ML20066A098

From kanterella
Jump to navigation Jump to search
Comments on Proposed Rule 10CFR50 Re Erds.Nrc Adoption of Cumbersome Hardware & Software Design to Establish ERDS Link Connection Discouraging
ML20066A098
Person / Time
Site: Kewaunee Dominion icon.png
Issue date: 12/20/1990
From: Evers K
WISCONSIN PUBLIC SERVICE CORP.
To:
NRC OFFICE OF THE SECRETARY (SECY)
References
CON-NRC-90-142, FRN-55FR41095, FRN-56FR40178, RULE-PR-50 55FR41095-00010, 55FR41095-10, AD32-2, AD32-2-45, NUDOCS 9101030022
Download: ML20066A098 (8)
v  d  e


Text

- . -.. -- _ . . .- - - - . ~ .- . . -

o- -

DOCKET NUMBER g PROP . . .D Rule g g -NRC-90-142 WPSC (41114331598 .

TELECOPIER (414)433 5544 LIC\NRC\N448 CO"CKE fgYLINK 628919 MscossiN punue_stavice eon _ponanow 600 North Adams e P O Box 19002

  • Green Bay. WI 54337 9002

'90 . 0EC 21 P4 :08 e n e;r - t ,-

o Vi f.

is December 20,1990 10 CFR 50.72 10 CFR 50 Appendix E Secretary of the Commission A'ITN: Docketing and Service Branch U._ S Nuclear Regulatory Commission Washington, D.C. 20535 Gentlemen:

Docket 50 305 Operating License DPR Kewaunee Nuclear Powu Plant

. Smergency Response Data System 4..

On- October 9,1990, _the Nuclaar Regulatory Commission issued a proposed rule for the

~' Emergency Response . Data System (reference 55 FR 41095). Wisconsin Public Service Corporation (WPSC) h;.s the following comments in response to the proposed rule:

1. PROTOCOL-We are very discouraged to find that the NRC is adopting a cumbersome hardware and

- software design to establish the ERDS link connection. The proposed design will require numerous manheurs to implement the system as well as maintain the software developed.

- The proposed design also requires constant operator attention while the system is in use.

Common sense dictates that during a plant emergency, the emergency response organization (or minimal staff that is onsite off-hours) will place first priority on ensuring -

the safety of the plant and personnel at the time an event is identified. . A system that requires constant operater attention is not a sound design.

g10ggo22901220 SO 55FR41095 ppR g(D -

Secretary of the Commission December 20,1990 Page 2 Attachment 1 to this letter details our technical concerns with the current design. The information was prepared by WPSC personnel who are experienced in computer system installations. These people will be responsible for installing the ERDS system at Kewaunce. The information in the attachment includes an alternate approach to the proposed design which would be achievable even though the NRC has commenced implementation of the system.

Based 'on a conversation with the NRC ERDS Representative and NRC's contractor on November 8,1990, it is our understanding that Kewaunee may have been the first site to have utility computer analysts present at a site visit. For that reason, Kewaunee may be the only site to question the ERDS link connect design and express this concern; however, our comments should benefit all sites who currently are not connected to the ERDS system. Due to the fact that the proposed rule specifically references NUREG 1394 (see 10CFR50 Appendix E, proposed paragraph VI.2.c), utilities will no doubt have to abide by the protocol as presented in the NUREG upon issur.nce of the rule in this context.

2. ACTIVATION 10CFR50.72, proposed pragraph (a)(4) requires ERDS activation at the time that the NRC is notified of the declaration of an Alert or higher emergency class. Since 10CFR50.72 also requires NRC notification be made within one hour of declaring the event, this will require that the ERDS system be placed in the Control Room since we cannot be assured that the Technical Support Center (TSC) would be activated at the time we are ready to notify the NRC (e.g., off-hours).

In addition to activating the ERDS system, placing the ERDS system in the Control Room

will also require Control Room personnel to monitor the ERDS connection and re-establish L the connection if it fails; this places an unnecessary burden on the Control Room personnel. A more acceptable approach would be to implement a system that is totally automated, i.e., no operator intervention (see comments under " PROTOCOL" above). If this is not achievable, then a more appropriate activation sequence would be to require ERDS activation upon activation of the TSC. Communications via the Emergency Notification System (ENS) would still be available, and TSC activation should occur at approximately the same time or earlier than the NRC Operations Center activation.

Activating the ERDS as soon as the TSC is activated would still meet the objectives of the system.

