Slashdot Mirror
US Nuclear Power Enters the Digital Age
An anonymous reader writes "South Carolina's Oconee Nuclear Station will replace its analog monitoring and operating controls with digital systems, as part of a $2 billion plant upgrade by its owner, Duke Energy. It will become the first nuke plant in the US to use digital controls, and its upgrade may be quickly followed by others. The main driver for the move is cost savings; worries about reliability and hackers have been the reason digital systems haven't been adopted sooner."
What could possibly go wrong with such a grand idea?
And they said it would never arrive...
Lemmings are silly; dinosaurs are extinct.
So let me get this straight. Before, they were too worried about hackers, but now, they feel it's perfectly safe to do this?
Let me guess. They're installing Windows XP, too.
Cue the DNF jokes, in 3, 2, 1...
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
South Carolina's Oconee Nuclear Station will replace its analog monitoring and operating controls with digital systems
Chinese Military Admits Existence of Cyberwarfare Unit
Wait..
...hackers have been the reason digital systems haven't been adopted sooner.
Here's an idea, let's not connect it to the Internet.
Isolate the system, for Christ's sake. There's no reason that a system like this should have any connection to the Internet, any external access at all (except maybe read access for monitoring at home by the chief engineers or something), or -- and this is the part that people don't seem to get -- no freaking 802.11 access.
I find it amazing that, working in the medical field, every hospital I walk into is at least partially dependent on wireless networks. (Hint: Send desync commands continually with an iPod -- network down.) But not only that, but they go through all these hijinks to make life suck for legitimate users, and miss obvious things like direct network access through Ethernet ports. I walked into a room a few weeks ago, and a kid had plugged his laptop into the hospital Ethernet and it was (I later verified) BEHIND the firewall. Another hospital used WEP encryption for its "official" network, and my laptop broke it in about ten minutes in a call room.
You have all sorts of people working in administrative roles in these institutions that think security is defined as:
1. Disable the Windows "run" command to piss me off.
2. Don't allow me to click on the clock to see a calendar.
3. Block web sites randomly for "security" reasons. (Hint: I'm a doctor. If I'm going to a web site I either have some legitimate reason to, or I'm goofing off because I have some critical patient that I'm stuck in the hospital with.)
4. Throw up wireless networks with some idiotic click through screen before it will route anything, thus breaking every automated device on the market.
Probably any of us on Slashdot could do a better job than some of these idiots.
But what we really need to do is hook it up to the internet.
I guess I was an idiot to assume things had already been digital for some time now...
So what are they using right now then, a few vacuum tubes and clocksprings? Or do they have those newfangled "crystal" rectifiers and point contact transistors. (yeah, I know cave-tech and digital aren't mutually exclusive, give me a break ;) ).
Just because there is no computer running the show, doesn't mean it isn't digital. I'm sure there must be some digital bits involved, no? Or is it just big fucking analog panel meters and red buttons? Analog PID controllers for pressure limits, temp limits, water volume, and that sort of thing, or again just gauges and manual control? I'm thinking there is a digital PLC controlling most of those sorts of things as it is... Who knows though, enlighten me.
Sent from my PDP-11
Duke energy is the one that is working CLOSELY with China (they are more chinese than is GE). My guess is that these controls will come from them. As such, it will be VERY prone to control by them at the worst possible time.
I prefer the "u" in honour as it seems to be missing these days.
kill -9 all
sounds very safe
For justice, we must go to Don Corleone
a china syndrome, Chernobyl or Fukushima. The last thing we need is a BSOD taking out the cooling system.
They better be non networked of side of the plant and maybe not running windows.
AND NO Homer Simpsons
What's going to happen when they have to reboot?
I'm sure this will work out just fine.
As digital a geek as I am, I actually downgraded my pool. The garbage "computers" I''ve had foisted upon me by pool guys are absolute crap. So I pulled all the expensive valve actuators and run it by turning valves, and backwashing manually.
I love tech and all the things I do and can do with it. But sometimes, simpler and analog works.
"The pie shall be cut in half and each man shall receive.....death. I'll eat the pie."
...that the previous Slashdot story was 'Chinese Military Admits Existence of Cyberwarfare Unit". So obliging of the US to pre-install a few dirty nuclear bombs. At minimum, one would hope that they are going to use hardwired ROMs for all code. It would also be nice if the CPU was hard wired, so the program counter could not leave ROM space.
