Content uploaded by Ewgenij Piljugin
Author content
All content in this area was uploaded by Ewgenij Piljugin on Apr 13, 2015
Content may be subject to copyright.
Heinz-Peter Berg, Ewgenij Piljugin, Joachim Herb, Marina Röwekamp– COMPREHENSIVE CABLE FAILURES ANALYSIS FOR PROBABILISTIC FIRE
SAFETY ASSESSMENT
RT&A # 01 (24)
(Vol.1) 2012, March
36
COMPREHENSIVE CABLE FAILURES ANALYSIS FOR PROBABILISTIC FIRE
SAFETY ASSESSMENTS
H.P. Berg
Bundesamt für Strahlenschutz, Salzgitter, Germany
e-mail: hberg@bfs.de
E. Piljugin, J. Herb, M. Röwekamp
Gesellschaft für Anlagen- und Reaktorsicherheit mbH, Köln, Germany
ABSTRACT
Fire PSA for all plant operational states is part of a state-of-the-art that a Level 1 PSA. Within a fire PSA
not only the malfunction of systems and components has to be assessed but also all supply systems and cables
have to be traced for a given component. In the past it was assumed that in the case of a fire in a compartment
all components and corresponding cables in that compartment are destroyed. However, this is in many cases a
very conservative approach which may lead to overestimated fire induced core damage frequencies. Therefore,
a method is required to assess in a more realistic manner the effects of cables failures caused by fire. Such a
procedure is based on a sound data base containing all relevant equipment, a list of cables and their properties
as well as cable routing. Two methods which are currently developed and already partially applied are
described in more detail. One of these methods is a cable failure mode and effect analysis which is easier to
apply in practice.
1 INTRODUCTION
Fires have been recognized as one major contributor to the risk of nuclear power plants
depending on the plant specific fire protection concept. Therefore, a state-of-the-art Level 1
probabilistic safety assessment (PSA) meanwhile includes fire PSA as part and supplement of the
internal events PSA for full power as well as for low power and shutdown plant operational states
(Berg & Röwekamp 2010, Röwekamp et al. 2011).
An overview of the main steps of an advanced fire PSA process is given in Figure 1. The task
“fire PSA cable selection” is not (or not in detail) performed in current fire PSA.
One of the important parameters in a fire PSA is the conditional probability of a specific
failure mode (e.g., loss of function, spurious actuation) of a selected component, given (assuming)
that a postulated fire has damaged an electrical cable connected to that component.
In general, evaluation of this parameter can require the analysis of a number of cable failure
scenarios, where each scenario involves a particular fire induced cable failure mode and the
propagation of the effects of this failure through the associated electrical circuit.
The cable failures of interest cover the following conductor failure modes:
Loss of continuity,
Short-to-ground, and
Conductor to conductor short.
Heinz-Peter Berg, Ewgenij Piljugin, Joachim Herb, Marina Röwekamp– COMPREHENSIVE CABLE FAILURES ANALYSIS FOR PROBABILISTIC FIRE
SAFETY ASSESSMENT
RT&A # 01 (24)
(Vol.1) 2012, March
37
Plant Boundary & Partitioning
Fire PSA Cable Selection
Qualitative Screening
Fire Ignition Frequencies
Quantitative Screening
Fire PSA Component
Selection
Fire-Induced Risk Model
Circuit Failure Mode &
Likelihood Analysis
Detailed Circuit Failure
Analysis Detailed Fire Modelling
Uncertainty & Sensitivity
Analysis
Fire Risk Quantification
Figure 1. Overview of the main steps of an advanced fire PSA process.
There are three primary functional types of cables in a nuclear power plant: namely, power
cables, instrumentation cables, and control cables as shown in Figure 2.
Cables can also be categorized by their physical configuration. The most common types are
single conductor, multi-conductor, and triplex.
Cables are generally routed horizontally through the plant on raceways (in principle on cable
trays or conduits) with vertical runs used as required between different elevations in the plant.
The cables are usually segregated by type as described above and illustrated in Figure 2.
However, cables of various voltages and functions can be found together in the same raceway for
some plants (in particular in nuclear power plants built to earlier standards).
While short-to-ground or open circuit failures may render a system unavailable, a hot short
failure might lead to other types of circuit faults including spurious actuations, misleading or faulty
signals, and unrecoverable losses of plant equipment.
These circuit failures, taken individually or in combination with other failures, may have
unique and unanticipated impacts on plant safety systems and on plant safe shutdown capability
being not always reflected in current fire PSA studies.
In most of the fire PSAs which have been performed to date, circuit failure analysis has been
performed in a more simple manner and not in such a detailed manner as recommended in Figure 1.
Usually, the circuit failure analysis assumes that if any of the cables associated with a given
circuit or system are damaged due to fire (i.e., the cables fail), then the circuit or system is rendered
unavailable. This approach neglects the potential for spurious actuations entirely and may represent
a too optimistic approach.
