An Approach to Using Non Safety-Assured Programmable Components in Modest Integrity Systems

Programmable components (like personal computers or smart devices) can offer considerable benefits in terms of usability and functionality in a safety-related system. However there is a problem in justifying the use of programmable components if the components have not been safety justified to an appropriate integrity (e.g. to SIL 1 of IEC 61508). This paper outlines an approach (called LowSIL) developed in the UK CINIF nuclear industry research programme to justify the use of non safety-assured programmable components in modest integrity systems. This is a seven step approach that can be applied to new systems from an early design stage, or retrospectively to existing systems. The stages comprise: system characterisation, component suitability assessment, failure analysis, failure mitigation, identification of additional defences, identification of safety evidence requirements, and collation and evaluation of evidence. In the case of personal computers, there is supporting guidance on usage constraints, claim limits on reliability, and advice on “locking down” the component to maximise reliability. The approach is demonstrated for an example system. The approach has been applied successfully to a range of safety-related systems used in the nuclear industry

A domain-specific analysis system for examining nuclear reactor simulation data for light-water and sodium-cooled fast reactors

Building a new generation of fission reactors in the United States presents many technical and regulatory challenges. One important challenge is the need to share and present results from new high-fidelity, high-performance simulations in an easily usable way. Since modern multiscale, multi-physics simulations can generate petabytes of data, they will require the development of new techniques and methods to reduce the data to familiar quantities of interest (e.g., pin powers, temperatures) with a more reasonable resolution and size. Furthermore, some of the results from these simulations may be new quantities for which visualization and analysis techniques are not immediately available in the community and need to be developed. This paper describes a new system for managing high-performance simulation results in a domain-specific way that naturally exposes quantities of interest for light water and sodium-cooled fast reactors. It describes requirements to build such a system and the technical challenges faced in its development at all levels (simulation, user interface, etc.). An example comparing results from two different simulation suites for a single assembly in a light-water reactor is presented, along with a detailed discussion of the system's requirements and design.Comment: Article on NiCE's Reactor Analyzer. 23 pages. Keywords: modeling, simulation, analysis, visualization, input-outpu

The Instrumental Genesis of Collective Activity. The Case of an ERP Implementation in a Large Electricity Producer

Collective activity should be a focal subject to study organizational dynamics, particularly in relation with the implementation of management systems such as ERPs. Collective activity is analyzed here as an ongoing dialogical construction by actors. It is always mediated by signs and particularly by instruments. To design and adapt collective activity, a reflexive dialogical exchange between actors, a “collective activity about collective activity”, mediated by instruments, is necessary: we call it “the instrumental genesis of collective activity”. We analyze the case of an ERP implementation at EDF, a large electricity company, in the purchase and procurement area of the production division. The design and implementation of the new system was not clearly viewed as the instrumental genesis of collective activity. Difficulties appeared particularly for cross-functional cooperation and for the construction of new professional profiles of competence. In the light of this case, we suggest that key conditions for the intelligibility and the actionability of collective activity are the establishment of communities and the hybridization of professional competences.Collective Activity; Collective Sensemaking; Community; Dialogical; ERP; Instruments; Instrumental Genesis of Activity; Interpretation; Sign

Virtuality in human supervisory control: Assessing the effects of psychological and social remoteness

Virtuality would seem to offer certain advantages for human supervisory control. First, it could provide a physical analogue of the 'real world' environment. Second, it does not require control room engineers to be in the same place as each other. In order to investigate these issues, a low-fidelity simulation of an energy distribution network was developed. The main aims of the research were to assess some of the psychological concerns associated with virtual environments. First, it may result in the social isolation of the people, and it may have dramatic effects upon the nature of the work. Second, a direct physical correspondence with the 'real world' may not best support human supervisory control activities. Experimental teams were asked to control an energy distribution network. Measures of team performance, group identity and core job characteristics were taken. In general terms, the results showed that teams working in the same location performed better than team who were remote from one another

NUCLEAR POWER AND ELECTRIC GRID RESILIENCE: CURRENT REALITIES AND FUTURE PROSPECTS

Life as we know it in modern society relies on the smooth functioning of the electric Grid – the Critical Infrastructure system that generates and delivers electricity to our homes, businesses, and factories. Virtually all other Critical Infrastructure systems depend on the Grid for the electricity they require to execute other essential societal functions such as telecommunications, water supply and waste water services, fuel delivery, etc. This study examines the concepts of Critical Infrastructure and electric Grid resilience, and the role nuclear power plants do and might play in enhancing U.S. Grid resilience. Grid resilience is defined as the system’s ability to minimize interruptions of electricity flow to customers given a specific load prioritization hierarchy. The question of whether current U.S. nuclear power plants are significant Grid resilience assets is examined in light of this definition. Despite their many virtues and their “fuel security,” the conclusion is reached that current U.S. nuclear power plants are not significant Grid resilience assets for scenarios involving major Grid disruptions. The concept of a “resilient nuclear power plant” or “rNPP” – a nuclear power plant that is intentionally designed, sited, interfaced, and operated in a manner to enhance Grid resilience – is presented. Two rNPP Key Attributes and Six rNPP Functional Requirements are defined. Several rNPP design features (system architectures and technologies) that could enable a plant to achieve the Six rNPP Functional Requirements are described. Four specific applications of rNPPs are proposed: (1) rNPPs as flexible electricity generation assets, (2) rNPPs as anchors of hybrid nuclear energy systems, (3) rNPPs as Grid Black Start Resources, and (4) rNPPs as anchors of Resilient Critical Infrastructure Islands. The last two applications are new concepts for enhancing U.S. strategic resilience. Finally, a few key unresolved issues are discussed and recommendations for future research are offered. Study results support the overall conclusion that successful development and deployment of rNPPs could significantly enhance U.S. Grid, Critical Infrastructure, and societal resilience, while transforming the value proposition of nuclear energy in the 21st century

Developing a distributed electronic health-record store for India

The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India

Resilience markers for safer systems and organisations

If computer systems are to be designed to foster resilient performance it is important to be able to identify contributors to resilience. The emerging practice of Resilience Engineering has identified that people are still a primary source of resilience, and that the design of distributed systems should provide ways of helping people and organisations to cope with complexity. Although resilience has been identified as a desired property, researchers and practitioners do not have a clear understanding of what manifestations of resilience look like. This paper discusses some examples of strategies that people can adopt that improve the resilience of a system. Critically, analysis reveals that the generation of these strategies is only possible if the system facilitates them. As an example, this paper discusses practices, such as reflection, that are known to encourage resilient behavior in people. Reflection allows systems to better prepare for oncoming demands. We show that contributors to the practice of reflection manifest themselves at different levels of abstraction: from individual strategies to practices in, for example, control room environments. The analysis of interaction at these levels enables resilient properties of a system to be ‘seen’, so that systems can be designed to explicitly support them. We then present an analysis of resilience at an organisational level within the nuclear domain. This highlights some of the challenges facing the Resilience Engineering approach and the need for using a collective language to articulate knowledge of resilient practices across domains