Re: Y2K and electric power industry (long)

John Boyer (
Mon, 07 Sep 1998 09:42:07 -0500

Ah, Y2K is a subject very near and dear to my heart, especially the
nuclear power problem. My small company is working seven days a week.
We're in the process of trying to find year 2000 problems for several US
Nuclear Plants. So here are my ramblings on the nuclear side of things.

All nuclear plants in the United States are under the gun because the
nuclear regulatory commission has now made compliance a licensing issue.
See June 22, 1998 "generic letter".

If nuclear plants cannot certify that they are year 2000 ready by the
July 1 1999 deadline, they could lose their operating license.
Actually, they just have to show that they have a reasonable plan. I
doubt that any plant will have a real licensing issue. A typical
rule-of-thimb is that these plants loose $1 million a day while they are
down. So they will do what it takes to make sure they are not shut down
for regulatory reasons.

If you are a utility or a systems integrator, for a paltry sum of
about $70K you can join EPRI and access the shared data of year 2000
readiness. What most people don't realize about the nuclear power
industry in the United States is that each plant is different. For
example, Arkansas Nuclear One, located near Russellville, Arkansas, has
two pressurized water reactor units. Unit 1 came on-line in 1974 and
Unit 2 came on-line in 1980. The two units are completely seperate
designs, with very few shared components. I guess it was just a matter
of the lowest bidder. There are few exceptions to this rule, "sister
plants" like Wolf Creek in Kansas and Callaway in Missouri.

So, unlike France, Canada and Japan, the United States has a hodge
podge of computer systems. Even systems made by the same manufacturer
have been customized for each plant. So if you have certified one system
as year 2000 compliant you cannot necessarily go to another place with
the "same" system and "grandfather" your results.

Testing a single system for year 2000 problems is not that difficult.
Analyzing source code is not either, if you have a good tool. With the
exception of the main plant monitoring computer, most systems at these
plants only have spare parts, they don't have a stand-alone development
system that mimics the plant systems behavior.

Jim Whitehead wrote:
> To date, instrument and controller functionality appears
> to be largely unaffected. Some testing of larger integrated systems
> such as distributed control systems in power plants has been started. > These tests have produced some conflicting results which are being
> resolved through collaborative efforts within our program."

For the most part, control systems in these plants are pretty dumb, so
they don't care about the date. They are not nearly as complicated as a
SCADA you would find on an oil pipeline or power distribution system.
( But plant monitoring and security systems do use
dates heavily. While plant secury access control systems are not
required to process personel in and out, it would be a nightmare to go
without one. The plant monitoring systems (PMS) are not technically
required to run a plant in most cases, but the plants would likely back
down on power without them.

Sometimes, testing the live system is the only way. But, systems are
often interconnected so an integrated systems test is almost impossible
to accomplish. Most plants refuel every 18 months, so a refueling
outage seems like a good time to test. But outages are when plant wide
PM is done, and some computer systems that monitor and calibrate devices
are used more heavily during an outage than when in production.

Furthermore, many of the systems at nuclear plants are managed and
maintained by separate entities. Most utilities have created a special
management position to coordinate year 2000 activities between the
various computer groups. Most plants cooperate well internally, but
others definately have their little Kingdoms.

BTW, even the NRC has a year 2000 bug in its (emergency response data
system) ERDS datalink that provides live plant data for remote emergency
response and monitoring. All US nuclear power plants are required to
support this modem link in their plant monitoring systems (PMS). The NRC
will have a fix in place very soon, but all of the plants have to
fix/evaluate their side too.

Another issue is that there are some systems in nuclear plants for which
there is no available source code. It is really hard to believe but
it's true. Some plants are choosing to set the date back 28 years to
1972 in order to keep these proprietary systems in operation. This is
not always a good solution because of the interconnected nature of these

Personally, I think the "unfound" year 2000 problems will be in the
interfaces between the plant process computers, radiation monitoring
systems, meterological, and safety systems.

> Bottom line: It's too early to tell,

So, will "The Shit hit the ceiling" as my wife Thanh says?
I don't think so. There will be some reductions in power, there may even
be an isolated plant trip. But in general I think it will be under
control and not even noticable by the general public.

Am I drinking on New Years Eve 1999? No way. I'll be sitting by the
phone, just in case...


PS. Yes, I believe the phone will work.

DISCLAIMER: The opinions expressed herein are my own personal ideas and
are just too strange to represent anyone or anything else.