Like in the old days when you had a cash register. All it did was be a cash register day in and day out without any problems. Currently most cash registers are cheap computers running complicated operating systems. The number of failure points is staggering.
You want digital controls? That's fine. Design some hardware to manage those controls and then STOP. You won't have to worry about drive failures, locking down USB ports, operating system updates, people doing things they shouldn't....
Only the State obtains its revenue by coercion. - Murray Rothbard
is much less of a danger in this case I think. You couldn't convince a dedicated, highly paid engineer to endanger a digital system any more easily than you could convince him to endanger a system based on analog controls. These aren't bored medium waged desk workers, they are among the world's best educated and most aware of the systems they control. I think it wouldn't take a huge amount of effort to train them on how to keep the systems isolated.
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
You know, when I wrote software for a nuclear reactor in 1977, it was definitely on a digital computer, albeit a PDP11 in FORTRAN.
"Cats like plain crisps"
next-gen plant that'll run for 50 years, cost less and be safer
Pain is merely failure leaving the body
the Blue Screen of Death
I still got one of these.
Target practice by the, uhh, 30-strong commando unit of Chinese cyberwarriors.
Nitpick: next-generation designs are meant to run for 60-80 years, then be refurbed to run for 100-120.
(if current experience holds, they'll then be refurbished once more and ultimately run for 150-200)
... the german Government just decided yesterday to finally abandon and decommission all nuclear power by 2021. That's in 10 years. We'll be having a little extended backup reserve of 3 nuclear power plants, but their countdown has begun already.
With regular nuclear power, we are now talking about a technology that Germans considers unmanageable, safety wise. You might want to ponder that for a minute.
I for my part am glad that our current conservative government has finally gotten a clue (25 years after Chernobyl, none-the-less), also due to recent problems with our 'eternal' nuclear dump sites.
Nuclear, as of current state of technology, is a bad idea. There is no fucking way that *anybody* can take over responsibility for 50 000 years worth of deadly toxic waste. Anyone who thought that needs a clobbering.
We suffer more in our imagination than in reality. - Seneca
"Duke" Energy and a "Nuke" Plant. Something tells me it will take them "Forever" to finish it.
Well, being an Power Systems Controls Engineer at a major utility, I can tell you we already do analogs via a digital stream. The protocol of choice is DNP. It is a standard That also accepts the analog transducers used for the last 50 + years. I don't actually see why this is worthy of a story. The bigger story is how all of the utilities are going to adapt to the latest NERC-CIP regulations and adapt to "secure" versions of the various protocols. Things like secure DNP and a secure version of 61850.
"Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
The biggest problem with digital I&C is the “software common cause failure issue"
Imagine modern nuclear plant with multiple-channel redundancy in instrument and control systems, if one instrument fails, there are others. Same applies to whole cooling systems, if one cooling system fails, there are other completely independent systems that continue to work. Typically redundant systems use instruments from different manufacturers or instruments that are implemented with different technology.
This is not possible for digital systems because they are too costly to implement multiple times. What this means is that redundant digital control systems use same software. If one system fails because of software error, others may follow. This has already happened in German nuclear plant that had new digital system installed. Only the old analog system that was still operational saved the reactor.
This is why Finnish radiation and nuclear safety authority required changes in Areva's plans for the most modern nuclear reactor being build, Olkiluoto 3. They added analog safety requirements. Reactor must be able to shout down even when digital I&C has total failure. Relying for all digital systems compromises redundancy.
More info:
http://www.neimagazine.com/story.asp?storyCode=2053091
http://www.amazon.com/Digital-Instrumentation-Control-Systems-Nuclear/dp/0309057329
Dyslexics have more fnu.
If that's so and they can really build them as cheaply as they claim, bring 'em on!
Pain is merely failure leaving the body
Stuxnet may have had a crucial role in the spring 2011 Fukushima nuclear powerplant disaster and not just as an accidental stray infection, but as a directed attack. A specifically modified version of the Stuxnet worm was likely used to stop the japanese weaponized plutonium production programme by targeting the Siemens Simatic based servers that control the nuclear powerplant's backup generators and emergency cooling loop systems and floodgates, which most curiously refused to work before the tsunami arrived.
