3. O A K R I D G E N A T I O N A L LABORATORY REACTOR CONTROLS COMPUTER, J. J. Stone, E . R. Mann. ORNL-1632, Oak Ridge National Laboratory, Oak Ridge, Tenn., Apr. 20, 1954.

4. T H E HRE SIMULATOR, D. M . Collier, L. A. Meeks, J. P. Palmer. ORNL-1572, Oak Ridge National Laboratory, Oak Ridge, Tenn., Sept. 24, 1954.

5. A N U C L E A R REACTOR SIMULATOR FOR T E A C H -ING PURPOSES, L. Orr, W . Kerr, H . J. Gomberg.

Electrical Engineering, vol. 75, no. 4, Apr. 1956, pp. 364-67.

6. CONTROL OF N U C L E A R REACTORS A N D P O W E R PLANTS (book), M . A. Schultz. McGraw-Hill Book Company, Inc., New York, Ν . Y . , 1955, pp. 282-302.

7. A SIMULATOR FOR N U C L E A R REACTOR O P E R A -TOR T R A I N I N G , J. W . Schwartzenberg. ISA Journal, Instrument Society of America, Pittsburgh, Pa., vol. 4, no. 9, Sept. 1957, pp. 369-73.

8. N U C L E A R REACTOR S T A R T - U P SIMULATION, J. P. Franz, N . F. Simcic. Transactions, Profes-sional Group on Nuclear Science, Institute of Radio Engineers, New York, N . Y . , vol. PGNS-4, no. 1, Mar. 1957, pp. 11-14. 9. A N A L Y S I S OF EXPERIMENTAL P O W E R - R E AC-TIVITY FEEDBACK TRANSFER FUNCTIONS FOR A N A T U R A L CIRCULATION B O I L I N G W A T E R REACTOR, J. A. DeShong, W . C . Lipinski. ANL-5850, Ar-gonne National Laboratory, Lemont, 111., July 1958.

A Dual-Channel Reactor Protection

System for Nuclear Power Plants

A L L E N S. B A R T U ASSOCIATE MEMBER AIEE

Synopsis : A dual-channel reactor protection system similar to the one that was developed for the Dresden Nuclear Power Station is described. This protection system utilizes commercially available components in co-incidence circuits to achieve the system reli-ability that is required for power plant serv-ice.

THE FUNCTION of the reactor pro-tection system is to prevent the re-

actor from operating in a manner that is dangerous to itself or its environment, without jeopardizing its output at any time when it is operating safely.

In a nuclear power plant, one is faced with the marriage of two opposing phi-losophies. Traditionally, reactor protec-tion has been designed to shut the re-actor down if there is any doubt about plant safety. Power plant protection, however, has traditionally been designed to keep the plant running until it is definitely established that a dangerous condition exists. Both operating philos-ophies are well founded and the reactor protection system for a nuclear power plant must satisfy the basic requirements that led to both of these opposing philosophies.

During the design of the Dresden Nuclear Power Station, a dual-channel reactor protection system was developed.

Paper 60-78, recommended by the AIEE Nucleonic and Radiation Instrumentation Committee and approved by the AIEE Technical Operations De-partment for presentation at the Nuclear Engineer-ing and Science Conference, Cleveland, Ohio, April 6-9, 1959. Manuscript submitted November 4, 1959; made available for printing November 23, 1959.

A L L E N S. B A R T U is with the General Electric Company, San Jose, Calif.

All those who contributed to this development are too numerous to mention but special credit should be accorded I. M . Jacobs for developing some of the basic concepts, and K. F. Hempstead, of the Commonwealth Edison Company, for carrying the design through to completion.

The system described herein is essen-tially a generalization of that design and is believed to be applicable to many types of nuclear power plants.

The reactor protection system which is discussed includes the sensing elements, logic functions, and actuator controls as shown in Fig. 1. It should be noted, however, that two other critical steps exist between the incidence of an unsafe condition and a shutdown. The unsafe condition must be sensed by the primary element, and the control rods must actually insert part of their negative reactivity before a scram has really taken place.

Basic System Characteristics

The important characteristics of a re-actor protection system can be defined as speed of response, operational reliability, freedom from nuisance operations, and provisions for trouble monitoring, testing, repair, and maintenance. The relative importance of each of these character-istics is not the same, but all are impor-tant and a serious weakness in any one is a significant weakness in the protection as a whole.

