I inherited the maintenance responsibility for an emergency alert siren system in a 10-mile emergency protection zone surrounding a nuclear generation plant. The activation devices were a radio two-tone sequential system, and when tones were received, it closed a contact, which closed a three-phase contactor, which activated an electro-mechanical siren. Shortly after inheriting the system, sirens started activating themselves with no signal. The two-tone sequential system was to prevent bogus signals from triggering them. Yet, they were going off anyway.
This set off a series of events within the utility senior management and the State Emergency Management Services (EMS). They thought the system was unreliable and that something needed to be done right away. There was one siren that seemed to be going off more than the others, so I put the suspect unit on the bench test stand and tried to duplicate the problem. I suspected that it had something to do with power, but what? I got to thinking, maybe there was a power interruption of some sort, but if it was powered down, why would the output relay close causing activation?
I put a dual trace o’scope on the two-tone lines. When the proper tone was received on each decoder, the output would go from 0V to 12V. I started flicking the on/off switch while watching the o’scope. Both lines acted like they were supposed to -- no voltage spikes to give the impression of a received signal. Finally, I got it to pick the output relay up while I was flipping the switch. That recreated the problem. It was definitely power related, but it was not in the decoder lines.
I then put the scope where the two-tone lines combined to produce a single trigger line, and found out that the voltage at this point would go from a 12V to 0V when the proper tones and the correct timing were received. I went through the whole process again. The problem was being able to flip the switch fast enough to make the output relay pick up. It took numerous tries, but it finally happened.
This was what was happening: If the power interruption was short enough, the 12V would almost get to 0V, making it seem as though a proper signal had been received, while not totally powering down the whole unit. The relay would then react to the signal and close it, causing the siren to activate.
We tried to mitigate this by trying different RC constants between the stages, but then it would not operate at all. The whole system was eventually replaced with a dual-tone multi-frequency signaling system.
This entry was submitted by Dennis Buchanan and edited by Rob Spiegel.
Dennis E. Buchanan served six years in the Navy as an electronic technician, and worked for an investor-owned utility for 18 years. While he was working at a nuclear power station, he was part of a three-man design team tapped to improve the radio communications and later to upgrade the emergency notification system. Buchanan is a Motorola-trained trunked radio system technician, and also holds a FCC radiotelephone license with Ships Radar Endorsement.
Tell us your experience in solving a knotty engineering problem. Send stories to Rob Spiegel for Sherlock Ohms.
Beth... When my daughter was 8 or 9 my ex moved to within a mile of the Forked River Plant here in Jersey. Once when I picked her up I was told that they had an evacuation drill at school that week.
She said that they didn't use the buses though... Instead they had the kids stand where they would have been seated had the buses been used. Why no buses you ask?... Because they were at one of the other schools.
So much for timely evacuation of the schools.
My daughter is now a mom of 5 and has moved about 30 miles south of the plant. She lives on a lagoon and though she doesn't have her own boat we agreed on the same thought as before the move... If the plant goes radically bad, jump in a boat and head south along the inland water way.
It may get crowded as she passes Atlantic City, but the land routes will all be bumper-to-bumper standing-still. Plus the wind here is rarely from the north.
We lived through Three Mile Island without a good plan. Mostly what I just stated but for that one the winds were not likely going to be in our favor.
Not nearly as heart stopping but we had a weird machine fault a few years back. It involved a too short or fuzzy to be fully reported optical sensor interrupt.
The interrupt was so weak that it would not be captured by the computer, but it would stop the machine. The only way to get going again was to shut down completely and reboot (about a 5 minute process).
Normally the fault should have been reported at the operator screen and then cleared. But with no report, clearing the fault was not possible... and in fact it was unidentifiable.
The machine in question had around 200 sensors and safety interlocks, 5 robots each with its own controller (and their own independent cycle), and a main controller... any of which could have been causing the problem.
To make things worst the fault was pretty rare (couple times a day). We had to resort to having a bunch of people watching every moving part to see if the stoppage could be linked to a specific movement.
Eventually it was narrowed down to one of the material advance motions. It was then noted that one of the reflection sensors was occasionally flickering just enough to be seen. It would happen during the material's advance.
A new sensor was installed and the problem went away. I don't know if the fact that the sensor was about the farthest one from the main controller contributed to the fuzzyness of the signal or not... but there you go.
I've tracked down fuzzy faults on other machines, but on that machine almost everything was reported and could be easily identified so this was totally unexpected.
Sometimes it's the rare, hard to reproduce glitches that give the really big headaches...
