- Email: [email protected]
Advanced automation for power-generation plants – past, present and future
Control Engineering Practice 7 (1999) 1405}1411
Advanced automation for power-generation plants } past, present and future K. Kawai!,*, Y. Takizawa", S. Watanabe# !Management Innovation Group, Toshiba Corporation 1-1, Shibaura 1-Chome, Minato-ku, Tokyo 105-8001, Japan "Control and Instrumentation Engineering Dept.-Thermal Power, Toshiba Corporation 36-5, Tsurumichuo 4-Chome, Tsurumi-ku, Yokohama 230-0051, Japan #Design Center, Toshiba Corporation 1-1, Shibaura 1-Chome, Minato-ku, Tokyo 105-8001, Japan Received 26 January 1999; accepted 21 June 1999
Abstract Toshiba is designing a next-generation control room that promises safer and more stable operation based on use of `safewarea and an integrated design concept. This paper discusses advanced methods and technologies for automating power-generation plants. First of all, the historical development of plant-automation technologies are summarized, then, Toshiba GSXPTM (Global System for neXt Power Plant) is introduced as a typical present-day system. Finally, as an example of a next-generation system applying advanced system technologies, three on-going studies and a future control-room design are introduced. ( 1999 Elsevier Science Ltd. All rights reserved. Keywords: Man}machine interface; Open/distributed architecture; Multi-agent; Advanced control algorithms
1. Introduction Computerized power plant automation in Japan was started around 1968, when the "rst DDC (direct digital control) system (such as turbine run-up control) was designed and put into operation successfully. Since then, the scope and the depth of power plant automation has expanded step-by-step. The current level of power plant automation is well explained in a paper describing the Shiriuchi Power Station Unit d2 of Hokkaido Electric Power Company (Konishi, Sugimori & Watanabe, 1997). Computerized automation systems are usually introduced into new thermal power plants in Japan as a matter of course. These automation systems are also introduced to existing thermal power plants when the replacement of control/computer systems are planned. In the early days of plant automation there was a lot of discussion about who, operator or the automation system, should be the "nal decision-maker. For example,
* Corresponding author. Tel.:#81-3-3457-3926; fax:#81-3-54449381. E-mail addresses: [email protected] (K. Kawai), [email protected] (Y. Takizawa), shinji.watanabe@ toshiba.co.jp (S. Watanabe)
considering the operator's backup capability in cases of automation system failure, what sort of tasks should be retained by the operator? This problem is called `outof-the-loop unfamiliaritya (Wickens, 1992). The introduction of automation system could degrade the human operator's skills, especially in cases of system accidents (Perrow, 1984). These problems have been solved by "rm automation design concepts and an evolutionary systems approach, which will lead to tomorrow's advanced automation system. Today's popular and successful power plant automation systems are analyzed as follows: (1) The user's need for the automation system is identi"ed/de"ned as (a) to reduce the number of operating sta!; (b) to save the life-expenditure of the plant equipment; (c) to make the start-up or shutdown time constant or as short as possible. (2) Operation experience of highly reliable automation systems with available "eld-test results. (3) Interface problems among users, plant equipment suppliers and automation system manufactures are minimized as a major turbine or boiler supplier provides the automation system.
0967-0661/99/$ - see front matter ( 1999 Elsevier Science Ltd. All rights reserved. PII: S 0 9 6 7 - 0 6 6 1 ( 9 9 ) 0 0 1 1 0 - 0
1406
K. Kawai et al. / Control Engineering Practice 7 (1999) 1405}1411
(4) Functional allocation is properly made between the plant automation system and the main controllers such as the automatic power plant control (APC) system, the automatic burner management (ABS) system, the electro-hydraulic control (EHC) system and the sequence control (SEQ) systems and so on. (5) A group of background functions (engineering tools) are utilized during factory testing and throughout "eld commissioning. The items described above are regarded as the basic factors for the popularity of today's successful plant automation systems. The most important factor, however, is the evolutionary approach of the plant automation development. Its scope has been evolved as follows: (1) (2) (3) (4) (5) (6)
Turbine run-up control; Boiler start-up control; Auxiliaries start/stop control; Unit shutdown control; Unit normal mode control; Emergency mode control.
In the future automation system, how the concept of human-centered automation is realized will play a more important role. It is often said that `human must be at the locus of controla or `the human must be maintained as the "nal authority over the automationa. However, Inagaki, Moray and Itoh (1998) suggests that the dynamic trading of authority between humans and automation must be sought because the high level of e!ectiveness of automation is situation-dependent. During these discussions, the position of humans as decision-makers or supervisors becomes clearer in conjunction with the evolution of the automation technology. Dialogue between human and machine then becomes another critical aspect for safety and reliable plant operation. In the 1990s, much e!ort has been put into realizing the key developments of user-interfaces (Marcus & Dam, 1991) such as three-dimensional user interfaces, virtual reality, multimedia and hypermedia, group-ware intelligent agents and so on. However, these multi-media interface technologies are not su$ciently mature to apply to a Control and Instrumentation (C&I) system dedicated to an actual power plant operation "eld. This also means that examining how or in what situations these userinterface technologies should be applied (need-oriented) is stressed more than what measures should be used (seed-oriented). This paper introduces the philosophy and historical trends of automation technologies and discusses the next generation of man}machine system design. This includes advanced control technologies and control room design as well as focusing on, in addition to human}machine communication, human}human communication.
2. Automation philosophy and system design principle The design goal of power plant automation in the area of the daily start-up and shutdown (DSS) operation can be summarized as follows: (1) A safe, smooth and reliable start-up and shutdown operation; (2) Reducing plant equipment life-expenditure; (3) Reducing the time required for the start-up and shutdown operation; (4) Reducing the operator's workload during the startup and shutdown operation. In order to design the plant automation system properly, the `automation philosophya should be established as the `system design principlea and be well documented. It is also necessary to share this information among users, plant suppliers and automation system manufacturer. This design document should cover such items as: (1) The objective of automation, its scope and depth; (2) The speci"cation of plant equipment to be automated; (3) The operator's role and the man}machine communication interface; (4) Hardware/software `fail safea considerations; (5) Target of automation availability and method of failure localization.
