Fault Tolerant Control for Increased Safety and Security of Nuclear Power Plants

In safety-critical systems, such as nuclear power plants, the demand for reliability, safety and fault tolerance is high. Faults compromise plant safety, cause inefficiencies in the operation of industrial processes and reduce component life. In such safety-critical systems, it is useful to design control systems which are capable of tolerating potential faults to improve the reliability and availability while providing a desirable performance. A control system which can automatically tolerate component malfunctions, while maintaining desirable performance and stability properties is said to be a fault-tolerant control system

Fault tolerant control approaches allow control systems to operate under fault conditions with minimal degradation of performance and stability, preventing localised, random, or intentional faults from developing into catastrophic system failures leading to accidents that may have severe consequences to human life, equipment, infrastructure, or the environment. Fault tolerance helps to reduce the damaging effects that faults can have while remedial action is taken to repair or eliminate the fault.

The proposed work will develop a hierarchical fault-tolerant control scheme for PWR nuclear power plants which will be defined over three levels: execution, coordination and management levels. The execution level, which includes the reactor, steam generator and turbine, implements the control actions generated by the higher levels through actuators, senses relevant plant variables, and passes this information to the higher levels. The middle level acts as a coordinator between the plant manager level and the execution level. To maximise its capabilities, the coordination level will include a bank of four different controllers that will be designed to tolerate faults of different severity, and there will be a mechanism to select the most appropriate controller given the circumstances of the plant as required by the management level. The coordination level also contains a diagnostic and prognostic system, which will the plant data and knowledge about the useful life of components to detect and characterise sensor related and other plant faults. The top level manages plant performance monitoring, plant condition evaluation, and passes commands to the coordination level. In addition, the management level transmits operational data to and receives instructions from a central command, control, and communication system which interfaces with human operators.

The project will also involve the development of a nuclear plant simulator which will be used to test in real-time the hierarchical fault tolerant control scheme to be developed and implemented, to generate data about the behaviour of the plant under normal and fault conditions, and to generate simplified models of the plant, or parts of the plant, to be used for the purposes of controller design. The real-time tests will permit to assess the developments in a computational environment that is close to what would be encountered on a real plant, hence ensuring that the control methods to be developed are as realistic as possible.