Automation addictionTypically, the resilience add-ons may operate only in case of hazard, and the threat may not be detected in normal operation. Special means should be designed to ensure that the rebounding is functional. The resilience add-ons should be reliable, and special procedures should be designed to be employed routinely, to enable early fault detection.
Automation addictionIf the operators are used to automatic protection, they might be careless about the corresponding part of the troubleshooting.
On March 28, 1979, following a loss of coolant, the PORV of the TMI reactor opened, but was stuck open. Following the Davis Besse incidence, the PORV was equipped with an indication about sending the command to close the PORV. However, although the command to close was sent to the PORV, it did not close, due to another fault. The operators relied on the indication, and believed that the PORV was closed, which was wrong. Following the wrong indication, the operators shut down the emergency cooling system, according to the instructions that they had. The core meltdown is commonly attributed to closing the emergency cooling system.
The design should incorporate special means to mitigate the risks of automation addiction. The resilience add-ons should be reliable
and the indication to the operators should be clear and precise, highlighting the significance of the actual state.
Updated on 15 Oct 2016.