3. Historical trends in automation technologies 3.1. Man}machine system design 3.1.1. Historical development of man}machine interface Typical automation systems in the early days of TOSBAC computer series are shown in Table 1. The relevant man}machine interface devices are also shown in chronological order. Toshiba developed an event-oriented expert system named computerized optimum plant operation system (COPOS) to overcome the limitations of automationsoftware production based on #ow-chart method. A piece of automation knowledge is expressed in one of the `plant tablesa in COPOS world (Tanaka, Ohta, Minoura & Kogure, 1975). The main topics in the man}machine interface during 1970s and early 1980s can be summarized in the following "ve stages: Stage 1. Automatic start-up and shutdown control (ASC) console and digital printer (TW) were provided (Hachinohe Unit 3). Stage 2. Monochromatic CRTs were introduced (Atsumi Unit 1).
(1968)
(1971)
(1976)
(1980)
(1983)
1
2
3
4
5
Shin-kokura Unit-5 600 MW
Hirono Unit-1 600 MW
ShinAinoura Unit-2 500 MW
Atsumi Unit-1 500 MW
Hachinohe Unit-3 250 MW
Plant name Unit no. Capacity
Kyushu
Tokyo
Kyushu
Chubu
Tohoku
Power company
T-7/70 Imb]2 (Main) 12 MB#30 MB (Bulk) AI 976 DI 1600 DO 656
T-7000/25 64 KW (Main) 768 KW]2 (Bulk) AI 1016 DI 1886 DO 1024
T-7000/25 36 KW (Main) 512 KW (Bulk) AI 850 DI 1288 DO 512
T-7000/20 32 KW (Main) 163 KW (Bulk) AI 579 DI 276 DO 196
T-7000/40 16 KW(Main) 48 KW (Bulk) AI 295 DI 200 DO 360
Computer memory PI/O
COPOS-7
AD-COPOS
COPOS-25
SPAC-II
SPAC-I
System soft
Turbine Boiler Auxiliaries Shutdown Normal Mode Emergency Mode DSS
Turbine Boiler Auxillaries Shutdown Normal Mode Emergency Mode
Turbine Boiler Auxillaries Shutdown
Turbine Boiler
Turbine
Scope of automation
2
1
1
1
1
TW
2
1
1
1
}
2
3
1
1
1
1
1
1
}
}
AL M
AS C
OP
CRT
CNS
Man}machine interface
5
4
1
}
}
INF
Graphic CRT VAS (Digital)
Graphic CRT VAS (Analog)
Color CRT (Character display)
Monochromatic CRT
Remarks
Note: AI: Analog Input, DI: Digital Input, DO: Digital Output, CNS: Console, ASC: Automatic Start-up and Shutdown Console, OP.: Operator console, TW: Type writer or digital printer, ALM: Alarm use, INF: Information use, VAS: Voice Announcement System, T-7000: TOSBAC 7000 (24 bit), T-7/70: TOSBAC 7/70 (32 bit).
Com. Opert.
No.
Table 1 Historical development of man}machine interface for plant automation
K. Kawai et al. / Control Engineering Practice 7 (1999) 1405}1411 1407
1408
K. Kawai et al. / Control Engineering Practice 7 (1999) 1405}1411
Stage 3. Color CRTs with character display were introduced (Shin-ainoura Unit 2). Stage 4. Color CRTs with graphic display and voice announcement system (VAS) were introduced (Hirono Unit 1). Stage 5. Operator-friendly software functions were introduced (Shinkokura Unit 5). The scope of plant automation system is also shown in Table 1. The step-by-step expansion of its scope can also be understood. In the early 1980s, the scope of plant automation was expanded to a one-man operation level. Along with the scale expansion and an increase in the system complexity, the most important factor in the system design became the transparency of the automation logic to the operating sta!. To achieve the design target of transparency to the operators, new functions, such as `logic charta displays, and `automation progressa displays were introduced. These new features became a part of the standard software for successive plants, assisting the operator to decrease his mental workload and helping him to determine the entire plant's status quickly. 3.1.2. Man}machine equipment hardware All the man}machine interface devices such as ASC console, graphic color CRTs, computer-driven alarm windows, sequential control master-selection panels and so on are gathered together on the automation board. Once this automation board was introduced into a new power-generating unit in 1980, and since then all the users have adopted this concept in the succeeding plants. In the mid-1980s engineering workstations and, fullgraphic CRT with multi-windows capability were introduced. In the late 1980s, large projection screens (70A}100A) were adopted in the central control room as an information-sharing device among power plant operators. 3.2. Enhanced plant monitoring The Three Mile Island accident in 1979 triggered various studies on the system safety considerations and man}machine system design guidelines throughout control communities of the world (Livingston, 1980). Plant monitoring functions, which had been regarded as well established, were also evaluated again. Safety parameter display systems were introduced into many nuclear power plants. In the thermal power generating units, enhanced plant monitoring functions that suppress excessive alarm messages were developed. The purpose of this software is to assist the operator with reliable and e!ective power plant monitoring in emergencies as well as during normal operating stages. During the normal operating stages, the conventional alarm system is useful enough for the oper-
ator. In emergencies, however, too much information is usually available to the operator and sometimes suitable action is not taken due to the #oods of messages. In order to improve the situation, such concepts as `alarm zone No.a, `alarm message activitya and `suppression pointer (SP pointer)a are introduced (Kawai, 1982). The concept of `alarm zone No.a is de"ned as the degree of penetration into the alarm region. Its incremental part is called `deltaa, i.e. `signi"cant change valuea. If the process input changes its value by `deltaa, a worse or better message (WRS/BTR) is produced. The `SP pointera is controlled by the operator's request or by event-initiated digital calculations, which show plant emergencies such as a boiler trip or a turbine trip. `Alarm message activitya is a measure of the number of alarm messages on the alarm CRT. If an alarm message exists below the SP pointer, the message is suppressed. If it exceeds the SP pointer, some outstanding format change (such as color change) will occur to enable the operator to easily grasp the process status at that time. Although some alarm messages are suppressed, all messages are outputted to the printer via the historical log bu!er. This is indispensable in the analysis of printer information for the post trip analysis of a plant malfunction.