Radioactivity measurements suggest the japanese were storing or producing much more plutonium at the exploded Fukushima-1 nuclear powerplant than officially declared or necessary for use at their single MOX-fueled reactor, (which is, as a whole, potentially indicative of a clandestine A-bomb making effort)
There have been rumors in 2009, that Japan decided to make and stockpile large amounts of plutonium domestically, to allow for rapid assembly of nuclear bombs in case of a national defence emergency. The japanese Pu-239 production project (or the plan to stop it) is allegedly called "Operation Mishima Yukio", named after the militant revolutionary writer and actor who commited seppuku in 1970, after unsuccessfully demanding the nuclear re-armament of Japan in a failed coup 'd etat attempt.
The modern japanese plutonium bomb project was started after 2007-2008, when their long-term ally USA repeatedly denied to export superior F-22 Raptor fighter jets, sought by Tokyo to fend off the several hundred Su-27 / J-11 heavy fighter planes in chinese air force service.
Many analysts assume that "real-politik" control of the asiatic rim of the Pacific (including Taiwan, South Korea and Japan) will soon transfer under Beijing's sphere of influence, in exchange for annuling most of the USA's renminbi-yuan held foreign debt. That would spell doom for Tokyo (and probably Taiwan and South Korea as well), since China can never forgive the japanese military atrocities of WW2 and the bloody Korean War and seeks revenge.
Therefore it seems plausible that Japan tried to counter such USA treason and fend off any possibility of a chinese or north korean threat by seeking domestic posession of atomic weapons, or at least the ability to assemble them in two week's time if needed. In turn Stuxnetan (~ Stuxnet mascot), an alleged modified variant of the anti-iranian military worm, could have been used to attack the plutonium-producing reactors at Fukushima, in case the USA and Tel-Aviv strongly disliked Japan's independent nuclear weapons ambitions.
If so, the "japanized" Stuxnetan worm was designed to do a clandestine strike on the backup systems at the moment when the nuclear reactors
automatically SCRAM to emergency stop on alarm signal of earthquake sensors (moderate to strong earthquakes being a regularly occuring phenomenon in Japan).
The resulting serious Fukushima mishaps, then explosions and the massive destruction, rather then the mere wrecking and breaking of reactor
machinery, were an unintended result of the attack. The malware programmers simply did not consider the possibility of a rare super-massive scale 8.9 earthquake erupting, as opposed to the usual grade 6.5 tremors and also ignored the risk posed by mega tsunami waves, which followed the quake onto shore.
If such a Stuxnetan versus Fukushima scenario proves true, the consequences could be enormous. The japanese will not peacefully accept that they have been nuked a third time after Hiroshima and Nagasaki. There could be a japanese peace treaty with Russia, maybe even with communist China as a yellow race wide self-protection pact and eventually the formation of an Eurasian grand coalition, which is militarily opposed to the USA.
Sooner or later the clean-up workers will enter the ruined Fukushima reactor buildings and recover equipment. Even if the computer hardware is badly damaged, advanced disk data recovery services are now available from several top commercial vendors, some of them outside the USA (like Kurt Rt. in Hungary). If they find new Stuxnet variant proof on Fukushima computers, a new era will start in human history (maybe it will be WW3 ).
How dare you expect foresight and sensibility!
Free market will work it all out, my friend.
If it ain't broke, don't fix it.
The "digital" portions of most instrumentation sit on top of the analogue loop. They were designed to give you the exact same thing you had + diagnostics and early fault prediction. Instruments which could not only give you 4-20mA but tell you that if you don't attend to them then within the week there's a good chance you'll get 3 or 25mA out of them and your control system spits out NaN.
Reliability wasn't getting in the way of the upgrade, $2bn was. There's not an industrial plant in the world that wouldn't drop everything and upgrade all their instrumentation and control systems if they could do it in a cost effective manner.
The benefit of an analog system is that it is necessarily stupid, so stupid that any deficiencies are obvious. If they go to a digital system and keep it stupid too, then it should be just as reliable. But it sounds to me like they want to add all the bells and whistles; to make it so complex that deficiencies are not obvious. A computer monitoring a thousand sensors cannot have all cases tested. Even on strictly combinatoric grounds it is not completely testable.(We're probably talking at least 2^(1000*8) unique possible inputs) But beyond that, timing from physical sensors is much trickier than a system with 1000 synchronous inputs. Finally, I'm sure that there are little quirks that apply to each sensor.
I think I'm inherently skeptical of complex systems because I've spent too much time coding them. There will be failures. There will be bugs. Let's hope that there is enough redundancy that nothing catastrophic happens.
