Advanced search
Publication Cover
Journal of Nuclear Science and Technology Latest Articles
Submit an article Journal homepage
0
Views
0
CrossRef citations to date
0
Altmetric
Research Article

Automating execution of surveillance procedures for NPP main control rooms

Alexandru Popa Nawah Integrated Management System, Nawah Energy Company, Abu Dhabi, UAECorrespondence[email protected]
,
Mark Allen Rogersb Procedures and Records Management, Nawah Energy Company, Abu Dhabi, UAE;c Colorado State University, Fort Collins, USA
&
Javier Barroso Martínd Digital Optimization Solutions, Westinghouse Electric Spain SAU, Madrid, Spain
Received 16 May 2024, Accepted 28 Jun 2024, Published online: 09 Aug 2024

ABSTRACT

For the past 30 years, progress in the automation of control processes in the nuclear industry has been much slower compared to other industries. In the same timeframe, other complex industrial and/or high-risk processes (e.g., aviation) have been revolutionized by the exponential increase of technology capability in computing and information systems. The reason for the relatively slow trickling of technology advancements in the nuclear field is multi-faceted: i) resistance to change from a traditionally proven solution (partially due to very specific regulation requirements); ii) the cost to adopt Computerized Procedure Systems for existing NPPs, without having a quantified and proven safety benefit; iii) relatively low number of new NPPs being built following the Chernobyl and Fukushima disasters; iv) possible negative impact on the human factors aspect. After a short introduction to automation in another high-risk industry (aviation), this paper focuses on the practical approach required for automating Surveillance Procedures, and at the same time taking into consideration the human factors impact of this approach.

1. Industrial automation

Automation describes technologies that reduce or eliminate human intervention. Initially used for the execution of simple repetitive labour, it has become one of the fundamental aspects of our society. It refers to the use of technology, machinery, or systems for the consistent and efficient execution of tasks and processes [Citation1].

Automation has been around for centuries, but as technology advances, automation has changed dramatically. Today’s machines can do things that people could not do just five years ago. With the advent of machine learning, machines today can learn from their experiences and mistakes and adapt to make decisions based on what they are learning [Citation2]. These advancements in automation will change the way people interact with computers in the future.

Automation is encountered everywhere, from spellcheck to cruise control, it has assisted us in performing the menial tasks of life, allowing us to focus on more important things [Citation3]. The purpose of automated systems is to perform functions cheaply, more efficiently, more reliably, and more accurately than human operators. Although financial measures have been a main driving force in the development and increase of automation in recent years, it could be argued that an automated system is a more economic as well as a safer system [Citation4].

1.1. Advantages of automation

Automation is a part of society today and it has become a common practice in many different industries due to the many advantages that it brings, for example [Citation1]:

  • Improved safety – automated systems often remove workers from the workplace, thus safeguarding them against the hazards of a factory environment. It can also help to improve safety by limiting human error, reducing costs, and making the production process more efficient. Automation reduces the potential for human error, this is especially important in industries where there is a high risk of injury, such as agriculture and mining.

  • Increased productivity – automation has been a huge factor in the workforce and is continuing to grow. With this increase in productivity, companies are able to focus on more important tasks such as innovation while still completing projects on time. Automation is a major part of the manufacturing industry, allowing for larger production rates with fewer costs and resources [Citation5].

  • More efficient use of materials – new technology is impacting how products are made. Automation allows for more efficient use of materials and increased yields, thus lowering production costs and greater return on investment.

  • Better product quality – especially in recent years, automation has been adopted more often in the marketing industry because it enables companies to produce their products faster, cheaper and with higher quality. Automated systems typically perform the manufacturing process with less variability than human workers, resulting in greater control and consistency of product quality. Higher-quality products also lead to improved consumer satisfaction.

  • Reduced number of workers – by using automation in place of humans, companies can reduce the number of employees needed to function at maximum capacity. This provides more time for employees to focus on other tasks such as management, training, or development.

  • Reduced factory lead times – automation reduces the start-to-finish factory lead times by 60% or more. This not only benefits the manufacturing output of a factory but also the quality and efficiency of a product.

  • Increased consistency – automation is designed to execute tasks or processes with a high degree of consistency, having standardized, predictable results.

  • Situational awareness – as automation can collect, process, and present large amounts of data quickly and accurately, a human operator can more quickly perceive and understand what is happening. With a high level of redundancy and consistency, automation can alert and notify operators while at the same time providing decision support tools to assist in enhancing understanding and making informed decisions [Citation6].

1.2. Disadvantages of automation

Despite the many benefits that automation provides there are some potential disadvantages of automation, for example [Citation1]:

  • Worker displacement – one of the most significant disadvantages of automation is the displacement of human labour. This is because a computerized/automated task can be executed faster and with greater accuracy than can be achieved by a human, which can result in fewer jobs for humans (for the specific activity/task).

  • Large capital expenditure – automation has been a staple of industry for many decades. However, for a successful implementation, there is the need for large capital expenditure to implement, maintain, and service the automated systems. These systems are more susceptible to cyber-attacks than manual systems would be, which can leave companies vulnerable if their infrastructure is not properly protected.

  • Can become redundant – automation is a convenient solution to many problems. However, as automated systems usually have a lower degree of flexibility, this convenience can become redundant in situations where change is introduced that requires the automation to be modified. These types of changes will only serve to increase the workload of the company and might cost precious time and resources.

  • Could introduce new safety hazards – automation could introduce new safety hazards when operating conditions change unexpectedly. Automated systems are not capable of reacting to unexpected or unclear inputs and therefore may produce undesired effects.

  • Skill Decay – automation can cause a loss of human skills, as if the task is performed automatically, over time there would be a deterioration of system understanding and in knowing how to manually perform the task in case the automation fails.

