SECY-23-0092, Annual Update on Activities to Modernize the U.S. Nuclear Regulatory Commissions Digital Instrumentation and Controls Regulatory Infrastructure and License Amendment Requests

From kanterella
(Redirected from SECY-23-0092)
Jump to navigation Jump to search
SECY-23-0092: Annual Update on Activities to Modernize the U.S. Nuclear Regulatory Commissions Digital Instrumentation and Controls Regulatory Infrastructure and License Amendment Requests
ML23228A226
Person / Time
Issue date: 11/01/2023
From: Dan Dorman
NRC/EDO
To: Commissioners
NRC/OCM
Carla Roque-Cruz, NRR/DORL, 301-415-1455
References
SECY-23-0092
Download: ML23228A226 (1)


Text

November 1, 2023 SECY-23-0092 FOR:

The Commissioners FROM:

Daniel H. Dorman Executive Director for Operations

SUBJECT:

ANNUAL UPDATE ON ACTIVITIES TO MODERNIZE THE U.S. NUCLEAR REGULATORY COMMISSIONS DIGITAL INSTRUMENTATION AND CONTROLS REGULATORY INFRASTRUCTURE AND LICENSE AMENDMENT REQUESTS PURPOSE:

This paper provides the Commission with an annual update of the status of ongoing work and planned future activities to modernize and improve the U.S. Nuclear Regulatory Commissions (NRCs) digital instrumentation and controls (DI&C) regulatory infrastructure and licensee-requested licensing action reviews. This paper does not address any new commitments or associated resource implications.

SUMMARY

The NRC staff has made significant progress in improving the clarity and reliability of the DI&C regulatory infrastructure and implementing it to enable the safe, expanded use of digital technologies in new reactor designs and operating plants. The NRC staff is transitioning to using the improved infrastructure to support the review of licensees DI&C modernization license amendment requests (LARs). This paper summarizes the NRC staffs significant accomplishments and ongoing activities in these areas since the last update in 2022 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML22222A148).

CONTACTS: Carla P. Roque-Cruz, NRR/DORL 301-415-1455 Michael Marshall, NRR/DORL 301-415-2871

The Commissioners 2

BACKGROUND:

The NRC staff presented the initial integrated action plan (IAP) to modernize the DI&C regulatory infrastructure to the Commission for approval in SECY-16-0070, Integrated Strategy to Modernize the Nuclear Regulatory Commissions Digital Instrumentation and Control Regulatory Infrastructure, dated May 31, 2016 (ML16126A137). In October 2016, the Commission approved the IAP through Staff Requirements Memorandum (SRM)-SECY 0070 (ML16299A157) and directed the NRC staff to provide annual updates. Since then, the NRC staff completed the IAP. However, additional improvements to the DI&C infrastructure continue to be identified and managed through routine processes.

DISCUSSION:

The NRC staff continues to complete DI&C infrastructure modernization activities and is implementing the improved infrastructure to support DI&C projects in accordance with the NRC Principles of Good Regulation. The NRC staff continues to identify opportunities to innovate and to be risk-informed, in these activities. The NRC staff has made progress on several key activities that support the improved clarity and reliability of the DI&C regulatory infrastructure, and it continues to engage stakeholders in implementing the infrastructure for DI&C projects.

Further, the NRC staff is reviewing major DI&C modernization LARs for operating reactors and is reviewing advanced reactor DI&C designs with the updated infrastructure. These activities support the NRCs vision to establish a modern, risk-informed regulatory infrastructure with reduced uncertainty that will enable the expanded safe use of digital technologies and are discussed further below.

