Reactor autonomous control will enable spacecraft to manage degradations or failures on its own until the next scheduled communication between the spacecraft and Earth.
Missions that are too far away from the sun to utilize solar energy require the use of space nuclear power to enable the timely propulsion of the spacecraft to its destination, and to provide power for the science instruments on board the spacecraft. Space Nuclear Power is a necessary element for most missions under consideration in the Space Exploration Initiative. Providing robust control for the space nuclear reactors will enable mission success.
This task supports the development of an autonomous reactor control capability for JIMO. The reactor thermal control is a challenge due to the requirements for 15 years or more of operation in reactor modes ranging from reactor startup to reactor shutdown and safety, including, in all modes, the capability for reactor protection in response to off-nominal transients or system failures. While simplicity is certainly the top priority in the design of space nuclear reactor instrumentation and control, assuring continuous operation in the presence of system failures that could propagate across interfaces and lead to an inadvertent shutdown of the reactor is imperative to mission success. Contingencies will have to be provided for situations where system failures could propagate across subsystem boundaries, possibly during a time of little or no communications between earth and the spacecraft. For those situations, reactor autonomous control will be provided so that the spacecraft can manage degradations or failures on its own until the next scheduled communication between the spacecraft and Earth.
As more advanced capabilities are incorporated into the reactor controller extending its autonomy, the software development process becomes more critical. The procedures used to evaluate safety critical software are extensive and must be incorporated at the design stages of the software lifecycle. Analysis of failure modes and how the controller will react under failure conditions must begin during the design phase. This should be done in parallel to the analysis of failure modes in the system so that hardware/software interactions can be uncovered and contained. The architecture of the control system should remain flexible during the design phase making trade-offs to ensure that the optimal structure is selected.
Right: Spacecraft with autonomous nuclear reactor—artist’s concept.
A systematic approach will be taken to determine operational concepts and control strategies for the space reactor power system (SRPS). The key steps include establishing preliminary functional requirements, interface definitions, and architectural structure for the reactor module control system. Simulation facilities will be required to develop and demonstrate potential control system capabilities. Prototype architectures can be analyzed in a simulation environment to establish monitoring requirements and data needs, and provide an early assessment of diagnostic, control, decision, and prognostic capabilities.
The duration and distance requirements for the JIMO mission provide a challenge to the designers of the nuclear reactor instrumentation and control (I&C) system for the spacecraft. The most recent space nuclear reactor program, SP-100, was designed to keep the earth-orbiting reactor safe under all circumstances. Reactor startup was designed to take several hours to avoid excessive power and temperature overshots. The control system was devised of redundant rotating drums operated with functionally redundant closed-loop reactor controllers. The rotation of the control drums was designed to be fail-safe, assuring shutdown of the reactor even in the event of loss of spacecraft electrical power. In contrast, the JIMO spacecraft will be at such a great distance from earth that communication delays and interruptions of up to 40 days at a time must be tolerated. The reactor controller must make control decisions based on the best outcome for the spacecraft overall, not just the reactor subsystem. Fluctuations in spacecraft conditions must be analyzed so that their effects on the reactor are well understood and managed by the reactor controller, avoiding unnecessary shutdowns. The reactor controller will be a simple controller under normal operating conditions, but it must be extended to be tolerant of degraded conditions and failure events.