Heinz-Peter Berg, Ewgenij Piljugin, Joachim Herb, Marina Röwekamp– COMPREHENSIVE CABLE FAILURES ANALYSIS FOR PROBABILISTIC FIRE
SAFETY ASSESSMENT
RT&A # 01 (24)
(Vol.1) 2012, March
38
Figure 2. Schematic drawing of I & C (blue, dashed) and power cables (black, solid).
Most of the common approaches apply a single-valued damage threshold of temperature
and/or heat flux to predict the onset of cable failure. When the cable reaches a predetermined
temperature and/or the cable is exposed to a threshold heat flux, a worst case failure of the cables
inside the respective fire compartment is assumed. The worst case failure modes have been deduced
by expert judgment.
Simplified assumptions on the failure modes could lead to an overestimation of specific event
sequences whereas other effects such as spurious actuation of not directly connected components
were neglected.
On that background in the U.S. and in Germany two approaches have been developed. In both
cases the success of the method strongly depends on the quality and form of the prerequisite
information on the cables and their properties.
Therefore, several cable fire tests have been and are performed to gain the necessary data for
the safety assessment.
For a more realistic picture of cable failure effects a cable failure mode and effect analysis
(FMEA) methodology has been developed. It is intended to use this method as an integral part of
Level 1 fire PSA in Germany in particular in the frame of periodic safety reviews, performed every
ten years.
The main purpose of the methodology and its supporting tools is to improve the
comprehensibility and completeness of cable failure analysis within the context of a fire PSA.
Compartments of
marshalling racks
Marshaling racks, distribution boards
Field level
compartments
inside and
outside of
the containment
Control Room
Limit value transmitter
I&C Cabinets
Data acquisition, signal processing
M
Reactor building
Instrumentation
Drives,
motors,
solenoid
valves
Distribution boards
clamp connections
Trunk cable (multicore cable, several signals in one cable
I&C Cabinets
I&C Cabinets
Reactor protection logic
I&C Cabinets
I&C Cabinets
ESFAS logic
Automatic control
I&C Cabinets
I/O signal processing
Priority logic modules
Power supply cable
Switchgear building (several rooms and compartments of redundant and non-redundant components)
Compartments
of cabinets
of the I&C
equipment
Compartments of
equipment of
power supply system
Heinz-Peter Berg, Ewgenij Piljugin, Joachim Herb, Marina Röwekamp– COMPREHENSIVE CABLE FAILURES ANALYSIS FOR PROBABILISTIC FIRE
SAFETY ASSESSMENT
RT&A # 01 (24)
(Vol.1) 2012, March
39
The computer aided methodology based on the principles of FMEA is supported by a plant
specific database application named CaFEA (Cable Failures Effect Analysis) developed by GRS.
The database CaFEA comprises all relevant data of the cables, such as cable routing within
the plant, cable type as well as data on the connected components. Availability of such information
is a prerequisite for the implementation of a state-of-the-art FMEA methodology.
2 PROCEDURE OF RISK EVALUATION DEVELOPED IN THE U.S.
During the 1990s, both the Nuclear Regulatory Commission (NRC) Office of Nuclear
Regulatory Research (RES) and the Electric Power Research Institute (EPRI) were active in the
development of methods for fire risk analysis. U.S. NRC and EPRI initiated a collaborative project
to document the state-of-the-art for conducting Fire PSA. The principal objective of the Fire Risk
Study is to develop a technical basis and methodology that will clarify issues affecting application
of fire risk methods.
The project was designed to culminate in a joint EPRI/RES publication of state-of-the-art fire
PSA methodology. The report NUREG-CR-6850 (EPRI 2005) is a compendium of methods, data
and tools to perform a fire probabilistic risk assessment and develop associated insights.
This report is intended to serve the needs of a fire PSA team by providing a structured
framework for conduct and documentation of the analysis in four key areas:
Fire analysis,
General PSA and plant systems analysis,
Human reliability analysis (HRA), and
Electrical analysis.
One finding of the investigations outlined in the report was that the selection, routing, and
failure analysis of cables and circuits have not been covered generally by past fire PSA
methodology.
The issue of circuit analysis, including the spurious operation of components and systems,
continues to be an area of significant technical challenge.
The approaches recommended in the report (EPRI 2005) provide a structured framework for
the incorporation of fire-unique cable failure modes and effects in the fire PSA. The circuit analysis
issue impacts fire PSA methods and practice broadly. Circuit analysis affects the following steps:
Identification of fire PSA components and cables,
Mapping of fire PSA components and cables to fire analysis compartments,
Development of the plant post-fire safe shutdown response model,
Incorporation of circuit failure modes in the quantitative screening analysis,
Detailed analysis of cable failure modes and effects,
Detailed analysis of circuit fault modes and effects, and
Quantification of human actions in response to a fire.
A possible process for including circuit analysis into a fire PSA as proposed in U.S. NRC
report (EPRI 2005) is shown in Figure 3.
Another report of the U.S. NRC (LaChance et al. 2003) presents a new methodology for the
analysis of cable failure modes and effects as illustrated in Figure 4.