SPEED OF RESPONSE

The speed of response for the whole scram system (including sensing of the unsafe condition and enough reduction in reactivity to put the reactor on a nega-tive period) must be adequate to control safely some limiting potential accident. The limiting accident is usually the start-up accident,1 which is determined by the nuclear characteristics of the reactor and the maximum reactivity insertion rate attainable from the control system.

The delay due to the protection system,

as described herein, is only a portion, and often a small portion, of the total delay. The delay involved in getting the control rods to move far enough to produce sig-nificant negative reactivity is a major portion of the total delay, and the delay involved in sensing an unsafe condition by the primary sensing element may be a serious delay in some cases.

OPERATIONAL RELIABILITY

If the protection system has adequate speed of response, its prime character-istic is operational reliability. This can be defined as the ability to cause a reactor shutdown when it is required. Failure probabilities as low as one in a million are necessary for some situations.

NUISANCE OPERATIONS

A nuisance operation can be defined as a protection-system operation which causes a shutdown of all or part of the plant when there is no danger. The most common example of nuisance opera-tion is a nuisance scram.

Many of the reactor protection systems in use today cause a relatively large num-ber of nuisance operations when compared to what is generally considered accept-able for a modern power plant.

TROUBLE MONITORING, TESTING, AND

MAINTENANCE PROVISIONS

The ability to annunciate the failure of any of the components of the reactor protection system will greatly affect the operational reliability and the nuisance failure rate of the system. This is be-cause the probability that the protection system will fail to operate when required is a function of the time that it takes to detect and repair a component failure. Somewhat the same thing applies to the nuisance failure rate but it is greatly affected by the particular protection system design.2

Testing can be considered a method of extending the trouble-monitoring capabil-ity by means of periodic checks. Ideally, the trouble monitor would check all components continuously and no routine testing would be required, but this is generally not practical. The testing pro-

3 5 8 Bartu—Dual-Channel Reactor Protection for Nuclear Power Plants SEPTEMBER 1960

C H A N N E L A AC SOURCE A

INDUCTION MOTOR

FLYWHEEL

SINGLE PHASE GENERATOR

MANUAL TRANSFER

POWER TO CHANNEL-A

C H A N N E L Β

AC SOURCE Β

RELAYS β AMPLIFIERS

HIGH ENCLOSURE PRESSURE

LOW WATER L E V E L

HIGH REACTOR PRESSURE

HIGH NEUTRON F L U X

SHORT -PERIOD

2

1 - X -

SCRAM R E S E T R E L A Y S

- f

INSTRUMENT AC SUPPLY

ENCLOSURE PENETRATION

CLOSURE

MANUAL TRIP

EMERGENCY COOLING

BYPASS

MANUAL SCRAM

POWER TO PERIOD SENSOR 3 8 TROUBLE MONITOR

_ M A N U A L J ' l N j ^ A T I O N j - _ CLOSURE TRIP

ENCLOSURE VENTILATION

CLOSURE 5

i

PWR TO CHAN.-Β

RELAYS a AMPL.

T 5

I 3

jy iANUAL_RESET |i

Ç I SCRAM

F i g . 1 . O n e - l i n e d iagram o f a t y p i c a l D r e s d e n - t y p e dua l -channe l reactor p ro tec t ion system

visions should give complete coverage of those areas that have been omitted by the trouble monitor, so that no practical, unsafe failure could be left undetected.

To keep the detection and repair time for a failed component to a minimum, provisions for quick and easy repair are very important. The ability to main-tain and repair components with the re-actor plant in operation is particularly important in a power plant where the re-actor may be expected to operate for long periods without a shutdown.

Dual-Channel System

The Dresden-type dual-channel reactor protection system meets the reliability requirements by making use of coincidence techniques rather than by using extremely reliable components. The failure of any

one component or power supply is as-sumed to be a normal design condition. The system is designed so that, in nearly all cases, such failures will not cause an operational failure or a nuisance opera-tion, but will trip one protection channel with the other channel still intact.

Fig. 1 shows a 1-line diagram of a typical Dresden-type system as it might be applied to a boiling-water reactor. The sensed conditions will be different for different types of reactors, but the basic design should be applicable to a variety of reactor types.

The system consists essentially of two grounded 120-volt a-c circuits which are supplied from two induction-motor-driven synchronous generators with fly-wheels to provide a few seconds of stored energy.

