ML19338F893
| ML19338F893 | |
| Person / Time | |
|---|---|
| Issue date: | 09/30/1980 |
| From: | NRC OFFICE OF INSPECTION & ENFORCEMENT (IE) |
| To: | |
| Shared Package | |
| ML19338F876 | List: |
| References | |
| NUREG-0730, NUREG-730, NUDOCS 8010270570 | |
| Download: ML19338F893 (26) | |
Text
.-
4I g
NUREG-0730 lI
'y Report to Congress on the Acquisition of
,il Reactor Data for the
!g NRC Operations Center 3
Manuscript Completed: September 1980 lg Date Published: September 1980 i
Office of Inspection and Enforcement U.S. Nuclear Regulatory Commission Washington, D.C. 20555 p* ** "'%,,,
%s....f)
,I
'I
- I
<I I
2dl%%YS7 %
FOREWORD Public Law 96-295 contains a request for NRC to provide three reports to Congress, all related to improvements in the NRC response to nuclear emergen-cies since the accident at Three Mile Island Unit 2 on March 28, 1979.
The reports prepared to answer that request are:
NUREG-0728, " Report to Congress: NRC Incident Response Plan" I
NUREG-0729, " Report to Congress on NRC Emergency Communications" NUREG-0730, " Report to Congress on the Acquisition of Reactor Data for the NRC Operations Center" These reports summarize the status of many of the actions taken to date and provide the basis for continued upgrading of the NRC Incident Response Program.
The NRC Incident Response Plan assigns responsibilities for performing the functions and making the decisions that comprise the NRC response.
The NRC plan will be made consistent with plans being prepared by the Federal Emergency Management Agency.
The Report on Emergency Communications summarizes the findings of communica-tions problems identified by the major reviews and investigations of the I
accident and response at Three Mile Island.
The report also includes the status of corrective actions for the identified problems and presents an evaluation of current communication capabilities and future options needed to support the functions identified in the NRC Incident Response Plan.
The Report on Acquisition of Reactor Data for the NRC Operations Center I
describes alternatives for one major facet of the communications problem:
acquiring data at a nuclear power plant and transmitting them to NRC head-quarters.
Such a data link can play a role in the NRC functions and decisions and provide broad support for the entire NRC Incident Response Plan.
Collectively, these reports to Congress provide a comprehensive outline of the actions and plans of the NRC for improving its response to any future accidents.
It is anticipated that these documents will also provide the other possible participants in an accident (State and local agencies, licensees, vendors, etc.) with an understanding of the present manner in which NRC can be expected to respond and how the response will change in the near future.
I I
I i
I
ACKNOWLEDGMENT l
This report was prepared by the Operations Support Staff of the Office of Inspection and Enforcement, U.S. Nuclear Regulatory Commission, from the work of several individuals at NRC headquarters and at Sandia National Laboratories,
,I a contractor.
Major contributions are hereby acknowledged from (listed alpha-betically) John Long (Sandia) and Bernard Weiss.
Other essential assistance was rendered by Ormon E. Bassett, Ronald Feit, Joe Himes, Bernard Stiefeld (Sandia), and Eric Weinstein.
I I
I I
I I
I I
I
- l ii I
I CONTENTS Page F0 REWORD.............................................................
i ACKNOWLEDGMENT......................................................
11 1.
INTRODUCTION..................................................
1
- I ROLE OF THE NUCLEAR REGULATORY COMMISSION.....................
3 2.
2.1 Spectrum of Roles........................................
3 2.1.1 Monitoring-Only Role..............................
3 2.1.2 Advisory Role.....................................
4 2.1.3 Limited Direction Role............................
4 2.1. 4 Assume Management Control.........................
4 2.2 Key Decisions and Functions Requiring Site Data..........
5 3.
ALTERNATE METHODS FOR TRANSMISSION OF DATA TO THE NUCLEAR REGULATORY COMMISSION OPERATIONS CENTER.......................
7 3.1 Criteria for Choice of Transmission Method...............
7 3.2 Alternative Methods......................................
7 3.3 Discussion of Alternatives...............................
9 3.3.1 Manual Methods....................................
9 3.3.2 Semi-Automatic Methods............................
10 3.3.3 Automatic Methods.................................
12 4.
DESCRIPTION OF THE FULLY AUTOMATIC NUCLEAR DATA LINK ALTERNATIVE..................................................
14 4
5.
RELATIONSHIP 0F NUCLEAR DATA LINK TO ELEMENTS NECESSARY FOR EMERGENCY PREPAREDNESS........................................
15 5.1 Safety Parameter Display System (SPDS)...................
15 5.2 Technical Support Center (TSC)...........................
15 I
Emergency Operations Facility (EOF)......................
17 5.3 5.4 Data Availability........................................
19 6.
IMPLEMENTATION PLAN...........................................
19 6.1 NRC Responsibilities.....................................
19 6.2 System Integrator Responsibilities.......................
19 I
6.3 Systems Contractor (s)....................................
20 6.4 Licensees...............................................
20 6.5 Cost and Schedule........................................
20 7.
REFERENCES....................................................
22 iii
I I
ACQUISITION OF REACTOR DATA FOR THE NUCLEAR REGULATORY COMMISSION OPERATIONS CENTER 1.
INTRODUCTION During and after the accident at Three Mile Island Unit 2 (TMI-2), participants, I
observers and investigators of the accident recognized a substantial need to provide more accurate and reliable plant data to assist NRC in carrying out its responsibilities.
Initial efforts to acquire an enhanced data acquisition I
system were limited because the role and responsibilities of NRC during emergencies required better definition.
I Prior to the accident at TMI-2, the general perception within NRC was that its primary role was to monitor the response of the licensee to an incident to assure that the licensee was taking appropriate actions to mitigate the con-sequences of such an accident.
However, the details of that approach were not thoroughly developed.
During the accident at TMI-2, it was evident that NRC participation was broader than anticipated.
In the aftermath of the accident, it was clear ~that NRC emergency response planning would have to change, but the degree of modifica-tion was not settled.