  • Situational awareness – overreliance on automation can lead to complacency among operators [Citation6].

2. Automation in high-risk industries

In the aviation industry, for example, there has been a gradual approach towards implementing automation. Early approaches to automation in the aviation industry were based on functional allocation, or more specifically, who would be better suited to perform the task, a human, or a machine [Citation7,Citation8]. Humans are better at perceiving patterns, using flexible and improvised procedures, inductive reasoning and exercising of judgement, and decision-making. Machines are better at performing repetitive tasks, responding quickly, multi-tasking, and performing complex calculations.

There were several gradual implementations of automation (). Similar to the four stages of automation in the industrial revolution, four stages of evolution exist in the commercial aviation industry as well, each with increasing levels of automation [Citation9–11]:

  1. In the beginnings of commercial aviation, there were hardly any instrumental aids to help pilots fly. The first stage of automation corresponds to having physical mechanisms replaced with electric/electronic devices.

  2. In the second stage, the automation supported operators (pilots) in making informed decisions, by providing them with aggregated, visualized, and easily understandable information. Enabling a higher number of aircraft to operate in a safe environment, under all weather conditions.

  3. The third stage involved the incorporation of a massive number of electronics in the cockpit, assistance systems, safety nets, and automatic flying in pre-defined situations (in air autopilot and even automatic landing are already fully used by numerous aircraft). Operations on board and outside of the aircraft shifted from tactical to strategic, and assistance systems and safety nets became crucial elements to increase the level of safety in commercial aviation. The amount of information available in the system raised exponentially while becoming no longer immediately accessible and visible to the operator, who was forced to evolve their role from an active role (flying or controlling tasks) towards a monitoring role.

  4. The implementation of the fourth stage of automation has already begun to increase safety levels in aviation. Automations that are currently under implementation include:

    • Cockpit safety cognitive computing aid systems. Developing the capability of computational systems that emulate the behaviour of the human brain such as: finding optimal solutions and process situations never experienced before; organizing data and information to find patterns; and assisting operators in making enhanced sensitive choices by learning from experience, retaining prior questions and contexts, integrating and combining new data with previous past knowledge and experiences to ultimately make sense of such a mixture (an AI-powered analysis model).

    • Real-time Human Performance Monitoring, which is based on non-intrusive physiological sensors/signals and contextual information. Real-time integration of non-intrusive physiological sensors and signals combined with contextual information offers great potential to tackle problems related to human factors, one of the cornerstones of aviation safety. This technology could, for example, help to:

      • Detect and alert of reduced human performance situations (fatigue, stress, etc.).

      • Develop better and more reliable human performance adaptive automation.

      • Improve skills and rate of learning based upon neuro assessment of learning processes in aviation.

  • ATTOL (Autonomous Taxiing, Take-Off, and Landing) – Fully demonstrated in 2020, after two years of flight testing, a plane flew autonomously from start to finish (from gate-departure to parking at the arrival gate). The project culminated with a fully automatic, vision-based flight of an A350-1000 widebody airliner. The flight was achieved using on-board image recognition and autonomous technologies, including the use of machine learning algorithms and automated tools for data labelling, processing, and model generation. ATTOL could help pilots focus more on strategic decision-making and mission management during flights, rather than on aircraft operations. The Airbus ATTOL programme included 500 flight tests in its mission to create safer commercial aircraft [Citation12].

Figure 1. The four stages of industrial revolution [Citation9,Citation10].

Figure 1. The four stages of industrial revolution [Citation9,Citation10].

Controversially, adopting higher levels of automation did not correspond to a deliberate attempt of improving aviation safety in a steady way, but rather to a continuous adaptation to the challenges imposed by its environment following a trial-and-response approach [Citation10]. As increasingly complex automation systems have been introduced and perfected, the rate of incidents () and the rate of aviation deaths () have been on a clear downward trend in the past 50 years [Citation13]. In modern day cockpits, automation plays a pivotal role in maximizing safety, efficiency, and sustainability for both the environment and operating costs of airlines. These clear downward trends are even more noteworthy considering the significant increase in flights over the same period (). In today’s congested airspace, automated flight decks and modern-day ground systems work in unison to improve both efficiency and safety in the air, especially considering the navigation aspect [Citation16,Citation17].

Figure 2. Number of aircraft related incidents [Citation13].

Figure 2. Number of aircraft related incidents [Citation13].

Figure 3. Number of aviation deaths [Citation13].

Figure 3. Number of aviation deaths [Citation13].

Figure 4. Global annual trend for number of flights and number of passengers [Citation14,Citation15].

Figure 4. Global annual trend for number of flights and number of passengers [Citation14,Citation15].

It has been proven a long time ago that under normal operating conditions automation improves human performance; however, in the event of an automation failure, performance decrease is irrespective to man or machine capabilities. It is also widely accepted by pilots that automation increases situational awareness (SA) by significantly reducing workload [Citation16,Citation18]. However, failure by the pilot to maintain SA of what the automation is doing, including mode awareness, can result in out-of-the-loop syndrome [Citation19]. This occurs when the automation acts independently of the pilot and without his awareness. The syndrome is magnified when the automation fails, and the operator does not detect the problem. Addressing this issue at the design stage is critical to prevent possible negative outcomes [Citation16,Citation18].

3. Nuclear power plant automation

The Nuclear Industry is very conservative when it comes to making changes. It can be said that the nuclear regulatory bodies are slow to allow the industry to move away from the proven concepts that already work. Because of this, relatively few changes have occurred since 1992 in the Nuclear Industry, as it is extremely regulated and proceduralized, leaving little to no decision-making to people [Citation3,Citation20,Citation21].