Secretary of the Commission December 20,1990 Page 3 1

3. STATE ACCESS-The proposed' ERDS design includes user ports for State access (reference document SECY-90-256). It is our belief that not all State emergency government organizations are capable of utilizing this plant specific information. Therefore, this may place another burden on the utility to provide a Plant Systems Engineer in the State Emergency Operations Center (EOC) to interpret this data and ensure it is utilked appropriately (e.g.,

- public information releases). ~It is also a concern that State employees may attempt to

~

assess plant systems' status and challenge planned corrective actions.

The availability of this data must not detract from the State's role in responding to an emergency. A possible solution to this concern would be to provide the State with access to only the information necessary for its functions (meteorological data, release rates).-

- 4. - ACCESS RESTRICTIONS -

In speaking 1with the NRC ERDS Representative on November 8,1990, it is our understanding that the ERDS design will allow access to each plant's data by all NRC regions. The NRC should restrict access to only those regions that are directly invcived in responding to the event and those states with boundaries within the plant's 10 mile

- emergencp planing zone.(EPZ). If such access restrictions are not imposed, there would -

Lmost likely be an increase in calls from outside organizations requesting interpretation of i data / additional data, system status, etc. It is extremely-important that utility response  ;

personnel are free to support the needs of offsite organizations that are directly affected t

by the event.

s

5. VOLUNTEER EXEMPTIONS

~

10CFR50 Appendix E, proposed paragraph VI.4.b states that licensees who have-

_ operational ERDS interfaces that have been approved under the voluntary program are

.y considered to have met proposed paragraphs VI.1 and;2.1 . Paragraph VI.4.b should be expanded to include reference to paragraph VI.4.a. Submittal of an implementation plan ,

should not be required of licensecs who have already implemented an ERDS system.

J.; .,

Secretary of the Commission

. December 20,1990 ,

Page 4 - ,

In .a'ddition, proposed paragraph VI 4.b does not address licensees in the voluntary program who have invested considerable time and resources prior to issuance of the rule, but have notl received final approval. Licensees who have submitted the information -t required by the voluntary program along with a proposed impicmentation schedule should.

also be exempt from ~ paragraphs VI.1, VI 2 and VI 4.a.

The above issues'ehould~ be carefully considered pt .r- to issuance of a rule and full

'implemeritation of ERDS, In addition,.WpSC endorses the comments that have been submitted

by the Nuclear Management and Resources Council (NUMARC).

Sincerely. -

. K. H. Evers b-A j

' Manager-Nuclear Power '

' LAS/jms

- Attach. .

ec '- Mr. P.1, Castlemen,-US NRC-.  !

< US.NRC, Region III Mr. J. R.=Jolicoeur,iUS NRC ,

-5 i

a-4 Y

,, . < , , . , - - , , , . . ---,--w,,-.-r --, -. - . . , , > - r n -t-- , +

y . . -_ . . - _ - .. . .. .-

i Secretary of the Commission December 20,1990 ATTACHMENT 1 Technical Comments on Emergency Resoonse Data System Wisconsin Public Service Corporation (WPSC) wishes to offer the following technical comments regarding the proposed Emergency Response Data System (ERDS). These comments will be organized into three major categories:

1) A critique-of the proposed data protocol as documented in NUREG 1394, ERDS- Implementction, Appendix B (ERDS . Communications Description),

published in April 1990.

2) A recommended approach which would achieve the same goal at a lower cost -

to all facilities while providing a more robust interface.

3) An alternate to the superior design suggested in the preceding section which recognizes that the NRC may have already invested in the implementation of the -

protocol documented in ITUREG 1394. The proposed alternate design would reduce the facility cost of implementing the protocol and assure the NRC of compliance to their design; .

NRC PROTOCOL ~

The following narration describes the link connection process
1) The site dials _up the NRC system, waits for an answer, and initiates a LINK message,

- [II.B.1.a]

-2) If the above step was unsuccessful, wait one minute and try again. [II.B.1.a]

- 3) If the second attempt was also unsuccessful, repeat for a total of five attempts, then call

_the NRC before disconnecting (although you- may not have achieved' a connect).

[II.B.1.a]

4) _ Once connected, you must wait up to one minute to be advised that ERDS is ready-for c data.. If this message doesn't come, go back to the first step. [II.B.1.c]

5)- Initiate the regular transmission of periodic data.

l Secretary of the Commission December 20,1990 Attachment 1, Page 2 In the event of a loss of carrier, a reconnection process limilar but different than the initiate process must be performed. The expectations of the NRC are clearly stated as, "It is the responsibility of the site to monitor the outgoing line for loss of communications."