4. Present information and control system GSXPTM, Toshiba's open/distributed C&I system, has been applied to several commercial power plants. To date, it has produced cost-e!ective results and has proved to be a highly reliable system (Konishi et al., 1997). 4.1. System conxguration A typical GSXP system is divided into three main TM components: (1) A monitoring and automation subsystem; (2) A digital control subsystem; (3) A "eld LAN subsystem. The GSXP 's monitoring and automation subsystem TM provides ease-of-operation functions using touch-sensitive screens on operators' terminals and control panels. The system's plant-automation functions ensure safe and e$cient operation using only the minimum number of operators. Alarm-handling functions provide operators with real-time data to quickly identify plant anomalies before they cause component or system failures. Alarm messages are provided to operators in prioritized order and are supplemented by lists of recommended countermeasures to correct conditions that caused the alarms. Toshiba developed the GSXP system using deTM facto standard technologies such as open-distributed,
K. Kawai et al. / Control Engineering Practice 7 (1999) 1405}1411
UNIX-based computers and a "ber-distributed data interface (FDDI) network system. Several of the system's operator stations are dedicated to monitoring plant operations, while dual-function servers are used for handling system alarms and logging plant data. A high-speed, duplicated LAN links all system computers. Thus, the failure of a single computer or the primary LAN will not a!ect overall system reliability. The GSXP 's high-performance, digital-control TM subsystem ensures sophisticated data management and advanced control capabilities, including various conventional PID controls. A "eld LAN subsystem, which is backed up with duplicate system con"guration, transmits "eld data to digital control systems and function severs via analogand digital-input modules. This system signi"cantly reduces metal}cable requirements and provides improved system maintainability.
1409
Table 2 Requirements for future information and control systems Item
Goal
Control
To improve system operability and environmental maintainability by applying advanced control algorithms To reduce the time required to accurately assess dynamic operating conditions To achieve highly reliable, e$cient automation of plant operation that requires a minimum number of operators To improve system support for plant operators by supplying them with real-time plant information and suggested responses to all possible anomalies To achieve highly sophisticated interaction between humans and machines
Monitoring Operation
Judgement
Dialogue
4.2. Man}machine interface The Operator}Station/Server system supports and enhances many C&I functions, such as monitoring plant status, plant automatic control, performance calculation and various CRT-based operations. Plant operators can quickly obtain the necessary information about all plant functions and then perform control tasks using the same CRT terminals. Basically, operators only need to press their terminal's touch-sensitive screen buttons for plant operation. Operator}Station/Server system is di!erent from the usual client/server system, in which a client cannot act without a server. The availability of the operator}station, thus, has much more improved. Since there are no alarm windows on backup panels, operators acknowledge abnormal-status alarm messages sent directly to operator's terminal. This system provides a high-performance alarm function that speeds up operator comprehension by classifying alarm messages according to rank, such as a serious trouble or a slight trouble, and/or mechanical system group, such as turbine system, boiler system, etc.
5. Next-generation man}machine system Regarding future trends for improving plant information and control systems, it is vital to discuss the following requirements (Kawai, Takizawa & Watanabe, 1998): (1) How dynamic plant-con"guration technologies such as improved sensors and actuators that incorporate arti"cial-intelligence (AI) can be applied and optimized; (2) How training for plant operators can be improved to enable them to better use these new technologies, and how the roles of operators will change as a result of
Fig. 1. Advanced technologies for responding to the needs on information and control systems.
the increased application of computers and other technologies; (3) How ever-improving computer technologies can be applied. To improve a plant's human}machine interface, it is important to distinguish between their interaction levels, such as `direction,a `suggestiona and `information exchangea. Based on this perspective, Table 2 shows "ve key requirements for future information and control systems are listed. As shown in Fig. 1, Toshiba proposes a systems approach that uses advanced technologies to satisfy the three requirements listed above. Integrated systems technologies are the most promising approach to such a large scale, nonlinear dynamic processes like the power-generation plants. Leveson (1995) wrote in her book 2 && This book attempts to convince the computer science and engineering communities that a di!erent approach is possible and should be tried. The title of the book, Safeware, expresses the impossibility of separating the
1410
K. Kawai et al. / Control Engineering Practice 7 (1999) 1405}1411
various aspects of the system when dealing with safety issues''. 5.1. Advanced control technology for improving system operability and environment maintainability Toshiba is developing an advanced system to control the process for decomposing a combined-cycle plant's nitrogen-oxide (NO ) by using two methods: generalized x predictive control (GPC) and linear quadratic regular (LQR) (Nakamoto, Shimizu, Nagata & Kubota, 1995). NO contained in a gas turbine's exhaust #ow is decomx posed by the use of anmonia (NH ), whose #ow rate is 3 adjusted to keep the NO rate at an operator-designated x set point. The control system has a cascade scheme that includes NO #ow control designed by a GPC method x and NH control designed by an LQR method. Experi3 mental results on a commercial power plant prove the system's practicability as well as its improved control performance. The #uctuation of the NO #ow rate bex came less than one-"fth of a conventional control system, for example. 5.2. Reward strategies for adaptive start-up scheduling A power plant's start-up schedule is designed to minimize start-up time while limiting the maximum turbinerotor stresses. Improving a plant's start-up scheduling can be seen as a combinatorial optimization problem with constraints. To achieve an e$cient and robust search model, Toshiba proposes using an enforcement operator to focus the search along the boundary, as well as other local-search strategies such as a reuse function and a tabu search used in combination with genetic algorithms (Kamiya, Kobayashi & Kawai, 1997). To further increase search e$ciency and satisfy on-line search performance, an integrating genetic algorithm with reinforced learning algorithms has been developed. The following points resulted from the simulation analysis: (1) A shorter start-up time than the design basis data (about 12% reduction in warm start-up mode); (2) Positive potential for on-line application (average calculation time is 1}8 sec using SPARC Station 20). 5.3. Plant information navigator using multi-agent technology To improve the speed and e$ciency of dialogue between a plant's humans and the machines they operate, multi-agent technology is seen as a promising methodology. In the area of the power industry that includes electrical networks and nuclear power plants, a multiagent architecture has been proposed not only for user interfaces but also for control system design (Avouris,
Fig. 2. Example of displayed messages and dialogue between a plant operator and the process information navigator.