The Safety Systems in a nuclear power plant are autonomous, not requiring human interaction. For example, when certain conditions are detected, the reactor is automatically tripped. Many NPP Systems are automated – following an initial human supplied input, the system will execute the step in an entirely automated manner, to ensure quality. This type of automation is considered as supervisory control. In regular, normal, or expected situations, procedures exist to keep the human execution in the rule-based performance mode. Due to the non-linear complexity of Nuclear Power Plant systems, procedures cannot be planned for every context in which they may occur. In abnormal/emergency situations that are not proceduralized, instead of the rule-based decision system, execution is defaulted to the operator knowledge-based level, which is known to increase human error probability.

Automation has led to cost savings and increased comfort, safety, quality control, efficiency, and scale of work within the NPP industry. On the other hand, this can also lead to skill loss, less human involvement, rigidity, a lack of human trust in the system, added initial cost, and accidents due to loss of situational awareness [Citation3].

It is also important to consider that we generally consider automation in relation to machines or technology. While this is indeed a case of automation to be reviewed, we must also consider the automation of the human, which is being performed using procedures and rules. Procedures, as opposed to guidelines, restrict the human operator to performing certain predetermined tasks or actions in an exact specified way. When they are not allowed to deviate from the procedures at hand, we have essentially taken the responsibility for response off of the operator and placed it on the procedures.

When a specific procedure is not yet written for the context that the operator may be facing, the thought is that rules and procedures reduce risk by placing restrictions on people’s behaviours, which in turn prevents them from making mistakes. When people are not properly trained to respond to new events, or they do not do so regularly, they will not be able to perform correctly under pressure. Due to the non-linear complexity of a nuclear system, procedures cannot be planned for every context that may occur. Too many procedures, and too many rules, can lead to catastrophe just as much as too few. This is the challenge in creating automation without human interaction. Therefore, it can be said that in regular situations, procedures are used to operate the plant. However, in abnormal/emergency situations that are not proceduralized, plant control automatically defaults to the operator knowledge-based level and execution. To achieve desired knowledge-based behaviour, agents (such as machines or people) must reduce uncertainty, plan on being flexible, and have control while being held accountable. Reducing uncertainty requires understanding the complexity fully, and thus the interactions of the system. All this while still operating within the proper context of the operation.

It is a difficult balance to determine what technical functionality should be automated, and what needs to be primarily controlled by people. The benefit of people is the logical processing capability and adaptability to situations which cannot occur within the programming of a computer. If an automation is programmed to respond to blue or red, it does not know how to respond to purple. However, if a strong procedure-based organization is in place without the proper training of everyone, they may not know how to respond to purple either.

3.1. Effects of automation in case of NPP accidents

Though significant time and effort goes into creating procedures, software, and methodologies, they do not always work as expected. It is impossible to fully remove uncertainty from a system, and without the flexibility to handle uncertainty, accidents can happen. When people are not properly trained to respond to new events, or when they are not used to doing so regularly, they will likely not be able to do so successfully under pressure. As in any high-risk industry, it is a delicate balance to determine which technical functionalities should be automated, and what needs to be primarily controlled by people – too much automation would cause the operators to lose their skill, too little, and the workloads placed on the operator would be extremely difficult to manage. To offer some examples where a better use of automation may have prevented nuclear accidents [Citation3]:

  • Three Mile Island accident – The operators did not fully understand the automation, and this led to the first commercial nuclear accident in the United States. ‘The plant designers had thought of absolutely everything except what would happen if the operators intervened.’ A misunderstanding of a control room light caused the event. ‘If the operators had not intervened in that accident at Three Mile Island and shut off the pumps, the plant would have saved itself.,’ ‘The operators thought they were saving the plant by cutting off the emergency water when, in fact, they had just sealed its fate’ [Citation22].

  • Chernobyl – An example of distrusting automation, the root cause of the accident can be traced back to operational engineers, and operators who did not have a good understanding of the physics of nuclear power (Rhodes, R. (1993). Nuclear Renewal: Common Sense About Energy. New York City: Viking Press), and a management chain that did not fully believe in the automation of the systems. To perform testing to see if they could draw emergency power out of a powered down turbine, they had to terminate the emergency core cooling pumps, the local automatic control system, and the emergency power reduction system. They did this without the proper approval of regulators or design engineers. Many causes of Chernobyl have been debated, from operator error to flawed reactor design, but in the end, it is a mixture of flawed technology, organizational and regulatory structures, and human factors. The organizational structure in place had allowed the operators and engineers to become complacent about safety through the lack of proper training and insufficient knowledge of the hardware, physics, and procedures involved with the plant. The management who ordered the test did not fully understand why the safety systems were in place, and thus decided without the proper approvals that it was acceptable to remove them from the equation to achieve faster test results. They had a perceived illusion of invincibility and did not fully understand the risks involved. This raises the question, should operators be able to turn off the safety systems? Should this flexibility be allowed? Automation as simple as cruise control has led to car accidents, yet some automation, such as the automatic airbags of a vehicle, has saved lives. This is part of balancing automation.

  • Fukushima Daichi – not all safety shutdown systems (such as the cooling system, control rod operators, pressure controls, or the spent fuel rod pond water level controls) were automated, and operators did not have trust in the reliability of the systems that were present [Citation23,Citation24]. Had these systems been passive and fully automated, the outcome would have been significantly different than the catastrophe that happened in Japan. The automation in this situation was insufficient for the events that occurred.