It would seem that initiating this process at the early stages of an event is very cumbersome and raises a very legitimate concern as to the appropriate allocation of response personnel, particularly when superior alternatives are available which do not require such attention.

The format of the data transmitted is relatively straight-forward except for the encoding of a checksum character. The NRC has recognized the importance of ensuring only correct data is processed; however, the implementation of checksum encoding raises the technical requirements of the project to one requiring low level (i.e. more dif6 cult) computer programming efforts, with the consequential increase in debugging and likelihood of error. The use of error correcting modems does provide a level of data integrity higher than the simple checksum scheme described in NUREG 1394 as, at the hardware level, data retransmissions will take place until a good block of data is received, whereas at the software level the defined protocol fails to identify how suspect data is handled (presumably discarded). Consequently, utility resources are being expended to comply with a superfluous requirement.

Lastly, during the November 8,1990, meeting at the Kewaunce Nuclear Power Plant (KNPP),

the NRC contractor made reference to a facility survey conducted to determine the appropriate protocol. While a survey was conducted at KNPP in the past, as part of the presumed study, no specific protocol was discussed. Further, based on a technical assessment of the Appendix B protocol, WPSC can hardly accept the statement that this protocol was one which most licensees could accommodate with the least effort: this simply is not true.

PROPOSED PROTOCOL A more appropriate manner to implement this type of " receive only" data connection is to allow the initiator of the data to " broadcast" the data in a denned format, and to allow the receptor to decode the data as desired. A data buffer, defined by the NRC (without checksums, since error correcting modems are being used), could be issued by the licensee computer at regular intervals as initiated by a software function (which could be generated either automatically by the plant computer at some parameter threshold, or by a simple manual function initiation). This transfer wou!d go to the modem, configured for auto answer, so that whenever the NRC system is ready to mau connection with the facility nR. manual intervention is required from the on site personnel. In the event of a lost carner, the reconnection would be initiated from the NRC end of the link where the loss would be more immediately noticed. This would avoid the assignment of site personnel to the task of tending to the computer link at a time when more critical tasks i

Secretary of the Commission December 20,1990 Attachment 1, Page 3 should be attended. If a licensee has concerns about ensuring that no incoming transaction can possibly interact with his computer, the receive data line on the modem can be disabled, physically preventing any data from being received by the computer. If implementation of a

" soft switch" does not provide a licensee with assurance that plant data might be inadvertently transmitted to the modem, a simple hardware switch could be placed between the output port and the modem. To summarize, the advantages of this design include:

1) No manual action required by the licensee to establish modem to modem connection.
2) Simple data initiation, via either a soft or hard switch.
3) Reconnection procedure initiated by NRC without the intervention of the licensee.
4) Integrity of licensee computer system ensured through physical disabling of incoming data.

This scheme is not textbook or hypothetical: it has been implemented within WPSC in various forms and has proven to be simple and reliable.

ALTERNATIVE PROTOCOL Since the link implementation has already been demonstrated, the NRC may be resistant to improve the design (the NRC ERDS representative commented at the November 8 meeting that they do have trouble with carrier loss in the present scheme). An informal proposal made by WPSC a'. the ERDS meeting at KNPP on November 8, ',as that the NRC contractor develop a low level software package, capable of running on an IBM compatibic machine, that would handle all the cumbersome connect and reconnect procedures. Their program would be designed to operate in a multitasking environment, where the utility could write one task to receive data from the plant data systems in whatever format they desired, and then pass the data to the NRC provided task which would handle all the link protocols. Not only would this give the NRC increased control over how the data transfers were negotiated with their system, but it would relieve each licensee from developing a low level software package to implement this system.

Errors found during one facility's experience would be corrected and fixes provided to all other facilities. Each licensee would have to provide a computer capable of running this package, but the per link cost would be approximately $5000 which is less than the long term cost of complying with the Appendix B scheme. WPSC hopes that if the NRC were to accept such a proposal that they would solicit the involvement of utility personnel that will be responsible for ERDS installation.

Secretary of the Commission December 20,1990 Attachment 1, Page 4 L'DECLA31DS Compliance with the protocol as promulgated by the NRC :s not impossible. However, it is not efficient, nor is it robust. The present design will cause each licensee to expend unnecessary resources to start up the system, maintain the system, and in the near future modify the system.

These mistakes and their associated costs can be avoided by correcting the design at this time.

8

Retrieved from "https://kanterella.com/w/index.php?title=ML20066A098&oldid=3073519"