Liedekerke, Lekkas & Hall, 1993; Elias & Chouraqui, 1996). However, when it comes to a con#ict resolution mechanism using a rule-based method for dynamic systems with high degree of automation much research and development is still needed. As shown in Table 2, several kinds of information must be presented to operators concurrently. The use of multi-agents will help integrate the overall plant control in the following way: a block of information processing will be assigned to a single agent while other agents are used to control supervisory information. Fig. 2 illustrates a sample of dialogue that could occur between an operator and the Process Information Navigator after a plant-status anomaly has been detected. 5.4. Next-generation control room In general, to achieve an optimal operational environment, the process of control-room design includes examining the following factors (Ivergard, 1989): (1) (2) (3) (4) (5) (6) (7)
Models in process control; Design of information devices; Design of controls; Control-room layout and design; Environment factors in the control room; System design; Operator's abilities and limitations.
More concretely, the following factors should be considered from the earliest stage of planning a plant's total control system. (1) To maintain the bene"ts of a conventional boiler turbine generator (BTG) panel, the large display panel should be divided into two parts: variable and "xed display areas. The variable display area provides speci"c plant information according to the
K. Kawai et al. / Control Engineering Practice 7 (1999) 1405}1411
1411
machine are introduced. Finally the concept of a nextgeneration control room making use of advanced system technologies and the philosophy of `safewarea was presented. The results of these studies satisfy most development targets and required countermeasures for designing future automation technologies used in power-generation plants.
References
Fig. 3. An illustration of next-generation plant control room.
plant's current operating conditions. The "xed display area provides an overview of plant information and identical system information continuously, regardless of a plant's current conditions. (2) Improving pattern-recognition capabilities among operators to speed up reaction times to alert and alarm warnings. (3) To avoid cognitive overload among a plant's operators, the amount and format of the information they receive should be well within an average operator's information-processing limitations. Fig. 3 shows an illustration of a next-generation control room. The control system's support engineers are stationed behind the central control room's large display panels, maximizing human}human communication between the plant's operators and its engineers. 6. Conclusion Toshiba's GSXP system applies state-of-the-art TM technologies to the information and control systems used at power plants. GSXP features an open/distributed TM architecture that improves overall plant e$ciency and speed. Based on probable future trends in the powerplant industry, Toshiba proposes "ve requirements for future information and control systems. As examples of the advanced system technologies, a NO decomposition x process control, the optimization of a start-up scheduling problem and an improved dialogue between human and
Avouris, N. M., Van Liedekerke, M. H., Lekkas, G. P., & Hall, L. E. (1993). User interface design for cooperating agents in industrial process supervision and control applications. International Journal of Man-Machine Studies, 38, 873}890. Elias, P., & Choouraqui, E. (1996). A multi-agent system for the control of pressurized water reactors in an accidental situation. Proceedings of the xrst international conference on the practical application of intelligent agents and multi-agent technology (pp. 123}142). Inagaki, T., Moray, N., & Itoh, M. (1998). Trust, self-con"dence and authority in human-machine systems. Preprints of the seventh IFAC/IFIP/IFORS/IEA symposium on analysis, design and evaluation of man}machine systems (pp. 491}496). Ivergard, T. (1989). Handbook of control room design and ergonomics. UK: Taylor and Francis. Kamiya, A., Kobayashi, S., & Kawai, K. (1997). Reward strategies for adaptive start-up scheduling of power plant. Proceedings of IEEE international conference on systems, man, and cybernetics (pp. 3417}3424). Kawai, K. (1982). A Multi-level alarm information processing system applied to thermal power plant. In Proceedings of IFAC MMS symposium (pp. 89}94). Germany: Baden}Baden. Kawai, K., Takizawa, Y., & Watanabe, S. (1998). Advanced control and monitoring system-development of information and control technologies toward the 21st century (in Japanese). Toshiba Review, 53(2), 52}54. Konishi, T., Sugimori, I., & Watanabe, T. (1997). Application of advanced digital control system to thermal power plants. 1997 Joint power generation conference, vol. 2, (pp. 213}220) ASME. Leveson, N. G. (1995). Safeware-system safety and computers. Reading, MA: Addison-Wesley. Livingston, W.L. (1980). The impact of three mile island on process control computer technology. Control Engineering, May, 86}91. Marcus, A., & Dam, A. (1991). User-interface developments for the nineties. Computer, September, 49}57. Nakamoto, M., Shimizu, K., Nagata, K., & Kubota, T. (1995). Generalized predictive control for a NO decomposition process of a comx bined cycle power plant. IFAC Control of Power Plants and Power Systems SIPOWER '95 (pp. 251}256) Cancun, Mexico. Perrow, C. (1984). Normal accidents. New York: Basic Books. Tanaka, S., Ohta, K., Minoura, T., & Kogure, Y. (1975). New concept software system for power generation plant computer control } COPOS. In Proceedings of PICA conference (pp. 267}275). USA: New Orleans. Wickens, C. D. (1992). Engineering psychology and human performance. New York: Harper Collins.