In two of the above instances, Three Mile Island and Chernobyl, the operators made a conscious decision to terminate the safety systems, but the primary difference is the timing in which the operators sup-pressed the safety systems. In the event of Three Mile Island, the operators were already significantly progressing towards catastrophe when the system led them to the incorrect conclusion. In the event of Chernobyl, the management felt as though the test they were performing was valid, and without trust in the automation, they did not believe that it was critical enough. Both instances were process failures.

4. NPP surveillance procedures

Technical Specifications (TS) are criteria specified within NPP licensing-basis documents to ensure that required equipment is available to safely shutdown and maintain a reactor plant in shutdown conditions [Citation25]. Limiting Conditions for Operation (LCO) impose limitations when specific equipment is inoperable. Each LCO contains one or more Surveillance Requirements (SR) which must be performed on a periodic basis to verify that certain specifications are met to ensure uninterrupted and unrestricted operation of the plant. If the SR is not met, a limit may be placed on operation. Each SR may have one or more Surveillance Tests (STs) which ensure that the applicable SR is met. This allows the full range of operation of the nuclear power plant. STs which are performed in the Main Control Room (MCR) of the power plant require extensive time and attention of the operators.

The Surveillance Test procedures require operators to check and make note of several plant parameters that, especially at newer plants, are available as direct readouts from the MCR screens. Nevertheless, Surveillance Test procedures take a lot of time from operators. Due to other emergent tasks, sometimes they are not completed quickly, or are interrupted mid-execution: for example, when checking control rod positions, the recording of the first few control rods might be executed at the beginning of the shift, while the rest of the procedure and the control rod measurements are recorded at the end of a shift. Another disadvantage of executing the procedures manually, is that there may be variations in values, which the operators cannot take into account. Values may have been temporarily out of specifications, but when the procedure was executed, or when the value was checked by the operator, they were within specifications.

With the recent implementation of fully digital Instrumentation and Control (I&C) Systems, many of these SRs may be verified if they are met by means of automation, which can reduce the task loading of the MCR operators by as much as 3 h per shift. This paper highlights the efforts to automate specific SRs for the APR-1400 MCR utilizing a Computerized Procedure System (CPS), combined with fully digital Instrumentation and Control (I&C) Systems. By utilizing such combined systems together with simple Boolean logic calculations can automate surveillance, possibly making it advantageous for implementation of Nuclear Power Plants that don’t have such systems, by both increasing safety and lowering manpower requirements in the control room. However, one disadvantage that should always be kept into consideration is that any type of automation may also have adverse effects on operator performance and awareness.

At many Nuclear Power Plants in the world, Surveillance procedures are currently paper-based, executed manually, with different periodicity (every shift, every night, every week). The executed procedures are stored in the Main Control Room, after which they are moved to be digitally scanned, digitalized (OCR – Optical Character Recognition), and recorded/archived as per the nuclear regulation [Citation26].

5. Computerized procedure systems

The usage of Computerized Procedure Systems (CPS) is rapidly increasing at both new and older Nuclear Power Plants, being currently available at several sites across the globe. These systems are developed to assist personnel by guiding the actions of operators in performing their tasks so that there is a greater probability that these tasks are safely achieved. While the scope of current CPS mostly comprises emergency/abnormal operating procedures, it is recognized that normal operating procedures have also been important contributors to many serious events, playing a significant role in plant safety [Citation27].

As per the current guidelines and standards available in regard to CPS, based on the levels of functional capabilities, there are three main types of systems defined [Citation28,Citation29]:

  • Type 1 systems solely present procedures on an electronic display, essentially replicating the existing functionality of paper procedures, with the added benefit of having the ability to quickly navigate through the procedure or call-up other procedures by using links, such as for quickly directing the operator to other related procedures. These systems are sometimes referred to as “electronic procedures.” Type 1 systems do not perform any real-time data presentation, data processing, logic processing, or decision-making.

  • Type 2 systems incorporate additional enhanced functionality such as automatic evaluation of conditions and procedure logic and prerequisites using real-time data from the I&C systems. They are capable of automatic retrieval and display of specific information needed to support decision-making, capable of continuously monitoring entry conditions, and automatically displaying the relevant procedures to an operator. This type of system can only provide information to an operator, it cannot issue control commands, but it may facilitate access to soft control capabilities that exist outside of the CPS.

  • Type 3 systems also include controls that may be used to issue commands to plant equipment. Such systems may include automatic execution of step sequences that are determined to require limited operator oversight, and for which there are procedures and training that would allow the operator to execute the steps manually, if necessary, or desired.

Below provides a summary of the differences between the three types of CPS.

Table 1. Types of computerized procedure systems [Citation29].

6. Practical approaches to automating surveillance procedures

Certain NPPs currently benefit from a CPS, supplied by Westinghouse, known as Westinghouse CPS. Such a system can be used to assist operators in the execution of Abnormal Operating Procedures (AOPs) and Emergency Operating Procedures (EOPs). The CPS system functions in conjunction with the process (I&C) data system (for example, the Emerson OvationTMFootnote1 System). There are major advantages of automating the NPP Surveillance Procedures: significant time-savings, consistent execution, as all values are accurate, taken at the same time, elimination of typos, therefore reducing or even eliminating possible procedure violations. From a regulatory perspective, the CPS log file can be used for records purposes directly, without needing additional signatures, independent verifications, or other regulatory requirements.

More details on the two systems and how they can be used together so that Surveillance Tests can be, to a great degree, automated, are given in the next sections. Even though the detailed practical approach used in this paper is based on an NPP having a fully digitalized I&C system, a hybrid control-room could be used to automate surveillance at least partially (depending on which digital instruments are available). At the same time, older plants should take into consideration Digital I&C/Control Room modernization because as time progresses and installed technology becomes obsolete, it will become more and more difficult to troubleshoot, maintain, replace, and service [Citation30].

