Failure Mechanism Traceability and Application in Human System Interface of Nuclear Power Plants using RESHA

In recent years, there has been considerable effort to modernize existing and new nuclear power plants with digital instrumentation and control systems. However, there has also been considerable concern both by industry and regulatory bodies for the risk and consequence analysis of these systems. Of concern are digital common cause failures specifically due to software defects. These failures by the software can occur in both the control and monitoring of a system. While many methods have been proposed to identify software failure modes, such as Systems Theoretic Process Analysis, Hazard and Consequence Analysis for Digital Systems, etc., these methods are focused primarily on the control action pathway of a system. In contrast, the information feedback pathway lacks Unsafe Control Actions, which are typically related to software basic events; thus, assessment of software basic events in such systems is unclear. In this work, we present the idea of intermediate processors and Unsafe Information Flow (UIF) to help safety analysts trace failure mechanisms in the feedback pathway and how they can be integrated into a fault tree for improved assessment capability. The concepts presented are demonstrated in two comprehensive case studies, a smart sensor integrated platform for unmanned autonomous vehicles and another on a representative advanced human system interface for safety critical plant monitoring. The qualitative software basic events are identified, and a fault tree analysis is conducted based on a modified Redundancy guided Systems theoretic Hazard Analysis methodology. The case studies demonstrate the use of UIFs and intermediate processors in the fault tree to improve traceability of software failures in highly complex digital instrumentation feedback. The improved method clarifies fault tree construction when multiple component dependencies are present in the system.