EPRI Integrated Digital Systems Engineering Framework
EPRI Integrated Digital SystemsEngineering FrameworkOverview of the Modular Elements,Architecture, and Workforce DevelopmentMatt GibsonTechnical ExecutiveNuclear I&C ProgramNRC Public Meeting on NEI 20-07 April 7th, 2021www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.
Digital ConvergenceAll these instruments2www.epri.comAre now on ONE yellow wire 2021 Electric Power Research Institute, Inc. All rights reserved.
EPRI’s Digital Framework ElementsUtilize IndustryStandardsUse the same proven design and supply chain structures that nonnuclear safety related industries use (IEC-61508/61511). Thisleverages the economies-of-scale achieved in other industries.Use of SystemsEngineeringUse of a modern, high performance, single engineering processthat leverages systems engineering in the transition to teambased engineering for conception, design, and implementation.Risk InformedEngineeringMaking effective engineering decisions via hazards and riskanalysis to integrate all engineering topics (such as cyber securityand SCCF) into a single engineering process.Capable WorkforceEPRI’s high-quality engineering process uses the same modern methods and internationalstandards used in other safety related industries to reduce implementation costModern Methods to Support Nuclear Fleet Sustainability and Advanced Reactor Design3www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.
Policy Level vs. Implementation Level ActivitiesPolicy LevelRegulation and Company PolicyObjectiveCriteriaSCCFNEI 20-07ObjectiveCriteriaCyberStable:Rarely ChangesChanges Slowly:Based on PerformanceRapidly Evolves:Changes Often, Based on tation Level(DEG / HAZCADS / DRAM / TAM / IEC-61508) via Industry Standard ProceduresEPRI Products are Used at the Implementation Level (what you actually do)Objective Criteria provides the Interface between Policy and Implementation. Supports a safety case argument.4www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.
EPRI’s Integrated Digital Engineering Development History20135201620182020Hazard AnalysisMethods for DigitalInstrumentation andControl Systems3002000509Assuring Safety andDependability of DigitalInstrumentation andControl Systems3002005326HAZCADS: Hazards andConsequences Analysisfor Digital Systems R03002012755HAZCADS: Hazards andConsequences Analysisfor Digital Systems R130020166982Q2021HFRIM: Human FactorsRisk InformedMethodology Rev. 030020183924Q 2021Analysis of HazardModels for CyberSecurity, Phase I3002004995Cyber Hazards AnalysisRisk Methodology,Phase II: A RiskInformed Approach3002004997DRAM: DigitalReliability AnalysisMethodology Rev. 030020183912Q2021EMCAM: EMCAssessmentMethodology Rev. 0TBD2Q 2022Cyber SecurityProcurementMethodology, Rev. 13002001824Cyber Security TAM:VulnerabilityIdentification andMitigation R03002008023Cyber Security TAM R13002012752Cyber ProcurementGuide: R23002012753Digital Instrumentationand Control DesignGuide (DDG)3002002989Systems EngineeringProcess: Methods and Toolsfor Digital Instrumentationand Control Projects3002008018Digital EngineeringGuide: Decision MakingUsing SystemsEngineering (DEG)3002011816www.epri.com2022 PublicationPendingSafety Integrity Level(SIL) Efficacy for NuclearPower3002011817 2021 Electric Power Research Institute, Inc. All rights reserved.In Process
Integrated Digital Systems Engineering FrameworkUse of International Industrial StandardsArchitectureHazard Analysis (STPA/FTA) – SPV/CCFRequirements EngineeringProcurementHuman Factors Engineering (HFE)EPRI DigitalEngineeringGuide(DEG)Systems Engineering ISO/IEEE/IEC - 15288 /12207/15289Safety reliability and risk framework IEC-61508/61511Cyber SecurityData CommunicationsPlant IntegrationTestingConfiguration ManagementSystemsEngineeringBasedRiskInformedUS Industry StandardEngineeringProcess(NISP-EN-04)Life Cycle Management6www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.Optimized DigitalEngineeringOrganization