Beth, I guess you are lucky to be living near Seabrook. Folks who live in VT near Vermont Yankee may tell a different story. There have been numerous false siren alarms, some due to hardware issues and some due to human error!
And even when things are working correctly just think of the horror that might overtake a visitor to the area who is clueless about siren test schedules. It happened to me once and I should know better! My wife and I were out for a hike in a wilderness area in New Hampshire, across the Connecticut River from Vernon Vermont, home to Vermont Yankee. We were several miles down a forest trail when the wail of distant sirens rang out and kept on ringing. The duration seemed far longer than any tests I had heard in the past. Images of a nuclear disaster and invisible radioactive plumes filling the air danced in my head. We had no radios on us, either broadcast, 2-way or ham. And cellular technology had not yet reached us. And even if it had, who would want to schlep a bag phone on a day hike? Needless to say, after the sirens refused to quit, we did. We returned to the parking area at the head of the trail wondering what the heck was happening. Turned out to be a test with malfunctioning sirens that would not shut off! Whew! We figured that was the scenario but there was that tinge of doubt that kept us retracing our steps at a good pace.
I am totally amazed that a system would have been released for delivery without the power interruption recovery process carefully checked. False alarms from an emergency warning system are a very serious problem because they would quickly lose credibility. A simple fix would have been to add an inhibit alarm mode that was triggered for any power system interruption, and a change in operaation mode to assure that the two trigger tones would always be sent for much longer than the inhibit alarm timer.
In our area, prior to the change to digital coding for our weather warning sirens, all of the trigger tones had to be held for about 30 seconds, after which time the siren would be triggered. The design was such that any power-return transient conditions would be ended long before the 30 second time, and the system would not respond to shorter signals.
This also allowed for testing the system without triggering by sendind a short tone pair. Detection could be verified but no siren would be activated.
Jenn: In the 18 years that I've lived near the Seabrook nuclear plant in New Hampshire, there have never been sirens going off without warning--thankfully. Every once and a while, they do a planned test of the sirens, but the community is given lots of notice so there is no panic.
Alex is right about the dangers to community if sirens were to sound without that kind of advanced notice--people in this area receive evacuation instructions and local schools make parents sign forms at the beginning of the year spotlighting the school's evacuation process and procedures. There's even a sign on a shingled barn out on the island near where I live that says "No evacuation possible." People are very aware of what could happen and I can't even imagine the pandemonium that would ensue with random siren alerts.
Going back to my journalism roots, I want to know how the people living around the plant reacted while all these false-alarm sirens were going off. Beth, what does your family do, if anything, when the sirens go off? You can never be too careful, right?
The technical problem here resulted in a wide-area false positive siren. This is a bad thing, social and process design wise. I don't know what the standard or best practices are in nuclear plants, but one would think that setting off an emergency siren for the community would be a two-step process. There would be an internal siren or alarm, and then it would be vetted by a plant manager or safety coordinator to verify that there's an issue, classify its level of serious, and then determine whether a community siren needs to be triggered. It's not a minor issue to have a false-positive siren go off in a 10-mile area where the population is going to feel they need to evacuate the area.
As someone who lives in close proximity of a nuclear power plant, it had to be very disconcerting to the public to hear the sirens go off without any kind of fair warning that it was a test. Kudos to figuring out the reason for the false alarm trigger. It sounds like it was unlikely your detective work could lead to a more sustainable solution that would have prevented the replacement of the alarms.
From Dell / Intel® New Paradigms in Design Work Scott Hamilton, vertical market strategist for Dell Precision workstations, 5/2/2013 3
Early in my career, I worked as a draftsman and remember the days of drawing on vellum with numbered pencils and Mylar with plastic lead. This was a fun experience in the sense that I ...
I've been using workstations for more than 10 years and love finding ways to get more performance from my system. With demanding professional applications that require more power each ...
A lasting memory from my first job as an engineer in an auto assembly plant is standing on hard concrete at six in the morning, vending-machine coffee clutched in hand, listening to ...
A quick look into the merger of two powerhouse 3D printing OEMs and the new leader in rapid prototyping solutions, Stratasys. The industrial revolution is now led by 3D printing and engineers are given the opportunity to fully maximize their design capabilities, reduce their time-to-market and functionally test prototypes cheaper, faster and easier. Bruce Bradshaw, Director of Marketing in North America, will explore the large product offering and variety of materials that will help CAD designers articulate their product design with actual, physical prototypes. This broadcast will dive deep into technical information including application specific stories from real world customers and their experiences with 3D printing. 3D Printing is
To save this item to your list of favorite Design News content so you can find it later in your Profile page, click the "Save It" button next to the item.
If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
12 
