Tiny technologies, big changes19 July 2022
Are small digital technologies a threat or an opportunity for the nuclear industry?
Above: Embedded digital devices present many advantages but also potential risks for the nuclear business (Photo credit: Michael Dziedzic, Unsplash)
For the nuclear industry, the type of new technology that hits the headlines is often about big new developments and large technological advances. It’s new reactor designs, like the three reactor designs certified by the UK’s Office for Nuclear Regulation, or small modular reactors. The same narrative applies for other power sectors too, like the rapid scaling up of offshore wind. But while the headline news across the electricity sector has often been about new forms of large generation, beneath the surface the sector has seen a different revolution – one that is centred around the small and the virtual.
The energy industry – like other industries such as manufacturing and transport – is benefitting from some major global trends like the dramatic cost reductions and explosion in use of small electronic devices like sensors. These solid-state devices can be embedded into systems and networks where their capabilities are rapidly increasing. They are intimately coupled with similar reductions in the cost and flexibility of storing huge amounts of data, as companies move to ‘cloud’ storage. For the energy sector that also means the active participation of hundreds of new small-scale and specialist parties, from traders and asset managers to the owners of distributed generation.
These are all opportunities, but they are threats to nuclear plant operators as well.
The data feedback loop
Embedded devices such as sensors are becoming ubiquitous. In its review of manufacturing trends in 2019, Microsoft noted that the cost of motion sensors had fallen from $1.30 per unit in 2004 to $0.44 per unit in 2018. Costs are still falling, and Microsoft predicts that there will be over 36 billion connected devices by 2021.
Metering company Landis and Gyr looked at the use of sensors in electricity distribution networks and it too found that costs were continuing to fall. It highlighted a reduction in sensor prices from $0.66 per unit in 2010 to $0.29 per unit in 2020 – and it predicted a simultaneous increase in the market for such sensors from $2.3 billion in 2021 to $3.8 billion by 2026.
These billions of embedded electronic devices (EDDs) provide a tsunami of data. In the past, that was not always a benefit as the limits to storage and processing were fairly low. But in the same way the cost of sensors has fallen, the cost and options for data storage and processing have also changed.
The difference is so-called ‘cloud’ storage.
Previously, installing large individual company-based data stores represented a high capital cost, and hence a risk and barrier to making full use of data from EDDs. But ‘cloud’ services are flexible and have a relatively low upfront cost. They are being used more and more by electricity sector companies as initial concerns over data security and reliability have been overcome. The advent of cloud services and ‘storage as a service’ or ‘software as a service’ models has resulted in a feedback loop whereby the barrier to using the data from EDDs has disappeared and that has consequently made the installation and use of EDDs more likely.
Energy industries were initially slow to adopt the cloud, due to concerns over data security. But those concerns have faded and cloud services are now routinely used by the energy industry, as well as by companies which provide software or central services (such as settlement) to energy companies.
The concern that remains? In practice the ‘cloud’ is misnamed. It is a very ground-based set of data storage facilities that rely mainly on just three suppliers: Amazon Web Services, Microsoft and Google. That small number of providers is regarded as a concern in itself and has been raised by regulators in the UK’s financial services sector. The regulators and the Bank of England discussed this issue at a recent meeting, according to the UK’s Financial Times newspaper, which quoted minutes saying, “the increasing criticality of the services that critical third parties provide, alongside concentration in a small number of providers, pose a threat to financial stability in the absence of greater direct regulatory oversight.”
Embedded devices in the electricity industry
It remains to been seen whether regulators will take any action over cloud storage providers. Meanwhile, it is not surprising that energy asset owners are adopting small embedded devices and the capabilities afforded by big data.
It is a road that the nuclear industry has trodden before – it was a leader in using an earlier wave of devices, such as vibration monitors, for example. In the nuclear industry, largely inaccessible components and a high down-time cost for inspections or repair quickly made remote monitoring and condition-based maintenance beneficial on both financial and safety grounds. Now, however, the low cost and high capability and connectivity of the new generation of devices makes them financially attractive almost everywhere. In the electricity industry they are becoming common across networks, providing increasingly granular data about conditions that help find and manage network outages, and manage both individual assets and the electrical loading of the grid itself. But embedded devices are spreading across the all the systems used by our economy. Landis+Gyr lists a large number of use-cases, such as smart cities.
Why does this matter to the nuclear industry? Nuclear is not an island in the electricity or energy landscape. It is intimately connected with the rest of the system, physically and electrically, and it can no longer rely on lack of connectivity – a so-called ‘air gap’ – to keep it secure. And embedded digital devices often come complete with software and a communication capability that can have unexpected consequences.
Such a case was referred to in a 2021 report by the US NRC, Developing a Technical Basis for Embedded Digital Devices and Emerging Technologies, produced as part of its work to develop guidance for the safe use of EDDs in commercial nuclear power plants in the USA.
The report lists a dozen occasions when unexpected or ill-defined activity in EDDs can result in unanticipated consequences for nuclear operators.
Most had little safety implications in themselves. For example, the report cites an occasion at the UK’s Sellafield fuel cycle site where paperless chart recorders were installed. It says that after installation the recorders started to exhibit faults, mostly “going to sleep” or requiring constant rebooting. “Recorders were swapped with identical spares, returned to the manufacturer, and reconfigured over a period of about 18 months, with no real improvement in reliability.” The cause? “The chart recorders contained a game called Cave Fly that was based on the film Hunt for Red October, and the game could not be deleted from the firmware; it could only locked-out from the operators. After the game was locked out, reliability seemed to improve, but faults were never completely eliminated. Sellafield decided to change the recorders for another make.”