One group advocated that NRC should take over a facility 5
in an emergency, whereas others insisted that the NRC had overstepped its
.E authority at TMI-2 and should strictly limit its actions +o that of a conven-tional regulatory agency; that is, monitor and investigate.
As a result of this debate, both within and outside the agency, the role of NRC in an emergency became better defined.
More attention was devoted to the means of acquiring l
reactor data to support the functions and decision-making necessary to fulfill NRC's role.
I Although little formal agency action was taken toward data acquisition during the summer and early fall of 1979, the staff informally consulted with various g
companies, exploring the feasibility of a data acquisition system and the
.E technology available to acquire, transmit and display site data to the NRC Operations Center.
In October 1979, senior NRC officials discussed the need for an enhanced data acquisition system.
A major concern was for an early
'I operational capability that would provide sufficient information to allow NRC to perform its identified roles.
Sandia National Laboratories was tasked as the overall system integrator and charged with the major task to develop a detailed conceptual approach to the data requirements of NRC.
To provide Sandia with guidance as to the type and quantity of data required, the NRC staff developed a detailed set of variables for which values will be trans-
- g mitted to the NRC Operations Center from each operating reactor facility B
(Ref. 1).
,3 The Commission was informed of the actions being undertaken by the staff, g
mainly through a series of briefings.
These sessions also provided the staff with valuable guidance in working on the data system concept.
The initial briefing on February 5,1980, was concerned with the overall upgrading of the Operations Center including the data system design considerations, features, and attributes (Ref. 2).
At that briefing, the Commission directed the staff to continue work on the data system concept and report when the Sandia study L
ws complete.
I I
Sandia published the initial concept study in April 1980 (Ref. 1) and the staff briefed the Commission on that report in a May 15, 1980, meeting (Ref. 3)
I This briefing also included a discussion of other possible data link alternatives.
The Commission requested further review of the alternativas and comparison of the relationship of the nuclear data link (NDL) data system to those similar systems being required of licensees in developing new emergency facilities.
On July 14, 1980, the staff again briefed the Commission on the progress in the development of a nuclear data system concept, as requested in the previous I
meeting (Ref. 4).
During that session, the Commission approved the nuclear data ? ink (NDL) concept and agreed that the staff should move forward to develop specifications for open bidding and selection of contractors.
The Commission requested that they review the specifications prior to the announcement of the bid solicitations.
The necessary implementation tasks, schedule, and specifications for open bidding will be completed early in FY81.
An operational system is anticipated in FY84.
This report provides a summary of the results and conclusions of activities that have taken place over the past 18 months.
This report is intended to fI serve as a definitive statement of the alternative data acquisition systems considered in the development of the NDL concept, a description of the fully automatic alternativr. which would give the NRC Operations Center a comprehensive J
analytical capability and the projected costs and schedule for implementation
- g of that alternative.
Although this alternative is considered in greatest detail, the Commission has made no decision to implement this, or any of the other alternatives described in this report.
The C mmission is continuing to I
consider
- the field of alternatives in the context of the role of the agency, headquarters and regions in the event of a radiological emergency.
lI
- I I
I il
- NOTE:
The NRC published for review and coament a draft report, " Functional Criteria for Emergency Response Facilities," NUREG-0696, July 1980.
That draft described and sought comments on a fully automatic data transmission alternative.
The comment period for the draft report closed September 29, 1980.
!,I
I 2.
ROLE OF THE NUCLEAR REGULATORY COMMISSION 2.1 Spectrum of Roles The proper response role for NRC during the course of a radiological emergency at a licensed nuclear facility has not been clear.
Historically, the NRC and its predecessor agency have concentrated on the purely regulatory aspect of their mission.
Major concern was limited to assuring, through monitoring, that the licensee was taking those actions required by his license and NRC regulations.
After the incident at the Browns Ferry Nuclear Power Plant near Decatur, I
Alabama, on March 22, 1975, the role of NRC was modified but still was largely confined to remote monitoring and advisory functions.
The accident at TMI-2 caused NRC to reassess its role requirements and improve its response proce-dures.
As a result of that reassessment and the several inquiries into NRC I
actions Juring the accident at Three Mile Island Unit 2 (TMI-2), it became clear that there was a range of potential roles that NRC might assume when responding to an emergency.
The different roles that NRC must be prepared to I
fulfill vary according to the degree of control exercised and range from passive monitoring to active intervention.
I In any incident, NRC may exercise more than one role, sometimes concurrently, as the incident progresses.
However, it is important that all participants in an incident (NRC and others) be fully aware of changes in the NRC role.
A I
plan has been developed by hRC to assure that appropriate notifications are carried out.
This plan is the subject of a separate Report to Congress (NUREG-0728) which is being submitted concurrently with this report.
These major roles are piesented in ascending order of responsibility.
Role alternatives are not discrete or mutually exclusive, but instead are successive increments in which one is added to another.
2.1.1 Monitoring-Only Role In this role, NRC response is essentially passive and confined to information I
acquisition and assessment.
The licensee, in conjunction with State and local authorities, has primary responsibility for dealing with the incident.
NRC keeps itself apprised of both the situation and the status of response actions, based on dependent data supplied by the licensee as well as any data obtained independent of the licensee via a data system, reported by NRC personnel on site or provided by offsite authorities.
NRC also maintains cognizance of I
offsite conditions and activities related to the incident.
Additional ad hoc information may be requested by NRC, as deemed necessary.
Data from all sources is collated, verified, analyzed, and evaluated by NRC to arrive at its I
own estimate of the situation and of the adequacy of the operational protec-tive measures being taken.
NRC serves as the focal point at the Federal level for providing authoritative technical information on the incident related to the onsite situation and licensee offsite activities.
I I
I 2.1.2 Advisory Role The NRC role in this case is expanded to i6clude exerting influence on the I
response process, using information gathered by continued monitoring.
Primary responsibility for coping with the incident, however, still resides with the licensee.
NRC gives advisory support, either requested or volunteered, to I
assist in diagnosing the situation, isolating critical problems, and deter-mining what remedial courses of action and additional precautionary measures are indicated.
Advice is made available to the licensee, State and local I
authorities, and to other Federal agencies concerned.