Advanced automation for power-generation plants } past, present and future K. Kawai!,*, Y. Takizawa", S. Watanabe# !Management Innovation Group, Toshiba Corporation 1-1, Shibaura 1-Chome, Minato-ku, Tokyo 105-8001, Japan "Control and Instrumentation Engineering Dept.-Thermal Power, Toshiba Corporation 36-5, Tsurumichuo 4-Chome, Tsurumi-ku, Yokohama 230-0051, Japan #Design Center, Toshiba Corporation 1-1, Shibaura 1-Chome, Minato-ku, Tokyo 105-8001, Japan Received 26 January 1999; accepted 21 June 1999
Abstract Toshiba is designing a next-generation control room that promises safer and more stable operation based on use of `safewarea and an integrated design concept. This paper discusses advanced methods and technologies for automating power-generation plants. First of all, the historical development of plant-automation technologies are summarized, then, Toshiba GSXPTM (Global System for neXt Power Plant) is introduced as a typical present-day system. Finally, as an example of a next-generation system applying advanced system technologies, three on-going studies and a future control-room design are introduced. ( 1999 Elsevier Science Ltd. All rights reserved. Keywords: Man}machine interface; Open/distributed architecture; Multi-agent; Advanced control algorithms
1. Introduction Computerized power plant automation in Japan was started around 1968, when the "rst DDC (direct digital control) system (such as turbine run-up control) was designed and put into operation successfully. Since then, the scope and the depth of power plant automation has expanded step-by-step. The current level of power plant automation is well explained in a paper describing the Shiriuchi Power Station Unit d2 of Hokkaido Electric Power Company (Konishi, Sugimori & Watanabe, 1997). Computerized automation systems are usually introduced into new thermal power plants in Japan as a matter of course. These automation systems are also introduced to existing thermal power plants when the replacement of control/computer systems are planned. In the early days of plant automation there was a lot of discussion about who, operator or the automation system, should be the "nal decision-maker. For example,
* Corresponding author. Tel.:#81-3-3457-3926; fax:#81-3-54449381. E-mail addresses: [email protected] (K. Kawai), [email protected] (Y. Takizawa), shinji.watanabe@ toshiba.co.jp (S. Watanabe)
considering the operator's backup capability in cases of automation system failure, what sort of tasks should be retained by the operator? This problem is called `outof-the-loop unfamiliaritya (Wickens, 1992). The introduction of automation system could degrade the human operator's skills, especially in cases of system accidents (Perrow, 1984). These problems have been solved by "rm automation design concepts and an evolutionary systems approach, which will lead to tomorrow's advanced automation system. Today's popular and successful power plant automation systems are analyzed as follows: (1) The user's need for the automation system is identi"ed/de"ned as (a) to reduce the number of operating sta!; (b) to save the life-expenditure of the plant equipment; (c) to make the start-up or shutdown time constant or as short as possible. (2) Operation experience of highly reliable automation systems with available "eld-test results. (3) Interface problems among users, plant equipment suppliers and automation system manufactures are minimized as a major turbine or boiler supplier provides the automation system.
0967-0661/99/$ - see front matter ( 1999 Elsevier Science Ltd. All rights reserved. PII: S 0 9 6 7 - 0 6 6 1 ( 9 9 ) 0 0 1 1 0 - 0
1406
K. Kawai et al. / Control Engineering Practice 7 (1999) 1405}1411
(4) Functional allocation is properly made between the plant automation system and the main controllers such as the automatic power plant control (APC) system, the automatic burner management (ABS) system, the electro-hydraulic control (EHC) system and the sequence control (SEQ) systems and so on. (5) A group of background functions (engineering tools) are utilized during factory testing and throughout "eld commissioning. The items described above are regarded as the basic factors for the popularity of today's successful plant automation systems. The most important factor, however, is the evolutionary approach of the plant automation development. Its scope has been evolved as follows: (1) (2) (3) (4) (5) (6)
Turbine run-up control; Boiler start-up control; Auxiliaries start/stop control; Unit shutdown control; Unit normal mode control; Emergency mode control.
In the future automation system, how the concept of human-centered automation is realized will play a more important role. It is often said that `human must be at the locus of controla or `the human must be maintained as the "nal authority over the automationa. However, Inagaki, Moray and Itoh (1998) suggests that the dynamic trading of authority between humans and automation must be sought because the high level of e!ectiveness of automation is situation-dependent. During these discussions, the position of humans as decision-makers or supervisors becomes clearer in conjunction with the evolution of the automation technology. Dialogue between human and machine then becomes another critical aspect for safety and reliable plant operation. In the 1990s, much e!ort has been put into realizing the key developments of user-interfaces (Marcus & Dam, 1991) such as three-dimensional user interfaces, virtual reality, multimedia and hypermedia, group-ware intelligent agents and so on. However, these multi-media interface technologies are not su$ciently mature to apply to a Control and Instrumentation (C&I) system dedicated to an actual power plant operation "eld. This also means that examining how or in what situations these userinterface technologies should be applied (need-oriented) is stressed more than what measures should be used (seed-oriented). This paper introduces the philosophy and historical trends of automation technologies and discusses the next generation of man}machine system design. This includes advanced control technologies and control room design as well as focusing on, in addition to human}machine communication, human}human communication.
2. Automation philosophy and system design principle The design goal of power plant automation in the area of the daily start-up and shutdown (DSS) operation can be summarized as follows: (1) A safe, smooth and reliable start-up and shutdown operation; (2) Reducing plant equipment life-expenditure; (3) Reducing the time required for the start-up and shutdown operation; (4) Reducing the operator's workload during the startup and shutdown operation. In order to design the plant automation system properly, the `automation philosophya should be established as the `system design principlea and be well documented. It is also necessary to share this information among users, plant suppliers and automation system manufacturer. This design document should cover such items as: (1) The objective of automation, its scope and depth; (2) The speci"cation of plant equipment to be automated; (3) The operator's role and the man}machine communication interface; (4) Hardware/software `fail safea considerations; (5) Target of automation availability and method of failure localization.