Each numbered contact shown in Fig. 1 symbolizes a scram relay. A coil of each relay is supplied with power from an "independent" primary sensor, so each of these contacts may be thought of as symbolizing a primary sensor. The pairs of holding coils shown each symbolize one or more pairs of actual holding coils or solenoid valves. These coils or valves are mechanically interconnected in such a way that both must be de-energized before a protection system operation takes place.

TWO-OF-FOUR-SENSOR GROUPING

The high-reactor pressure sensor shown in Fig. 1 is typical of the two-of-four-sensor grouping which forms the basis for this dual-channel system. A typical scram relay circuit for one of these sensors is shown in Fig. 2

If the reactor pressure should reach the trip level, the pressure switches 1, 2, 3, and 4 will open their contacts. This will de-energize their respective scram relays and open the four high-reactor-pressure contacts shown in Fig. 1. These con-tacts will de-energize everything which is shown below them, including the holding coils controlling the ventilating ducts and the scram valves.

If any one of the switches or relays should fail to open its contacts, the other relay in its protection channel will open the circuit and the scram will still be accomplished.

If one switch or relay in each channel should fail to operate, the other two relays will still cause the required scram. This allows one switch in channel A and one in channel  to be connected to the same manifold without the possibility of a single plugged manifold's preventing a required scram. The fact that two manifolds may be used safely instead of three or four can result in significant savings in piping costs in a high-pressure system.

If any one of the high-reactor-pressure sensors should accidentally open its con-tacts, or have its circuits open-circuited or short-circuited, its associated scram relay would be de-energized. This would inter-rupt the current to one of each pair of ventilation-duct and emergency-cooling holding coils and one of each pair of scram solenoids, but the other holding coils and scram solenoids would remain energized and prevent a nuisance scram. The annunciator and trouble indicator light associated with this sensor would be energized so as to identify positively the circuit that caused the protection chan-nel to trip. If the failed component were in an accessible location, it could be re-placed or repaired without disturbing the plant output.

SEPTEMBER 1960 Bartu—Dual-Channel Reactor Protection for Nuclear Power Plants 359

POWER FROM C H A N N E L A

P R E S S U R E S W I T C H

( O P E N S ON ' H I G H P R E S S U R E )

POWER FROM I N S T R U M E N T AC

SCRAM R E L A Y

SENSOR 2 O P E R A T I N G (

CONTACT V S H O W N O N F I G . l \

SCRAM Γ RESET ± RELAY ^

T R O U B L E I N D I C A T O R

L I G H T

<+>. S T A T I O N DC

F R O M O T H E R 3 S C R A M R E L A Y S

A N N U N C I A T O R ( H I G H REACTOR

P R E S S U R E )

( - ) • STATION DC

F ig . 2 . T y p i c a l scram re lay circuit for a t w o - o f - f o u r g roup ing . O n e o f four high-reactor-pressure sensors

If the power output of one of the motor-generator sets were interrupted or short-circuited, the power to the ion chambers, amplifiers, relays, holding coils, and sole-noids which are associated with that pro-tection channel would be de-energized. Since no components in the other pro-tection channel are supplied from this source, the other channel would still be operative and the reactor would continue to operate.

TWO-OF-THREE-SENSOR GROUPING

The two-of-three grouping of sensors may be used with a dual-channel system when the saving of one sensor justifies the added complexity, cost, and/or the higher nuisance failure rate. The opera-tional failure probability for the two-of-three grouping is nearly the same as for the two-of-four grouping.

The short-period sensor shown in Fig. 1 is typical of the two-of-three grouping. Fig. 3 shows a typical scram relay circuit for this sensor.

If reactor period reaches the trip level, the short-period sensors 1, 2, and 3 will de-energize their respective relays. The twelve short-period contacts shown in Fig. 1 will open and de-energize the hold-ing coils controlling the ventilating ducts and the scram valves.

If any one of these sensors should fail, the other two will still open both circuits and cause the required scram. However, these three sensors must be completely independent because a failure which could affect any two might prevent a required

scram or cause a nuisance scram. For in-stance, if the high-reactor-pressüre sensor described were to use this two-of-three grouping, three independent manifolds and three independent power supplies would be required.

The power for the ion chambers and amplifiers in one of the three short-period sensors is taken from the instru-ment a-c supply, which is separate from the two motor-generator supplies. This is so that the interruption of one of the motor-generator supplies will not involve more than one of the three short-period sensors, and cause a nuisance scram. This short-period sensor will experience more nuisance operations than the other two because of voltage disturbances on the instrument supply However, this

is not very important if the period sensors are normally bypassed when the reactor is in the power range, as they will be at Dresden.