Heinz-Peter Berg, Ewgenij Piljugin, Joachim Herb, Marina Röwekamp– COMPREHENSIVE CABLE FAILURES ANALYSIS FOR PROBABILISTIC FIRE
SAFETY ASSESSMENT
RT&A # 01 (24)
(Vol.1) 2012, March
40
Fire PRA screening
identifies critical scenarios
Equipment and associated
circuits and cable
configurations for
scenarios identified
Detailed qualitative circuit
analysis for risk-significant
fire scenarios
Detailed fire risk
assessment for risk
significant scenarios
Do equipment or circuits
screen out ?
Quantitative evaluation
accounting for all
detrimental component
failure modes
No
Yes
Figure 3. Circuit analysis for fire risk assessment.
Electrical analysis involves circuit failure modes and affects the analysis conducted for
specific plant circuits, including the selection of circuits and systems, cable and component routing,
development of the fire PSA database and quantification of failure mode likelihood values.
FIRE Cable
Failure
Circuit
Fault
Functional
Impact
Open Circuit
Short-to-Ground
Hot Short
Insulation Resistance
Degradation
M od e s
No Effect
Loss of Circuit
Operability
Lost/Inaccurate
Indication
Spurious
Operation
E ff ec ts
System Components
Starts
System Functions
Lost
System Control
Lost
Diversion Path
Opens
Other Effects Flow Path
Blocked
Instrument Readings
Lost/Misleading
Figure 4. Circuit analysis process structure.
Based on experience with the demonstration studies and the collective experience of the
authors of the report, at least 4000 engineering hours would be needed to perform a complete plant-
Heinz-Peter Berg, Ewgenij Piljugin, Joachim Herb, Marina Röwekamp– COMPREHENSIVE CABLE FAILURES ANALYSIS FOR PROBABILISTIC FIRE
SAFETY ASSESSMENT
RT&A # 01 (24)
(Vol.1) 2012, March
41
wide fire PSA using the methods recommended in (LaChance et al. 2003). This estimate is
predicated on a large number of positive factors in terms of the quality of the plant analyses and the
level of sophistication desired in the fire PSA.
The low-end manpower estimate for the circuit and cable selection, tracing, and analysis
efforts (600 hours) represents a case where the following three factors apply:
The plant has a pre-existing state-of-the-art deterministic post-fire safe shutdown analysis.
There is a pre-existing and well-documented electronic system for tracing cables and
components-
There is a pre-existing and well-documented fire PSA safe shutdown plant response model.
The upper end of the manpower estimates for the circuit and cable selection, tracing, and
analysis efforts (6000 hours) represents a case where the following conditions apply:
The plant has a pre-existing deterministic post-fire safe shutdown analysis that has not
undergone significant review.
The plant has merely a paper (non-electronic) cable and raceway system and/or database.
The fire PSA model is intended to include at least all components that are credited in the
internal events PSA.
The report (LaChance et al. 2003) also provides findings regarding cable fire performance
testing in the U.S. over the past three decades. From the viewpoint of cable failure mode likelihood
estimation, the available information in these reports is sparse. This is because the bulk of fire-
related cable research has focused on one of two areas:
Most large-scale cable tests were designed to examine the flammability and fire behaviour of
cables. In a minority of these tests electrical performance of a small sample of cables was
monitored, but this was rarely a primary test objective. Even in those cases where electrical
function was monitored, only a small subset of these tests explicitly sought information on
cable failure modes.
A second class of cable tests has sought to determine the failure thresholds of the cables.
These are typically small-scale tests where cables are exposed to simulated fire conditions
(Wyant & Nowlen 2002). The time to failure for exposed cables is commonly monitored. The
failure behaviour is commonly characterized based on the heat flux or atmospheric
temperature in the test chamber and the time of exposure to these conditions.
A second potential source of information on fire-induced cable failure behaviour is actual fire
experience. However, fire experience is relatively limited, and fire reports rarely focus on details of
cable failures or the resulting circuit faults. The most significant exception to this observation is the
1975 Browns Ferry fire (Scott 1976). This fire damaged more than 1600 cables routed in 117
conduits and 26 cable trays. Various studies of that incident have noted that the fire resulted in
spurious initiation of components, spurious control room annunciation, spurious indicator light
behaviour, and loss of many safety related systems. Examples of the component and system
behaviour observed during the fire are outlined in the U.S. NRC report (Collins et al. 1976).
A range of factors may affect the conditional probability that for a given a fire induced cable
failure a particular mode of failure might be observed. Various factors may also affect the timing of
potential faults being observed as well as the timing of fault mode transitions (e.g., hot short
transition to a short-to-ground). The identified factors can be roughly categorized into one of four
broad groups; namely, factors associated with the cable’s physical properties and configuration,
factors associated with the routing of the cable, factors associated with the electrical function of the
circuit, and factors associated with the fire exposure conditions. The report (EPRI 2005) discusses
each of the influence factors identified to date including the current evidence available regarding
each of the factors from both experiments and actual experience.
