ML14078A636: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 3: | Line 3: | ||
| issue date = 03/06/2014 | | issue date = 03/06/2014 | ||
| title = Phase 0 2014-Mar-06 Review of Digital I+C Upgrade (El NRC Presentation) Rev-Mar 4 Redacted | | title = Phase 0 2014-Mar-06 Review of Digital I+C Upgrade (El NRC Presentation) Rev-Mar 4 Redacted | ||
| author name = Lau E | | author name = Lau E | ||
| author affiliation = Massachusetts Institute of Technology (MIT) | | author affiliation = Massachusetts Institute of Technology (MIT) | ||
| addressee name = | | addressee name = | ||
| Line 9: | Line 9: | ||
| docket = 05000020 | | docket = 05000020 | ||
| license number = R-037 | | license number = R-037 | ||
| contact person = Hardesty D | | contact person = Hardesty D | ||
| case reference number = TAC MF3106 | | case reference number = TAC MF3106 | ||
| package number = ML14078A659 | | package number = ML14078A659 | ||
| Line 19: | Line 19: | ||
=Text= | =Text= | ||
{{#Wiki_filter: | {{#Wiki_filter:MIT Research Reactor Edward S. Lau Assistant Director of Reactor Operations MIT Nuclear Reactor Laboratory Phase 0 Review of MITR Approach to a Digital I&C Upgrade March 6 6, 2014 | ||
Discussion Topics Existing MITR Nuclear Instrumentation & Control Upgrade to Digital Nuclear Safety System Fission Chambers & Pre-Amplifiers Description of DWK 250 Channel Description of Scram Logic Circuit Security & Cyber Vulnerability Evaluation License Amendment Request - Documents & Schedule Questions & Comments Phase 0 Review Meeting 2 | |||
Existing MITR Nuclear I&C Ten channels - Channels #1 through #9 plus Channel #N-16 | |||
#N 16 Channels #1 through #6 are the six fully analog nuclear safety channels to be upgraded pg to digital g | |||
Ch. #1 through #3 for short reactor period scram Ch Ch. #4 through th h #6 for f | |||
high neutron flux level scram Ch. #1 & #2 operate on fission chambers h b ffor source range and d are switched to ion chambers for power range Ch. | |||
Ch #3 operates on ion chamber that comes on scale starting ~0.5 0 5 kW Phase 0 Review Meeting 3 | |||
Operational Specifications for Nuclear Safety System Ch. #1 - 6 Two out of three period and flux level channels must be operable whenever the reactor is critical Short period trip at 10 seconds High neutron flux level trip at 6.5 MW (80 kW without primary flow) | |||
Time from initiation of scram signal to 80% control rod insertion is < 1 second. | |||
Channel tests quarterly, before each startup, and after repair or de-energizing Quarterly channel calibration on startup checklists (annual per Tech Spec) | |||
Phase 0 Review Meeting 4 | |||
& | Instrument Transition from Source Range to High Power Range Prior to startup, Ch. #1 & 2 are on scale with their fission chambers; Ch. #3 is not on scale | ||
~0.5 kW Ch. #3 comes on scale; switch Ch. #1 to ion chamber When Ch. #1 on ion chamber comes back on scale, switch Ch. #2 to ion chamber By 2 kW, Ch. #2 on ion chamber comes back on scale, so all three are now on scale on ion chambers Throughout the startup, Ch. #4 through Ch. #6 are on scale with their ion chambers; perceptible readings appear ~500 kW Phase 0 Review Meeting 5 | |||
range | Proposed Upgrades for the Nuclear Safety System R l Replace Ch Channelsl #1 - 6 Wide-range operation so there will be no detector switching Field proven with reliable application in nuclear reactors Field-proven Four channels; each can provide scrams on short reactor period and high neutron flux level (same set points and scram time as previous) | ||
Two out of four channels are required to be operable whenever the reactor is critical Channel test/calibration possible with the reactor operating Original Tech Spec will be mostly unchanged Phase 0 Review Meeting 6 | |||
Proposed Upgrades for the Nuclear Safety System Phase 0 Review Meeting 7 | |||
the | Proposed Upgrade to the Nuclear Safety System - Logic Detail Phase 0 Review Meeting 8 | ||
from | Fission Chambers and Pre-Amplifiers All four fission chambers are of identical design and build, from Mirion US Each detector is 1010.7 7 long and 2.6 diameter, with a triaxial integral quartz cable 7 feet long Each chamber feeds a pre-amplifier (Mirion TKV 23), | ||