Significant Accomplishments: Licensing Acceptance of Turkey Point Digital Instrumentation and Controls License Amendment Requests On July 30, 2022, NextEra/Florida Power and Light (FPL) submitted the Turkey Point Nuclear Generating Station LAR to support a major DI&C upgrade (ML22213A045). The LAR requested approval to replace Turkey Points reactor protection system, engineered safety features actuation system, and nuclear instrumentation system with digital systems based on the Framatome Tricon Programmable Logic Controller Version 10 digital-based platform. The NRC staff accepted the LAR for review on October 13, 2022 (ML22280A108), with a schedule for FPL to submit information needed to complete the application. However, as explained later in this paper, on June 28, 2023, FPL submitted a request for the NRC to temporarily suspend the review of the Turkey Point DI&C LAR (ML23179A141), and that suspension is still in effect.

Acceptance of Limerick Digital Instrumentation and Controls License Amendment Requests On September 26, 2022, Constellation submitted an LAR (ML22269A569) for Limerick Generating Station to support a major DI&C upgrade of the reactor protection system, nuclear steam supply shutoff system, and emergency core cooling system instrumentation. The licensee plans to integrate the three systems into a single new system called the plant protection system, which is a first-of-a-kind approach. The NRC staff accepted the LAR for review on December 9, 2022 (ML22339A064), with a schedule for Constellation to submit supplemental information needed to complete the application. However, as explained later in this paper, on May 23, 2023, Constellation submitted a letter (ML23143A342) to the NRC stating the digital modification at Limerick is delayed and the initial installation of the modification is being pivoted from Unit 1 to Unit 2.

The Commissioners 3

Significant Accomplishments: Guidance Issuance of Regulatory Guide 1.152, Revision 4 On July 25, 2023, the NRC staff published Revision 4 to Regulatory Guide (RG) 1.152, Criteria for Programmable Digital Devices in Safety-Related Systems of Nuclear Power Plants (ML23054A463). This RG endorses, with some exceptions and clarifications, Institute of Electrical and Electronics Engineers (IEEE) Standard (Std) 7-4.3.2-2016, IEEE Standard Criteria for Programmable Digital Devices in Safety Systems of Nuclear Power Generating Stations. IEEE Std 7-4.3.2-2016 reflects the latest advances in digital technology and techniques for designing and implementing programmable digital devices into new and operating plants. The updated regulatory guidance is expected to enhance the efficiency and effectiveness of the NRC staffs licensing reviews of upgraded DI&C systems.

Revision of Policy for Common Cause Failure of Digital Instrumentation and Controls Systems On August 10, 2022, the NRC staff submitted SECY-22-0076, Expansion of Current Policy on Potential Common Cause Failures in Digital Instrumentation and Control Systems (ML22193A290) to recommend updating the current DI&C common cause failure (CCF) policy from SRM-SECY-93-087, SECY-93-087 - Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advanced Light-Water Reactor (ALWR) Designs, dated July 21, 1993 (ML003708056). Specifically, the NRC staff requested that the policy be expanded to allow the use of risk-informed approaches to justify an appropriate level of defense-in-depth and diversity for high safety significance DI&C systems. On May 25, 2023, the Commission approved the NRC staffs recommendation with edits as contained in SRM-SECY-22-0076 (ML23145A176).

On July 24, 2023, the NRC staff issued a publicly available memorandum (ML23193A379) to inform staff and management of the change in policy. In accordance with the Commissions direction in SRM-SECY-22-0076, the NRC staff will issue final implementing guidance for light-water reactors (LWRs) on the revised policy.

Significant Accomplishments: Research Wireless Technologies The NRC staff, with the assistance of Sandia National Laboratories, undertook an effort to research the security risk of wireless technology devices in risk-significant (safety/security critical) networks. Specifically, the project aimed to provide insights to the NRC staff on the use of wireless communication technologies outside of the nuclear field. In September 2022, the NRC staff issued Technical Letter Report RES-DE-2022-007, Study of Wireless Technology Implementation in Isolated, High Consequence Networks (ML22180A008) documenting how other federal agencies and industries manage risks associated with wireless technologies such as considering the impact of increasing the attack surface for important-to-safety digital assets and identifying implementation barriers or challenges. As a result of this research, the NRC staff concluded that other Federal regulatory bodies do not have technology or security tools that would be available for use in the nuclear industry. The NRC staff, with the assistance of Oak Ridge National Laboratory, also undertook an effort to research potential impacts from the expanded use of wireless technologies. Specifically, the staff is looking to identify and assess the significance of potential effects from modern wireless modalities, such as emissions from cell phones, Bluetooth, and other Wi-Fi devices, on existing safety-related/important-to-safety

The Commissioners 4

digital assets. As a result of this research, the NRC staff concluded that current regulatory guidance concerning stand-off distances does not need to be changed and will continue to ensure safety even with new modern wireless modalities (e.g., Bluetooth, 5G).