Design Techniques and Components

A reactor protection system can be built using a wide variety of components and techniques. The following discussion ex-plains why certain of these are selected for use in the Dresden-type system.

FAIL-SAFE DESIGN

A fail-safe design can be defined as one in which the most common modes of failure are such that they maintain or increase the operational reliability of the system. Since some devices have two opposite, common modes of failure, a truly fail-safe design may be approached, but is rarely achieved.

Fail-safe design may be considered as a method of providing an effective trouble monitor for the electric components of the protection system. When the system is used in a power plant, long lengths of wire are needed to connect many of the sensing elements to the logic component. Since these wires are necessarily somewhat ex-posed to damage, it is very important to monitor these circuits continually.

Fail-safe design is not necessarily re-quired for use with the dual-channel pro-tection system, but until an equally effec-tive trouble monitor at a comparable cost has been developed, it appears to be the best available technique for obtaining high operational reliability.

DUAL-CHANNEL DESIGN

The number of nuisance operations is reduced by the use of a second, identical fail-safe channel which also must be de-energized in order to produce a scram.

The operational reliability appears to

P E R I O D A M P L I F I E R O U T P U T ( S E N S O R 2 )

S C R A M

R E L A Y

S E N S O R 2

O P E R A T I N G C O N T A C T S

S H O W N I N F I G . I

Ñ Q

S C R A M

R E S E T

R E L A Y Ã~1 L d

ô F i g . 3 . T y p i c a l scram r e l a y circuit for a t w o - o f - t h r e e g r o u p -i n g . O n e o f three shor t -per iod sensors

C H A N A

C H A N Β

< + ) A S T A T I 0 N D C

F R O M O T H E R 2

S C R A M R E L A Y S

T R O U B L E

I N D I C A T O R

L I G H T

A N N U N C I A T O R

( S H O R T

P E R I O D )

<->• S T A T I O N D C

360 Bartu—Dual-Channel Reactor Protection for Nuclear Power Plants SEPTEMBER 1960

have been reduced by a factor of two be-cause of the addition of the second chan-nel. This apparent reduction is not considered important for two reasons: First, it is difficult to calculate the system reliability or the required reliability within a factor of ten, so any system which would become unsatisfactory by a reduction of reliability by a factor of two is already too near the margin. Second, because acci-dental tripping of one channel due to a component failure is not in itself serious, the use of bypasses and "jumpers" will undoubtedly be reduced and the opera-tional reliability of each channel will be increased. This somewhat intangible in-crease will probably result in a dual-channel reliability considerably greater than the reliability of an equivalent single-channel system.

D U A L ELEMENTS IN EACH CHANNEL

To reduce the probability of an opera-tional failure due to an "unsafe" failure of a component, two elements are used in each channel in such a way that both must fail before the channel will be unable to scram from any one scram condition. These two elements are physically located so that the possibility of damage by a single accident is small. They are also installed in such a manner that a single failure, such as plugging of a single pres-sure line or control-rod shadowing of a single ion chamber, cannot affect more than one of the two sensing elements in one channel.

SCRAM RELAYS

The scram relay is a basic part of this system design. Relays have been justly criticized for their performance in some applications, but the manner in which a properly selected relay is likely to fail is quite well established.

The application of relays to a reactor protection system presents few significant problems and the selection of a relay which will perform satisfactorily should be quite simple.

Proper dust protection should easily reduce to a negligible value the probability of sticking. The probability of a contact welding is very small when a properly sized relay is supplying a resistive or in-ductive load. The expected number of operations is so small that fatigue prob-lems are negligible.

The maximum currents involved are approximately 5 amperes a-c. This is well within the rating of the General Elec-tric Company type HFA relays which were selected for use at Dresden.

Because of the thermal aging of the coils, the operation of the scram relays

with continuously energized coils is a problem. However, it is believed that the type HFA relays will still have negli-gible coil failures. Since the failure of a coil will trip only one protection channel, a few coil failures can be tolerated with-out appreciably reducing the plant reli-ability.

The time delay introduced by the scram relays used at Dresden is approximately 10 milliseconds. While any delay is significant, this is less than 5% of the scram time for Dresden and was com-pensated by an increase in control-rod scram speed.

The maintenance required for relays is also an important consideration. It is expected that the scram relays at Dresden will be inspected once yearly, but will re-quire little or no cleaning or burnishing of contacts. This can hardly be considered a serious maintenance problem.