which passes the amplified fission chamber signal to the DWK 250 for processing Pre-amp has a built-in pulse signal and AC signal test generator Phase 0 Review Meeting 9 | |||
Fission Chamber Detector Placement Phase 0 Review Meeting 10 | |||
DWK 250 Analog & Digital Signal Paths (Image removed for proprietary protection.) | |||
Phase 0 Review Meeting 11 | |||
One of Four New Mirion DWK 250 Channels for MITR Each channel provides short reactor period scram | |||
& high reactor power scram Each channel utilizes one fission chamber for wide-range power operation Reactor power and period calibration and scram checks can be done with the reactor operating Test signal travels along the detector signal path starting from the fission chamber pre-amplifier Phase 0 Review Meeting 12 | |||
One of Four New Mirion DWK 250 Channels for MITR Each DWK 250 monitor incorporates three different microprocessor modules for signal processing Each microprocessor executes its function as set by the firmware permanently programmed into its non-volatile memory EPROMs Execution of firmware is confirmed by continual checksum comparison Microprocessors and firmware have field-proven reliable for | |||
>25 years in European nuclear industry Phase 0 Review Meeting 13 | |||
One of Four New Mirion DWK 250 Channels for MITR The microprocessors p | |||
handle pulse signals and also perform Campbelling, allowing wide-range indication Trip set-points do not drift g and Detector voltage internal operating voltages monitored for compliance with adjustable tolerances Continuous Op-code handshaking between the DWKs microprocessors as an active check of functionality Phase 0 Review Meeting 14 | |||
One of Four New Mirion DWK 250 Channels for MITR EiEight ht binary bi ((relay) l ) outputs t t | |||
- DWK uses two for internal fault indication; MITR uses two for scram circuit Two analog outputs One serial communication output (RS232 port) | |||
MITR will use these for display and recording Phase 0 Review Meeting 15 | |||
DWK 250 Functional Diagram (Image removed for proprietary protection.) | |||
Phase 0 Review Meeting 16 | |||
eslau@mit.edu | DWK 250 Quality Standards DWK 250s, their firmware, and their TKV 23 pre-amps were designed and manufactured in Germany Qualified by TUV per German nuclear regulatory KTA guidelines 3501, 3505, 3507, and 1401, for type approval tests of safety-related I&C systems in accordance with Category A of IEC 61226 Category A is equivalent to IEEE 323 Classification 1E equipment for nuclear power stations, stations and to IEEE 344 Classification 1E equipment with regards to seismic qualification Phase 0 Review Meeting 17 | ||
MITR Protection System Logic Circuit Two-out-of-four coincidence logic used in this design A single scram output from a DWK 250 will not result in an immediate reactor scram unless a second unit has tripped or faulted. | |||
Total of 29 inputs to the Scram Logic System Scram Logic System has two identical logic circuits in Card 1 and Card 2 Coincidence logic is applied in the cards to produce a reactor scram Phase 0 Review Meeting 18 | |||
Logic Circuit - concept detail Any combination of trips or fault conditions on two DWK 250s will result in a reactor scram 19 | |||
Logic Circuit - development B Boolean l logic l i didiagram ffor two-out-of-four coincidence Verified by computer-based logic gate simulator FPGA device for logic test 29 inputs to logic circuits Testing board created Generation of CAD layout for prototype printed circuit board Phase 0 Review Meeting 20 | |||
Boolean Diagram - Output of Logic Gate Simulator Phase 0 Review Meeting 21 | |||
Logic Diagram - Output from Quartus II Phase 0 Review Meeting 22 | |||
Security & Cyber Vulnerability Evaluation Firmware on the three microprocessors for each DWK 250 cannot be altered Firmware and its downloading are safeguarded at Mirion Germany Adjustable parameters (alarm set points, discriminator threshold, etc.) can be changed from the front keypad only when a key switch is enabled; otherwise the terminal block at the back must be used, as the front RS232 connector will be physically removed once testing phase is complete Final position of DWK 250s will be in the control room, which is continuously monitored or safeguarded System will not be connected to any network Phase 0 Review Meeting 23 | |||