Acceptance of NRC opinions, judgment, and suggestions is discretionary rathar than binding upon the licensee; it is channeled to licensee management.
In addition, in selected cases the NRC may integrate response measures taken on site and external support relating directly to onsite response needs.
In this capacity, NRC may also orchestrate the site-oriented response process and I
serve as a common focal point or intermediary for the licensee and various other participants involved.
2.1.3 Limited Direction Role In addition to monitoring and advisory activities, in this role the NRC intervenes in a limited fashion to direct and control the licensee's onsite I
response.
It assumes responsibility and initiative in making certain critical operational decisions with regard to response measures to be taken, by issuing formal orders to the licensee accordingly, and monitoring implementation of I
the actions ordered.
In some cases, NRC could reserve for itself only a few major or key operational decisions, leaving the remainder of the decision-making to the licensee.
However in this role, the licensee continues to I
operate and manage the facility with licensee personnel who may be augmented by personnel from other industry groups.
NRC advice and direction is channeled to licensee management.
2.1.4 Assume Management Control NRC could find it necessary to exercise detailed management control, making I
many decisions on operatioaal matters that are perceived to be significant, sensitive, or critical.
The licensee, in effect, becomes the executive agent I
of the NRC.
All aspects of onsite response would be concurred in or approved by NRC, whether expressly directed or not.
An extraordinary contingency could be postulated in which some or all of the technical functions required to deal with the situation are actually performed
!I by NRC provided personnel deployed on site.
However remote, this is a hypo-l thetical possibility.
Such a role of last resort could fall on NRC by default.
The takeover role is highly scenario-dependent, and the potential role demands i
on NRC are correspondingly open-ended.
There are, however, serious questions about the desirability, as well as the capability of NRC, or another Federal agency, supplanting the licensee.
In addition, for thi:: role to be considered viable, the legal issue of NRC liability must be examined in depth.
Based on experience, NRC believes that, nearly all of the tirre, NRC will I
participate in an emernency in the monitoring and advisory roles.
For planning I
I purposes, the Commission has developed guidance estimating that 98% of the time NRC will exercise the monitoring and advisory roles.
However, even I
though the probability of directing licensees or assuming management control is extremely small and would in all likelihood be done by the senior NRC official at the site, NRC must be prepared to function in the " limited direc-tion" role, and will consider further whether it can or should be prepared to I
" assume management control."
The focus of a particular NRC role will depend to a great degree on the stage I
of th! NRC response, the availability of staff, and the particular decisions requiaed.
In general, there will be an emphasis to manage the NRC functions and ac?ivities at the site.
However, regardless of the location, analysis I
teams at NRC headquarters will support the NRC site personnel by continuing to monitor events, to project consequences of the situation, and to develop recommended actions throughout an emergency.
NRC headquarters technical staff can provide a perspective that is free from the immediate pressures of crises I
at the site.
2.2 Key Decisions and Functions Requiring Site Data In an emergency, NRC must be prepared to make quick and critical decisions and perform tasks that could have a crucial effect on public health and safety.
I In nost situations in which decisions are necessary (e.g., recommending protec-tive measures to State officials), declining to make a decision or delaying a decision can be as important as taking a specific action.
The NRC, by virtue of its position as regulator of the affected plant, will find itself directly I
involved in any emergency that has the potential of affecting the public health and safety.
In this position, decisions must be made and functions carried out that require an independent NRC evaluation of the plant operations and the real or potential effect on the public and the environment.
Based on statutcry responsibilities, the NRC Incident Response Plan (NUREG-0728),
I which is concurrently being transmitted to the Congress with this report, highlights decisions that must be made by the NRC to fulfill its basic responsi-bilities in an emergency.
These include the following:
Evaluate and categorize initial information to estimate severity Decide to escalate the NRC response Recommend protective actions for the public I
Recommend (and possibly direct) licensee actions Deescalate the NRC response I
These critical decisions depend on effective performance of certain key f w tions that are highly dependent on site data:
Evaluate incident and plant status I
Evaluate licensee actions Project incident consequences and plant status Advise or discuss problems with licensees
-I Review, investigate, and document response actions Maintain response capability
I Current methods of data transmission (voice telephone communication between two individuals) have demonstrated severe limitations.
The flow of site data I
to the NRC Operations Center on a single-voice line can be severely hampered at a critical tih e.
Although there is a requirement for the licensee to assign an individJal to that single voice line, staff experience has shown that-(1) The informatio1 obtained is limited because the site contact has to ferret out much of the data.
(2) The NRC staff requests may be off target initially because of a lack of general understanding of the situation.
This wastes valuable communica-tion time.
(3) The site contact on the telephone is not always someone known by NRC staff; as a result, communications may not be smooth in the emergency atmosphere.
(4) Data communicated orally can be very easily misunderstood or misinterpreted.
Consequently, there is a distinct need to develop methods for improving the transmission of data from reactor sites to the NRC Operations Center.
It is
- I essential that the data transmission be accomplished without significantly interfering with other licensee activities, particularly during periods of stress.
Some concern has been raised as to the extent of data which should be available to NRC for evaluating the situation at a reactor site.
The basis for this
)E concern appears to be the belief that increased data at NRC headquarters would 3
lead some individuals to direct a licensee to take particular actions.
- However, if NRC is to perform the functions listed above and make the critical decisions required to carry out its responsibilities, particularly during the early
'I hours before the NRC staff can reach the site, it must have the reliable data.
To protect against "informil Jirection," procedures have been developed whereby any NRC advice or directial iu provided to the licensee at a management level
'I so that it can be evaluated before the licensee directs the operator to take a certain action.
In addition, the chain of command of the NRC emergency response organization has been strengthened so that advice or direction would come from I
a specific senior management position rather than several NRC employees.
That position will be announced to the licensee so that he is aware of who has the authority to advise on or direct licensee actions.
It should also be noted that the final determinations of the type and number of plant variables to be included in an upgraded data system have not been made.
The final selection will be based on a period of discussion within NRC l
and among licensees, vendors, architect-engineers, and other interested groups.
il I
"~
I
I 3.