Presumably they can just walk away from the old plant, safe in the knowledge that it can be abandoned in the same way that one could lock up a warehouse and never return.
ALL nuclear power will be ended in Germany by 2022. All but three stations will closed by 2021, wityh the final three being shuttered and buried the next year, if they need the power still, but not after. In related news, Germany plans to double renewables by 2020. http://www.theglobeandmail.com/news/world/europe/germany-decides-to-pull-plug-on-nuclear-power/article2039434/ Go ahead and troll rate me down, it won't change the news.
I'm not a fanboy because at all points of contact with that industry I could see it was driven almost purely by politics and greed with very little thought to practicality. The only advances we've seen are in the niches where the honest can work while slipping under the radar of the confidence tricksters plotting to get a handout from the taypayer for building TMI painted green. Thus "modern US designs" came mostly via Toshiba and Hitachi in Japan or from government labs. It's depressing to see a civilian nuclear industry that is even twenty years behind South Africa. It's hard to move towards anything decent when the fanboys insist 1970s crap is perfect thus the thorium research was cancelled and synroc had to struggle against idiots that insisted there was no such thing as nuclear waste.
Are you really suggesting that some new electronic control systems cost more than reactors, turbines, pipework, condensers, cooling towers, water treatment plants and the rest put together? WTF is this trend here of people pretending to be incredibly stupid in an attempt to push their agenda?
It's obvious you are not that stupid because you managed to type all that without blacking out so have the brainpower to type and breath at the same time - so why be such an amoral weasel?
Canadian nuclear stations have been using digital computers for reactor and overall unit controls since the 1960s. I, for one, would like to welcome the United States to the 20th century.
Don't network any of the systems. That's it. Problem solved.
Watch the first season of Battlestar Galactica and you have a design model for the cost of a netflix subscription.
"In God We Trust, All Others Pay Cash"
In 15 years we will be lamenting the shortcomings of the so called "next-gen" plant.
occone isnt the first us plant to get a digital upgrade, they are the first ones to upgrade the reactor protection system, RPS. and if i remember correctly the system comes from Germany, and had to be extensively tested by the NRc, took several years.
"Cost savings" is an extremely poor reason to switch to digital controls for an operating nuclear power plant. I worked with digital and analog controls over the years and digital controls allow you to amazing things that are not possible with analog controls. However, digital controls also ALWAYS have bugs in the operational logic. The only way to remove the bugs is with extensive testing and even them some survive to be discovered when a wrong thing happens during operation. The problem with a nuclear power plant is that it is so unforgiving. If the wrong thing happens at an oil refinery, there are overpressure valves, thousands of manual valves, etc. that can be used to keep things from getting out of hand until the unit can be shutdown, the program corrected, the control element repaired, or whatever. In a nuclear power plant, after a wrong thing happens, a portion of the plant may be irrevocably damaged or contaminated. The potential cost savings seem trivially small compared with the risk of losing a portion of the plant and/or releasing radioactive materials and contaminating the surroundings.
Call bias if you want, since this company is in the nuclear business, but the details regarding the overall process are much better. This issue is a regulatory one as changing the safety system from the original design basis is a big deal. In response to the above post regarding China taking over...leave your FUD at the door.
http://www.neimagazine.com/story.asp?sc=2058654
"You have the right to free speech...as long as, you aren't dumb enough to actually try it." - The Clash
There is no technical reason for the digital control system to be any less reliable than the analog, and many reasons it could be much more reliable, the problem, as always, comes down to money. A properly implemented Safety Integrity type SIL3 digital control system is extremely safe and reliable, but it is also expensive and somewhat complex to implement. Hacking is a non-issue when properly designed, but the problem with that is the bean counters or plant management/plant engineering will demand access to data from inside the control network at home or the corporate office a couple states over.
What is not safe is being completely reliant on analog instrumentation and control systems which are probably no longer manufactured and are 30 to 40 years old. To make it worse, when something does fail on you, you are held hostage by companies who have made their very lucrative career maintaining and repairing the old stuff. My experience in my current job exemplifies this, where a piece of equipment that would have run us $2000 even a decade ago is now in the $12-16k range, if it is available at all. We're talking mainstream stuff, like Square-D SyMax controllers from the mid-90s, not exotic radiation-rated control systems from the '60s and '70s.