License Amendment Request Final logic circuit design & testing plan SAR Revision Amendment to Technical Specifications Projected Schedule Phase 0 Review Meeting 24 | |||
Concluding Material Questions & Comments Contact Info: | |||
Edward S. Lau MIT Nuclear N l R Reactor t Laboratory L b t 138 Albany Street, NW12-122 Cambridge, MA 02139 617-253-4211 eslau@mit.edu Phase 0 Review Meeting 25}} | |||
Latest revision as of 07:45, 4 November 2019
| ML14078A636 | |
| Person / Time | |
|---|---|
| Site: | MIT Nuclear Research Reactor |
| Issue date: | 03/06/2014 |
| From: | Lau E Massachusetts Institute of Technology (MIT) |
| To: | Office of Nuclear Reactor Regulation |
| Hardesty D | |
| Shared Package | |
| ML14078A659 | List: |
| References | |
| TAC MF3106 | |
| Download: ML14078A636 (25) | |
Text
MIT Research Reactor Edward S. Lau Assistant Director of Reactor Operations MIT Nuclear Reactor Laboratory Phase 0 Review of MITR Approach to a Digital I&C Upgrade March 6 6, 2014
Discussion Topics Existing MITR Nuclear Instrumentation & Control Upgrade to Digital Nuclear Safety System Fission Chambers & Pre-Amplifiers Description of DWK 250 Channel Description of Scram Logic Circuit Security & Cyber Vulnerability Evaluation License Amendment Request - Documents & Schedule Questions & Comments Phase 0 Review Meeting 2
Existing MITR Nuclear I&C Ten channels - Channels #1 through #9 plus Channel #N-16
- N 16 Channels #1 through #6 are the six fully analog nuclear safety channels to be upgraded pg to digital g
Ch. #1 through #3 for short reactor period scram Ch Ch. #4 through th h #6 for f
high neutron flux level scram Ch. #1 & #2 operate on fission chambers h b ffor source range and d are switched to ion chambers for power range Ch.
Ch #3 operates on ion chamber that comes on scale starting ~0.5 0 5 kW Phase 0 Review Meeting 3
Operational Specifications for Nuclear Safety System Ch. #1 - 6 Two out of three period and flux level channels must be operable whenever the reactor is critical Short period trip at 10 seconds High neutron flux level trip at 6.5 MW (80 kW without primary flow)
Time from initiation of scram signal to 80% control rod insertion is < 1 second.
Channel tests quarterly, before each startup, and after repair or de-energizing Quarterly channel calibration on startup checklists (annual per Tech Spec)
Phase 0 Review Meeting 4
Instrument Transition from Source Range to High Power Range Prior to startup, Ch. #1 & 2 are on scale with their fission chambers; Ch. #3 is not on scale
~0.5 kW Ch. #3 comes on scale; switch Ch. #1 to ion chamber When Ch. #1 on ion chamber comes back on scale, switch Ch. #2 to ion chamber By 2 kW, Ch. #2 on ion chamber comes back on scale, so all three are now on scale on ion chambers Throughout the startup, Ch. #4 through Ch. #6 are on scale with their ion chambers; perceptible readings appear ~500 kW Phase 0 Review Meeting 5
Proposed Upgrades for the Nuclear Safety System R l Replace Ch Channelsl #1 - 6 Wide-range operation so there will be no detector switching Field proven with reliable application in nuclear reactors Field-proven Four channels; each can provide scrams on short reactor period and high neutron flux level (same set points and scram time as previous)
Two out of four channels are required to be operable whenever the reactor is critical Channel test/calibration possible with the reactor operating Original Tech Spec will be mostly unchanged Phase 0 Review Meeting 6
Proposed Upgrades for the Nuclear Safety System Phase 0 Review Meeting 7
Proposed Upgrade to the Nuclear Safety System - Logic Detail Phase 0 Review Meeting 8
Fission Chambers and Pre-Amplifiers All four fission chambers are of identical design and build, from Mirion US Each detector is 1010.7 7 long and 2.6 diameter, with a triaxial integral quartz cable 7 feet long Each chamber feeds a pre-amplifier (Mirion TKV 23),
which passes the amplified fission chamber signal to the DWK 250 for processing Pre-amp has a built-in pulse signal and AC signal test generator Phase 0 Review Meeting 9
Fission Chamber Detector Placement Phase 0 Review Meeting 10
DWK 250 Analog & Digital Signal Paths (Image removed for proprietary protection.)