ALTERNATE METHODS FOR TRANSMISSION OF DATA TO THE NUCLEAR REGULATORY COMMISSION OPERATIONS CENTER 3.1 Criteria for Choice of Transmission Method Any method chosen for the transmission of data between the plant site and NRC Operations Center must support the functions performed at the Operations Center.
Table 1 lists the major functions of the Operations Center and the resulting criteria imposed on the transmission and information system used to support I
the Center.
Items 4 and 6 under column " Transmission and Information System Requirements" I
(Table 1) relate to timeliness and quantity of data.
To ensure that the Operations Center can make an accurate, overall assessment of an incident in progress and the licensee's response to that incident, data must be received I
at a rate comparable to changes in the status of the plant's critical systems.
In particular, such assessments require the evaluation of the current parameter values, sequence of changes in a value, and sequence of significant changes of all parameters (considered together).
The insight necessary to make accurate assessments is gained only by seeing the sequence of changes as they occur and by having access to historical data and parameter comparisons, as opposed to being dependent on after-the-fact descriptions of events.
A review of the I
data from the Three Mile Island Unit 2 (TMI-2) accident and data from other incidents indicates that critical safety parameters may change from an acceptable to critical status in time scales measured in seconds or minutes.
Diverse opinions exist on the number of data parameters that should be available to the NRC for monitoring power plant incident status.
Typically, a plant control room has the capability to acquire approximately 1000 analog and 1500 digital signals for the operators to use in controlling the plant.
In contrast, NRC draft Regulatory Guide 1.97, " Instrumentation for Light-Water-Cooled Nuclear Power Plants to Assess Plant and Environs Conditions During and Following an Accident" (Ref. 5), lists approximately 150 reactor operations, radiological and meteorological parameters each for PWR and BWR systems.
Similarly, the nuclear data link specification prepared by the NRC staff (dated Feb. 21, 1980) lists approximately 120 parameters (Ref. 1), essentially all of which are also I
listed in Regulatory Guide 1.97.
These parameters would provide a basis for the NRC staff to perform incident monitoring functions, including the evalua-tion of the effectiveness of a licensee's response strategy.
With the nuclear data link, sufficient technical detail would be available for NRC staff (generally the Director of Site Operations) to consider general courses of action to be taken, make recommendations, or perhaps issue orders if the I
situation warrants.
Without considerably more detailed data regarding plant equipment status, valve lineup, health physics, etc., NRC staff would be limited in its ability to provida detailed operational recommendations or orders to plant personnel.
3.2 Alternative Methods Alternativa systems exist thdt could be used to acquire significant power plant data, transmit these data to the Operations Center, and finally provide methods to distribute these data as needed to the concerned Operations Center I
groups.
These alternative methods for site data acquisition and transmission to the Operations Center can be classified into three general categories:
I Table 1.
Transmission and Information System Requirements to Support Major Operations Center Functions Operations Center Transmission and Information Functions System Requirements (NRC Incident Response Plan)
Evaluate and categorize 1.
Provide data early in incident when initial information emergency personnel may not yet be I
available 2.
Provide automatic alarms and warnings on status of important parameters
-I 3.
Minimize demands on control room personnel Evaluate incident and plant 4.
Collect data on a timely basis at a status rate comparable to changes in the status of the plant's critical systems 5.
Ensure accuracy of data I
6.
Provide data in sufficient detail and quantity for analysis and identification of critical trends I
7.
Facilitate data access, storage and recall by Operations Center technical personnel Decide to escalate NRC Items 1, 2, 4-7 above response; decide to deescalate NRC response Evaluate licensee actions Items 1, 4-7 above Direct licensees Items 1, 4-7 above Advise licensees Items 1, 4-7 above Project incident consequences Items 1, 4-7 cbove Recommend protective actions I
for public Items 4-7 above Review, investigate and 8.
Provide permanent data storage document response actions 9.
Provide for data recall procedures Provide for personnel training 10.
Provide capability for accident simulation I
activities 11.
Maximize uniformity of data formatting and recall methods at each site Maintain response capability 12.
Verify communications link availability I
13.
Verify site data acquisition integrity 14.
Provide for notification in event of loss of site communications or data on an on going basis i
l l
(1) Manual methois - This category includes methods using person-to person voice communications (telephone), manually ica i d telefax machines, and i
other methods that require much manual intervention to acquire, transmit, and retrieve data for use by the Operations Center.
l (2) S?mi-automatic methods - These methods use automatic data acquisition, btt require manual intervention prior to transmission of the data, or l
manual intervention at the Operations Center to distribute the data.
Examples of semi-automatic techniques are the use of data loggers and magnetic tape recorders at the plant site.
With this equipment, data is l
automatically recorded but manual intervention is required to mount the I
tape on a playback or transmission unit.
The use of printers at the Operations Center is another example in which data listing may be auto-matic, but distribution, copying, and data reduction involve considerable l
manual intervention.
(3) Automatic methods supplemented by manual methods - These methods use computer-based data acquisition at the reactor site and essentially continuous data transmission from the site to the Operations Center.
At the Operations Center, data handling is based on automatic acceptance of received data, computer-based file management, and multiple access terminals for data retrieval by concerned task groups.
!I Under this alternative, supplementary voice or telefax methods are employed for site-to-center consultations for the transfer of information not suited for automatic acquisition.
Examples of this type of informa-tion include data readings taken with portable instruments, requests for special equipment, and discussions on unanticipated technical situations.
The design of an automatic method would have to allow for a manual or semi-automatic backup.
3.3 Discussion of Alternatives Six of the system requirements listed in Table 1 have special significance in limiting the selection of alternatives.
These are:
Collect dah on a timely basis compatible with changes in plant status; Provide data in sufficient detail and quantity; Ensure accuracy of data; Provide data early in the incident; Provide automatic alarms and warnings; and Minimize demands on the control room personnel during amergencies.
3.3.1 Manual Methods Althcugh the Regulatory Guide 1.97 data parameter list of approximately 150 items is small when compared with the number of data items available in the control room, 150 parameters or even 30 or 40 parameters sampled at a rate I
comparable to changes in the status of the plant's critical systems presants a formidable problem when dealt with manually.
A voice-based manual system would require several full-time personnel and several telephone lines to acquire the necessary data from control room personnel and pass on that data I..