3. Historical trends in automation technologies 3.1. Man}machine system design 3.1.1. Historical development of man}machine interface Typical automation systems in the early days of TOSBAC computer series are shown in Table 1. The relevant man}machine interface devices are also shown in chronological order. Toshiba developed an event-oriented expert system named computerized optimum plant operation system (COPOS) to overcome the limitations of automationsoftware production based on #ow-chart method. A piece of automation knowledge is expressed in one of the `plant tablesa in COPOS world (Tanaka, Ohta, Minoura & Kogure, 1975). The main topics in the man}machine interface during 1970s and early 1980s can be summarized in the following "ve stages: Stage 1. Automatic start-up and shutdown control (ASC) console and digital printer (TW) were provided (Hachinohe Unit 3). Stage 2. Monochromatic CRTs were introduced (Atsumi Unit 1).
(1968)
(1971)
(1976)
(1980)
(1983)
1
2
3
4
5
Shin-kokura Unit-5 600 MW
Hirono Unit-1 600 MW
ShinAinoura Unit-2 500 MW
Atsumi Unit-1 500 MW
Hachinohe Unit-3 250 MW
Plant name Unit no. Capacity
Kyushu
Tokyo
Kyushu
Chubu
Tohoku
Power company
T-7/70 Imb]2 (Main) 12 MB#30 MB (Bulk) AI 976 DI 1600 DO 656
T-7000/25 64 KW (Main) 768 KW]2 (Bulk) AI 1016 DI 1886 DO 1024
T-7000/25 36 KW (Main) 512 KW (Bulk) AI 850 DI 1288 DO 512
T-7000/20 32 KW (Main) 163 KW (Bulk) AI 579 DI 276 DO 196
T-7000/40 16 KW(Main) 48 KW (Bulk) AI 295 DI 200 DO 360
Computer memory PI/O
COPOS-7
AD-COPOS
COPOS-25
SPAC-II
SPAC-I
System soft
Turbine Boiler Auxiliaries Shutdown Normal Mode Emergency Mode DSS
Turbine Boiler Auxillaries Shutdown Normal Mode Emergency Mode
Turbine Boiler Auxillaries Shutdown
Turbine Boiler
Turbine
Scope of automation
2
1
1
1
1
TW
2
1
1
1
}
2
3
1
1
1
1
1
1
}
}
AL M
AS C
OP
CRT
CNS
Man}machine interface
5
4
1
}
}
INF
Graphic CRT VAS (Digital)
Graphic CRT VAS (Analog)
Color CRT (Character display)
Monochromatic CRT
Remarks
Note: AI: Analog Input, DI: Digital Input, DO: Digital Output, CNS: Console, ASC: Automatic Start-up and Shutdown Console, OP.: Operator console, TW: Type writer or digital printer, ALM: Alarm use, INF: Information use, VAS: Voice Announcement System, T-7000: TOSBAC 7000 (24 bit), T-7/70: TOSBAC 7/70 (32 bit).
Com. Opert.
No.
Table 1 Historical development of man}machine interface for plant automation
K. Kawai et al. / Control Engineering Practice 7 (1999) 1405}1411 1407
1408
K. Kawai et al. / Control Engineering Practice 7 (1999) 1405}1411
Stage 3. Color CRTs with character display were introduced (Shin-ainoura Unit 2). Stage 4. Color CRTs with graphic display and voice announcement system (VAS) were introduced (Hirono Unit 1). Stage 5. Operator-friendly software functions were introduced (Shinkokura Unit 5). The scope of plant automation system is also shown in Table 1. The step-by-step expansion of its scope can also be understood. In the early 1980s, the scope of plant automation was expanded to a one-man operation level. Along with the scale expansion and an increase in the system complexity, the most important factor in the system design became the transparency of the automation logic to the operating sta!. To achieve the design target of transparency to the operators, new functions, such as `logic charta displays, and `automation progressa displays were introduced. These new features became a part of the standard software for successive plants, assisting the operator to decrease his mental workload and helping him to determine the entire plant's status quickly. 3.1.2. Man}machine equipment hardware All the man}machine interface devices such as ASC console, graphic color CRTs, computer-driven alarm windows, sequential control master-selection panels and so on are gathered together on the automation board. Once this automation board was introduced into a new power-generating unit in 1980, and since then all the users have adopted this concept in the succeeding plants. In the mid-1980s engineering workstations and, fullgraphic CRT with multi-windows capability were introduced. In the late 1980s, large projection screens (70A}100A) were adopted in the central control room as an information-sharing device among power plant operators. 3.2. Enhanced plant monitoring The Three Mile Island accident in 1979 triggered various studies on the system safety considerations and man}machine system design guidelines throughout control communities of the world (Livingston, 1980). Plant monitoring functions, which had been regarded as well established, were also evaluated again. Safety parameter display systems were introduced into many nuclear power plants. In the thermal power generating units, enhanced plant monitoring functions that suppress excessive alarm messages were developed. The purpose of this software is to assist the operator with reliable and e!ective power plant monitoring in emergencies as well as during normal operating stages. During the normal operating stages, the conventional alarm system is useful enough for the oper-
ator. In emergencies, however, too much information is usually available to the operator and sometimes suitable action is not taken due to the #oods of messages. In order to improve the situation, such concepts as `alarm zone No.a, `alarm message activitya and `suppression pointer (SP pointer)a are introduced (Kawai, 1982). The concept of `alarm zone No.a is de"ned as the degree of penetration into the alarm region. Its incremental part is called `deltaa, i.e. `signi"cant change valuea. If the process input changes its value by `deltaa, a worse or better message (WRS/BTR) is produced. The `SP pointera is controlled by the operator's request or by event-initiated digital calculations, which show plant emergencies such as a boiler trip or a turbine trip. `Alarm message activitya is a measure of the number of alarm messages on the alarm CRT. If an alarm message exists below the SP pointer, the message is suppressed. If it exceeds the SP pointer, some outstanding format change (such as color change) will occur to enable the operator to easily grasp the process status at that time. Although some alarm messages are suppressed, all messages are outputted to the printer via the historical log bu!er. This is indispensable in the analysis of printer information for the post trip analysis of a plant malfunction.
