Dynamic PRA Approach for the Prediction of Operator Errors · Presentation Outline Presentation Outline • Dynamic PRA Methods • General Overview of ADS-IDAC ... InfoLoad I I I

1

Dynamic PRA Approach for the Prediction of Operator Errors

Kevin Coyne

Ali Mosleh

Center for Risk and Reliability

University of Maryland

College Park, MD

University of MarylandCenter for Risk and Reliability

2

Presentation Outline

� Presentation Outline

• Dynamic PRA Methods

• General Overview of ADS-IDAC

� Thermal Hydraulic Nuclear Plant Model

� Operator Model

• Dynamic Performance Influencing Factors

• Information Filtering and Perception

• Future Research Activities

3

Dynamic PRA

� Compared to conventional human reliability analysis techniques, dynamic simulation methods can improve the modeling of several important factors:

• Feedback between operator and reactor plant

• Timing and sequencing of events

• Success criteria

• Dependencies arising from situational context

� But, dynamic methods introduce several challenges:

• Truncation techniques needed to limit sequence explosion

• Quality of results dependent on realism of the underlying plant and operator models

• Interpretation of results


4

ADS-IDAC Overview

� Accident Dynamics Simulator with the Information, Decision, and Action in a Crew Context Cognitive Model (ADS-IDAC)

� UMD has been developing, improving, and refining ADS-IDAC for nearly two decades


RELAP Plant Model

Control Panel Operator IDAC Cognitive Model

Hardware Reliability

Instrument Reliability

Performance Influencing Factors

RELAP Plant Model

Control Panel Operator IDAC Cognitive Model

Hardware Reliability

Instrument Reliability

Performance Influencing Factors

5

Thermal-Hydraulic Model

� RELAP5 Thermal-Hydraulic Engine

• Recognized thermal hydraulic analysis tool

• Existing RELAP plant models can be readily adapted to the ADS-IDAC environment

� Plant models require some modifications

• Interactive controls and instrumentation

• Realistic representation of plant systems, protective features, and controls

� The current three-loop PWR plant model includes:• 200 indicators

• 90 controls

• 80 alarms


6

Operator Model

� Operator actions guided by high-level goals and problem solving strategies


Implements EOPs

• Active & Passive Information Gathering

• Memorized Rule-Based Actions

• Follow Written Procedures

Maintain Safety Margin



Monitoring

Actions driven by operator’s situational assessment



• Knowledge-Based Actions

Troubleshoot Abnormal Conditions

• Passive Information Gathering


Maintain Normal Operation

CommentStrategiesGoal

7

Operator Model

� Operator profile specifies tendencies, preferences, and capabilities• PIF profiling factors

• Utilization of memorized information

• Problem solving preferences

• Threshold for diagnosing an accident condition

• Procedure pacing and adherence

• Information handling capabilities

� Operator knowledge base defines procedures, mental models, and heuristic rules


8

Dynamic Performance Influencing Factors (PIFs)

� Three dynamic PIF factors have been implemented in ADS-IDAC:

• Information Loading

• Time Constraint Loading

• Criticality of System Condition

� Dynamic PIFs currently support:

• Procedure step skipping module

• Information gathering process


9

Dynamic PIFs: Information Load

� Information Load PIF based on average information processing rate for each operator• “Information” includes

alarms, control panel interactions, and crew communication

• Includes both passive and active information load

� Related to operator task load


−

−=

ThresholdLowerThresholdUpper

ThresholdLowerRatePerception

LoadInfoII

IIPIF

&&

&&

10

Information Load PIF

0

2

4

6

8

10

Information Processing Rate

PIF

Valu

e

tLowertupper

10

Dynamic PIFs: Time Constraint Load

� Measures amount of time available until a process parameter passes a critical threshold• Parameters and thresholds can be uniquely

defined for each operator• PIF value depends on amount of time

available and operator’s high level goal (e.g., normal operation vs. accident mitigation)

� Related to time pressure perceived by the operator


i

Thresholdii

availableiP

PPt

&

,

,

−=

−

−−=

)(

)(110

,

,

lowerupper

loweravailablei

ConstrainTimeitt

ttPIF

Time Constraint Load PIF

0

2

4

6

8

10

Time Available

PIF

Valu

e

tlower

tupper

11

Dynamic PIFs: Criticality of System Condition

� Criticality of System Condition modeled after the Safety Parameter Display System (SPDS)• Measures plant deviation from

nominal (safe) conditions• Each operator can use a unique

combination of parameters, thresholds, and weighting factors

� Related to the operator’s perception of the severity of the plant state


Parameter Criticality

0

5

10

Parameter Value

PIF

Valu

e

Lo-Lo

Limit

Hi-Hi

Limit

Hi LimitLo Limit

"Safe"

