Comments on: Old UNIX/IBM control systems: Potential time bombs in Industry

By: AnthonyL

AnthonyL — Fri, 27 Jan 2012 05:58:00 +0000

Whatever thread you prefer, same request, if you wish to.

By: Tom Kerwick

Tom Kerwick — Thu, 26 Jan 2012 19:29:39 +0000

Anthony — the topic of this thread has nothing to do with CERN/LHC safety procurement. It is about old industrial control systems in industry — lets discuss LHC in a more relevant thread. As for the topic of this thread, I intend to research it a small bit further before deciding whether it warrants writing a whitepaper on the topic.

By: AnthonyL

AnthonyL — Thu, 26 Jan 2012 19:19:56 +0000

Tom, since few here seem willing to actually read references such as your own paper would you please give us a bottom line summary of a) what you found which leads you to b) suggest the points should be cleared up in a safety conference on the LHC?

By: Tom Kerwick

Tom Kerwick — Thu, 26 Jan 2012 18:07:35 +0000

An interesting viewpoint Anthony — it is true that in this case a comment which reflected no thought or information from one individual actually fueled a serious debate amongst others on it which might not otherwise have happened. The unintentional public service brought to you by a ‘Puh-leez’ merchant.

Brandon — thanks for your suggestion. I actually enquired through the media relations personnel at Sellafield Ltd for information but so far they have fallen silent.

By: AnthonyL

AnthonyL — Thu, 26 Jan 2012 15:47:26 +0000

“Think a bit before you post more drivel comments”

@Kerwick But Tom, Gary’s comments, though they reflect no thought or information on the subject of discussion, are very helpful, because they provoke justification from you for your excellent topic, and clarify its validity for anyone else who shares the same uninformed doubt, but who might be more polite, and cautious about sharing it.

I don’t think you should discourage drivel of this kind if it is short. It shares the same purpose as the valuable posts of Professor Rossler, to allow the issues to be justified, and carried to the forefront of the minds of people who might otherwise dismiss topics as contrary to the headlines of the New York Times, and therefore not worthy of examination.

The is the excellent public service of Lifeboat as a whole, as well as your interesting post. It brings to our attention imaginative speculation which deserves consideration even though the editors of the New York Times have not yet noticed it, and which serves as an early warning of possible dangers which may affect the security of humanity as a whole.

By: Brandon Larson

Brandon Larson — Wed, 25 Jan 2012 01:08:13 +0000

To answer another of your questions, I don’t have any industry connections, but if you contacted some utilities that operate reactors, or someone in the DOE they might be able to help you.

By: Brandon Larson

Brandon Larson — Tue, 24 Jan 2012 17:05:36 +0000

My only experience is with Navy light water reactors, but I’m sure the basic control systems are the same. I don’t remember all of the specifics, so maybe someone else with more recent experience can expand on this. Basically, everything is analog. The criticality is measured by neutron flux sensors, and the rod position is set manually based on criticality and other sensor readings. The SCRAM circuit just drops the control rods to the bottom if it detects a problem. This is also analog, based on analog sensor readings. There is no computer control anywhere in the system. It’s all analog sensors and manual controls. From what I understand they now have what is called a Partial Fast Insertion system along with a SCRAM system, which automatically lowers the rods an inch or so to bring the reactor below critical if there is a problem, but this would work the same way as a SCRAM system. The newer reactors may have digital displays, and there may be some provision for automatic rod control to adjust criticality, but the failsafes still work on analog sensor readings without computer control. Like I said my knowledge is about 20 years old so if someone has some more recent experience please correct me if I am wrong about anything.

The biggest problem I can see is if backup systems are computer controlled without adequate monitoring by humans on site. The Fukushima disaster happened because the backup generators were knocked out by the tsunami causing the reactors to overheat. The main concern in a reactor accident is keeping coolant flow through the core. That is why backup power is so important, to keep the coolant pumps on line. You lose coolant flow and you will most likely lose the reactor.

By: Tom Kerwick

Tom Kerwick — Tue, 24 Jan 2012 12:40:21 +0000

Brandon — just a quick follow-on, I may have dismissed the relevance of this to the nuclear industry in my last response. Although the systems are under manual control — there will always be a control system residing between the manual controls and the electrical/mechanical — The operating technician will set the controls, but the control system applies them — in the same way that your car is manually controlled, but with power-steering you have a mini control system between you and the automobile — not the best of example, but you get the idea I’m sure.

If you have a contact in the industry who could assist me in researching on the firmware which interfaces the manual controls to the nuclear plant electrial/mechanicals, please forward on the details to me as it could assist greatly in my study into this — Cheers.

By: Tom Kerwick

Tom Kerwick — Tue, 24 Jan 2012 09:25:14 +0000

Brandon — thanks for the further feedback. I do not have specific experience with nuclear reactors, so it is good to get an inside opinion. Am surprised that everything is manually controlled, but as you say if these are built on 70s technology, then that makes quite a bit of sense. Could you give me a pointer to how such SCRAM circuits operate on nuclear reactors, are these run on mainframes or largely analog based? I’d guess there is a layer of control system between human operator and the reactors — such as self-regulating circuits — but again these would not be mainframe based control systems, so not in the risk category. I heard that before about reactors being much more difficult to bring back online. As for newer reactors, a lot of more recent IBM mainframes still use a 64-bit count for convenience though I doubt such shortcuts would be taken in nuclear facilities. Perhaps the risk to such old UNIX/IBM control systems lies elsewhere in industry and not in the nuclear sector after all. Thanks again.

By: Brandon Larson

Brandon Larson — Tue, 24 Jan 2012 02:22:14 +0000

I have some experience with nuclear reactors, and from what I have seen the only automatic controls on a reactor are the safety controls (ie. SCRAM circuits) and all they can do is shut the thing down. Everything else is manually controlled. The latest American reactors were built on 70’s technology and I would imagine reactors in the old Soviet Union are manually controlled because of the state of technology when they were built and for the reasons I outlined in my last post about weapons. One issue with nuclear power is if a reactor does go down hard it takes much longer to bring it back on line than a fossil fuel plant. Without backup from conventional power plants, a system crash could bring down a large part of the grid. I think this is the biggest danger from this type of failure.

It is possible that the newest reactors coming online in the West are dependent on computer control, and that would be worth investigating. Of course, if they are using the latest hardware and software the problems you describe do not apply.