Buoyed by its promise as a proven, cost-effective and low-carbon-footprint source of electricity, the nuclear industry is in the midst of a worldwide renaissance. Although some countries, such as Japan and Germany, have reassessed their nuclear strategies, the list of proposed new plants, plant upgrades, and requests for license extensions continues to grow globally. Nuclear power holds significant promise, but several issues must be effectively addressed before its full potential can be realized.
- In the wake of catastrophic events such as those experienced in Fukushima, Japan, the industry faces increased public and governmental skepticism over operational safety, an increasing need to effectively respond to regulators' what-if requests, and the corresponding need to prove to regulators that plants meet ever more demanding safety standards.
- The introduction of computer worms, such as Stuxnet and Duqu, has greatly increased visibility and regulatory scrutiny related to cyber security.
- After a long hiatus, the industry is now introducing next-generation reactor technology, such as that represented by Westinghouse's AP1000, which introduces a new set of compliance and licensing issues, as well as additional variables, into new plant design and construction.
- Plant operators are transitioning from decades-old electro-mechanical Instrumentation and Control (I&C) systems to digital I&C implemented primarily in software. The introduction of software-based I&C systems, which can include more than two million logical statements in the source code, adds additional complexity and uncertainty into a plant's operational and regulatory environment.1 The control application's performance and its interaction with a human operator are difficult to model accurately and completely. Software applications of this complexity are also extremely difficult to deploy without bugs or defects, which is a cause for concern in a safety-critical environment. The rate of change in software requirements is relatively high, so this presents challenges in change management over the application's long operational life. Finally, software engineering has lagged behind other engineering disciplines in terms of maturity and widespread use of well-codified and accepted engineering principles, making it difficult to respond to these challenges.2,3
Successfully coping with these challenges can be aided by employing new information technology (IT) solutions, coupled with processes and the effective use of best practices across the extended nuclear ecosystem (rather than within silos, as is often the case today). IBM has been building an easy-to-use platform that enables utilities and their ecosystem partners to respond better to the overall system design and engineering collaboration challenges, as well as to safety, security, and environmental protection issues throughout the nuclear lifecycle. This solution, with requirements as its core, has been deployed and proven to bring value to a broad range of customers.
As shown in Figure 1, the ecosystem of participants supporting new nuclear builds, upgrades, and ongoing operation is complex and a challenge to manage. Each of the participants must effectively collaborate and remain synchronized with others in the ecosystem throughout all phases of a plant's lifecycle, from conception through decommissioning. Any change proposed within the ecosystem, such as new regulatory requirement or an engineering change in a subsystem, is likely to introduce a ripple effect across the entire ecosystem.
There is a need to efficiently identify what and who will be impacted by a proposed change and to notify the parties affected so that they can quickly begin analyzing the potential impact of the proposed change. The impact analysis should identify any hidden or unintended consequences of the change, define alternative solutions to the proposed new requirement, and assess the cost and risk of accepting the proposed change for each of the various alternative solutions. It is likely that negotiations and several iterations will be needed to hone in on a revised requirement and corresponding solution before a proposed change is officially accepted.
Figure 1. The nuclear ecosystem
In addition to effectively communicating requirements across the ecosystem and tracking proposed changes in those requirements, it is also absolutely critical to assure the appropriate regulators that all the requirements, especially those related to safety, have been adequately tested and verified. Therefore, it is essential to maintain up-to-date traceability and linkages for all requirements, and for the corresponding test and verification processes and procedures used within the ecosystem, as well as the results generated by the test and verification processes.
Based on our experience with nuclear industry customers, we have observed that the IT systems and processes supporting plant design and operation to be less mature that those in place in other complex systems industries, such as aerospace and defense (A&D). The requirements and change management processes are more manual, text-based, and paper-intensive, as well as less well-integrated across the operating entities in the ecosystem. Documentation is often a mix of paper or perhaps electronic documents, spreadsheets and technical drawings and calculations. The various assets, if available in electronic format, are most likely stored in multiple repositories, including electronic document management systems, engineering or CAD/CAM systems, and even individual desktops.
The degree and granularity to which the assets are linked is generally limited, often extending only to a document level, with a few searchable key words as links. Furthermore, communication, collaboration, and change management are likely to be highly manual processes that often have a critical dependency on institutional knowledge and expertise captured in the minds of subject matter experts (SMEs).
There are multiple negative consequences of maintaining the status quo across the ecosystem as the industry moves forward:
- Unnecessary inefficiencies in communication and collaboration across the ecosystem because some parties might not be acting on the most up-to-date set of requirements. This is especially true in software-intensive pieces of the system, such as I&C, given their potentially high rate of requirements change.1
- An increased likelihood of surprises that become visible in system and subsystem solution development, implementation, or regulatory approval phases. Some of these surprises, often many, are likely to arise late in the deployment or approval cycle, when the cost of rework rises exponentially.