Value

∑

∑=

i

i

yCriticalitParameter

i

i

yCriticalitSystem

iPIF

PIFω

ω

12

Dynamic PIFs: Example

� Example Application –Steam Generator Tube Rupture• Operators utilize

procedure following strategy

� Dynamic PIFs reflect both plant dynamics and operator activities• Briefings and delays• Degrading and

improving plant status

• Periods of high task loads


Key Plant Parameters

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

0 500 1000 1500 2000 2500 3000 3500 4000

time (seconds)

Level

0

10

20

30

40

50

Leak R

ate

(lb

m/s

ec)

SG A WR Level

PZR Level

SGTR Leak RateSGTR

Initiation

Manual Safety

Injection

Start RCS

Depressurization

Start RCS

Cool Down

Stop Safety

Injection Pumps

Equalize RCS/SG

Pressure

Dynamic PIFs

0

2

4

6

8

10

0 500 1000 1500 2000 2500 3000 3500 4000

time (seconds)

PIF

Valu

e

Time Constraint Load

Isolate

SG A

Time Available:

Low PZR Level Time Available: Low

RCS Pressure

Time Available:

Hi SG A Level

Dynamic PIFs

0

2

4

6

8

10

0 500 1000 1500 2000 2500 3000 3500 4000

time (seconds)

PIF

Valu

e


Information LoadInfo Load: Post Trip

Alarm Cascade

Briefing

Hold

Isolate

SG A

Time Available:


RCS Pressure

Time Available:

Hi SG A Level

Dynamic PIFs

0

2

4

6

8

10

0 500 1000 1500 2000 2500 3000 3500 4000

time (seconds)

PIF

Valu

e


System Criticality


Alarm Cascade

Hi SG A &

PZR Levels

Briefing

Hold

Isolate

SG A

Time Available:


RCS Pressure

Time Available:

Hi SG A Level

High SCM &

SG A Level,

Lo PZR Level

Dynamic PIFs

0

2

4

6

8

10

0 500 1000 1500 2000 2500 3000 3500 4000

time (seconds)

PIF

Valu

e


System Criticality


Alarm Cascade

Hi SG A &

PZR Levels

Briefing

Hold

Isolate

SG A

Time Available:


RCS Pressure

Time Available:

Hi SG A Level

High SCM &

SG A Level,

Lo PZR Level

13

Information Perception & Filtering

� All operator decisions and actions are based on perceived information

Raw data from the thermal-hydraulic model subject to filtering process

• Operator must gather information

• Biasing filter can distort information

� Differences between perceived and actual plant data can drive the operator toward error forcing situations

• Incorrect situational assessment leads to inappropriate action-rule activation

• Information distortion adversely impacts assessment of component, system, or plant state


14

Modeling Potential Error Events:Branching Rules

� ADS-IDAC generates a discrete dynamic event tree (DDET) based on the application of simple branching rules

� Feedback from the plant model, information perception, and PIFs all influence the activation of branching rules

� The branching path from the initiating event to a final end state define the scenario trajectory

Error events occur when the sequence of branching events result in the failure to meet a plant need...

15

Conclusions

� Recent improvements to the ADS-IDAC code have dramatically improved the realism of plant and operator models.• RELAP5 Plant Model• Operator Goals and Problem Solving Strategies• Dynamic PIFs • Information Processing

Taken together, these factors reinforce the man-machine feedback loop and improve the ability of ADS-IDAC to model crew-to-crew variabilities and dependencies


16

Future Work

� Knowledge base expansion� Model calibration

• Heuristic rules• Pace and timing of operator actions• Operator preferences/tendencies

� Validation• Halden HRA Comparison Study

� User interface• Facilitate ADS-IDAC model development,

revisions, and simulation execution

� Post processing tools• Sequence grouping and visualization• Importance measures and metrics


17

UMD ADS-IDAC Project

Questions....


Documents

Dynamic PRA Approach for the Prediction of Operator Errors · Presentation Outline Presentation Outline • Dynamic PRA Methods • General Overview of ADS-IDAC ... InfoLoad I I I