The advanced cable failure analysis should be able to predict when a cable failure occurs, the
relative likelihood that specific modes of cable failure would occur given failure, how long a
particular failure mode is likely to persist, and the overall occurrence frequency of each cable
Heinz-Peter Berg, Ewgenij Piljugin, Joachim Herb, Marina Röwekamp– COMPREHENSIVE CABLE FAILURES ANALYSIS FOR PROBABILISTIC FIRE
SAFETY ASSESSMENT
RT&A # 01 (24)
(Vol.1) 2012, March
42
damage state or failure mode (including fire frequency, fire severity, mitigation by detection and
suppression before damage, etc.).
The electrical circuit fault analysis determines how each circuit will respond to the various
modes of cable failure that may be observed. The circuit fault analysis also feeds information back
to the cable failure analysis task by means of specific cable failure modes that may be of particular
interest to the PSA and provides occurrence frequency estimates for each of the circuit fault modes
of potential interest to risk quantification.
One task is to estimate the probability of hot short cable failure modes of interest, which in
turn can be correlated to specific component failure modes. The methods and techniques for
deriving circuit failure mode probability estimates are based on limited data and experience.
Consequently, this area of analysis is not yet a mature technology, and undoubtedly further
advances and refinements will come with time.
The final task assesses the functional impact of the circuit faults on the potential for plant safe
shutdown, i.e. it should provide a probabilistic assessment of the likelihood that a cable will
experience one or more specific failure modes (e.g., short-to-ground, intra-cable conductor-to
conductor short, inter-cable conductor-to-conductor short, etc.). The results of this assessment are
entered into the fire PSA database, allowing generation of equipment failure reports, including the
estimated likelihood of the failure modes of concern. This is needed for the quantification of the
contribution for the postulated fire scenarios to the total core damage frequency. This task is in the
domain of PSA plant systems modelling and event/fault tree analysis and quantification.
3 FAILURE MODE AND EFFECT ANALYSIS
A computer aided methodology based on the principles of FMEA provided in (LaChange et
al. 2003) has been developed by GRS (Germany) to systematically assess the effects of cable
failures caused by fire in a nuclear power plant.
The main objective of the approach of the GRS is the standardization of the FMEA for similar
components of affected electrical circuits.
Cable FMEA (CaFEA) consists of two phases of analysis: In the first phase an analysis of
generic cable failures of standardized electrical circuits of the nuclear power plant is performed. In
the second phase, those generic failure modes are identified for each cable which could affect safety
related components.
3.1 Generic FMEA
Based on the circuit type, the attached source and target component types and sub-types, the
operating condition, and the transmitted signal, the generic FMEA is performed (see Figure 5).
All possible circuit failures have to be considered, because it is not necessarily known which
cable failures have to be considered while performing the specific FMEA. The experiences gained
while applying the computer aided cable FMEA to all cables within one fire compartment
demonstrated that about 100 generic circuit types have to be investigated for a whole nuclear power
plant.
In a first step, the FMEA expert has to screen the list of safety related components typically
provided by a Level 1 PSA for full power operational plant states and to define the generic circuit
types to be investigated.
Examples of circuit types may be power supply circuits, instrumentation circuits or control
circuits.
In the next step, for each circuit type “source” and “target” component types have to be
specified. Typical source component types are switchgear, electronic board, and relay. Examples of
target component types are pumps, valves, motor drives, and measurement sensors.
Heinz-Peter Berg, Ewgenij Piljugin, Joachim Herb, Marina Röwekamp– COMPREHENSIVE CABLE FAILURES ANALYSIS FOR PROBABILISTIC FIRE
SAFETY ASSESSMENT
RT&A # 01 (24)
(Vol.1) 2012, March
43
Figure 5. Generic phase of CaFEA.
For both, the source and the target components a sub-type or signalling type has to be
additionally specified.
The sub-type is used to distinguish between different circuit types connected to one
component (type). A valve might be attached to the circuit type “power supply” as well as to the
circuit type “feedback signal”. For the circuit type “power supply” the source component sub-type
might be “power supply” and the target component sub-type “motor”. For the circuit type “feedback
signal” the source component sub-type might be “drive control module” and the target component
sub-type “control head”.
Examples of a generic FMEA are provided in Table 1 (see also Piljugin et al. 2011) for one
combination of source and target (sub-)types.
The possible effects on the attached component depend on the operating condition of the
target component type. Therefore, the generic FMEA has to be performed for all operating
conditions of the generic circuit type. The effects also depend on the type of signal transmitted by
the cable. Valid signal types could be, e.g., feedback signal of a valve or control signal for a motor.
