Hardware Integrity Assessment of the Distributed Fast Beam Interlock System (FBIS) at the European Spallation Source (ESS)

The European Spallation Source (ESS), a cutting-edge research facility under construction in Lund, Sweden, is designed to be the world's brightest neutron source. The Fast Beam Interlock System (FBIS) is a critical component for ensuring the integrity and protection of the ESS facility. Designed and built by the Safety-Critical Systems (SKS) group at the Zurich University of Applied Sciences (ZHAW), in collaboration with the Machine Protection System (MPS) team at ESS, the FBIS is mainly responsible for stopping the beam when technical problems with the ESS machine or beam anomalies are detected. The FBIS thus plays an essential role in ESS machine protection and is the logic solver element of most protection functions. To ensure the high reliability of the FBIS, a comprehensive analysis was conducted in accordance with the IEC 61508 functional safety standard to assess its hardware integrity. This reliability analysis played an important role in ensuring proper and uninterrupted operation of ESS. This paper presents the analysis methodology developed and outlines the steps necessary to verify the hardware integrity of this complex, distributed system. This includes the calculation of the Probability of dangerous Failure per Hour (PFH) and the evaluation of the architectural constraints by calculating the Safe Failure Fraction (SFF) and Hardware Fault Tolerance (HFT) of the system. These calculations are based on failure rate predictions using the Siemens SN 29500 standard. In addition, a detailed Failure Modes, Effects and Diagnostic Analysis (FMEDA) was performed. The analysis demonstrates that the FBIS meets the corresponding hardware integrity requirements. The developed methodology has been successfully applied to several hundred protection functions at ESS. An example reliability analysis of a complete protection function containing a sensor system and actuators is also shown.

Keywords: Beam interlock, Reliability prediction, FMEDA, RBD, IEC 61508, Functional safety, Hardware integrity assessment.