POWER SUPPLIES

Each of the two main power supplies to the protection system consists of an in-duction motor with a flywheel which drives a 120-volt single-phase synchronous generator. The motors are supplied from the station auxiliary a-c system at two points which are as electrically re-mote from each other as possible. This is to reduce the probability of a single elec-trical disturbance affecting both power supplies when some a-c power is still avail-able. If all a-c power is lost, the reactor will probably have to be shut down any-way because of the loss of important pumping, control, or instrumentation power.

A flywheel is included in each motor generator set to provide enough stored energy so that a short, auxiliary-power interruption will not scram the reactor. A practical amount of stored energy allows the protection system to continue to operate for 3 to 5 seconds after all power is interrupted.

Excitation for the synchronous gen-erator is provided by a direct-connected exciter to provide maximum reliability.

The use of 120 volts a-c provides a good compromise between size of wire in relay and solenoid coils and current-interrupting and film-drop problems in switch and relay contacts. This is also a convenient voltage for supplying the ion chamber and flux-amplifier power supplies. One side of each of the protec-tion circuits is grounded so as to remove the possibility of two accidental grounds causing a sensor to be bypassed.

By means of a manual transfer switch, instrument a-c power can be used in place of the synchronous-generator output while

one motor-generator set is being serviced or repaired. This temporary mode of operation will result in a somewhat higher nuisance failure rate. However, this condition can probably be tolerated for considerable periods so long as the other motor generator set is working properly. (The third short-period sensor will be transferred from the instrument a-c sup-ply to the running motor generator set for this abnormal mode of operation.)

TROUBLE MONITORING, TESTING, AND

MAINTENANCE PROVISIONS

Trouble monitoring for most of the electric system is provided by additional normally closed contacts on the scram relays as shown in Figs. 2 and 3. Since the protection circuits have one side grounded, either a short or open circuit will result in a dropout of the scram relay. This will cause tripping of one protection channel and will operate the trouble indicator light and an annunciator. The annunciator provides the operator with an audible and visual identification of the scram function involved, and the trouble indicator light positively identifies the cir-cuit involved so that a maintenance mechanic can be sure he is working on the correct circuit.

Since the most common source of trouble will probably involve open or short circuits, this trouble monitor is ex-pected to indicate and annunciate most protection system troubles.

Since the primary elements are trans-ducers, they cannot be completely tested electrically. With a dual-channel system, however, routine operational checking of primary elements is possible without in-terrupting plant operation. For ex-ample, if the high-reactor-pressure censors are to be tested, one of the switches can be isolated from the reactor by closing the associated root valve, and an external pressure can be applied to the pressure switch until its protection channel is tripped. The trip setting and the oper-ability of the switch and its associated circuits will both be checked by this test. After the test has been completed, the protection channel can be reset and the remaining switches tested one by one in a like manner.

All sensors which are in accessible loca-tions and can be provided with an arti-ficial primary signal can be operationally tested in a similar manner.

Testing of the scram mechanism will have to be accomplished by performing an actual scram. However, if it should be necessary, individual control rods or groups of rods can be scrammed by in-dividually de-energizing their control

SEPTEMBER 1960 Bartu—Dual-Channel Reactor Protection for Nuclear Power Plants 361

valves with the remainder of the reactor in operation.

Since there are two independent, pro-tection channels, either channel can be de-energized for maintenance without disturbing the other channel or the output of the plant.

The location of components and cir-cuits at Dresden is such that there is little likelihood of a mechanic's accidentally disturbing the operating channel while testing or maintaining the other channel.

Conclusions

The Dresden-type dual-channel pro-tection system appears to be able to meet the operational reliability required for reactor protection while still maintaining the nuisance failure rate low enough to be acceptable in a modern power plant. A design has been completed using proved, commercially available components in conventional circuits which lead to a high degree of predictability of performance.

The proof of the design, however, still awaits the actual operating experience which will be obtained when Dresden Nuclear Power Station starts producing power.

References

1. PRINCIPLES OF N U C L B A R REACTOR E N G I N E E R -ING (book), S. Glasstone. D. Van Nostrand Com-pany, Inc., Princeton, N . J., 1955, pp. 352-53.

2. SAFETY SYSTEM FOR N U C L E A R P O W E R R E -ACTORS, I. M . Jacobs. AIEE Transactions, pt. I {Communication and Electronics), vol. 76, Nov. 1957, pp. 670-73.