Model-Based System Engineering In response to industry's interest in performance-based licensing reviews of DI&C systems, the NRC staff researched the technical approach model-based system engineering (MBSE) under the Future Focused Research program. MBSE can be used to better understand a system and support development of system requirements, design, analysis, verification, and validation activities. The NRC staffs research included modeling an example reactor protection system to verify the validity of the design analytically. MBSE, as demonstrated in this research, can be used to meet existing regulatory requirements and entails less uncertainty than the current methods for software development and licensing review. The NRC staff issued the final report with the MBSE research findings (ML22326A307, nonpublic) in October 2022. As a result of this research, the NRC staff has a better understanding of new methods used by industry and universities and concluded that additional research in this area would be beneficial in supporting regulatory activities.

Ongoing Key Activities: Licensing Regulatory Issue Summary Regarding Future Submittals The NRC staff is developing a Regulatory Issue Summary (RIS) to help inform the agencys budget and resource planning for applications related to analog to digital or digital-to-digital I&C upgrades by seeking, on a voluntary basis, scheduling information for pre-application activities and submittal of applications. The RIS will additionally promote enhanced communication between the NRC and applicants for submittals expected within the next 2 years.

Review of Turkey Point DI&C LAR On June 28, 2023, FPL submitted a request for the NRC to temporarily suspend the review of the Turkey Point DI&C LAR (ML23179A141). Due to unforeseen material supply issues, FPL plans to reduce the scope of the digital modification at Turkey Point that will necessitate a substantial revision to the LAR. According to FPLs letter, the requested suspension would remain in effect until further notice and would resume upon resubmittal of the revised LAR. FPL tentatively plans to submit a revised LAR to the NRC in December 2023. On July 20, 2023, the NRC staff informed FPL (ML23188A124) that the review of the Turkey Point DI&C LAR has been suspended as the licensee requested.

Review of Limerick DI&C LAR On May 23, 2023, Constellation submitted a letter (ML23143A342) to the NRC stating the digital modification at Limerick is delayed and the initial installation of the modification is being pivoted from Unit 1 to Unit 2. The licensee stated that the final design activities for the [digital modification] have been delayed due to additional design refinement iterations. Because of the delay, Constellation is changing its planned installation from Unit 1 in April 2024 to Unit 2 in April 2025. On July 19, 2023, the NRC staff sent Constellation a letter (ML23187A096) informing the licensee that the completion date for the Limerick DI&C LAR review has been

The Commissioners 5

changed from March 11, 2024, to October 31, 2024, due to Constellations delays in submitting information that is necessary for the staff to complete its review of the LAR.

Ongoing Key Activities: Guidance Standards for Safety-Related Instrumentation and Control Systems The NRC staffs path forward for improving DI&C safety criteria includes an objective of providing industry with the regulatory confidence to use more recent versions of IEEE Std 603, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, and other internationally accepted standards for the development of safety-related instrumentation and control systems. The NRC staff is identifying and analyzing several available options that can be exercised to achieve this objective. A public meeting took place on September 14, 2023 (ML23242A169), to discuss these options and to receive industry feedback on other methods that may be considered to support this initiative.

Revision of Policy for Common Cause Failure of Digital Instrumentation and Controls Systems On July 11, 2023, the NRC staff held a public meeting (ML23233A068) with external stakeholders to share its plan for developing the implementing guidance discussed in SRM-SECY-22-0076.