4. Present information and control system GSXPTM, Toshiba's open/distributed C&I system, has been applied to several commercial power plants. To date, it has produced cost-e!ective results and has proved to be a highly reliable system (Konishi et al., 1997). 4.1. System conxguration A typical GSXP system is divided into three main TM components: (1) A monitoring and automation subsystem; (2) A digital control subsystem; (3) A "eld LAN subsystem. The GSXP 's monitoring and automation subsystem TM provides ease-of-operation functions using touch-sensitive screens on operators' terminals and control panels. The system's plant-automation functions ensure safe and e$cient operation using only the minimum number of operators. Alarm-handling functions provide operators with real-time data to quickly identify plant anomalies before they cause component or system failures. Alarm messages are provided to operators in prioritized order and are supplemented by lists of recommended countermeasures to correct conditions that caused the alarms. Toshiba developed the GSXP system using deTM facto standard technologies such as open-distributed,
K. Kawai et al. / Control Engineering Practice 7 (1999) 1405}1411
UNIX-based computers and a "ber-distributed data interface (FDDI) network system. Several of the system's operator stations are dedicated to monitoring plant operations, while dual-function servers are used for handling system alarms and logging plant data. A high-speed, duplicated LAN links all system computers. Thus, the failure of a single computer or the primary LAN will not a!ect overall system reliability. The GSXP 's high-performance, digital-control TM subsystem ensures sophisticated data management and advanced control capabilities, including various conventional PID controls. A "eld LAN subsystem, which is backed up with duplicate system con"guration, transmits "eld data to digital control systems and function severs via analogand digital-input modules. This system signi"cantly reduces metal}cable requirements and provides improved system maintainability.
1409
Table 2 Requirements for future information and control systems Item
Goal
Control
To improve system operability and environmental maintainability by applying advanced control algorithms To reduce the time required to accurately assess dynamic operating conditions To achieve highly reliable, e$cient automation of plant operation that requires a minimum number of operators To improve system support for plant operators by supplying them with real-time plant information and suggested responses to all possible anomalies To achieve highly sophisticated interaction between humans and machines
Monitoring Operation
Judgement
Dialogue
4.2. Man}machine interface The Operator}Station/Server system supports and enhances many C&I functions, such as monitoring plant status, plant automatic control, performance calculation and various CRT-based operations. Plant operators can quickly obtain the necessary information about all plant functions and then perform control tasks using the same CRT terminals. Basically, operators only need to press their terminal's touch-sensitive screen buttons for plant operation. Operator}Station/Server system is di!erent from the usual client/server system, in which a client cannot act without a server. The availability of the operator}station, thus, has much more improved. Since there are no alarm windows on backup panels, operators acknowledge abnormal-status alarm messages sent directly to operator's terminal. This system provides a high-performance alarm function that speeds up operator comprehension by classifying alarm messages according to rank, such as a serious trouble or a slight trouble, and/or mechanical system group, such as turbine system, boiler system, etc.
5. Next-generation man}machine system Regarding future trends for improving plant information and control systems, it is vital to discuss the following requirements (Kawai, Takizawa & Watanabe, 1998): (1) How dynamic plant-con"guration technologies such as improved sensors and actuators that incorporate arti"cial-intelligence (AI) can be applied and optimized; (2) How training for plant operators can be improved to enable them to better use these new technologies, and how the roles of operators will change as a result of
Fig. 1. Advanced technologies for responding to the needs on information and control systems.
the increased application of computers and other technologies; (3) How ever-improving computer technologies can be applied. To improve a plant's human}machine interface, it is important to distinguish between their interaction levels, such as `direction,a `suggestiona and `information exchangea. Based on this perspective, Table 2 shows "ve key requirements for future information and control systems are listed. As shown in Fig. 1, Toshiba proposes a systems approach that uses advanced technologies to satisfy the three requirements listed above. Integrated systems technologies are the most promising approach to such a large scale, nonlinear dynamic processes like the power-generation plants. Leveson (1995) wrote in her book 2 && This book attempts to convince the computer science and engineering communities that a di!erent approach is possible and should be tried. The title of the book, Safeware, expresses the impossibility of separating the
1410
K. Kawai et al. / Control Engineering Practice 7 (1999) 1405}1411
various aspects of the system when dealing with safety issues''. 5.1. Advanced control technology for improving system operability and environment maintainability Toshiba is developing an advanced system to control the process for decomposing a combined-cycle plant's nitrogen-oxide (NO ) by using two methods: generalized x predictive control (GPC) and linear quadratic regular (LQR) (Nakamoto, Shimizu, Nagata & Kubota, 1995). NO contained in a gas turbine's exhaust #ow is decomx posed by the use of anmonia (NH ), whose #ow rate is 3 adjusted to keep the NO rate at an operator-designated x set point. The control system has a cascade scheme that includes NO #ow control designed by a GPC method x and NH control designed by an LQR method. Experi3 mental results on a commercial power plant prove the system's practicability as well as its improved control performance. The #uctuation of the NO #ow rate bex came less than one-"fth of a conventional control system, for example. 5.2. Reward strategies for adaptive start-up scheduling A power plant's start-up schedule is designed to minimize start-up time while limiting the maximum turbinerotor stresses. Improving a plant's start-up scheduling can be seen as a combinatorial optimization problem with constraints. To achieve an e$cient and robust search model, Toshiba proposes using an enforcement operator to focus the search along the boundary, as well as other local-search strategies such as a reuse function and a tabu search used in combination with genetic algorithms (Kamiya, Kobayashi & Kawai, 1997). To further increase search e$ciency and satisfy on-line search performance, an integrating genetic algorithm with reinforced learning algorithms has been developed. The following points resulted from the simulation analysis: (1) A shorter start-up time than the design basis data (about 12% reduction in warm start-up mode); (2) Positive potential for on-line application (average calculation time is 1}8 sec using SPARC Station 20). 5.3. Plant information navigator using multi-agent technology To improve the speed and e$ciency of dialogue between a plant's humans and the machines they operate, multi-agent technology is seen as a promising methodology. In the area of the power industry that includes electrical networks and nuclear power plants, a multiagent architecture has been proposed not only for user interfaces but also for control system design (Avouris,
Fig. 2. Example of displayed messages and dialogue between a plant operator and the process information navigator.