Phase 0 Review Meeting 11
One of Four New Mirion DWK 250 Channels for MITR Each channel provides short reactor period scram
& high reactor power scram Each channel utilizes one fission chamber for wide-range power operation Reactor power and period calibration and scram checks can be done with the reactor operating Test signal travels along the detector signal path starting from the fission chamber pre-amplifier Phase 0 Review Meeting 12
One of Four New Mirion DWK 250 Channels for MITR Each DWK 250 monitor incorporates three different microprocessor modules for signal processing Each microprocessor executes its function as set by the firmware permanently programmed into its non-volatile memory EPROMs Execution of firmware is confirmed by continual checksum comparison Microprocessors and firmware have field-proven reliable for
>25 years in European nuclear industry Phase 0 Review Meeting 13
One of Four New Mirion DWK 250 Channels for MITR The microprocessors p
handle pulse signals and also perform Campbelling, allowing wide-range indication Trip set-points do not drift g and Detector voltage internal operating voltages monitored for compliance with adjustable tolerances Continuous Op-code handshaking between the DWKs microprocessors as an active check of functionality Phase 0 Review Meeting 14
One of Four New Mirion DWK 250 Channels for MITR EiEight ht binary bi ((relay) l ) outputs t t
- DWK uses two for internal fault indication; MITR uses two for scram circuit Two analog outputs One serial communication output (RS232 port)
MITR will use these for display and recording Phase 0 Review Meeting 15
DWK 250 Functional Diagram (Image removed for proprietary protection.)
Phase 0 Review Meeting 16
DWK 250 Quality Standards DWK 250s, their firmware, and their TKV 23 pre-amps were designed and manufactured in Germany Qualified by TUV per German nuclear regulatory KTA guidelines 3501, 3505, 3507, and 1401, for type approval tests of safety-related I&C systems in accordance with Category A of IEC 61226 Category A is equivalent to IEEE 323 Classification 1E equipment for nuclear power stations, stations and to IEEE 344 Classification 1E equipment with regards to seismic qualification Phase 0 Review Meeting 17
MITR Protection System Logic Circuit Two-out-of-four coincidence logic used in this design A single scram output from a DWK 250 will not result in an immediate reactor scram unless a second unit has tripped or faulted.
Total of 29 inputs to the Scram Logic System Scram Logic System has two identical logic circuits in Card 1 and Card 2 Coincidence logic is applied in the cards to produce a reactor scram Phase 0 Review Meeting 18
Logic Circuit - concept detail Any combination of trips or fault conditions on two DWK 250s will result in a reactor scram 19
Logic Circuit - development B Boolean l logic l i didiagram ffor two-out-of-four coincidence Verified by computer-based logic gate simulator FPGA device for logic test 29 inputs to logic circuits Testing board created Generation of CAD layout for prototype printed circuit board Phase 0 Review Meeting 20
Boolean Diagram - Output of Logic Gate Simulator Phase 0 Review Meeting 21
Logic Diagram - Output from Quartus II Phase 0 Review Meeting 22
Security & Cyber Vulnerability Evaluation Firmware on the three microprocessors for each DWK 250 cannot be altered Firmware and its downloading are safeguarded at Mirion Germany Adjustable parameters (alarm set points, discriminator threshold, etc.) can be changed from the front keypad only when a key switch is enabled; otherwise the terminal block at the back must be used, as the front RS232 connector will be physically removed once testing phase is complete Final position of DWK 250s will be in the control room, which is continuously monitored or safeguarded System will not be connected to any network Phase 0 Review Meeting 23
License Amendment Request Final logic circuit design & testing plan SAR Revision Amendment to Technical Specifications Projected Schedule Phase 0 Review Meeting 24
Concluding Material Questions & Comments Contact Info:
Edward S. Lau MIT Nuclear N l R Reactor t Laboratory L b t 138 Albany Street, NW12-122 Cambridge, MA 02139 617-253-4211 eslau@mit.edu Phase 0 Review Meeting 25