US DEG ImplementationIP-ENG-001 (Standard Design Process)- MainProcedure NISP-EN-04 is the Digital Specific Addendumto the SDP under the same mandatoryEfficiency Bulletin (EB 17-06) 7ProcedureIP-ENG-001(February2017)Same process phases as IP-ENG-001, tailored withDEG-specific supplemental information for digitalimplementations. Including Cyber Security.Provides the user with “what to do”Process PhaseAttachmentsNISP-EN-04(Spring 2018)DEG provides detailed guidance using a modern engineering processwith digital design considerations, information item guidance, anddivision of responsibility methods to improve “skill of the craft,”Provides the user with “How to Do”Digital Training/Tech Transfer completes the frameworkwww.epri.comDetailedConsiderations 2021 Electric Power Research Institute, Inc. All rights reserved.DEG(Fall 2018)GuidancePrimaryMethods
Digital Engineering Guide(DEG) Training For PractitionersProduct ID: 3002015792 4-day course available on EPRI/U for Classroom and Distance Learning (DL) Delivery Developed to support Technology Transfer of Digital Engineering Guide: Decision Making using SystemsEngineering, 3002011816 Supports Industry initiative to implement the DEG in US in 2021:– The DEG is a new and transformative engineering method– Training requires both SME and effective instructor skills– DL supports low cost/high volume delivery– Immersive, classroom-like DL environment achieved– Delivery capped at 12 sessions this year, all DL– 300 students trained in 2020 from 11 utilities, 3 EOC’s, INPOFour Open Enrolment Courses available in 2021, plus Custom Sessions– Max Class Size is 24: Contact EPRI-U for course pricing and delivery option–*Bounding Technical RequirementsPart of an Integrated Digital Training Portfolio Supporting Workforce Development8www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.
Risk Informed Digital Systems EngineeringIntegrated Processes9www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.
The EPRI Digital Systems Engineering FrameworkDEGChapter1 3HAZCADSDRAMRisk-InformedDigital HazardsIdentificationand Prioritization STPA/FTAintegrationDigital ReliabilityAnalysis MethodCausal Factors Systematic Random EnvironmentalTAMCyber SecurityTechnicalAssessmentMethodology Design PhaseIn-SituSupply ChainHFRIMHuman FactorsRisk-InformedMethodology Chapter 4- Systems Engineering10www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.HFE/HRAEMCAMRisk-InformedEMC Methods
DEG Graded Approach Section 1 thru 3 The DEG is Activity Based- Activities are applicable as a function of technology configurability (first) and thepotential consequence of error (second, for some activities) If Applicable, then:– Risks Drives level of Activity Rigor and Documentation– Rigor is defined as assurance methods that reduce the likelihood of error– Some activities may be completed without documentation 11Step 1: Configurability Screen–Low (A Few Settings)–Medium (Wide Range of Settable Parameters)–High (Custom Application Software) Step 2: Consequence Screen–Low: Does not meet High Consequence Criteria–High: Meets Risk and Impact thresholds for High Consequenceswww.epri.comStep 3: DEG Activity Applicability–Activity Not Applicable – Technology/Function does not exist–Activity Conditional – See each DEG Section Guidance–Activity Required 2021 Electric Power Research Institute, Inc. All rights reserved.
Systems Engineering Based Phase Based using Perform/Confirm methodIterates through the SE process for each phase in anon-linear fashionIncludes links to the topical chapters and subprocessesIteratively converges on the final synthesized .comDivision of Responsibility (DOR)Requirements DevelopmentHazard Analysis (including CCF) and MitigationsArchitecture Development including Relationship SetsFunctional Allocation ( including Human/System Allocation)Verification and Validation (V&V)TestingTransition to the O&M Phase 2021 Electric Power Research Institute, Inc. All rights reserved.
Roles13www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.
Reliability LayersReliability, especially software reliability,including CCF, should be segmented byplatform, integration, and application.Then Considered SeparatelyLess MatureApplicationsFunctional ReliabilityBaselineIntegrationPlatformMore MatureProduction Data and OE Quantity and Quality Dive Maturity and Reliability using IEC-61508/SIL14www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.
