event investigation, new data, from experienced practitioners in the nuclear industry and/or regulatory institutions are needed. It is planned to collect such data, using the questionnaire prepared and performing the survey currently underway. This is the second step in carrying out an inventory of, reviewing, comparing and evaluating the most recent data on developments and systematic approaches in event investigation, used by organisations (mainly utilities) in the EU Member States. Once the data from this survey are collected and analysed, the final recommendations and conclusions will be developed and presented in the final report on this topic. This should help current and prospective investigators to choose the most suitable and efficient event investigation methods and tools for their particular needs.JRC.DDG.F.5-Safety of present nuclear reactor

Computer trading and systemic risk: a nuclear perspective

Financial markets have evolved to become complex adaptive systems highly reliant on the communication speeds and processing power afforded by digital systems. Their failure could cause severe disruption to the provision of financial services and possibly the wider economy. In this study we consider whether a perspective from the nuclear industry can provide additional insights

Supervisory Control System Architecture for Advanced Small Modular Reactors

This technical report was generated as a product of the Supervisory Control for Multi-Modular SMR Plants project within the Instrumentation, Control and Human-Machine Interface technology area under the Advanced Small Modular Reactor (SMR) Research and Development Program of the U.S. Department of Energy. The report documents the definition of strategies, functional elements, and the structural architecture of a supervisory control system for multi-modular advanced SMR (AdvSMR) plants. This research activity advances the state-of-the art by incorporating decision making into the supervisory control system architectural layers through the introduction of a tiered-plant system approach. The report provides a brief history of hierarchical functional architectures and the current state-of-the-art, describes a reference AdvSMR to show the dependencies between systems, presents a hierarchical structure for supervisory control, indicates the importance of understanding trip setpoints, applies a new theoretic approach for comparing architectures, identifies cyber security controls that should be addressed early in system design, and describes ongoing work to develop system requirements and hardware/software configurations

Evidence Report: Risk of Inadequate Human-Computer Interaction

Human-computer interaction (HCI) encompasses all the methods by which humans and computer-based systems communicate, share information, and accomplish tasks. When HCI is poorly designed, crews have difficulty entering, navigating, accessing, and understanding information. HCI has rarely been studied in an operational spaceflight context, and detailed performance data that would support evaluation of HCI have not been collected; thus, we draw much of our evidence from post-spaceflight crew comments, and from other safety-critical domains like ground-based power plants, and aviation. Additionally, there is a concern that any potential or real issues to date may have been masked by the fact that crews have near constant access to ground controllers, who monitor for errors, correct mistakes, and provide additional information needed to complete tasks. We do not know what types of HCI issues might arise without this "safety net". Exploration missions will test this concern, as crews may be operating autonomously due to communication delays and blackouts. Crew survival will be heavily dependent on available electronic information for just-in-time training, procedure execution, and vehicle or system maintenance; hence, the criticality of the Risk of Inadequate HCI. Future work must focus on identifying the most important contributing risk factors, evaluating their contribution to the overall risk, and developing appropriate mitigations. The Risk of Inadequate HCI includes eight core contributing factors based on the Human Factors Analysis and Classification System (HFACS): (1) Requirements, policies, and design processes, (2) Information resources and support, (3) Allocation of attention, (4) Cognitive overload, (5) Environmentally induced perceptual changes, (6) Misperception and misinterpretation of displayed information, (7) Spatial disorientation, and (8) Displays and controls