Definition of the type of
generic electrical circuit,
e.g. power supply,
instrumentation, control
Definition of the generic
types of the components of
the circuits,
e.g. drive, sensor,
switchgear, I/O module
Operating condition of the
target component,
e.g. valve open/closed,
switchgear on/off
Definition of the signal
type:
e.g. feedback signal,
control signal, power
supply
Identification of the
generic type of potential
cable failure,
e.g. hot short, short-to-
ground, open circuit
Generic failure effect
analysis of the electrical
circuits caused by potential
cable failures
Result:
Specification of
potential
impacts on the
affected
components
Heinz-Peter Berg, Ewgenij Piljugin, Joachim Herb, Marina Röwekamp– COMPREHENSIVE CABLE FAILURES ANALYSIS FOR PROBABILISTIC FIRE
SAFETY ASSESSMENT
RT&A # 01 (24)
(Vol.1) 2012, March
44
Table 1. Examples of a generic FMEA
Description of the electrical circuit Generic FMEA
Source of signal (power) of
process, electric or electronic
components
Target of signal (power) of
process, electric or electronic
components
Description of the signal
Failure mode Failure effect Identification
Type Subtype Type Subtype State Type function
I&C cabinet
(Data aquistion
sub-system)
Analog input
module SAA
(TXS)
Level
transmitter
Differential
pressure
transmitter
(4 lead / 0-
20mA Loop)
Normal
value
Level
measurment Power supply
Intrerruption
of the circuit
(broken
conductor)
Interruption of the power
supply of the transmitter
output Signal of
transmitter I=0mA
(Message: signal is out of
the range)
I&C cabinet
(Data aquistion
sub-system)
Analog input
module SAA
(TXS)
Level
transmitter
Differential
Pressure
Transmitter
(4 lead / 0-
20mA Loop)
Normal
value
Level
measurment Power supply Ground fault of
the circuit
Interruption of the power
supply of the transmitter
Message: signal is out of
the range
(output Signal of
transmitter I=0mA)
I&C cabinet
(Data aquistion
sub-system)
Analog input
module SAA
(TXS)
Level
transmitter
Differential
pressure
transmitter
(4 lead / 0-
20mA Loop)
Normal
value
Level
measurment
Measurement
loop
Intrerruption
of the circuit
(broken
conductor)
Signal is out of the range Open circuit monitoring
I&C cabinet
(Data aquistion
sub-system)
Analog input
module SAA
(TXS)
Level
transmitter
Differential
pressure
transmitter
(4 lead / 0-
20mA Loop)
Normal
value
Level
measurment
Measurement
loop
Ground fault of
the circuit
False value (higher or
lower) of the output
signal of transmitter
Signal range monitoring /
redundant signal
comparator
I&C cabinet
(Data aquistion
sub-system)
Analog input
module SAA
(TXS)
Level
transmitter
Differential
pressure
transmitter
(4 lead / 0-
20mA Loop)
Normal
value
Level
measurment
Measurement
loop
Hot-short fault
of the circuit
False value (higher or
lower) of the output
signal of transmitter
Signal range monitoring /
redundant signal
comparator
I&C cabinet
(drive control
circuits)
Analog output
module
XPA92,
Output C18
Contactor
relais
of the MOV
Contacts of
the control
circuit
open Normally
open circuit
control
command
CLOSE to
coupling relay
Intrerruption
of the circuit
(broken
conductor)
Loss of CLOSE function
of the MOV
MOV remains in
“OPEN” position by test
I&C cabinet
(drive control
circuits)
Analog output
module
XPA92,
Output C18
Contactor
relais
of the MOV
Contacts of
the control
circuit
open Normally
open circuit
control
command
CLOSE to
coupling relay
Ground fault of
the circuit
spurious close of the
MOV
Indication of the RUN
and CLOSED functions
of the MOV
I&C cabinet
(drive control
circuits)
Analog output
module
XPA92,
Output C18
Contactor
relais
of the MOV
Contacts of
the control
circuit
open Normally
open circuit
control
command
CLOSE to
coupling relay
Hot-short fault
of the circuit
spurious close of the
MOV
Indication of the RUN
and CLOSED functions
of the MOV
I&C cabinet
(drive control
circuits)
Analog output
module
XPA92,
Output C18
Contactor
relais
of the MOV
Contacts of
the control
circuit
open Normally
open circuit
control
command
CLOSE to
coupling relay
Hot-short fault
(overvoltage) of
the circuit
Destroying of the analog
output module XPA92
Loss of the control of the
MOV
Motor-
operated valve
(MOV)
Contacts of
the position
indication
I&C cabinet
(drive
control
circuits)
Module
XKU98, Input
signal B03
Closed
loop
position
indication of
the MOV
CLOSED
indication of
the MOV
Intrerruption
of the circuit
(broken
conductor)
Loss of the indication of
the position CLOSED of
the MOV
Functional test
Motor-
operated valve
(MOV)
Contacts of
the position
indication
I&C cabinet
(drive
control
circuits)
Module
XKU98, Input
signal B03
Closed
loop
position
indication of
the MOV
CLOSED
indication of
the MOV
Ground fault of
the circuit
Loss of the indication of
the position CLOSED of
the MOV
Functional test
Motor-
operated valve
(MOV)
Contacts of
the position
indication
I&C cabinet
(drive
control
circuits)
Module
XKU98, Input
signal B03
Closed
loop
position
indication of
the MOV
CLOSED
indication of
the MOV
Hot-short
(shorts to
power lead)
False indication „MOV
contactor CLOSED“ and
“MOV run”
Inconsistency of MOV
position indication (e.g.