- An increased potential for implementing suboptimal solutions because of the difficulty in performing impact analysis and optimizing solution design.
- The lack of long-term sustainability, because many of the SMEs upon which critical processes depend are aging and might soon be leaving the active work force.
- Ongoing challenges and higher than necessary costs in satisfying regulatory requirements and passing regulatory audits due to the inability to effectively find and link critical information during an audit.
The combination of increased cost and risks arising from perpetuating the status quo in the face of increasing challenges suggests that an improved approach to the problem would be of value to the industry. To be truly successful, the solution must be combine processes, best practices, and supporting IT infrastructure.
IBM Software Group's Rational division has been working with customers in the aircraft, space vehicle, defense systems, and medical devices markets for well over a decade. These customers share many of the same attributes with the nuclear industry:
- Operating extremely long-lived assets composed of very complex and interconnected systems
- Intense regulatory oversight, especially with regard to safety
- Introduction of increasing amounts of software into the operational environment.
Rational software has brought capabilities and lessons learned from the aerospace and defense (A&D) and medical device arenas and successfully applied them to the nuclear industry. The solution, shown in Figure 2, consists of four foundational elements that can be implemented in pieces but form a cohesive whole:
- Requirements management
- Project and portfolio management
- Quality management
Figure 2. Key elements of the solution
This element forms the key foundation of the solution and, in Rational's experience, is often where many complex systems customers start. Clear requirements communicated effectively across the ecosystem are critical because they represent statements of what is expected to be done or the problem to be solved by the ecosystem. Requirements should be viewed in a very holistic sense, extending well beyond technical and performance specifications to include requirements areas such as safety, security, training, contracting, and legal. To be effective, the requirements must be traceable and linked across requirements areas, as well as through the hierarchy cascading from high-level business requirements, to overall plant requirements, to system and sub-subsystem requirements and, finally, to component requirements.
Effective requirements management plays a fundamental role through the entire lifecycle of a nuclear plant, from conception of a new plant through the construction operation and decommissioning phases. Linking requirements across multiple lifecycle phases can also promote reuse, such as applying a training or safety requirement solution from operations to the design or construction phase. Maximizing reuse is especially critical in software-intensive areas of the system, because reuse significantly reduces defect rates.2
In a technology and operational environment as complex as a nuclear power plant, at any given time, the portfolio of potential projects that must be prioritized and managed can be daunting. Take the example of compliance with cyber-security efforts tied to the Nuclear Engineering Institute's (NEI) 08-09. The internal SME analysis for a given plant is likely to result in the identification of more than a thousand critical digital assets (CDAs) for which security gaps must be analyzed and mitigation actions identified. The mitigation actions must then be prioritized, staffed, and ultimately implemented.
The problem is compounded as the scope of the cyber security effort is expanded to cover the operating fleet. How does the utility effectively determine which of the various mitigation actions should be done first, given the available resources? And over time, how should the utility reallocate resources based on actual progress being made by the mitigation teams or when a new regulatory mandate comes into effect?
It is not enough to have a clear, complete, and current set of detailed requirements available to everyone in the ecosystem. Regulators will demand proof that the requirements of interest to them have been tested and verified to have been fulfilled. The quality management capabilities of the solution help utilities plan and execute a test and verification plan that links verification procedures and test results to the requirements that they support. In some cases, the verification case might consist of an automated test, such as a software security scan. Others might require manual verification, such as in the case of physical security. In all cases, test results must be easily accessible and presentable to regulators upon request.
Effective collaboration across the ecosystem that can consist of dozens of execution partners across several supplier tiers is a complex but absolutely critical task. This element of the solution enables work item assignment and tracking to ensure efficient execution of tasks within the owner's or operator's organization, as well as through the entire ecosystem, if necessary. The work item concept goes well beyond that of a work order that might relate to physical asset and be generated from an asset management system. It extends to items such as I&C software development or verification actions, worker training, and security risk mitigation actions.
Although there are four foundational elements to the solution, it can be extended with additional capabilities. Rational has worked with customers that have added system and subsystem event modeling to these four core elements. The addition of diagramming through the use of Systems Modeling Language (SysML) has been of particular interest in areas related to software-intensive pieces of the operational environment, such as in the case of modeling system behavior and human factors when designing new software-based digital I&C systems.4 Additionally, to the extent that operation is dependent upon the design and implementation of software capabilities, whether embedded applications or what have been considered traditional IT applications, this approach can be extended to include elements of Rational's software and systems delivery solutions.