6.1. Westinghouse Computerized Procedure System (CPS)

The Westinghouse CPS is a Computerized Procedure System that has the capability of combining real-time plant data into the context of procedure evaluation when executing structured procedure content [Citation31]. Real-time process data enables more efficient procedure execution since step status can be present at the time a specific step is reached (met/not met Boolean logic calculations using process data). From a human performance standpoint, the Westinghouse CPS can reduce personnel errors associated with inadvertent skipping of a step, or execution of steps out of sequence, by using electronic place-keeping features. Logics implemented into steps can continuously monitor process conditions for checking status, thus providing an automated Peer Check during procedure performance. Operator alerts can be automated as well – when critical procedure entry conditions are met, the relevant procedure is automatically opened, which can preclude a missed or delayed procedure execution [Citation31]. From a records perspective, the system maintains a chronological log of important events including entry conditions, alerts, operator actions, and procedure state evaluation information during procedure execution, while also eliminating the need for paper copies during and after procedure execution.

The Westinghouse CPS is designed to guide the user step-by-step through procedure execution by presenting the procedure state evaluation, based on real-time process data, and possible navigation paths forward. The system will recommend a path but does not enforce it; the operator always stays in complete control of procedure execution.

The Westinghouse CPS is provided as a suite of three distinct components [Citation31]:

  1. The client application that provides the operator interface (CPS Client) on each designated central control room operator workstation that executes computerized procedures.

  2. The server application software (CPS Server) that interfaces with process (I&C) data, monitors for procedure entry conditions, calculates procedure “state” data, performs system event logging, and responds to operator requests and actions initiated from the client application(s).

  3. An offline procedure builder tool that is used to develop and maintain procedure-specific files. The tool (CPS Builder) is used to produce procedure files that are used by the client and server applications.

A diagram view of the CPS system, and its components can be seen in .

Figure 5. CPS component block diagram [Citation31].

Figure 5. CPS component block diagram [Citation31].

A CPS interface needs to provide an intuitive interface () to minimize human error. Procedures are presented in a standard, consistent interface, the system suggests and warns but does not enforce, and there are sets of logical entry-conditions to automatically open relevant procedures for given situations. As specified previously, logic steps can also exist within procedure steps (). These logic steps are the key in automating Surveillance Test procedures as they enable simple value checks and confirmations against I&C process data.

Figure 6. Westinghouse CPS interface [Citation31].

Figure 6. Westinghouse CPS interface [Citation31].

Figure 7. Westinghouse CPS interface – organization of displayed information into panes [Citation31].

Figure 7. Westinghouse CPS interface – organization of displayed information into panes [Citation31].

Figure 8. Westinghouse CPS, logic expression Editor [Citation31].

Figure 8. Westinghouse CPS, logic expression Editor [Citation31].

6.2. Emerson Ovation

Emerson Ovation [Citation32] is a platform based on a Distributed Control System, which also integrates key components developed by Westinghouse for nuclear Instrumentation & Control applications. As a distributed process control, information and data management system, Ovation offers a powerful, flexible, and open-system architecture, supported by field-proven, industry-standard hardware, software, networking, and communication components. The extended components support plant computer, monitoring, and various system-interface applications to meet nuclear industry requirements. As stated previously, at some NPPs, the logic available within CPS procedures can be obtained from I&C process data, through the Emerson Ovation System, which comprises data sensors from all over the plant (Digital Control System).

An overview of the typical components of an Emerson Ovation system can be seen in .

Figure 9. Emerson Ovation™ - I&C systems platform [Citation32].

Figure 9. Emerson Ovation™ - I&C systems platform [Citation32].

An Ovation Point represents a single I&C process data-line, which is either generated directly from a single sensor or is a computed value from multiple plant sensors. These values are available as error-corrected, real-time, normalized data. With the versatility of Ovation Points, most values required by the surveillance can be obtained directly from the sensors already existing in the plant, while other values may either be obtained by using the available logic expressions or by creating/implementing additional Ovation Points. By using the currently available Ovation points and Boolean logic, around 80% of a Surveillance Test Procedures, which are required to be executed on every shift, can be automated. The rest of the non-automatable procedure steps can still be completed digitally, as the Westinghouse CPS also supports manual user input. Therefore, executing part of the surveillance procedure on paper can be avoided.

Considering the human performance aspect, by using such a system, the human operator is always in control, as he can decide if he wants to execute the procedure on paper or with the help of the automation. If there are other emergent tasks, the automated CPS can assist, so that the operator can focus on other important/critical tasks. If there is sufficient time, the surveillance may be executed paper-based to maintain the operator skills (prevent skill-decay).

The major advantages of automating the Surveillance Procedure are not only represented by significant time-savings but also consistent execution, as all values are accurate and are taken at the same time. There cannot be any typos, therefore reducing or even eliminating possible procedure violations. From a regulatory perspective, the CPS log file can be used for records purposes directly, without the need for additional signatures, independent verifications, or other regulatory requirements.

As possible negative impacts on Human Factors due to automation, the Operating Crew may have a lower situational awareness, and less efficient communication and coordination. From a human-factors perspective, the tentative automatic allocations of tasks should always be analysed for any negative impact on the performance of the human operator [Citation33–35]:

  1. Would manual performance of the task help to keep the operator engaged with the plant, informed of process status, or prepared to plan and solve problems?

  2. Would manual performance of the task provide the operator with important opportunities to develop or maintain valuable skills or knowledge?

  3. Will absolute implementation of the automatic feature(s) contribute to operator underloading (e.g. boredom)?

  4. Would the option for manual control from the MCR afford desired flexibility?

  5. Would the option for manual control from the MCR afford more reliable performance of the function?

  6. Would the option for manual control from the MCR be desirable for testing, maintenance, or management of off-normal conditions?