For LWR reviews, the NRC staff is currently revising Branch Technical Position (BTP) 7-19, Guidance for Evaluation of Defense in Depth and Diversity to Address Common Cause Failure Due to Latent Design Defects in Digital Safety Systems, to incorporate the expanded policy in accordance with the Commissions direction in SRM-SECY-22-0076. The guidance in the current revision (i.e., Revision 8), issued in January 2021 (ML20339A647) of BTP 7-19 explicitly addresses the CCF policy in SRM-SECY-93-087. The NRC staff is making targeted edits to the BTP to incorporate the expanded policy and to address a prior commitment to the Advisory Committee on Reactor Safeguards (ACRS) concerning inclusion of language regarding uni-directional communications from high safety-significance systems to lower safety-significance systems. The NRC staff is applying the existing risk-informed decision-making paradigm (e.g.,

RG 1.174, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis (ML17317A256); and RG 1.233, Guidance for a Technology Inclusive, Risk Informed, and Performance Based Methodology to Inform the Licensing Basis and Content of Applications for Licenses, Certifications, and Approvals for Non Light Water Reactors (ML20091L620)). The NRC staff presented the revisions to the BTP to the ACRS on September 7, 2023. The revised BTP will be issued for public comment in the first quarter of fiscal year (FY) 2024.

The expanded policy also applies to non-LWR DI&C reviews. For these reviews, the NRC staff relies on RG 1.233 and the Design Review Guide (DRG), Instrumentation and Controls for Non-LWRs Reviews, dated February 26, 2021 (ML21011A140). While the language used in the DRG does not clearly connect to the revisions of the four points in SRM-SECY-22-0076, the language does not preclude the reviewers from considering alternative approaches. Therefore, the NRC staff will use pre-application engagement to discuss use of the expanded policy with interested applicants to address any questions or concerns. The NRC staff plans to revise the DRG, and possibly RG 1.233, in the future. The revision will address the differences in language discussed above and reflect any additional clarifications or improvements based on lessons learned by the NRC staff and prospective applicants, input received from the stakeholders during the ongoing advanced reactor I&C public workshops, and other interactions. The NRC

The Commissioners 6

staff believes this experience is necessary to understand what guidance on these matters would be of use to non-LWR applicants (e.g., on risk-informing the selection of critical safety functions). In the interim, the NRC staff will continue to address any questions or concerns from stakeholders in this area, including addressing the SRM-SECY-22-0076 policy in the applicable DI&C system design process.

Nuclear Energy Institute 20-07, Revision E On July 24, 2023, the Nuclear Energy Institute (NEI) submitted draft NEI 20-07, Revision E, Guidance for Addressing Common Cause Failure in High Safety-Significant Safety-Related Digital I&C Systems. The NEI requested that the draft be reviewed (ML23205A193), be withheld from public disclosure (ML23205A187), and requested exemption from fees (ML23205A192). NEI revised NEI 20-07 to help utilities implement the new policy described in SRM-SECY-22-0076. NEI 20-07, Revision E, which includes proposed guidance on using a performance-based methodology, based on processes used in other safety-focused industries, to support the design and implementation of highly safety-significant and safety-related DI&C system upgrades. The NRCs Chief Financial Officer approved the fee exemption request on October 25, 2023 (ML23206A010).

Ongoing Key Activities: Research Systems-Theoretic Process Analysis Systems-Theoretic Process Analysis (STPA) is a modern hazard analysis technique (ML22172A099) used in safety critical applications inside and outside of the nuclear industry.

The method can identify hazards from causes other than hardware failures to formulate engineering requirements and constraints needed to prevent, avoid, or otherwise control these hazards. The NRC staff is anticipating applicants will increasingly employ STPA in systems-based design development of DI&C. As part of the Future Focused Research (FFR) program, the NRC staff completed a project that served as a precursor to current NRC staff efforts to increase the capability to independently review STPA-informed submittals from applicants and licensees and to more broadly understand the potential of modern hazard and accident analysis methods, such as STPA and Causal-Analysis based on System Theory (CAST). Early in FY 2023, the NRC staff publicly released the reports on STPA (ML22272A315) and CAST (ML22272A317) produced from the FFR project. Key findings from the reports directly led to the current research effort to learn more about STPA through a case study. Results from ongoing research on STPA are expected to be useful to the NRC staffs review of NEI 20-07, Revision E.