Given the complex ecosystem and the intense interaction of the participants that is required, there is value in extending a common platform across the ecosystem. In the United States, members of the ecosystem, ranging from regulators such as the Nuclear Regulatory Commission to engineering and construction firms, have seen the benefits of establishing a common platform and are moving in that direction.
Having defined the problem and outlined the key elements of the solution, several examples of where customer implementing the solution will now be examined. The customers are applying the solution across various stages of the lifecycle.
The first customer example is a European utility that made the business decision to invest in planning for the design and construction a new nuclear plant. They were beginning an effort to evaluate and select the reactor technology, the vendors, and the physical site for the proposed plant. The customer realized that the scope of the requirements effort for the plant itself, as well as for the organizations supporting its lifecycle, was extremely large and complex.
As a result, they recognized the critical importance and value of implementing a strong requirements management (RM) program. The objective is to completely, correctly, and consistently document, maintain, and communicate the full set of requirements imposed on the power plant and its supporting organization with full traceability to their origins, their fulfilment, and their verification across the entire lifecycle of the plant, including project planning, vendor selection, construction, operation, and eventual decommissioning.
The scope encompassed by the "full set of requirements" is extremely broad, including laws and regulations applicable in the plant's locale, relevant international and national standards, plant-, system- and subsystem-level functional and nonfunctional specifications, as well as organizational and departmental requirements that will be necessary to support the plant's design, construction, and operation. The utility also plans to use the requirements managed in the solution as the foundation for its overall project control and licensing activities.
The sheer number of requirements anticipated, the desire to maintain traceability at a very granular and detailed level, and the desire to securely extend the capability to partners and suppliers led the utility to opt for an RM-specific tool rather than using spreadsheets or a traditional document management system. Given the very prominent role of validation and verification (V&V) in the licensing process, the utility also recognized the importance of linking the requirements to the corresponding V&V activities. Therefore, they plan to use the solution to manage V&V plans at the plant, system, subsystem, and component levels, as well as at the organizational and departmental levels. Finally, in additional to managing the requirements for the new plant, the utility plans on leveraging the solution to help them more effectively analyze the proposals of the vendors bidding on plant construction, with the goal of optimizing their choice of technology and supplier.
The second customer example is a European utility that operates existing nuclear assets but is also considering expanding its nuclear fleet. The customer was using a mix of documents, spreadsheets, and databases for tracking and tracing requirements across its supplier base. They found that the number of requirements varied widely by project, with small-scale projects involving a few hundred functional requirements and medium- to large-scale projects with more than 1000 requirements. If they considered requirements and input from suppliers, too, the number of requirements to be managed could easily exceed 10,000.
Although its existing processes and systems worked to a degree, the utility found that tracking change was manually intensive and was very dependent upon leveraging subject matter experts (SMEs) who were increasingly likely to retire. It was difficult to accurately and efficiently communicate a proposed requirement change to the supplier base and to get agreement from all affected parties on the scope, impact, and corresponding costs of the proposed change. The manual change process also made the customer's compliance and audit efforts much more difficult and time-consuming.
The customer is now implementing Rational's solution, focusing first on the I&C area. They chose to begin with I&C because this work tends to be complex and relatively difficult to manage. This is due to the extensive nature of system requirements and the need to adhere to a broad range of internal and external standards, such as equipment qualification and safety integrity. Hoping to gain efficiencies through requirements reuse, they are also planning to expand the solution into other areas of existing plant operations, as well as into anticipated new build efforts.
The third customer is using the solution to manage the design, construction, and commissioning of a large radioactive waste treatment plant. They are implementing a requirements management (RM) program to ensure that the project documents, verifies, and meets the needs and expectations of its customers and both internal and external stakeholders.
The RM program provides processes and systems for effective and efficient identification and management of requirements and management expectations that are considered essential for the successful commissioning of the project's facilities. The scope ranges from overall program requirements, to derived requirements, to management commitments and expectations. As shown in Figure 3, the solution helps the customer trace and manage requirements in approximately 20 different areas, including security, environmental safety, and contracting. A key piece of the RM program is implementing a well-defined process that identifies the appropriate requirements owners in various areas across the program and manages change notification and approval.
Figure 3. Examples of requirements being managed
Westinghouse has leveraged the solution to institute a requirements management program to help them effectively manage the requirements for its AP1000 pressurized water reactor. In instituting the program, Westinghouse recognized the following key points and was looking for a solution to address them:5
- Westinghouse's customers expect their contractual requirements to be met by Westinghouse's products and services.
