PARIS (Dow Jones)--French, Finnish and U.K. regulators Monday have all raised questions with Areva SA over the control and instrumentation system of its flagship nuclear reactor, they said in a joint statement Monday. (http://online.wsj.com/article/BT-CO-20091102-710144.html) French state-controlled nuclear group Areva is promoting its Evolutionary Power Reactor, or EPR, around the world. Construction of EPRs is underway in Finland and France and Electricite de France SA is gearing up to deploy the technology in the U.K. "In carrying out individual assessments, we have all raised issues regarding the EPR control and instrumentation systems," said France's ASN, the U.K.'s HSE and Finland's STUK, adding companies licensed to build the EPR, or Areva, are "in the process of addressing" these issues. The issues center primarily on ensuring the adequacy of the safety systems used to maintain control of a plant if it goes outside normal conditions, and their independence from the control systems used to operate the plant under normal conditions, the three regulators said.
In the past, control systems and safety systems were physically separated. However, because of productivity reasons, control and safety systems are now being comingled. Even more disconcerting, there is a move to have the control and safety features in the same hardware. Comingling safety and control systems is not a secure approach as diversity is lost. This concern has been recognized by ISA forming a joint working group between ISAS84 (Safety Instrumented Systems) and ISAS99 (Industrial Control System Cyber Security). This can also be a subject to be included in the new ISA Nuclear Plant Cyber Security Joint Working Group.
At the Applied Control Solutions (ACS) Control System Cyber Security Conference last year in Burr Ridge, IL this year’s ACS Conference in Bethesda, MD and the NERC-DOE High Frequency-Low Impact Workshop last week in Washington DC, concerns with comingling safety and control systems were discussed. At the Burr Ridge Conference, there was a demonstration of hacking a safety system using older, well-known cyber exploits. Moreover, there has already been at least one cyber incident with a safety system in a non-nuclear facility.
According to “EPR-The Path of Greatest Certainty” (http://www.areva-np.com/common/liblocal/docs/Brochure/300709_EPR_52pages.pdf), all the EPR I&C subsystems are implemented using digital equipment. In this case, it will use Siemens DCS’s as well as other vendor systems. There have already been numerous control system cyber incidents with different vendor DCS’s (including Siemens) and PLCs in nuclear plant and non-nuclear facilities. Comingling of control and safety systems needs to be reassessed.
Joe Weiss