Safety Assurance Case Approach A safety assurance case approach (SAC) is a documented body of evidence that provides a demonstrable and valid argument that a system is adequately safe for a given application and environment over its lifetime. Industry has expressed interest in presenting safety analyses using the SAC approach. The NRC staff is participating in related research along with the Defense Advanced Research Projects Agency (DARPA). The DARPAs research is developing a demonstration SAC using the information produced in the NRCs MBSE research. The NRCs research will integrate the knowledge gained from the DARPA project and the Organization for Economic Co-operation and Development (OECD)/Nuclear Energy Agency (NEA) Halden Human Technology Organization (HTO) joint project (formerly known as the Halden Reactor Project) operated by the Institute for Energy Technology in Norway and reported under International Engagement to develop the technical basis for evaluating an application

The Commissioners 7

organized using the SAC format.

Ongoing Key Activities: Domestic Engagement Workshops on Instrumentation and Controls for Advanced Reactors On February 23, March 16, and April 4, 2023, the NRC staff held public information meetings with questions and answers with representatives from industry, including the NEI, the national laboratories, and members of the public to discuss the I&C licensing framework for advanced reactors (ML23082A319 and ML23226A141). The workshops are part of the NRC staffs efforts to streamline reviews of future license applications and to ensure common understanding amongst the NRC staff and potential applicants. During the workshops the NRC staff provided an overview of on-going activities under the NRC-led Advanced Reactor Content of Applications Project and discussed with external stakeholder these activities, the Licensing Modernization Project, and I&C DRG. Additionally, the NRC staff addressed specific industry questions such as the use of alternative international I&C safety standards and how their use impacts digital I&C licensing decisions and applicability to NRC regulations.

U.S Department of Energy The NRC staff continues its engagement with the U.S. Department of Energy (DOE) through application of a memorandum of understanding (MOU) (ML19263C976) to coordinate technical readiness and sharing of technical expertise and knowledge on advanced nuclear reactor technologies and nuclear energy innovation pursuant to the Nuclear Energy Innovation Capabilities Act of 2017. In the past year, there were multiple DI&C technical exchanges associated with the following projects managed by the DOEs Office of Nuclear Energy: the Light-Water Reactor Sustainability Program Modernization Pathway, the Advanced Sensors and Instrumentation Program, and the Advanced Remote Monitoring and Diagnostic Services Program. The outcomes from these technical exchanges benefitted the NRC staff and informed several ongoing projects, including STPA, wireless technologies, and MBSE research projects discussed above.

Electric Power Research Institute Staff members from the NRC and the Electric Power Research Institute (EPRI) have continued to cooperate through application of an MOU (ML21263A196) on several research areas, including DI&C topics. During the past year, the NRC and EPRI staffs held technical exchange meetings to discuss the strategic direction of the respective research programs and identified opportunities to enhance cooperation. As a result of these meetings, the NRC staff has gained awareness of the latest EPRI tools for performing analysis of DI&C systems, including cybersecurity reviews. The NRC staff facilitated agencywide training on the EPRI-developed Technical Assistance Methodology (TAM). The TAM is a bottom-to-top cybersecurity engineering approach to assess and mitigate cybersecurity vulnerabilities in equipment used in modern critical infrastructure. The TAM integrates with EPRIs Digital Engineering Guide (ML23153A096, nonpublic) framework. Several NRC licensees and applicants have applied both the Digital Engineering Guide and the TAM as part of their DI&C system designs.