Liedekerke, Lekkas & Hall, 1993; Elias & Chouraqui, 1996). However, when it comes to a con#ict resolution mechanism using a rule-based method for dynamic systems with high degree of automation much research and development is still needed. As shown in Table 2, several kinds of information must be presented to operators concurrently. The use of multi-agents will help integrate the overall plant control in the following way: a block of information processing will be assigned to a single agent while other agents are used to control supervisory information. Fig. 2 illustrates a sample of dialogue that could occur between an operator and the Process Information Navigator after a plant-status anomaly has been detected. 5.4. Next-generation control room In general, to achieve an optimal operational environment, the process of control-room design includes examining the following factors (Ivergard, 1989): (1) (2) (3) (4) (5) (6) (7)
Models in process control; Design of information devices; Design of controls; Control-room layout and design; Environment factors in the control room; System design; Operator's abilities and limitations.
More concretely, the following factors should be considered from the earliest stage of planning a plant's total control system. (1) To maintain the bene"ts of a conventional boiler turbine generator (BTG) panel, the large display panel should be divided into two parts: variable and "xed display areas. The variable display area provides speci"c plant information according to the
K. Kawai et al. / Control Engineering Practice 7 (1999) 1405}1411
1411
machine are introduced. Finally the concept of a nextgeneration control room making use of advanced system technologies and the philosophy of `safewarea was presented. The results of these studies satisfy most development targets and required countermeasures for designing future automation technologies used in power-generation plants.
References
Fig. 3. An illustration of next-generation plant control room.
plant's current operating conditions. The "xed display area provides an overview of plant information and identical system information continuously, regardless of a plant's current conditions. (2) Improving pattern-recognition capabilities among operators to speed up reaction times to alert and alarm warnings. (3) To avoid cognitive overload among a plant's operators, the amount and format of the information they receive should be well within an average operator's information-processing limitations. Fig. 3 shows an illustration of a next-generation control room. The control system's support engineers are stationed behind the central control room's large display panels, maximizing human}human communication between the plant's operators and its engineers. 6. Conclusion Toshiba's GSXP system applies state-of-the-art TM technologies to the information and control systems used at power plants. GSXP features an open/distributed TM architecture that improves overall plant e$ciency and speed. Based on probable future trends in the powerplant industry, Toshiba proposes "ve requirements for future information and control systems. As examples of the advanced system technologies, a NO decomposition x process control, the optimization of a start-up scheduling problem and an improved dialogue between human and
Avouris, N. M., Van Liedekerke, M. H., Lekkas, G. P., & Hall, L. E. (1993). User interface design for cooperating agents in industrial process supervision and control applications. International Journal of Man-Machine Studies, 38, 873}890. Elias, P., & Choouraqui, E. (1996). A multi-agent system for the control of pressurized water reactors in an accidental situation. Proceedings of the xrst international conference on the practical application of intelligent agents and multi-agent technology (pp. 123}142). Inagaki, T., Moray, N., & Itoh, M. (1998). Trust, self-con"dence and authority in human-machine systems. Preprints of the seventh IFAC/IFIP/IFORS/IEA symposium on analysis, design and evaluation of man}machine systems (pp. 491}496). Ivergard, T. (1989). Handbook of control room design and ergonomics. UK: Taylor and Francis. Kamiya, A., Kobayashi, S., & Kawai, K. (1997). Reward strategies for adaptive start-up scheduling of power plant. Proceedings of IEEE international conference on systems, man, and cybernetics (pp. 3417}3424). Kawai, K. (1982). A Multi-level alarm information processing system applied to thermal power plant. In Proceedings of IFAC MMS symposium (pp. 89}94). Germany: Baden}Baden. Kawai, K., Takizawa, Y., & Watanabe, S. (1998). Advanced control and monitoring system-development of information and control technologies toward the 21st century (in Japanese). Toshiba Review, 53(2), 52}54. Konishi, T., Sugimori, I., & Watanabe, T. (1997). Application of advanced digital control system to thermal power plants. 1997 Joint power generation conference, vol. 2, (pp. 213}220) ASME. Leveson, N. G. (1995). Safeware-system safety and computers. Reading, MA: Addison-Wesley. Livingston, W.L. (1980). The impact of three mile island on process control computer technology. Control Engineering, May, 86}91. Marcus, A., & Dam, A. (1991). User-interface developments for the nineties. Computer, September, 49}57. Nakamoto, M., Shimizu, K., Nagata, K., & Kubota, T. (1995). Generalized predictive control for a NO decomposition process of a comx bined cycle power plant. IFAC Control of Power Plants and Power Systems SIPOWER '95 (pp. 251}256) Cancun, Mexico. Perrow, C. (1984). Normal accidents. New York: Basic Books. Tanaka, S., Ohta, K., Minoura, T., & Kogure, Y. (1975). New concept software system for power generation plant computer control } COPOS. In Proceedings of PICA conference (pp. 267}275). USA: New Orleans. Wickens, C. D. (1992). Engineering psychology and human performance. New York: Harper Collins.