MCR, I&C cabinet,
alarm system)
Motor-
operated valve
(MOV)
Contacts of
the position
indication
I&C cabinet
(drive
control
circuits)
Module
XKU98, Input
signal B04
Closed
loop
position
indication of
the MOV
OPEN
indication of
the MOV
Intrerruption
of the circuit
(broken
conductor)
Loss of the indication of
the position OPEN of the
MOV
Functional test
Motor-
operated valve
(MOV)
Contacts of
the position
indication
I&C cabinet
(drive
control
circuits)
Module
XKU98, Input
signal B04
Closed
loop
position
indication of
the MOV
OPEN
indication of
the MOV
Ground fault of
the circuit
Loss of the indication of
the position OPEN of the
MOV
Functional test
Motor-
operated valve
(MOV)
Contacts of
the position
indication
I&C cabinet
(drive
control
circuits) Module
XKU98, Input
signal B04
Closed
loop
position
indication of
the MOV
OPEN
indication of
the MOV
Hot-short
(shorts to
power lead)
False indication „MOV
contactor OPEN “ and
“MOV run”
MOV position indication
(e.g. MCR, I&C cabinet,
alarm system)
Heinz-Peter Berg, Ewgenij Piljugin, Joachim Herb, Marina Röwekamp– COMPREHENSIVE CABLE FAILURES ANALYSIS FOR PROBABILISTIC FIRE
SAFETY ASSESSMENT
RT&A # 01 (24)
(Vol.1) 2012, March
45
3.2 Component specific FMEA
In the second phase, those generic failure modes are identified for each cable which could
affect safety related components in the respective compartment (see Figure 6). Based on the
information on the cable type, the attached components and their types, as well as on their
operational mode, all the possible cable failures have to be identified by the FMEA expert. The
probable cable failures are a sub-set of the failure modes found in the generic FMEA. The specific
effects identified in the second phase of the FMEA are mapped to basic events used as initiating
events and/or component failures in the fire PSA.
Figure 6. Component specific phase of CaFEA.
The failure conditions for the cables were specified on the basis of the results of fire tests
carried out at the Technical University of Braunschweig, Institute for Building Materials, Concrete
Construction and Fire Protection (iBMB) - see (Hosser et al. 2005) and (Riese et al. 2006) for
typical cables used in nuclear power plant in Germany.
Comparable tests have also be conducted in other countries (see, e.g., EPRI 2002, Keski-
Rahkonen et al. 1997 and Mangs et al. 1999), partially also with cables from Germany.
In the fire tests at iBMB, among other things, the fire induced functional failures of the cables
were examined for both, energized as well as non-energized cables.
Based on the test results of the iBMB study (Riese et al. 2006), the following different types
of cable failure modes were specified and are used in the cable FMEA:
Short-to-ground via insulation material of the cable jacket or an earthed conductor inside or
outside a cable or via earthed structures, e.g. a cable tray;
Hot short to an energized conductor inside or outside a cable (e.g. high-voltage propagation,
impacts of electric arcs);
Short circuit fault to a de-energized conductor inside or outside a cable (high or low
impedance failure);
Interruption of the cable conductor (open circuit failure mode).
Computer aided identification
and selection of the cables in
the room affected by fire
Computer aided identification
of the failure relevant
characteristic of selected
cable, e.g. multicore structure,
shielding, laying
Computer aided identification
of the components connected
to the selected cable
Specification of the operating
condition of the components
and of the corresponding
electrical circuits
Use of the result
of generic failure
effect analysis of
the generic
electrical circuits
Qualitative assessment of the
most probable failure mode of
the fire affected cable and/or
cable conductors
Analysis of a potential
impacts of the functions of the
affected components
regarding relevance for the
model of the Fire-PSA
Identification of the candidates
for initiating events or for
impacts of the accident control
functions in the PSA model
Heinz-Peter Berg, Ewgenij Piljugin, Joachim Herb, Marina Röwekamp– COMPREHENSIVE CABLE FAILURES ANALYSIS FOR PROBABILISTIC FIRE
SAFETY ASSESSMENT
RT&A # 01 (24)
(Vol.1) 2012, March
46
4 DATABASE APPLICATION
The database application consists of a user interface frontend and a database backend. With
the aid of CaFEA, the data obtained in the FMEA for fires can be systematically evaluated for cable
failures. The CaFEA database comprises the data from different sources, correlates them to each
other and displays the correlation results to the FMEA expert who carries out the actual failure
mode and effects analysis and stores the results in the database (Herb & Piljugin 2011). The
database frontend can be used for data sets of different nuclear power plants.
The FMEA is specific for the plant operational state stored in the database. After opening the
database application the user can choose if the generic or the specific FMEA shall be performed.