The awareness needed for the hundreds of instrumentation values that NPP’s generate requires operators to read from a computer screen and manually log them into a paper-based procedure appears to be a type of vestigial remnant from the pre-digital era. Even though manually copy-and-pasting information might raise awareness and help the operators be more effective, the I&C digital systems currently used at different NPPs provide an alarm whenever a monitored parameter goes out of specification. Even though there are still some concerns regarding operator awareness of key surveillance parameters, by allowing the operator the choice of either executing the task in a semi-automated manner or using the ‘old-fashioned-way’ is believed to prevent any negative impacts on Human Factors due to the automation of surveillance procedures (prevent skill decay).

6.3. PROCEED by Westinghouse

PROCEED is a Westinghouse solution for computerized procedures that is designed to support the execution of single column format procedures, such as normal operating procedures (i.e. General Operating Procedures, Surveillance Procedures, or Maintenance Procedures), in both the MCR and in the Field ().

Figure 10. Westinghouse PROCEED.

Figure 10. Westinghouse PROCEED.

Westinghouse PROCEED is a web-based application that provides the means to digitally execute procedures by taking advantage of modern PWA (Progressive Web App) architectures, which provide operating-system agnostic software that can be used on any hardware device capable of displaying HTML5 pages. Additionally, PROCEED can integrate procedure steps with external information such as that available in I&C systems, like Emerson Ovation or the historian, as well as other data sources through its data broker. Therefore, PROCEED can monitor key equipment and parameters, and based on the values of these parameters, it can auto-populate steps in procedures while identifying potential non-compliant values and forks in the procedures.

Westinghouse PROCEED also provides data analytics capabilities, recording a multitude of asset observations, data measurements, timestamps for operator actions as well as any other operator input while executing procedural instructions. This allows the conversion of great amounts of data into valuable operational information that can be exploited using dashboards ().

Figure 11. Dashboards available in Westinghouse PROCEED.

Figure 11. Dashboards available in Westinghouse PROCEED.

To address the requirements and concerns related to the introduction of digital solutions in nuclear power plants, several actions were taken in developing PROCEED, from a human performance and change management perspective:

  • Designed to maintain the look and feel of the existing paper procedures, smoothing the transition for both operators and procedure writers.

  • A Human Factors Engineering program was implemented during the development process to ensure adherence to NUREG-0711 [Citation33].

  • Use of available Procedure Professionals Association (PPA) standards as well as involving members of the development team in PPA initiatives such as Nuclear Electronic Work Packages – Enterprise Requirements (NEWPER) or Dynamic Instructions Editing Tool Requirements [Citation36].

Based on the capabilities of the software, PROCEED provides a recognized solution to digitally execute procedures, benefiting from all the advantages that come with it (reducing paper usage, automating records management, enhancing human error prevention, and increasing plant crew coordination), while at the same time allowing for the automatic execution of surveillance procedures.

7. Addressing the disadvantages of surveillance procedure automation

As specified in the previous section (1.2), there are several disadvantages to automation. In the Nuclear Power Plant industry, however, some of them do not apply, or can be mitigated:

  • Worker displacement. Although automation and computer-based procedures may reduce operator burden in the main control room, personnel would not be downsized; instead, their time would be optimized, leaving more available time for tasks such as Operations-Maintenance coordination or other tasks that can add more value and that can increase safety (especially during time-critical activities like outages). At the same time, any nuclear power plant personnel who have completed the extensive training program for licensure as a plant operator are highly desired in many positions of leadership in the nuclear industry. Due to retirement, promotions and other types of personnel attrition, research indicates that utilities should recruit and initiate the training of 6 to 10 operators per year for each unit [Citation37]. This indicates that any advancements in computer-based procedures or control room automation do not present a risk associated with worker displacement.

  • Large capital expenditure. Capital Expense is of course a business decision, but based on predictions for full Integrated Operations for Nuclear [Citation30], it is reported that there would be a 99.7% chance of achieving a positive net present value, indicating the ability to develop favourable business cases for such project investments. If the automation or computerized system demonstrates a return on investment in the organization, then the long-term cost will be offset. Risks of cyber-attacks are addressed by regulatory guidance throughout the nuclear industry. For example, in the United States, 10 CFR 73.54 addresses the protection of digital assets. This is supported by Regulatory Guide 5.71, Cyber Security Programs for Nuclear Facilities and NEI 08-09, Cyber Security Plan for Nuclear Power Plants.

  • Could become redundant. Once such a system is implemented, it is expected to need support in maintaining procedures, the associated process of revision of those procedures, and the included automation. The implementation itself is of course a business decision and is to be managed similar to projects like the modernization efforts in control rooms. In the case of nuclear power plant operation, the investment and hourly rate of a control room operator is much higher than the cost of the administrative support required to manage procedures.

  • Could introduce new safety hazards. It is acknowledged that there might be a legitimate compromise between reduced errors and having a longer completion time when using CBPs [Citation38]. Issues that may develop new risks are evaluated and those risks are mitigated. As an example, there is a concern that operators would lose a sense of plant performance if daily surveillance was automated, as the mental daily trend process would not occur as part of the completed log-taking process. This can be mitigated by developing graphical trends for all of the automated parameters and requiring by procedure that these trends be reviewed over a specific period of time. It can also be mitigated by requiring that certain values be reviewed and accepted by the operator before finishing the execution and introducing alerts about changes in the values recorded.

  • Skill Decay. It can be mitigated by a regimented training cycle, which includes a full week of training and examinations for every rotation cycle (typically 5 or 6 weeks depending on the selection of the schedule).