Ongoing Key Activities: International Engagement The NRC staff continues its engagement in several international DI&C activities to assess how approaches used by other regulatory authorities could improve the efficiency, clarity, and

The Commissioners 8

reliability of the NRCs current DI&C regulatory framework. The NRC staff conducts periodic bilateral technical exchanges with other regulatory authorities to address DI&C technical and regulatory challenges that are common to the respective agencies. In September 2023, the NRC staff held a technical exchange meeting with counterparts from Gesellschaft für Anlagen-und Reaktorsicherheit (GRS), Germany. The NRC-GRS relationship has been mutually beneficial. In addition, the NRC staff experts lead and participate in ongoing technical and guidance development activities for DI&C at the International Atomic Energy Agency and the International Electrotechnical Commission. From December 2022 to September 2023, the NRC staff participated in technical meetings, consultancy meetings, and a workshop focused on technical information exchanges to address the CCF issue. The NRC also participates in the working group on DI&C within the OECD/NEAs Committee on Nuclear Regulatory Activities. These engagements are beneficial in building international technical consensus on common DI&C issues and in developing standards and technical documents introducing performance-based approaches to safety analysis of DI&C systems.

As part of the OECD/NEA HTO joint project, the NRC participates in the HTOs digital systems research for existing and new reactors. The research intends to enable migration towards a safety-outcome-oriented, performance-based, risk-informed approach and away from more traditional approaches based on prescriptive guidance, providing greater flexibility to the licensees and applicants. The NRC staff worked closely with the HTO in organizing and executing a series of workshops with subject matter experts to assess the state-of-the-art safety assurance of critical DI&C systems.

The NRC staff also participates in the Regulator Task Force on Safety Critical Software for Nuclear Reactors, collaborating with regulators and their technical support organizations from the United Kingdom, Germany, Sweden, Finland, Belgium, Spain, Canada, the Republic of Korea, and China. Every year, this task force updates and publishes its report Licensing of safety critical software for nuclear reactors: Common position of international nuclear regulators and authorized technical support organizations. The report focuses on issues experienced by task force participants and serves them and their stakeholders as a technical reference. The report will be published as NUREG/IA-0463, Revision 1.

CONCLUSION:

The NRC staff continues to implement improvements to the clarity and reliability of the DI&C regulatory infrastructure to facilitate the expanded safe and secure use of DI&C in nuclear reactors. The NRC staff is transitioning from DI&C infrastructure modernization to using the improved infrastructure to review requested licensing and certification actions. The NRC staff continues to engage extensively with external stakeholders on both the development and the implementation of key DI&C activities. The NRC staff also continues to look for opportunities to innovate and, to be risk-informed, as efforts to modernize the DI&C infrastructure continue in parallel with licensing action reviews.

The NRC staff will continue to provide the Commission with information and recommendations, as appropriate, related to emerging policy issues and the status of the NRC staffs DI&C infrastructure, licensing, and certification activities.

The Commissioners 9

COORDINATION:

The Office of the General Counsel has reviewed this paper and has no legal objections.

Daniel H. Dorman Executive Director for Operations Daniel H.

Dorman Digitally signed by Daniel H.

Dorman Date: 2023.11.01 07:42:02

-04'00'

ML23228A226 (Annual Update)

SECY-012 OFFICE NRR/DORL/LLPB/PM NRR/DORL/LLPB/LA NRR/DEX/EICA/BC NRR/DEX/EICB/BC NAME CRoque-Cruz DHarrison JPaige RStattel DATE 8/17/2023 8/24/2023 9/6/2023 9/5/2023 OFFICE RES/DE/ICEEB/BC RES/DE/RGPMB/BC RES/DE/D NRR/DORL/D NAME CCook SWyman for MRahimi MSampson BPham DATE 9/7/2023 9/7/2023 9/13/2023 9/14/2023 OFFICE NRR/DEX/D QTE OGC NRR/D NAME EBenner JDoughtery RWeisman AVeil (AKock for)

DATE 9/19/2023 8/25/2023 10/12/2023 10/19/2023 OFFICE EDO NAME DDorman DATE 11/01/23