Risk assessment of safety data link and network communication in digital safety feature control system of nuclear power plant

As one of the safety-critical systems in nuclear power plants (NPPs), the Engineered Safety Feature-Component Control System (ESF-CCS) employs safety data link and network communication for the transmission of safety component actuation signals from the group controllers to loop controllers to effectively accommodate various safety-critical field controllers. Since data communication failure risk in the ESF-CCS has yet to be fully quantified, the ESF-CCS employing data communication systems have not been applied in NPPs. This study therefore developed a fault tree model to assess the data link and data network failure-induced unavailability of a system function used to generate an automated control signal for accident mitigation equipment. The current aim is to provide risk information regarding data communication failure in a digital safety feature control system in consideration of interconnection between controllers and the fault-tolerant algorithm implemented in the target system. Based on the developed fault tree model, case studies were performed to quantitatively assess the unavailability of ESF-CCS signal generation due to data link and network failure and its risk effect on safety signal generation failure. This study is expected to provide insight into the risk assessment of safety-critical data communication in a digitalized NPP instrumentation and control system.