For both tasks input forms are available.
For both generic and component specific FMEA results the database provides import and
export functions to and from Microsoft® Excel®.
4.1 Generic FMEA
If (incomplete) specific FMEA results already exist in the database the user can create
template data for the generic FMEA. The input form for the generic FMEA contains questions with
respect to the following data:
Type and sub-type of source component,
Type and sub-type of target component,
Operating condition of target component,
Identification of the signal type (circuit type),
Failure of the cable occurring in the electrical circuit affected by the fire,
Effect on the target component,
Optional comment on the determined component effect and its relevance for the PSA.
4.2 Component specific FMEA
The user interface for the component specific FMEA in the CaFEA application subdivides the
different analytical steps into several sub-tasks:
After selecting a compartment and a cable function (corresponding to one signal transmitted
via the cable) the first sub-task consists in providing information about the components
connected to the cable (“start” and “end” component) and the target component. For the target
component the operating condition has also to be provided. The last step is supported by
providing information from the plant operating manual and/or safety specifications included
in the database.
In the second sub-task, the FMEA expert has to specify all possible cable failure modes for
the selected cable function. As the information about the cable type, routing, etc. has to be
considered, it has to be provided by the FMEA expert and stored in the database.
The third sub-task consists in the determination of the effect on the component by the cable
failure mode. By means of a query in the database it is checked if a generic FMEA result
provided by the FMEA expert in the previous steps is applicable to the specific case. If a
generic FMEA result has been found, it is shown how the FMEA expert can take the decision
if and how this generic result can be applied in the specific case.
Heinz-Peter Berg, Ewgenij Piljugin, Joachim Herb, Marina Röwekamp– COMPREHENSIVE CABLE FAILURES ANALYSIS FOR PROBABILISTIC FIRE
SAFETY ASSESSMENT
RT&A # 01 (24)
(Vol.1) 2012, March
47
5 FIRST EXEMPLARY APPLICATION OF THE CABLE FMEA
The analytical method and database tool CaFEA has been developed by GRS based on the
available plant data (database with respect to components and compartments and cable routing in
the reference nuclear power plant) and on a generic procedure for analyzing fire induced circuit
failures in the cables concerned. The FMEA method was tested using data of a reference plant for a
given compartment. 432 cables are routed through this compartment transmitting in total 932
signals because of some cables representing I&C cables with multiple conductors.
The qualitatively estimated probability (high, medium and low probability class) was assigned
as conditional probability in case of fire to the corresponding effect on the component and the
resulting PSA basic event or initiating event.
6 CONCLUSIONS AND OUTLOOK
This paper describes, in addition to the approach applied to some extent in the U.S., a second
possible method to assess effects of cable failures.
Basis for this activity is a fire PSA cable list which is not simply a list of cables but
establishes for each cable a link to the associated fire PSA component and to the cable routing and
its location. These relationships provide the basis for identifying potential equipment functional
failures at a fire area, fire compartment or raceway level.
During the pilot applications of the U.S. approach it was noticed that circuit analysts were
basically assuming that many cables within a fire area could cause a spurious operation
independently of the other cables affected by the same fire (EPRI 2010). However, under certain
conditions, when the first cable is damaged (either from spurious operation or blowing the fuse in
the circuit), the damage to the other cables does not affect the outcome, i.e., the likelihood of a
spurious actuation of the component is not increased.
Therefore it is recommended that the “exclusive or” combinatorial approach for spurious
actuation probabilities can only be applied in cases where multiple cables can cause the undesired
component effect and the postulated cable failure modes and effects are found to be independent
(EPRI 2010). In cases where the cables of concern are dependent, the likelihood of spurious
actuation should be determined by the first cable failure only. If the spurious actuation probability is
different for the different cables of concern (e.g., due to differences in the cable or routing
configuration), the analysis can either determine which cable would likely fail first for the given
scenario, or simply bound the individual cable values.
The computer aided methodology of the FMEA as another approach compared with the U.S
process offers a good basis for performing a systematic and traceable analysis of the effects of fire
induced cable failures in the frame of a fire PSA. The methodology was tested on the basis of data
for a given compartment which have been provided by a reference nuclear power plant in Germany.
The major difference between the methodology proposed in (EPRI 2005) and (LaChange et
al. 2003) and that one developed by GRS is that the computer aided methodology CaFEA allows to
use a combination of generic and (component) specific tasks of the FMEA of the cable failures.
This can reduce the specific FMEA of all circuits in the fire affected compartments of the nuclear
power plant significantly. The database application of generic cable FMEA can be extended with
regard to consideration of all typical electrical circuits in a generic nuclear power plant.
Up to now, the results of the FMEA provide only qualitative indications for those component
effects which result in the unavailability of system functions or in new initiating events in the fire
PSA.
