Background
Westinghouse has developed the Advanced Logic System® (ALS®) platform as a new approach to safety-critical control systems. It is a universal platform that targets safety-critical control systems, where reliability and integrity are of the highest importance. The ALS platform is a logic-based platform that does not utilize a microprocessor or software for operation, but instead relies on simple hardware architecture.
The ALS platform is a Class 1E qualified system that is concluding its approval process with the U.S. Nuclear Regulatory Commission (NRC). The ALS platform is designed specifically for safety-related reactor protection system/engineering safety feature actuation system (RPS/ESFAS) applications.
The ALS platform incorporates advanced features to allow for diagnostics, testability and modularity. It is designed to be at the appropriate level of complexity to achieve high reliability and integrity as well as to allow enough flexibility to target multiple safety-critical applications within a given plant. Diagnostics and testing capabilities are designed into the ALS platform to provide a systematic approach to maintaining and testing the system.
Description
Features
The ALS platform is a hardware-based architecture that uses a minimal set of hardware to implement a system with high reliability and integrity. The system incorporates self-test capability for detection and mitigation of the effects of failures within or external to the system.
The key component in the ALS platform design is a field-programmable gate array (FPGA). An FPGA is a semiconductor device containing programmable logic components and programmable interconnects. The programmable logic components can be programmed to duplicate the functionality of basic logic gates (such as AND, OR, XOR and NOT). These logic components can be combined into more complex combinational functions such as decoders or math functions.
ALS platform chassis
There are four primary board types available in the ALS platform:
- Core Logic Board (CLB) – This primary decision-making board contains the functional logic for the system and provides data link interfaces to external systems.
- Input Boards (IPB) – These boards are designed to convert specific types of field signals to digital signals and perform filtering of inputs.
- Output Boards (OPB) – These boards are designed to convert digital signals to specific types of field signals and provide interfaces to field actuators, indicators, relays and other devices.
- Communication Board (COM) – This board provides standard, bidirectional datalink interfaces with other controllers.
ALS systems are typically based on a combination of generic ALS boards (IPB, OPB, COM), and application-specific ALS boards (CLB).
Applications
The features of the ALS platform can be used for a variety of applications, including, but not limited to:
- Reactor protection system (RPS)
- Reactor trip systems (RTS)
- Engineering safety feature actuation system (ESFAS)
- Emergency load shed and diesel load sequencers (DLS)
- Main steam and feedwater isolation systems (MSFIS)
- Thermocouple core cooling monitors (TCCM)
- Post-accident monitoring systems (PAMS)
- Safety-grade control systems
Benefits
The ALS platform is designed as a universal, high-reliability, control system platform, but is specifically targeted to RPS, ESFAS and other Class 1E safety systems.
- Advanced diagnostics and testability features that improve the ability of plant Instrumentation & Control (I&C) personnel to perform surveillance testing, as well as diagnose failures should they occur.
- Increased system integrity by eliminating single-point vulnerabilities with the ability to identify and address any failure within the system without causing plant transients.
- Increased reliability of the system due to the simplicity of the ALS platform architecture and incorporation of a repeatable advanced design process for system development.
- Future obsolescence issues are resolved by incorporating a simplified board level design and maintaining proven logic in an abstracted form in the event the underlying hardware is required to be updated in the future. This eliminates the issue of essentially starting from scratch with each update.
- Common spares and common training for station personnel due to the ability of the ALS platform to be installed as a common platform upon which all safety-related I&C systems can be based.
- Cyber security is similar to analog platforms. Once the logic has been burned into the ALS platform, it is unable to be modified during operation. This feature allows digital logic to be utilized without the inherent security concerns that are typically associated with digital technology. In addition to isolation from inbound connections, only one path exists for modifications to the ALS system. This path, via the ALS service unit, is only functional when the system/channel is out of service. Based on this, two of the three applicable attack vectors (wired/wireless networks and removable media) are eliminated entirely. The remaining applicable attack vector (supply chain) is addressed via strict configuration control and validation between the FPGA and non-volatile random access memory.
- All boards in the ALS platform are designed to allow for replacement under power (hot swap).
Experience
The first ALS platform application was installed at a generating station in the form of an MSFIS. The MSFIS was installed during the fall 2009 plant outage.
Advanced Logic System and ALS are registered trademarks of Westinghouse Electric Company LLC in the United States and may be registered in other countries throughout the world. All rights reserved. Unauthorized use is strictly prohibited.