Safety Integrity Level (SIL) efficacy for Nuclear Power EPRI research on field failure data from SIL certified logic solvers revealed no platformlevel Software Common Cause Failures (SCCF) after over 2 billion combined hours ofoperation for IEC-61508 SIL certified PLC’s (3002011817)Indicates that using existing SIL certifications, at the platform level, has a high efficacy foruse as surrogates for some existing design and review processes.Being Leveraged in MP#3 for NEI 17-06 in USCorrelates well with EPRI review of global OE (Korea,France, China, etc.) that indicates:––15Safety related software is no more problematic thanother SCCF contributors when subjected to deliberatesafety processes.There have been no events where diverse platformswould have been effective in protecting against SCCFwww.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.Digital ReliabilityLayers
HAZCADS: Hazards and Consequences Analysis for Digital Systems R1-3002016698 16Advances the use of hazards analysis to identifysystem and plant level digital I&C design andimplementation issues, including cyber, CCF and SPV.Executed throughout the design and implementationlifecycle.Uses System Theoretic Process Analysis(STPA) and FTA.Integrates qualitative hazards and random failureswith Fault Tree Analysis based sensitivity analysis.Achieves a credible risk informed I&C infrastructure compatible with existing processes.Dramatically improves hazard detection, resolution, and overall system reliability.Validated through blind studies and usability workshops.Used with causal factor analysis methods for a complete reliability assessment andresolution methodology.www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.
DEG/HAZCADS/Downstream Process ssesControlMethodAllocations 17HAZCADS diagnoses hazards in the I&Cdesign-in-progress for inherent risks anddetermines Risk Reduction Targets (RRT)to be achieved via technical and/oradministrative control methodsDownstream assessment processesguide users in the allocation of controlmethods sufficient for achieving the RRTwww.epri.comDownstream Assessment ProcessReport No.Cyber Security Technical AssessmentMethodology (TAM)3002012752Digital Reliability AssessmentMethodology (DRAM)3002018387Electromagnetic CompatibilityAssessment Methodology (EMCAM)TBD (2022)Human Factors Risk InformedMethodology (HFRIM)3002018392 2021 Electric Power Research Institute, Inc. All rights reserved.
Workflow- Conceptual PhaseIdentifies Hardware and Software FailureModes and Mechanisms associated withHazardsDiagnostic Process to IdentifyDigital Hazards & Risk SensitivitiesDRAMHAZCADSControl Measures and RevisedRequirementsList of Hazards andRisk Sensitivity (RRT)Conceptual DesignTAM/HFRIM/EMCAMDEG Hazards and Reliability Activities – Concept Phase18www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.On to Detailed Design Phase
Digital Reliability Assessment Methodology (DRAM) Revision 0 Identifies Causal Factors for identifiedHazards- Synthesized from IEC-61508Optional Identifies the most effective ControlMeasures to Prevent, Detect, and Respondto the Identified Hazards Results in specific pRRCM DRAM will replace EPRI 3002005326* in2021 Being leveraged for NEI-20-07 for SCCF*Methods for Assuring Safety and Dependability when Applying Digital Instrumentation and Control Systems, June 201619www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.
EPRI Cyber Security Technical Assessment Method (TAM)TAM Early AdoptersVogtle 3&4 Barakah (UAE) NuScale Exelon OSISoft Fisher Valves (Emerson) SELSignificant Generation Sector Penetration Revision 1 published Nov 2018– Compatible with most existing standardsand regulations including IEC 62443– Integrated with Supply Chain– Designed to integrate into the overallengineering and design processes,including the DEG.– Leads the transition to sustainableengineering-based cyber assessment andmitigation methodologies.– Standardizes the assessmentmethodology and documentation20www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.