In my experience there has always seemed to be a real disconnect between the expectations of management and the safety desires of control engineers. Coming from the engineering side of things, it is vitally important to educate the decision makers in how safety systems are put together, and the stringent requirements that make them safe. I have found a great way to get things going is to find a good local control systems rep and let them come in and present their wares, they typically have the correct mix of technical and business staff to keep both sides happy.
I hope they dont have a BSOD.
I can understand why the "upgrade" -- parts just aren't available. We had similar problems.
However, we ran into trouble with the control of some touchy reactions (time-dependant, gain up to 5). Single local A/D would work, but data highway definitely had interactions with the Proportional-Integral-Derivative control algorithms. We had to hard-wire the signals into the PID.
I don't understand the reasoning behind being afraid of hackers. JUST DON'T PUT THE FUCKING NUKE ON THE INTERNET!!! Keep the thing off the grid and you're golden. Then all you have to worry about is physical security, which is exactly what you had to worry about before when you were analog......
This is the dumbest thing I ever heard of. I recall when we got the first MIG-29 and the radios all had tubes instead of transistors. We were all laughing at how primitive the soviets were then there was that blinding flash of the obvious and we realized that these aircraft wouldn't fall out of the sky in the presence of nuclear blasts and resultant EMP. So, now were are deliberately making a nuclear power station susceptible to EMP and running out of control? Dumb, dumb, dumb! Digital gauges add complexity and unreliability. Give me a gauge and lever any day.
....2012? Hey, what do you know...it couldn't POSSIBLY be hacked and lead to anything bad, 2012 should be a quiet year, right?? RIGHT?!
Moble phone vendor supporting the OS, does that make you sleep at night? It fine with it, Black Berry's QNX division's software is actually really reliable, uses a mature and stable micro-kernel, so it very very rare for it to need a reboot. They use QNX on carrier grade Cisco routers too.
or the omega catalog, or Digikey, or any place that sells this stuff ?
(i know, nuke stuff costs 5X more cause it is "certified" or whatever, but it is the same crap, re badged and repriced)
like buying a laptop with a non std screen size, buying analog probably costs more - cause it is no longer std
and, I would guess, the morons they now have running the plants might not be able to interpret an analog scale....
How else will skynet remotely take over the plant.. cheaper than sending some T1000's over...
I was a small part of one such project a bit over decade ago with the recommisioning of a retired coal fired plant for automated operation so no point in attempting to blind me with science to push your line. How many billions will the control system cost? It won't? How many billions do you think the rest of a new nuclear power station will cost and can you spare the decade to build the thing?
Of course - but what you apparently do not even know is that thermal power plants of all kinds are typically shut down every three to five years for preventative maintainance anyway and only someone pretending to be a homocidal idiot would propose replacing the control systems in a nuclear reactor while it is running!
Give up. Stop trying to mislead people here. Since you are obviously doing it deliberately you deserve any insults you get. Is this a silly game of pretending to be stupid to catch out the poorly educated and the inexperienced?
Many of the old reactor designs suck (the real horrors in the USA at least were shut down after TMI anyway) but what Westinghouse et al will sell you today is not much better. Prototypes of new designs are not going to able to supply much electricity as people tinker with them to make improvements so if you want nukes to generate power you are either stuck with what you've got or a vast amount of expense to build something almost identical and have it ready a decade later when it's already obsolete.
Just because that doesn't describe you personally does not mean that it does not describe many that post comments on this site. Look at just about any story on this site that mentions any form of energy which was posted before the tsunami and you'll see such cargo cult nuke fanboys coming out of the woodwork writing bullshit like "nuclear waste does not exist" and singing the praises of stuff we gave up on as a dead end in the 1970s.
It's also worth looking at the history of synroc (now finally being deployed after decades) as an example of idiocy and cheering for the team getting in the way of real science to solve a real problem. Nuclear fanboys don't advance nuclear power. People that treat it with respect instead of assuming it is already perfect advance nuclear power.
U.S. nuclear workers have LOWER than average incidence of cancer deaths and heart deaths, please provide the sources for your imagining that it is higher for them. It's called the "healthy worker effect", and having worked in nuclear plants they take safety much more seriously than other industrial plants.
http://www.columbia.edu/cu/news/04/11/nuclear_power.html
all candian reactors are CANDU design and are dumping tritium into the great lakes and elsewhere. In no way should the U.S. emulate Canada's reactors, designed by and for beer-addled Canucks