What is more, the barrier between what happens on- site and off-site is more permeable as devices become more communicative, and so does the barrier between safety-related systems and non safety-related systems. The user’s control over how devices act and interact becomes less certain as ‘off the shelf’ devices come with built-in capabilities. And the ability to control the physical deployment of such devices becomes more difficult as it becomes financially attractive to use them across the economy.
In its report last year, the US NRC noted that EDDs can affect safety “by creating new hazards, vulnerabilities, failure modes, triggering mechanisms, and other potential safety concerns at both component and system levels.” It listed 18 types of components that may contain EDDs (see below (1)).
Some concerns are typical of any products being used in the nuclear industry for the first time, such as new vendors in the market who are not familiar with the quality requirements associated with the nuclear power industry, especially for safety related applications.
Others are less straightforward.
Among them is the potential for undeclared digital content in devices (as in the example at Sellafield above) – a concern that may extend to apparently familiar components, because now it is cost effective to replace analogue subcomponents with digital versions.
For the manufacturer, the change to digital offers more options and reduces the cost to manufacture, by allowing for more configurations with fewer parts. Digital components in commercial off-the-shelf devices may have embedded software that is not known to the user or assessor and, the NRC warns, “Because the device function remains the same, the product literature and part number for the device may not be revised”. As a result, the new digital version is not quality-assessed appropriately and may have new failure mechanisms and modes.
Undetected changes in components is just one of several concerns that nuclear plant operators have to consider around the growth of low-cost frequent-use EDDs and other technologies. The NRC says, “new failure modes may increase the consequences of a malfunction or failure or create the possibility for an accident type different than any previously evaluated”.
This may arise in the case of aftermarket parts, special manufacturing, repair or new build, equivalency, reverse engineering or a design change. “Left undetected, undeclared digital content could find its way into, and become a de facto change to, the plant’s licensing basis.”
The NRC considered whether EDDs could increase a nuclear plant’s vulnerability to common cause failure (CCF). EDDs have that potential, it concluded, and a solution may not be straightforward. CCFs are typically avoided by having different channels. However, if there are common components like valve controllers that all have the same EDDs, with the same software triggers, this may cause CCF concerns. But placing valve controllers for different valves on a rack could cause a CCF because of their physical location. “Thus, while one problem may be solved the solution could create other problems,” it said.
In its report the US NRC noted that the supply chain represents a “significant cyber-attack pathway for digital assets and systems,” and generally that the increasing use of EDDs, increasingly likely to be from vendors outside the nuclear industry, will increase cyber security vulnerabilities and concerns.
So too will the use of wireless technologies. These “advance the capabilities of EDD significantly” and beyond their analog counterparts, but they raise both cybersecurity concerns and issues over electromagnetic interference.
Cybersecurity is naturally top of a list of concerns for the nuclear industry and for the energy industry as a whole. New research published by risk management and quality assurance provider DNV suggests that the industry is not becoming complacent (see below (2)).
The US NRC noted that the nuclear industry remains cautious over the use of EDDs and its comment that “the presence of new and potentially unknown failure modes in digital systems and components translates into a slower rate of incorporating digital systems into nuclear power plants compared to the process industries” would no doubt be equally applied to other new digital technologies.
So would the NRC’s view that software failures will be a major threat for reliability. It advises that changes should be considered very carefully if they will increase complexity – even if they are useful functions such as automated self- testing. It says, “self-diagnostics can add a lot of benefit by identifying errors and deviating performance; however, self-diagnostics add complexity, may have untested steps, and may falsely increase confidence in a device.” Nevertheless, the US regulator highlights the opportunities presented by EDDs and associated technologies. For example:
- Embedded digital capabilities will enable new types of components that are not feasible without the high- speed data acquisition and processing capabilities supplied by the on-board electronics and advances in instrumentation and control (I&C) systems and components.
- Emerging applications of autonomous control allow for reactor components that operate in extreme environments – the NRC’s example is replacing mechanical bearings with magnetic bearings that can allow a pump to be made from materials that can operate above 650°C.
- Allowing for a shift away from a centralised control architecture that requires exceptional operator knowledge of the power plant and that involves costly and difficult design of the operational and safety systems. The NRC says: “localised control through the use of EDDs could allow designs to be simplified and could streamline operation of complex systems while improving modularity similar to object-oriented control architectures.”
Overall, the opportunity is for a nuclear industry – and an electricity industry – that is better equipped for the future. New embedded technologies, ‘as a service’ offering capabilities such as data storage and analytics, and new parties that specialise in these technologies, can help the nuclear industry reduce costs and improve its offering – provided they are carefully incorporated.
1 Devices to watch
The US NRC identifies 18 types of components with EDDs that may contain digital content. They are:
- Chart (data) recorders
- Priority logic modules
- Circuit breakers
- Diesel generators
- Radiation monitors
- Relays, time-delay relays
- Gas analysers
- Temperature transmitters
- Level meters
- Uninterruptible power supplies
- Motor control centers
- Valve actuators
- Power supplies
- Pressure transmitters
- Voltage regulators
2 Rising concerns over cyber security
DNV recently released The Cyber Priority, a research survey exploring attitudes to the state of cyber security in the energy sector. The test and verification company spoke to more than 940 energy professionals around the world working in the power, renewables, and oil and gas sectors. It revealed that a majority regard cyber-attacks as a major vulnerability. The respondents thought that within the next two years a cyber- attack on the industry is likely to cause operational shutdowns (85%), damage to energy assets and critical infrastructure (84%), environmental harm (74%) or loss of life (57%).
DNV said that concern about the threats has grown following Russia’s invasion of Ukraine, with 67% of interviewees saying that recent cyber-attacks on the industry have driven their organisations to make major changes to their security strategies and systems.