Text

UNITED STATES NUCLEAR REGULATORY COMMISSION ADVISORY COMMITTEE ON REACTOR SAFEGUARDS WASHINGTON, DC 20555 - 0001 November 17, 2022 MEMORANDUM TO:

Ronald Ballinger, Lead SHINE License Application Review Subcommittee Advisory Committee on Reactor Safeguards FROM:

Jose March-Leuba, Member Advisory Committee on Reactor Safeguards

SUBJECT:

INPUT FOR ACRS REVIEW OF SHINE OPERATING LICENSE APPLICATION - SOFTWARE LIFE CYCLE In response to the subcommittees request, I have reviewed a presentation made by representatives from SHINE Medical Technologies, LLC (SHINE), to the Advisory Committee on Reactor Safeguards on September 9, 2022, to discuss software life cycle issues, and how they are addressed by SHINE. The following is my recommended course of action concerning further review of this topic.

=

Background===

Rock Creek Innovations, LLC, provides the overall system design control for the highly integrated protection system (HIPS) to the SHINE facility. It is used to implement the facility safety-grade functions using field programmable gate array (FPGA) technology, which uses software to generate the quasi-analog components that perform the required actions. The specific HIPS implementation for SHINE is documented in Chapter 7 of the final safety analysis report (FSAR), and it has been reviewed by the staff. The Rock Creek Innovations, LLC, software life cycle plan for HIPS is described in their September 9, 2022, presentation to ACRS.

HIPS Software Life Cycle The programmable-logic lifecycle process consists of five phases: Planning, Requirements, Design, Implementation, and Test. Thorough this process, SHINE implements the requirements of the Institute of Electrical and Electronics Engineers (IEEE) Standard 10122004, IEEE Standard for Software Verification and Validation.

A key component of the software life cycle is the proper identification, documentation, and retention for future reference of the system requirements. Of special concern are those changes that are introduced during the design, implementation, and testing phases; Rock Creek Innovations, LLC, states that they have processes to continuously update and document the requirements to reflect the as-built HIPS components. This step is crucial for projects that receive a license for 40, 60, or even 80 years and must be maintained for the life of the facility.

R. Ballinger Rock Creek Innovations, LLC, achieves this goal by implementing a programmable logic requirements specification (PLRS) that translates the project-specific system design requirements into detailed programmable-logic requirements that enables the development and verification of the design. A separate PLRS is developed for the FPGA on each HIPS module and maintained as a record for the life of the project. One concern is the reliance on an external contractor to achieve this necessary process; SHINE, as part of their management plan, should remain involved with the process and have a backup plan to replace contractors or perform the work inhouse should it become necessary.

A significant concern is cybersecurity, especially for what is known as supply chain attacks.

The HIPS modules are not immune to this problem and could be a vector for introducing malware into the facility. Rock Creek Innovations, LLC, states that all their programming activities are performed within a Secure Development Environment (SDE) and Isolated Development Network (IDN) to prevent this issue. In addition, the SDE/IDN will be maintained in its current state to ensure that, even in the far future, required HIPS software updates can be compiled and implemented into FPGA modules.

Concerns I did not identify any specific deficiencies with the proposed SHINE approach not meeting requirements of the review criteria.

Recommendation As lead reviewer for SHINE Software Life Cycle issues, I recommend no further action.

References

1.

Advisory Committee on Reactor Safeguards Transcript, SHINE Medical Technologies, LLC, Programmable Logic Lifecycle Overview, Rock Creek Innovations.

September 9, 2022 (ML22278A068).

2.

SHINE Technologies, LLC, Application for Operating License Supplement 14, Revision to Final Safety Analysis Report, Chapter 7, Instrumentation and Control Systems, January 26, 2022 (ML22034A642).

3.

SHINE Technologies, LLC, Final Safety Analysis Report, Chapter 7, Instrumentation and Control Systems, August 31, 2022 (ML22249A136).

R. Ballinger November 17, 2022

SUBJECT:

INPUT FOR ACRS REVIEW OF SHINE OPERATING LICENSE APPLICATION - SOFTWARE LIFE CYCLE Package No: ML22319A197 Accession No: ML22321A210 Publicly Available Y

Sensitive N

Viewing Rights:

NRC Users or ACRS Only or See Restricted distribution OFFICE ACRS/TSB SUNSI Review ACRS/TSB ACRS NAME CBrown CBrown LBurkhart JMarch-Leuba DATE 11/17/2022 11/17/2022 11/17/2022 11/17/2022 OFFICIAL RECORD COPY