  • Situational awareness. Based on a literature review, there is sufficient research to indicate that computer-based procedures increase the situational awareness of the operator and the overall organization by reducing mental load: ‘Not only can a CBP system ensure shared situation awareness between the field worker and the supervisor, the ability to share information directly between the field and a remote location will improve communication between different organizations, such as maintenance, auxiliary operators, chemistry, and vendors or other stakeholders.’ [Citation39]. However, computer-based procedures also remove the necessity for frequent communication between control room staff, which can negatively impact the situational awareness of the control room watch standing team: ‘The lack of communication results in a limited and erroneous representation of the global situation by the team. Therefore, the team makes their decisions based on their restricted mental representation, which could breed inadequate decision-making regarding the real living situation.’ [Citation40].

8. Conclusion

In other high-risk industries like the aviation industry, over the past 50 years, as more and more systems were automated, the number of incidents has decreased three-fold, while the number of flights has increased by almost four times. Just as other high-risk industries have evolved more and more towards greater and greater automation, so too should the nuclear industry proceed.

Certain NPPs use a Computerized Procedure System supplied by Westinghouse (Westinghouse CPS), which can be used to assist operators in the execution of Abnormal Operating Procedures (AOPs) and Emergency Operating Procedures (EOPs). The CPS system functions in conjunction with the process (I&C) data system (e.g. Emerson Ovation System). Using these systems together enables the possibility of having Surveillance Tests automated (to a great degree). The CPS + Ovation automation of Surveillance Procedures, or the Westinghouse PROCEED system, is to be tested to more clearly quantify the advantages that they bring.

It is believed that the benefits of having the ability to execute Surveillances in an automated way outweigh the negative risks, since the operator has full autonomy in deciding whether to use or not to use the automation. If there are no other emergent issues to be resolved, then executing the Surveillance manually remains available as an option, thereby preventing the negative effects of skill-decay due to automation. As automation benefits: i) there are significant time-savings, enabling the operators to have the flexibility to properly focus on any situations that are not yet proceduralized, and that do require knowledge-based interaction; ii) consistent execution, reducing the procedure execution error rate; and iii) automatic and accurate record-keeping. Taken together, these benefits translate to an improvement in NPP safety.

Based on successful feedback from Operations/Training departments, either one of the two listed practical approaches may be implemented. The results of which would be published in a subsequent paper that will better assess the impact from a human-factors perspective. This assessment will be key in demonstrating all the benefits and possible disadvantages not yet considered, and optimistically set the course to begin implementation of automated surveillance at NPP facilities around the world (possibly even removing human interaction completely from surveillance procedures).

As a subsequent future improvement, all NPP procedures that require any decision/information already present in a Digital I&C System (Ovation Points), should be choice-automated (supervisor control), and as much as possible aligned to a Type 3 Computerized procedure system with embedded control capabilities and procedure-based automation with decision-support features [Citation28,Citation29].

Disclosure statement

No potential conflict of interest was reported by the author(s).