- Key nuclear regulatory requirements must be met by the AP1000 design.
- All applicable standards and certifications must be in compliance.
- Change happens, and it must be managed effectively.
- Westinghouse's products and services must show that they meet the aforementioned requirements before the company can be paid.
- Requirements must be connected to test cases and test results to prove that the requirements are actually met.
Westinghouse is not relying on tools alone. Instead, it has what it calls the "RM Tripod:"
- Tools from IBM
- Well-trained personnel, ranging from requirements management process experts to content specialists who are well-versed in systems engineering
- Well-defined policies for requirements and configuration management that are implemented in the solution's tools
As Westinghouse has matured in the use of the solution, they have extended access to ecosystem partners, as Figure 4 shows. Westinghouse and it partners have begun to use the solution to hold online review sessions, thus reducing the need for suppliers to travel to a common location to discuss and agree upon the scope and cost of proposed changes. This not only reduces travel costs but also improves decision-making cycle times.
Figure 4. Westinghouse's extension of the solution to their ecosystem
The nuclear industry is in the midst of a renaissance driven by its promise as a proven, cost-effective, and low-carbon-footprint source of electricity. More effectively enabling collaboration and communication between the nuclear ecosystem's participants will be instrumental in continuing the momentum.
By leveraging its experience in other highly regulated, safety-critical, complex systems industries, IBM Rational software offers nuclear industry participants a solution that enables them to combine tools, processes, policies, and best practices to more effectively manage requirements, change, and compliance efforts. The solution can bring value throughout all phases of the nuclear plant lifecycle, from initial planning and design of new plants to decommissioning of existing assets. It supports all systems and subsystems within a nuclear plant, including software-intensive components such as new I&C systems, that tax the capabilities of spreadsheets, document management systems, and traditional product lifecycle management systems. Finally, as described in this article, the solution has been operationally tested and deployed within the nuclear ecosystem.
The author would like to thank members of IBM's Rational team who contributed to this article, as well as the customers implementing the solution who have shared their experiences with Rational software.
- References cited:
- Capers Jones, Software Engineering Best Practices, Lessons from Successful Projects in the Top Companies (McGraw-Hill, 2010).
- Ben Amaba, "Requirements Management and Business-Driven Development in the Software Industry," IEEE Engineering Management, 2006.
- Capers Jones, Software Engineering Best Practices, Lessons from Successful Projects in the To p Companies, pages 3–6 (McGraw-Hill, 2010).
- Tareq Ahram, Waldemar Karwoski, and Ben Amaba. "Human Reliability Assessment Using Systems Modeling Language & Tasks Based Systemic Structural Activity Theory," 8th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human-Machine Interface Technologies, San Diego, California, July 2012.
- Paul Lusardi, "Best Practices of Using Rational DOORS at Westinghouse," featuring the Requirements Management Team Lead for Westinghouse Electric Company (PDF download of an IBM webcast, 2010).
- Find out more about the IBM Rational solutions for software and systems delivery: Integrate, collaborate, optimize.
- Explore the Rational software area on developerWorks for technical resources, best practices, and information about Rational collaborative and integrated solutions for software and systems delivery.
- Stay current with developerWorks technical events and webcasts focused on a variety of IBM products and IT industry topics.
- Attend a free developerWorks Live! briefing to get up-to-speed quickly on IBM products and tools, as well as IT industry trends.
- Watch developerWorks on-demand demos, ranging from product installation and setup demos for beginners to advanced functionality for experienced developers.
Get products and technologies
- Download a free trial version of Rational software.
- Evaluate IBM software in the way that suits you best: Download it for a trial, try it online, use it in a cloud environment.
- Join the Rational software forums to ask questions and participate in discussions.
- Ask and answer questions and increase your expertise when you get involved in the Rational forums, cafés, and wikis.
- Join the Rational community to share your Rational software expertise and get connected with your peers.
- Rate or review Rational software. It's quick and easy.
Paul Fechtelkotter currently serves as IBM Rational software's Global Business Segment Leader for the energy, utilities, chemical, petroleum, and natural resources sectors. In this role, he is responsible for managing and orchestrating all efforts across the market segments, including strategy, solution development, marketing, and sales. He also held previous product management and marketing leadership roles within Rational software. During his more than 16-year tenure at IBM, he has served in previous leadership positions in a variety of functional areas in IBM's hardware, services, and sales organizations. Mr. Fechtelkotter has developed extensive experience and written multiple papers on complex, safety-critical systems. He holds an MBA degree from Stanford University, as well as Master of Engineering, Bachelor of Engineering, and Bachelor of Arts degrees from Dartmouth College.