**2.3 Benefits and challenges of digital instrumentation and control**

The systems engineering lifecycle for analog modifications, such as changing mechanical relay logic, can take significant time to design, procure, reconfigure, and test hard-wired devices installed inside control cabinets. These changes can require many hours for maintenance personnel to rewire, physically rearrange components, and/or add new cabinets, terminal blocks, power supplies, and wiring. Labor resources are also required for post installation quality checks.

Contrary to analog I&C, a significant benefit of DI&C is the ability to quickly reprogram the functionality of a device or system with minimal physical hardware changes. These modifications are performed via microprocessors, expansive memory storage, and standardized communications that allow for remote connectivity. Moreover, the utilization of reusable software and common microprocessors lowers overall product costs. Moreover, the global supply chain has promoted further innovation, improved efficiencies, better product availability, and reduced costs.

An additional benefit of DI&C is the capability to incorporate numerous functions within one device. This capability reduces overall size of the I&C systems (e.g., fewer racks and cabinets) and relieves potential space constraints within facilities. Furthermore, the ability to choose from a wide array of functions in one device not only reduces the cost, but also allows for unique control algorithms not necessarily available in the past. Whereas analog I&C was limited to using a single proprietary signal conveying only one piece of information (e.g., the process value), adding a digital signal overtop an analog signal allowed for increased device diagnostics and calibration capabilities without any additional hardware changes and helped pave the way for logical extension of DI&C in nuclear facilities.

Other applications enabled by DI&C include enhanced online monitoring for condition-based maintenance systems. These systems improve visibility into equipment conditions to improve maintenance activities and potentially reduce or eliminate required preventive maintenance. Additionally, training departments are now able to simulate plant operations with fine detail that was difficult to achieve before.

On the other hand, digital technology introduces new challenges. As existing nuclear reactors are modernized, plant personnel throughout the organization must be trained on their design, installation, operation, and maintenance. This skillset is often very different than what is required for analog I&C and can take many years to acquire. Moreover, not only is there an increase in common-cause failures and potentially unknown failure modes with DI&C, but there is also additional risk associated with malicious and unintentional cyber threats not typically seen with analog I&C. These DI&C cyber risks are further described in Section 3.

#### **2.4 Future technology considerations**

### *2.4.1 New and advanced reactor designs*

While existing reactors primarily designed and built with analog technology are transitioning to DI&C, new generation III+, small modular reactor (SMR), microreactor, and advanced reactor designs will likely apply digital technology from project inception to take advantage of increased flexibility, better performance, and improved reliability. It is anticipated that these designs will also include hybrid approaches, similar to existing reactors, incorporating both analog and DI&C components and systems for reactor control and reactor safety. However, since most of the new reactor designs will likely incorporate passive safety features, they may have fewer (or no) safety-related control systems compared to current LWRs.

### *Cyber-Informed Engineering for Nuclear Reactor Digital Instrumentation and Control DOI: http://dx.doi.org/10.5772/intechopen.101807*

Nuclear reactors are primarily designed with safety as the underlying principle. Ensuring safety of reactor personnel and maintaining the health and safety of the public is more important than secondary objectives, such as producing electricity or medical isotopes. Thus, any new reactor technology that challenges the nuclear safety paradigm is met with strong caution. However, as new advanced reactors are designed with DI&C, significant effort and analysis will be undertaken to ensure cyber risks are fully understood such that the designs will fully withstand regulatory and public scrutiny and not interfere with reactor safety. Nevertheless, the inclusion of passive safety features that reduce the footprint of digital safety systems not only reduces the number of high-consequence design basis accidents (DBAs), it also reduces overall cyber risk.

Sites built with multiple reactor modules (e.g., SMRs) may have additional I&C systems to enable integrated and coordinated operation across multiple units. Furthermore, proposed advantages of SMRs and microreactors include the capability for remote and autonomous (or nearly autonomous) operation, including anticipatory control strategies to maintain operational limits for both planned and unplanned internal or external disturbances which increase overall operational flexibility. The passive safety systems in advanced reactors may enable fewer operators and more automation, however, these new modes of operation and previously unanalyzed consequences require careful evaluation by designers and regulators to ensure minimization of cyber risks. Mobile reactor designs must also anticipate and address additional requirements for safe and secure transportation.

Similar concerns exist for remote operations, which is under consideration for advanced reactors in isolated environments or reactors connected to microgrids using autonomous distributed energy control schemes. Remote operations imply some finite distance between reactor and operator utilizing digital communications for both monitoring and control. Not only does the external pathway potentially enable an exploitable pathway for adversaries, it also potentially presents unanticipated cyber risks from communication failures.

#### *2.4.2 Integrated energy systems*

Whereas remote and autonomous reactor operation may have a long timescale for development, regulatory acceptance, and construction, integrated energy systems may be available on a shorter timescale. As shown in **Figure 3**, integrated energy systems use the thermal heat from reactors for other purposes, such as hydrogen generation, district heating, water purification, and chemical manufacturing. They may also have direct electrical connections to integrated systems. The interconnections between a reactor and these secondary processes will likely contain additional sensors, controllers, and actuators in order to balance the electrical and heat demands of the plant with the demands from the integrated energy systems.

#### *2.4.3 New supporting applications*

Digital twins are virtual replications of a physical system that can be used to provide various capabilities and decision-support at a nuclear facility. The degree of representation by a digital twin depends upon the computing power and the ability to accurately model both reactor physics and data-driven processes. Proposed applications include the use of digital twins for running artificial intelligence or machine learning (AI/ML) applications for hybrid control schemes, such as flexible operation for electric grid load-following, anticipatory control, or autonomous control; the use of AI/ML on digital twins for equipment condition monitoring, diagnostics,

**Figure 3.**

*Conceptual integrated energy system including generation sources and applications.*

prediction, and prognostics; and the use of digital twins for designing engineering modification prior to building the actual physical system.

Using digital twins for reactor and/or system design may enable vulnerability discovery, such as potential for equipment failure, process anomalies, human error, or cyber compromise. Understanding system operation as well as potential vulnerabilities and consequences prior to construction is not only a benefit to designing better and safer reactors but also, if used with CIE principles as described in Section 4, a reactor with reduced cyber risk.

Applications of digital twins will likely continue to expand. The capabilities of digital twins, AI/ML, and other monitoring and control systems will be enabled with the increased use of wireless technologies (e.g., Wi-Fi, radio frequency identification, Bluetooth, Zigbee, cellular) in addition to traditional wired networks. Moreover, the use Internet of Things (IoT) or Industrial Internet of Things (IIoT) will continue to expand within nuclear facilities enabling improved efficiencies, reduced maintenance, and real-time insights for decision-making. Whereas the difference between operational technology (OT) and information communications technology (ICT) is that OT uses digital devices to control physical processes, such as nuclear reactors, IIoT uses a wide range of lower cost sensors that are traditionally connected via wireless networks to increase the number datapoints available for machine-to-machine communication and enhanced monitoring using data analytics, big data, and AI/ML.