I
~
to the Operations Center even if the requirements for sampling rate were relaxed.
A manual system using facsimile transmission woulr* collect data in a I
similar manner.
Data would have to be acquired manually and transcribed to a form for mounting on the facsimile unit, or listings from the control room would have to be obtained for transmission.
In any of the manual systems, the manpower necessary to collect the required data could impose a burden en the plant.
The collection activities could be disruptive in the control room or 'onsite technical support center (TSC).
Transmission of data during the early stages of the accident would oe precluded until personnel arrived at the site and the Operations Center.
In addition, given the psychological stress and urgency which exists under crisis conditions, the acquired data might be subject to human error and misinterpretation.
These conclusions can be justified by a quick look at the mechanics of a manual system.
In the manual method even under the best conditions, the data must go through three cycles of transcription.
That is, the instrument is read at the plant, and the value of the reading is noted in writing.
Later, the value is read and spoken over the telephone to the NRC communicator at the Operations Center I
(or telefaxed).
Then, the communicator must hear the value correctly and note it in writing (or receive the facsimile).
Finally, the communicator must provide these data to the technical analysis teams.
Each of these transcrip-
!I tions contributes a reasonable chance for error.
Furthermore, the values are not sent to NRC immediately, but several values are accumulated before they are sent, thus incurring a significant delay.
Once the data is in the Opera-E tions Center, additional manual effort is needed to manipulate the data so E
that different parameter readings from the same point in time are s4 !e-by-side, or to produce trend graphs of parameters for comparison.
Thus, another delay is incurred before serious analysis can begin.
The cost of the equipment for manual methods of data acquisition is fairly small.
However, the total annual cost for a system using single dedicated leased lines to the present 45 plant sites incurs an annual fee of about
$500,000.
Several lines to each plant would be required to transmit the unevaluated data in addition to the existing direct and dedicated lines which J
will be used to exchange status information.
The number of additional lines
- 3 would be dependent on the number of parameters required and the number of individuals that could be made available at the site for this task.
3.3.2 Semi-Automatic Methods A semi-automatic system for acquiring and transmitting data is characterized
)
by automatic data acquisition at the licensed plant and transmission of data using digital techniques.
This approach minimizes the data acquisition problem and reduces communications difficulties.
Manual intervention might be required at the plant or at the Operations Center, or both, before data from the plant could be available to the NRC for analysis.
One idea for a semi-automatic system involves recording data on a removable storage unit at the plant process computer.
The removable storage unit (a tape, floppy disk, cartridge, etc.) could then be transferred manually from the plant process computer to the NRC terminal.
There, the data would be I
~
transmitted to the Operations Center while incoming data was recorded on a fresh storage unit N the data acquisition system.
It may be substantially cheaper to provide data to the nuclear data link (NDL) by manually transferring removable storage devices in this manner, rather than using digital communications to make the transfer, as by transferring data manually, the installation of a separate data acquisition system with a digital communications interface could be avoided.
However, if a separate system with a digital interface were installed by licensees for the onsite technical I
support center (TSC) and nearsite emergency operation facility (EOF), in most cases existing process computers cannot be used for this task.
If this is the situation the semi-automatic NDL can share this required data acquisition I
system, and the use of manually transferred removable storage devices would not represent a cost savings in this regard.
Furthermore, the cost of the NRC transmission terminals at the site would be increased by the use of this technique and a time lag before data is transmitted would be introduced.
At the Operations Center, the data could be processed by the proposed Opera-tions Center computer.
Alternatively, using a second technique for a semi-automatic system, the data might simply be printed by a conventional impact printer at the Operations Center.
Analysis and distribution of the data then becomes a manual task.
This scheme could be used at the Operations Center whether the data was acquired by automatic or semi-automatic means.
- However, the amount of paper that could be quickly generated by an impact printer could hinder effective analysis.
The advantage of siaply printing the data at the Operations Center is the apparent low cost and simplicity of the printer, as compared with automated distribution equipment.
However, the equipment is not as simple as it might first appear.
Connecting a printer to the dedicated telephone link (through a modem) is possible, but it allows no opportunity for correcting errors occurring during normal transmission, or for truly standardized data formatting.
These I
shortcomings could be remedied only by the addition of additional communica-tions control equipment at the Operations Center, and by increasing the complexity of the NRC terminal at the site.
Without data link error-correction capability, several errors in the incoming data introduced typically by electrical noise in transit from the plant to headquarters can be expected every day.
(The actual error rate will vary from line to line and from time to time on any line.) Some of these errors will produce printed characters that are obviously out of context; other errors will simply look like valid readings and may never he discovered.
The Opera-I tions Center staff will be far too busy during an incident to question every important, abnormal value.
Error correction is thus necessary.
Error correction is achieved by a re ht* D/ simple computer processor at the Operations Center with the capability of checking the messages for errors, and for formulating and transmitting a message back to the site over the same wires achieving correction.
Note that this error correction is achieved by two way communications; the messages flowing both ways on the same line are controlled by a communications protocol that ensures that messages are not lost and do not interfere with each other. -
l Semi-automatically transmitted data must be transmitted in a standardized format from every reactor to avoid having to deal with all of the 80 plus unique plant formats at the Operations Center.
This requires installing a formatting capability (both software and processing power) in the terminals at the various sites prior to transmission to NRC.
The formatting task is not assigned to the data acquisition system at the plant, because the NDL format for data transmission is not suitable for the other systems acquiring data from that source.
The data acquisition system would also perform time-critical tasks and should not be expected to handle multiple formats.
There are other disadvantages of having data printed upon arrival at the Operations Center that are not remedied by additional hardware and software.
During an incident, the Operations Center is the scene of considerable activity.
In this environment, data distribution is a major problem.
Strict procedures do not always assure that people can get information promptly, especially when those people are moving about and meeting with others on an emergency basis.
Furthermore, the discovery of trends in variables observed during incidents and the understanding of obscure relationships between plant parameters requires that data be presented in a format more easily absorbed than an array of columns of numbers on a printout.
In the absence of Operations Center data handling capability, the plotting and formatting of vast quantities of data would have to be done manually--a time-consuming, errorprone operation.