Notes

1. OvationTM is a trademark of Emerson Electric Company

References

  • Groover MP. Automation. Encycl Britannica. 2024 Jul 19 [cited 30 Jul 2024]. Available from: https://www.britannica.com/technology/automation
  • Prasanna. Automation advantages and disadvantages. 2022. https://www.aplustopper.com/automation-advantages-and-disadvantages/
  • Schmitt K. Automations influence on nuclear power plants: a look at three accidents and how automation played a role. Work. 2012;41:4545–4551. doi: 10.3233/WOR-2012-0035-4545
  • Frohm J, Grannel V, Winroth M et al. The industry’s view on automation in manufacturing. IFAC Proc Vol. 2006;39(4):453–458. https://doi.org/10.3182/20060522-3-FR-2904.00073
  • Perez J. How automation drives business growth and efficiency. Digit Transform, Harvard Bus Rev. 2023;12. https://hbr.org/sponsored/2023/04/how-automation-drives-business-growth-and-efficiency
  • Kohn SC, de Visser EJ, Wiese E et al. Measurement of trust in automation: a narrative review and reference Guide. Front Psychol. 2021; 12. doi: 10.3389/fpsyg.2021.604977
  • Parasuraman R, Manzey D. Complacency and bias in human use of automation: an attentional integration. Hum Factors J Hum Factors Ergon Soc. 2010;52(3):381–410. doi: 10.1177/0018720810376055
  • Fitts PE. “Human engineering for an effective air navigation and traffic control system”. Washington D.C.: National Research Council; 1951.
  • Kagermann H, Wahlster W, Helbig J. “Deutschlands Zukunft als Produktionsstandort sichern. Umsetzungsempfehlungen für das Zukunftsprojekt Industrie 4.0. Abschlussbericht des Arbeitskreises Industrie 4.0”. Acatech - Deutsche Akademie der Technikwissenschaften. DFKI und Deutsche Post. 2013. https://www.acatech.de/publikation/umsetzungsempfehlungen-fuer-das-zukunftsprojekt-industrie-4-0-abschlussbericht-des-arbeitskreises-industrie-4-0/download-pdf/?lang=de
  • Arnaldo Valdes R, Fernando Gómez Comendador V. Aviation 4.0: more safety through automation and digitization. In: Safety and security engineering VII, WIT transactions on the built environment. 174. WIT Press; 2018. https://www.witpress.com/Secure/elibrary/papers/SAFE17/SAFE17021FU1.pdf
  • Erol S, Schumacher A, Sihn W. Strategic guidance towards industry 4.0 – a three-stage process model. In: International Conference on Competitive Manufacturing (COMA’16), South Africa: Stellenbosch; 2016. https://www.researchgate.net/publication/286937652_Strategic_guidance_towards_Industry_40_-_a_three-stage_process_model
  • Press Release A. Airbus concludes ATTOL with fully autonomous flight tests. 2020.
  • Data source. Bureau of Aircraft Accidents Archives B3A.
  • The World Bank Group. “Air transport, registered carrier departures worldwide”, based on the following sources: international civil aviation organization, civil aviation statistics of the world and ICAO staff estimates. License CC BY-4.0. https://data.worldbank.org/indicator/IS.AIR.DPRT
  • The World Bank Group. “Air transport, passengers carried - world”, based on the following sources: international civil aviation organization, civil aviation statistics of the world and ICAO staff estimates. License CC BY-4.0. https://data.worldbank.org/indicator/IS.AIR.PSGR?locations=1W&skipRedirection=true&type=shaded&view=map&year=2021
  • Brown JP. The effect of automation on human factors in aviation. In: The journal of instrumentation, automation and systems. Melbourne, Australia, UNSYSdigital: Royal Melbourne Institute of Technology; 2016.
  • Petitt K, Riddle E. Structural redesign of Pilot training and the automated aircraft. Int J Aviat Syst Oper Train. 2017; 4(2):32–44. doi: 10.4018/IJASOT.2017070103
  • Endsley MR, Kaber DB. Level of automation effects on performance, situational awareness and workload in a dynamic control task. Ergonomics. 1999;42(3):462–492. doi: 10.1080/001401399185595
  • Merat N, Seppelt B, Louw T, et al. “The <<Out-of-the-Loop>> concept in automated driving: proposed definition, measures and implications. Cogn Tech Work. 2019;21:87–98. doi: 10.1007/s10111-018-0525-8
  • IAEA. IAEA-TECDOC-668, the role of automation and humans in nuclear power plants. International Atomic Energy Agency. 1992 Oct.
  • IAEA. Specific safety guide SSG-76, “conduct of operations at nuclear power plants”. Int At Energy Agency. 2022.
  • PBS. “Meltdown at three mile island”. Arlington (VA); 1999 Feb 22; https://www.pbs.org/wgbh/americanexperience/films/three/
  • Wu W-H, Liao L-Y. Emergency operating procedures improvement based on the lesson learned from the Fukushima Daiichi accident. Nucl Eng Des. 2016;309:53–64. doi: 10.1016/j.nucengdes.2016.09.011
  • Liptak B. Automation could have prevented Fukushima. [cited 2013 Apr]. Available from: https://www.controlglobal.com/control/distributed-control/article/11380176/plant-safety-automation-could-have-prevented-fukushima-2
  • NUREG-1432 Rev 5.0. Standard technical specifications for combustion engineering plants. US nuclear regulatory commission. 2021 Sep.
  • Guide R. Certification of reactor operators and senior reactor operators at nuclear facilities. FANR-RG-017, 2022; 2.
  • O’Hara JM, Fleger S. NUREG-0700, Rev. 3, human-system interface design review guidelines. US Nucl Regul Commission. 2020; Jul.
  • Nuclear Power Engineering Committee. Applications of computerized operating procedure systems (COPS) at nuclear power generating stations and other nuclear facilities. In: IEEE Standards Association, IEEE Std 1786™-2022; 2022. https://ieeexplore.ieee.org/document/9927292
  • Report T. Human factors guidance for control room and digital human-system interface design and modification: guidelines for planning, specification, design, licensing, implementation, training, operation, and maintenance for operating plants and new builds. Palo Alto (CA): EPRI; 2015. 3002004310.
  • Remer J. Integrated operations for nuclear business operation model analysis and industry validation. (Inl/RPT-22-68671-Revision-1), Prepared By Ida Natl Lab and Scott Madden for the US Department of Energy. 2023; Jan.
  • Global Instrumentation and Control. Westinghouse computerized procedures system (CPS). NA-0056, Westinghouse Electric Co LLC. 2018 June.
  • Automation N. Information and control systems platform, NA-0093. Westinghouse Electric Co LLC. 2010 Sep.
  • O’Hara JM, Higgins JC, Fleger SA et al. “Human factors engineering program review model”. US Nuclear Regulatory Commission; 2012 Nov, NUREG-0711, Rev.3.
  • Pulliam R, Price HE, Bongarra J et al. “A methodology for allocating nuclear power plant control functions to human or automatic control”. Oak Ridge National Laboratory; 1983 Aug, NUREG/CR-3331.
  • O’Hara JM, Higgins JC, Stubler WF et al. Computer-based procedure systems: technical basis and human factors review guidance NUREG/CR-6634. US Nucl Regul Commission. 2000 Mar.
  • PPA AP-907-005.002. Dynamic instruction set Editor functional requirements and implementation considerations. Proced Professionals Assoc. 2020.
  • Verma A. Manpower development for new nuclear energy programs [ Bachelor of Science thesis]. Massachusetts Institute of Technology, Department of Nuclear Science and Engineering; 2012, May.
  • Oxstrand J, Le Blanc K, Bly A. “Computer-based procedures for field activities: results from three evaluations at nuclear power plants”, INL/EXT-14-33212, Idaho National Laboratory, prepared for the U.S. Dept Of Energy, Office Nucl Energy. 2014 Sep.
  • Oxstrand J, Le Blanc K. “Supporting the future nuclear workforce with computer-based procedures”. Idaho National Laboratory; 2016 INL/JOU-15-37135.
  • Pons Lelardeux C. Communication system and team situation awareness in a multiplayer real-time learning environment: application to a virtual operating room. Visual Comput. 2017 Jan;33(n° 4):489–515. ISSN 0178–2789. doi: 10.1007/s00371-016-1280-6
Download PDF

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.