EMC Assessment Methodology-EMCAMEMCAM Step 1- Identify Identify EMC Failure Error Type Identify EMC Failure Error MechanismsEMCAM Step 2- Assess Assess and Analyze Identify EMC Hardening Identify Control MethodsResidualEMCVulnerabilities Identifies EMC Causal Factors foridentified Hazards Identifies the most effective ControlMeasures to Prevent, Detect, andResponse(CEP) to the Identified Hazardsand Risk Reduction Target(RRT) (Resultsin specific requirements. EMCAM will implement a graded and riskinformed approach to EMC Engineering Graded approach via adjustedsusceptibility and radiated emissionslimits plus proportional rofile ABy-dby-dbProfile BCz-dbz-dbProfile CDN/AN/AProfile D 2021 Electric Power Research Institute, Inc. All rights reserved.EMCAM Step 3- MitigateMitigate EMC Failure Modes Operator Manual Actions Shared Controls Relationship Sets
Integrated Use Cases (Common to DRAM, TAM, HFRIM, EMCAM)Downstream Processes have been designed to be flexible and utilized in multiple use cases:1 Integrated into the overall digital engineering modification process.–2 3 As digital systems, assets, and services are being considered and designed to be utilized in a criticalinfrastructure facility, provides detailed analytical information needed to assist the engineer withmaking well informed decisions for mitigating cyber hazards.Use throughout the supply chain.–The modularity of the Framework and its documentation artifacts, allow it to be easily integratedthroughout the supply chain, clarifying the division of responsibilities between the buyer andsupplier and reducing a variety of digital hazards, including cyber.In-Situ Diagnostic or Baseline assessments for assets, systems, and services alreadyinstalled. Can be used for root cause evaluations and other diagnostic purposes.All three use cases take advantage of the Framework’s modularity and efficiency.22www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.
Questions ?23www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.
Together Shaping the Future of Electricity24www.epri.com 2021 Electric Power Research Institute, Inc. All rights reserved.
that leverages systems engineering in the transition to team-based engineering for conception, design, and implementation. Use of Systems Engineering. Making effective engineering decisions via hazards and risk analysis to integrate all engineering topics (such as cyber security and SCCF) into a single engineering process. Risk Informed Engineering
EPRI and the Lamellibrancid Worm Jesse H. Ausubel EPRI Board of Directors Meeting, Dallas TX 19 November 2009 My title this morning is EPRI and the Lamellibrancid Worm, a title that I am sure electric power executives realize leads to the subject of natural gas. I think
Electric Power Research Institute (EPRI) 3420 Hillview Avenue Palo Alto, CA 94303 EPRI Project Manager R. P. Kassawara Division of Risk Analysis and Applications Office of Nuclear Regulatory Research (RES) U.S. Nuclear Regulatory Commission Two White Flint North, 11545 Rockville Pike Rockville, MD 20852-2738 U.S. NRC-RES Project Manager J. S .
Materials Science and Engineering, Mechanical Engineering, Production Engineering, Chemical Engineering, Textile Engineering, Nuclear Engineering, Electrical Engineering, Civil Engineering, other related Engineering discipline Energy Resources Engineering (ERE) The students’ academic background should be: Mechanical Power Engineering, Energy .
EPRI develops software using a number of third party software products and tools that run on various operating systems and server platforms. Reports from the software industry suggest there are known security issues with some products and systems. EPRI recommends that, if using
Thermal Engineering / GEA Power Cooling, Inc. Conclusions. EPRI – Advanced Cooling Technologies. 1. If there is no water available for the power plant cooling system, than an ACC is the way to go (high investment perf. @ hot ambient). 3. If there is some water available,
Electric Power Research Institute 3420 Hilview Avenue Palo Alto, CA 94303 ELECTRIC POWER RESEARCH INSTITUTE. . 2007, and Electric Power Research Institute (EPRI), Palo Alto, CA, NUREG- 1824 and EPRI 10 11999. iii. ABSTRACT There is a movement to introduce risk-informed and performance-based analyses into fire protection engineering .
Digital inclusion is defined in various ways and is often used interchangeably with terms such as digital skills, digital participation, digital competence, digital capability, digital engagement and digital literacy (Gann, 2019a). In their guide to digital inclusion for health and social care, NHS Digital (2019) describe digital
Artificial intelligence, or the idea that computer systems can perform functions typically associated with the human mind, has gone from futuristic speculation to present-day reality. When the AlphaGo computer program defeated Lee Sedol, a nine-dan professional master, at the game of Go in 2016, it signaled to the world that it is indeed possible for machines to think a bit like humans—and .