In a next step, quantification of the failure mode probabilities and the corresponding effects
on the affected components shall be included in the approach. The current database architecture of
CaFEA allows an easy integration of this feature in the future. In general, two options are possible:
Heinz-Peter Berg, Ewgenij Piljugin, Joachim Herb, Marina Röwekamp– COMPREHENSIVE CABLE FAILURES ANALYSIS FOR PROBABILISTIC FIRE
SAFETY ASSESSMENT
RT&A # 01 (24)
(Vol.1) 2012, March
48
to use failure mode probability tables from literature or to perform explicit model calculations
which involves to apply circuit failure mode probability estimation formulas. The second approach
is currently under development within a new investigation project. Results including an application
for an exemplary room in the reference plant will be available in 2013.
Future challenges of the CaFEA development are the consideration of failure modes of new
(digital) technologies of signal transmission and processing, e.g. bus architectures of I&C systems,
fibre optical cables, etc.
In principle, the FMEA methodology developed may be also applied for investigating cable
failures in the frame of analyzing the effect of other plant internal or external hazards such as
flooding and or structural damage by earthquakes.
7 REFERENCES
Berg, H.P. & Röwekamp, M. (2010). Current status of fire risk assessment for nuclear power
plants, SCIYO – Nuclear Power, September 2010, 140 – 162.
Collins, H. J. (1976). Recommendations Related to Browns Ferry Fire, NUREG-0050, U.S.
NRC.
Electric Power Research Institute – EPRI (2002). Spurious Actuation of Electrical Circuits
due to Cable Fires: Results of an Expert Elicitation, EPRI 1006961.
Electric Power Research Institute – EPRI (2005). EPRI/NRC-RES Fire PRA Methodology for
Nuclear Power Facilities, NUREG/CR-6850 Vol. 1 Summary and Overview and Vol. 2 Detailed
Methodology, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.
Electric Power Research Institute – EPRI (2010). Fire Probabilistic Risk Assessment Methods
Enhancements, Supplement 1 to NUREG/CR 6850 and EPRI 1011989, Technical Report 1019259,
September 2010.
Herb, J. & Piljugin, E. (2011). Failure mode and effect analysis of cable failures in the context
of a fire PSA, Proceedings of ANS PSA 2011 International Topical Meeting on Probabilistic Safety
assessment and Analysis, Wilmington, NC, March 13 – 17, 2011, on CD-ROM.
Hosser D., Riese, O. & Klingenberg, M. (2005). Durchführung von weiterführenden
Kabelbrandversuchen einschließlich der Präsentation der Ergebnisse im Rahmen des internationalen
Projektes ICFMP, Juni 2004, Schriftenreihe Reaktorsicherheit und Strahlenschutz des
Bundesministeriums für Umwelt, Naturschutz und Reaktorsicherheit (Federal Ministry for the
Environment, Nature Conservation and Nuclear Safety), BMU- 2005-663, Bonn, Germany.
Keski-Rahkonen, O. et al. (1997). Derating of cables at high temperatures, VTT Publications
302, Technical Research Centre of Finland, Espoo, Finland.
LaChance, J. L., Nowlen, S. P., Wyant, F. J. & Dandini, V. J. (2003). Circuit Analysis –
Failure Mode and Likelihood Analysis, NUREG/CR-6834, prepared for Division of Risk Analysis
and Applications Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001.
Mangs, J. et al. (1999). Failure distribution in instrumental cables in fire, OECD/STUK
Workshop on Fire Risk Assessment, Helsinki, Finland.
Piljugin, E., Herb, J., Röwekamp, M., Berg, H. P. (2011). Methods to assess effects of cable
failures caused by fire, Journal of Polish Safety and Reliability Association, Proceedings of the
Summer Safety and Reliability Seminars, July, 03 – 09, 2011, Gdańsk-Sopot, Poland, Volume 1,
163 – 170.
Riese, O., Hosser, D. & Röwekamp, M. (2006). Evaluation of Fire Models for Nuclear Power
Plant Applications, Flame Spread in Cable Tray Fires, International Panel Report - Benchmark
Exercise No. 5, Gesellschaft für Anlagen- und Reaktorsicherheit (GRS) mbH, Report GRS – 214,
Köln, Germany.
Heinz-Peter Berg, Ewgenij Piljugin, Joachim Herb, Marina Röwekamp– COMPREHENSIVE CABLE FAILURES ANALYSIS FOR PROBABILISTIC FIRE
SAFETY ASSESSMENT
RT&A # 01 (24)
(Vol.1) 2012, March
49
Röwekamp, M., Türschmann, M. & Berg, H.P. (2011). A Holistic Approach for Performing
Level 1 Fire PRA, Proceedings of ANS PSA 2011 International Topical Meeting on Probabilistic
Safety assessment and Analysis, Wilmington, NC, March 13 – 17, 2011, on CD-ROM.
Scott, R. L. (1976). Browns Ferry Nuclear Power-Plant Fire on Mar. 22, 1975, Nuclear
Safety, Vol. 17, No.5, September-October 1976.
Wyant, F. J. &. Nowlen, S. P. (2002). Cable Insulation Resistance Measurements during Cable
Fire Tests, NUREG/CR-6776, U.S. NRC.