Transients in Logarithmic Count-Rate

and Period M e t e r s

BRUCE B. B A R R O W NONMEMBER AIEE

IT HAS BEEN found desirable and practical, in designing automatic con-

trol devices for starting nuclear reactors, to measure flux transients at extremely low flux levels, using the output from neutron-counting circuits. In general, a logarithmic count-rate circuit is used, and the logarithmic indication of flux thus obtained is differentiated electrically to yield an indication of the period of the reactor flux.

The special problem that arises when a period meter is built around a log-arithmic count-rate meter is random fluctuation of the meter output, or noise. This noise is inseparably associated with the quantity being measured, for it arises in the randomness with which neu-trons are detected in a fission counter or equivalent device. To reduce this noise requires, in general, measurement over a larger number of neutron detections, which means measurement over a longer time, i.e., slower transient response, assuming that counter sensitivity cannot be in-creased. It is possible, however, to achieve a good compromise between quick response and low noise, and the procedure for achieving such a com-promise has been discussed in earlier papers.1,2

This paper cannot easily be studied apart from its predecessors. To write it otherwise would have required excessively long repetitions. This paper begins, therefore, where the others ended. Sev-eral classes of differentiating networks are analyzed in connection with the general problem of differentiating a signal while

ROBERT M A I T L A N D NONMEMBER AIEE

filtering out undesired wide-band noise. An indication of the relative quality of performance of these various networks is given, and confirmed quantitatively for the log-diode period meter. Experi-mental measurements of transient per-formance are reported, and these con-firm the predictions from theory. The experiments involved both a simple log-diode circuit and an entire period meter. Transient inputs were obtained from an exponential-current generator and, later, from a reactor simulator operated with various reactivity inputs.

Diff erentiating-Network Design

GENERAL PROPERTIES

At least two types of logarithmic count-rate circuits have been used in period meters. The first of these, the log-diode circuit, consists essentially of a logarithmic diode, usually a vacuum diode operated in the logarithmic region of its current-voltage characteristic, in parallel with a capacitor. An electric charge is dumped onto this capacitor each time a neutron is detected, and the current leak through the diode causes a voltage that is more or less proportional to the log-arithm of the counting rate. The im-portant properties of this circuit are known.2

The second type of logarithmic count-rate circuit consists of the parallel com-bination of a number of diode pump cir-cuits with staggered time constants. Cooke-Yarborough and Pulsford have published an admirable study,3 both

theoretical and experimental, of this circuit, but the results do not include expressions for, for example, transient response or bandwidth of the randomly fluctuating output signal. An analysis in depth for these properties seems to be quite difficult, though it would be of considerable value to the designer of period meters.

It is clear, however, that the behavior of the two circuits is similar, qualita-tively, in two important and related re-spects: both circuits have faster transient response at higher count rates, and both circuits exhibit more rapid fluctuations in measured count rate when operating at higher count rates.

In the log-diode circuit the amplitude of the fluctuations in the voltage output remains constant as counting rate varies. At the same time the bandwidth of the frequency spectrum of these fluctuations remains proportional to the counting rate. In the multiple-pump circuit the ampli-tude of the fluctuations in voltage output decreases somewhat with increasing count-ing rate. At the same time the fluctua-tions become more rapid, since the short-time-constant pumps dominate at high counting rates.

A differentiating network used with either type of logarithmic count-rate circuit to measure period must per-

Paper 60 -511 , recommended by the AIEE Nucle-onic and Radiation Instrumentation Committee and approved by the AIEE Technical Operations De-partment for presentation at the AIEE Nuclear En-gineering and Science Conference, Cleveland, Ohio, April 6-9, 1959. Manuscript submitted December 1, 1958; made available for printing February 9, 1960.

B R U C E B. B A R R O W is with the SHAPE Air Defense Technical Center, The Hague, Holland, on leave from the Hermes Electronics Company, Cambridge, Mass. ROBERT M A I T L A N D is with the General Electric Company, Cincinnati, Ohio.

Mr. Barrow's contribution to this paper was supported in part by the General Electric Company, through a consulting agreement, and in part by the Hermes Electronics Company (formerly Hycon Eastern). An earlier version of this paper was presented in Paris on September 17, 1958, at the Colloque International sur l'Electronique Nuclι-aire, which was sponsored by the Sociιtι des Radio-ιlectriciens.

3 6 2 Barrow, Maitland—Transients in Logarithmic Count Rate SEPTEMBER 1960