Even the simplest plots of a rapidly changing parameter sampled once per minute require an hour of manual effort, if one is interested in a trend visible over a day's accumulation of data.
The discovery of interrelationships between I
parameters is more difficult if time is important; simple aids such as side-by-side tabular lists (faster to prepare, but clearly inferior to superimposed plots) would have to be prepared manually.
Thus the shortcomings of the semi-automatic approach are excessive delays and errors in the data and cumbersome formatting.
The specified data can be acquired and delivered to the NRC, but delays ranging from tens of minutes to hours will be incurred in formatting the data, and data of importance to a particular scenario, but not acquired automatically, cannot be handled by the systen; In addition, the accuracy of any particular data value cannot be I
reasonably assured.
These factors therefore preclude the use of semi-automatic methods witn the NOL.
3.3.3 Automatic Methods An automated data system is able to acquire data automatically and continuously at the plant, transmit it to the Operations Center, and then distribute and displ.y the data immediately to the NRC staff without human intervention.
The data is also stored at the Operations Center for use in generating time histories of the parameters.
Time histories and other special displays can be generated upon command.
Disadvantages of an automated system include substantially higher initial cost, and higher cost of maintaining a system that is more complex to manage.
Because of equipment acquisition and programming, the lead time for implementing _
I I
the system is greater.
There is also a transition period, while the NRC staff becomes accustomed to working with the automated equipment, during which the system will not operate at full effectiveness.
Although some personnel are required to geiole the system, the number is considera.bly smaller than for manual or semi-automatic systems of lesser reliabilf ' and data capability which is an advantage fn" an automated system.
Furthermore, the accuracy of the data does not depend a strongly on human factors.
Various types of automated systems may provide some or all of the following important features:
Data is acquired from a known source; that is, the data acquisition system is connected to a specific sensor, and a description of the I
particular sensor supplying the data can be available at the Opera-tions Center.
(If data is acquired manually, one is not sure which sensor is being read.)
Parameters are sampled essentially simultaneously assuring that NRC and licensee are reviewing identical values for the same parameters.
Data is converted to engineering units in a consistent, documented fashion.
I Data is transmitted promptly to the Operations Center; the delay between the reading of a value and its appearance en a screen at the Operations Center is in the order of one minute.
Errors introduced in transit are corrected.
I Data is formatted automatically to enable the recognition of trends and interrelationships.
The delay for reformatting data by special request will generally be less than one or two minutes.
Selected parameters can be designated to automatically initiate alarms at the Operations Center on detection of abnormal values.
At any given time, the data from the previous thirty minutes for each plant is available.
If an event occurs, all data from that plant is retained; otherwise, data more than thirty minutes old is discarded.
This assures that conditions leading to an event are documented.
Retention of data received by the NRC Operations Center begins on receipt of an automatic alarm or when instituted by tne Operations Center (in case a subtle situation should fail to trigger an alarm).
This data is stored automatically for recall as needed after the Operations Center is fully activated.
These processes all take place without the attention of licensee I
control room personnel.
This is not to say that licensee personnel will not have essential input to the system.
In fact, it is important that the present voice link to the licensee plants be retained.
In a major incident, there is need for information other than raw data from the plant.
Facsimile capability should also be available.
Data required specifically for one incident can be entered into the system and made a part of the data base.
The recall and display of this data is a routine matter..
I I
4.
DESCRIPTION OF THE FULLY AUTOMATIC NUCLEAR DATA LINK ALTERNATIVE An automatic system for upgrading the NRC's emergency response capabilities is described in NUREG/CR-1451, " Conceptual and Programmatic cramework for the Proposed Nuclear Data Link." The proposed system provides for the transmission I
and automatic display at the NRC Operations Center of approximately 120 critical data parameters from each operating reactor.
Supplementary voice /
telefax communications are provided for as may be required.
The functions to be performed by the nuclear data link (NDL), along with the design considerations, dictate that the automatic system be composed of subsystems for data acquisition, communications, and for Operations Center I
data processing and display.
Each of the subsystems performs an essential function for the NDL; each one is logically distinct from the others.
'I The function of the data acquisition subsystem [to be implemented by the licensee and shared with the onsite technical support center (TSC), nearsite emerger,:y operations center (EOF), and safety parameter display system (SPDS)]
is to bring data from the plant into a computer, where the values can be converted into engineering units (if necessary), and then sent to the Opera-tions Center by the communications subsystem.
The data acquisition system has the ability to verify the form of the data it receives.
.l The communications subsystem takes the data from the data acquisition subsystem
- n and transmits it to the Operations Center over dedicated telephone lines.
(Test data can be generated without aid from the plant and transmitted to the I
NRC Operations Center for system verification.) The arriving data at the Operations Center is checked for errors; errors introduced into the data as it travels over the line from the licensee site to the Operations Center are detected and corrected.
The <4ta is then passed to the Operations Center subsystem for distribution ano diT;, lay to the NRC staff.
E Inside the Operations Center subsystem, the data is sent to two display areas B
and to storage devices for later retrieval.
The data to be viewed immediately is converted to a readable form, formatted for easy understanding, and sent to the display screens.
All data is processed by special software to make it I
easily retrievable, and is then sent to storage.
Another portion of the Operations Center subsystem receives commands from persons requesting that certain data be displayed in particular ways.
Special software retrieves the requested data from storage and sends it to the screens.
If a time trend has been requested, software also reprocesses the data and produces the requested plots promptly.
I I
5.
RELATIONSHIP 0F NUCLEAR DATA LINK TO ELEMENTS NECESSARY FOR EMERGENCY PREPAREDNESS The accident at Three Mile Island Unit 2 led to stuaies performed within the NRC and industry that identified the need for extensive improvements in emergency preparedness at nuclear power plants.
The following improvements are called for:
(1) Management and coordination of all support personnel and organizations having a response role; (2) Availability of information needed to assess and manage an accident at a nuclear reactor facility; (3) Continuous assessment of actual and potential radiological consequences; (4) Provisions (through State and local agencies) for early warning and frequent clear instructions to the local affected population; and (5) Provision for continuous accurate information to the general public.
.I Licensees will or have been required to provide new emergency response facilities or systems to assist in fostering these needed improvements.
These I
facilities or systems are the safety parameter display system (SPDS), technical support center (TSC), and emergency operations facility (EOF).
These along with the NDL, will operate as an integrated system to enhance management of the total emergency response (Figure 1).
These facilities must each provide for their own performance requirements, and the NDL, while serving NRC needs, must be consistent with these other emergency response facilities.
5.1 Safety Parameter Display System (SPDS)
The safety parameter display system (SPDS) is a required operating aid for I
control room personnel that displays those variables defining the safety
' status of important plant systems.
The SPDS is only a monitoring system and is not intended to replace any existing control room displays.
Its purpose is I
to consolidate information that describes plant safety status and to present this information in a useful display format.
The system will operate during both normal and abnormal operating conditions.
The design of the SPDS will provide the control room with a real-time display of a minimum set of plant parameters (a subset of the NDL parameters) from which the safety status of the plant may be quickly evaluated.
It will be I
capable of displaying this information during both steady-state and transient conditions.
Magnitudes and trends of appropriate parameters will be accessible to allow quick assessment of important plant processes.
The SPDS will be located in the plant control room and requires no additional staffing beyond current levels.
5.2 Technical Support Center (TSC)
The onsite technical support center (TSC) is a required emergency response facility that alleviates control room overcrowding during an accident.
It I
will provide plant tranagement and technical support to reactor operations personnel during emergency conditions and during emergency recovery operations.
Comprehensive data necessary to monitor the reactor systems status and evaluate I I 1
(c (Q
5ensor Inputs Control Room Senser G
r-----,
n':i!:,
M l Support And Plant Process for those variables If sted in R.G.1.97 Control Room Data Acquisition System with NDL Formatter required) g 7
l 01 splays l
Camputer (i.e.. excludin9 Type A) llllllllll llllllllllillglllllll
. Optional -.:
i 2
l
.i j
(Optional) ~ [{
g l
l-A j
l Processor i
[
Safety Parameter g
Display System l
It j
Utility /NRC Interface g~~~~~~~j Processor Technical Support jr Center j
((
NRC Terminal b
{
(includes Modes)
T i
UD D
If I f Processor Processor Plant Soundary Emergency MRC Operations Operations Center Factitty ir 1r Vendors. Licensee.
Headquarters. Etc.
Figure 1.
Functional Block Diagram of Data Flow
I I
plant systems abnormalities will be provided in the TSC.
These data will be a fraction of the variables available in the control room.* The data presenta-I tions will include current value, time rate of change, and time history displays of critical operational parameters.
Sufficient data to determine the plant dynamic behavior prior to and throughout the course of an accidant will I
be available for analysis in the TSC.
Such data will include up-to-date plant records and procedures to support technical analysis and evaluation of plant conditions during the emergency and recovery operations.
The TSC will be the emergency operations work area for designated senior plant management persoanel, licensee engineering and technical personnel, a small staff of NRC personnel, and any other licensee-designated personnel needed to I
provide the required technical support.
TSC will be located near the control room to allow " face-to-face" interaction between control room personnel and plant management working in the TSC.
5.3 Emergency Operations Facility (EOF)
The required nearsite emergency operations facility (EOF) will be located near I
the reactor plant and will provide continuous coordination and evaluation of all licensee activities during an emergency having potential or actual environ-mental consequences.
The overall management of licensee resources in response I
to an emergency will be based in the EOF.
The EOF will function as the post-accident recovery management center for both onsite and offsite activities.
To accomplish these functions, capability will be provided in the EOF for the collection and evaluation of all pertinent radiological, meteorological, and geophysical data.
Representatives from anpropriate offsite agencies will be present at the E0F I
and will coordinate emergency response activities.
Besides NRC and the Federal
)
Emergency Management Agency, these agencies include local, State, and Federal emergency response organizations ar.d will provide current information on conditions that may potentially affect the public welfare.
5.4 Data Availability j
The safety parameter display system (SPDS), a required contrni room display, will use some variables listed in Regulatory Guide 1.97, plus other site-specific variables of significance.
The data described in Regulatory Guide I
1.97 (types B, C, D, and E), including a SPDS display, define = the minimum data availability at the technical support center (TSC) and emergency opera-tions facility (E0F).
The Regulatory Guide 1.97 data also includes all data I
required for the NDL.
As shown in Figure 1, a data acquisition system separate from the plant process computer will be provided at each plant for Regulatcry Guide 1.97 data.
If Regulatory Guide 1.97 data were to be supplied by the process control computer, the possibility exists of competition for resources between the control room an/ 'he emergency response 'tcilities.
Separation of the data acquisition facili y liminates this possibility for required data.
The licensee may supply addi..unal data from the process control computer to
- The HDL will have a subset of the TSC variables.
I I
the TSC and EOF if the licensee chooses to do so.
It should be noted again that the NDL does not determine the data acquisition system requirements, which are basically determined by SPDS, TSC and EOF needs.
Thus the NDL system, which will be phased in shortly after the site requirements are satisfied, is not expected to impose a large incremental expense on licensees.
The large number of commonly required variables between the NDL, TSC, EOF and SPDS makes consideration of an integrated system appear more attractive from a standpoint of cost.
The major disadvantage of a single data acquisition system is that if the acquisition system fails, the data source is lost for all emergency response facilities.
Although it would be preferable to have completely separate date acquisition systems, appropriate and inexpensive measures can be provided to ensure reliability of the integrated NDL data stream.
Thus the interrelationship of the four systems in the single data acquisition system will not present an insurmountable technical problem.
Integration of the systems will encourage better communications during an emergency, particularly between the various licensee and NRC participants.
I Because the data received by all parties will be compatible (generated by the same sensor using identical engineering units), technical discussion will be enhanced and the independently generated displays will be similar.
Experience at THI-2, other incidents, and drills have demonstrated the need to greatly improve the timely transfer of technical data with minimal misinterpretation by the participants and the public.
1 I
I I
I I
I
6.
IMPLEMENTATION PLAN The Commission has made no decision to implement any of the alternative data acquisition systems considered in this report.
The Commission is continuing to consider the field of alternatives in the context of the respective roles of the agency, headquarters and regions in responding to a radiological emergency.
However, to provide a sense of the possible implementation requirements and schedule, an implementation plan has been devrloped for the most complex of the alternatives, the automatic data acquisition system.
The implementation plans for the nther alternatives can be expected to be less complex than the one described below.
Implementation of the nuclear data link (NDL) would require a major coordinated effort from NRC, the licensees, a System Integrator and selected contractor (s).
In summary, the implementation plan could employ the technical and managerial capabilities of a selected nonprofit institution or another Government agency as the NDL System Integrator who in turn would select, by competitive bidding, contractor (s) to design, supply, and install the NDL hardware and software.
The following specific responsibilities have been identified for each of the participating organizations.
6.1 NRC Responsibilities (1) NRC would assume the role of overall program manager which consists of establishing the system functional requirements and the overall program funding and schedule plan.
Draft functional requirements have been written and will be augmented and modified as needed based on the intended use of the NDL in aiding NRC to discharge their responsibilities during a radiological incident.
(2) The NRC would concur on the final NDL systems concept as developed and refined by the Systems Integrator.
(3) Prototype nuclear data link installations would be made at no more than three selected reactor plants to verify interface requirements and gain l
experience to facilitate installation at all the other plants.
The NRC l
would be responsible for making the overall arrangements with the lead I
plant utility organizations.
(4) The NRC would issue necessary regulations and guides that would enable the utilities to meet their commitments to provide the various support facilities such as the technical support center and the data acquisition system.
This also would include the interface specifications between l
such facilities.
1 (5) When the NDL installation becomes operational, the NRC would assume responsibility for its overall operation.
- 6. 2 System Integrator Responsibilities (1) The System Integrator would provide overall technical direction for the program within the framework re-established by the NRC funding and schedule plan and functional requirements.
(2) The System Integrator would complete the NDL system design in sufficient detail to allow for a competitive procurement of as much of.the hardware and software as time allows.
NRC would expect to select the System Integrator early in FY81.
+ g3
I (3) Project plans and schedules would be developed and maintained by the System Integrator.
(4) Requests for proposals would be prepared by the System Integrator and contractor (s) would be selected using the procurement services of the System Integrator organization.
(5) Contractor design and software work would be monitored by the System Integrator to ensure compliance to the systems specifications and schedules agreed to in the purchase contract.
(6) The System Integrator would provide liaison between the contractor (s),
the NRC and licensees as needed to ensure the timely integration of the overall NDL system.
(7) The System Integrator would specify and supervise the overall system operational verification tests which would demonstrate the combined operation of the plant data acquisition subsystem (including the NRC site transmission unit), the communication subsystem, and the NRC headquarters Operations Center subsystem under simulated nuclear accident conditions.
(8) The System Integrator would make provisions for a program to train NRC personnel to operate the NDL.
6.3 Systems Contractor (s)
The systems contractor (s) would be selected by competitive bidding to supply the hardware and software as prescribed in the contractural agreements with the System Integrator.
This would include documentation, training and arrangements for future maintenance and software updating.
6.4 Licensees (1) Licensees would be responsible to provide the controlled NDL data set as a part of their response to the NRC general requirement for provision of emergency facilities.
A preliminary specification, Functional Criteria for Emergency Response Facilities (Ref. 6), has been issued for interim use and comment.
(2) The licensees would be required to program and maintain the required data acquisition system so that data transmission would not be interrupted.
(3) The licensee would be required to provide space, power and environmental control for the NRC terminal.
(4) Not more than three licensee organizations would be asked to participate in a lead plant (prototype) program with the System Integrator to verify interface requirements and gain installation information.
l 6.5 Projected Cost and Schedule On July 10, 1980, the NRC staff presented to the Commission their recommenda-tions for the NDL system including anticipated costs and schedule (Ref. 4).
Preliminary cost estimates for one version indicated a total installed system cost would be of the order of 20 million dollars with initial operating capability projected to be achieved in about four years.
The four year schedule would permit integration of the NDL with the ther required utility emergency response systems (the onsite technical support center and the nearsite emergency opera-tions facility).
This would result in NDL capability being achieved without excessive impact on the operating utilities.
1
The current plans contemplate completion of the NDL system concept study by the end of FY80.
If an early decision is made to proceed with this alternative, lead plant prototype installation could begin in FY82 to verify interface requirements and obtain installation experience.
Based on the lead plant evaluations, detailed interface and equipment specifications could be com-pleted in FY82.
Contractor (s) would be selected by the competitive process.
The hardware and software would be procured and installed by mid-FY84.
The NOL system could achieve initial operational capability by the end of FY84.
I I
=
I I
I.
I
I 7.
REFERENCES 1.
U. S. Nuclear Regulatory Commission, " Conceptual and Programmatic Framework for the Proposed Nuclear Data Link," USNRC Report NUREG/CR-1451, April 1980.*
2.
NRC Commission Information Report, SECY-80-35, NRC Operations Center, January 21, 1980.**
3.
NRC Commission Information Report, SECY-80-35A, Update on Staff
, Actions Regarding a Nuclear Data Link, May 13, 1980.**
4.
NRC Commission Information Report, SECY-80-326, Nuclear Data Link (NDL), July 10, 1980.**
5.
U. S. Nuclear Regulatory Commission, Regulatory Guide 1.97,
" Instrumentation for Light-Water-Cooled-Nuclear Power Plants to Assess Plant and Environs Conditions During and Following an Accident (Proposed Revision 2, December 1979)."
Copies are available from NRC/GP0 Sales Program, Washington, D. C.
20555, Attention:
Regulatory Guide Account.
6.
U. S. Nuclear Regulatory Commission, " Functional Criteria for Emergency Response Facilities", USNRC Report NUREG-0696, July 1980.*
"Available for purchase from GPO Sales Program, U. S. Nuclear Regulatory Commission, Washington, D. C.
20444 and/or National Technical Information Service, Springfield, Virginia 22161.
- Available in NRC Public Document Room for inspection and copying for a fee.
I
.I
!I l '
t
_