Embed Size (px)
Citation preview
Power System Vulnerability
FailureAnalysis
Information&
Sensing Vulnerability Assessment
Self Healing Strategies
StrategyDeployment
GPS
Sate
llite
LE
O
Sate
llite
Intr
anet
Inte
rnet
Power System Operating States
Early version by T. DyLiaccoThis version byL. Fink, K. Carlsen, IEEE Spectrum, March 1978 Slide by Areva T&D, 2006
Secure
System not intact System intact
System splitting and/or load lossIn extremis
Cut losses, Protect Equipment
Emergency
AlertRestorativeResynchronization Preventive Control
Heroic Action
Violation of inequality constraints
Reduction in reserve margins and/or increased probability of disturbance
E I
E I E I
E I
NormalLoad tracking, cost minimization, system coordination
E I
E = demand suppliedI = constraints met
Background� Electric power grid is considered a
national security matter� The reliable operation of the system is
of top priority to society.� Reliability concerns are amplified by the
utility’s deregulation, which increases the system’s openness while simultaneously decreasing the applied degree of control.
Vulnerability Assessment
� Is the assessment of power system’s ability to continue providing service in case of an unforeseen catastrophic contingency.
Sources of Vulnerability� Natural calamities� Component failures� Protection and control failures� Breaks in communication links� Faults� Human errors� Inadequate security margin� Gaming in the market� Sabotage or intrusion by external agents� Missing or uncertain information
Sources of Vulnerability
Intentional Human Acts
Network&
Protection
Market
Information & Decisions
CommunicationSystems
Sources of Vulnerability
Natural Calamities
InternalSources
ExternalSources
The system is insecure or vulnerableif any of these contingencies lead to a disruption of service to part(outages ) or all (blackouts ) of the system
Security Assessment Categories
� static security assessment� transient or dynamic security
assessment.
Static Security Assessment� deals with the post-disturbance period
after all transients have died down and the system reaches a new steady state operating condition
� A system is said to be statically secure if the new steady state operating condition does not violate any operating limits such as bus voltage or line current ratings.
Dynamic Security Assessment
� deals with each generator's ability to maintain synchronism with the rest of the system during the transient period immediately following the disturbance.
� The system is secured dynamically if the dynamics of the system is died out and the system operating point is viable
Example
� electrical short-circuit caused by the failure of an insulator on a high-voltage transmission line.
� Disturbances result in a sudden surge of current on the line severely disrupting all generators that are electrically close to the fault.
Example� Protective relays send a trip signal to
circuit breakers installed at each end of the line.
� The circuit breakers then open, removing the disturbance.
� The removal of the transmission line causes another disturbance to the power system.
Example� The tripping of the line may require
further corrective action. � This is called a cascading outage� These disturbances can lead to
severe consequences such as a blackout.
Few Example of Blackouts due to Lack of Dynamic Security
Date Location Affected Customers
Loss of Revenue
9-22-77 New York, USA
7.3 million $90 million
12-19-78 France 12 million $250 million
7-23-87 Tokyo, Japan
2.8 million $70 million
What Security Assessment Offers
� Fast, reliable security assessment techniques can reduce the risk of blackouts occurring by providing utilities with a means to quantify the relative risk at various operating strategies.
Challenges� Vulnerability assessment is a highly
nonlinear problem� Closed form detailed models do not exist� Power network is large and extensive� Operating conditions are wide Range� Topology is continuously changing� The list of contingencies is long� Some of the failures are single events
and some as a sequence of events.
Challenges� Vulnerability assessment is
computationally intensive process� Assessments need to be continually
repeated� On-line assessment is a challenge� Measurements and operating conditions
are noisy� Available knowledge is in historical
examples
Static Security Assessment
Definition� Ability of the system to reach a state
within the specified safety and supply quality following a contingency.
� The time period of consideration is such that the fast acting automatic control devices have restored the system load balance, but the slow acting controls and human decisions have not responded.
Contingency
� Is an abnormal event (such as a fault) which could be potentially damaging to the power system operation.
� Each contingency manifests itself differently, resulting in different types of outages.
� static security assessment (SSA).
Contingency
� The most common are the single/multiple line outages and generator outages.
Contingency� If a contingency causes a violation of
the security variables, the present power system state is insecuretowards that outage.
� The process of evaluating the steady state security of potentially damaging contingency of a power system is called static security assessment(SSA).
Security Variables
� Bus voltages � Line flows (thermal limits)
SSA Process
� Contingency definition (CD)� Contingency selection (CS)� Contingency evaluation (CE)
Contingency Definition (CD)
� CD is a process by which a list of contingencies whose – probability of occurrence is deemed
sufficiently high – are thought to be of vital interest to
system security.
Contingency Screening (CS)
� the process that shortens the original long list of contingencies by removing the vast majority of cases having no violations.
� fast and approximate method of selecting key contingencies for a more thorough evaluation.
Contingency Screening (CS)
� DC load flow (Active power contingency screening)
� Distribution Factor� Performance Index� Human expertise� Intelligent Techniques
Contingency Screening (CS): DC Load Flow
� Assumptions:– Only real power flow is used– All voltages have same magnitudes (1pu)– All voltage angles are small
1cossin
i
ii
Contingency Screening (CS): DC Load Flow
N
kikikikikkii BGVVP
1sincos
ikkiikikkiiikik VVBVVVGP sincos2
Contingency Screening (CS): DC Load Flow
ikkiikikkiiikik VVBVVVGP sincos2
N
kikikikikkii BGVVP
1sincos
N
kikikiki BGP
1
ikikik BP
Contingency Screening (CS): DC Load Flow
Step 1: Solve for
Step 2: Compute line flow
ikikik BP
N
kikikiki BGP
1
Contingency Screening (CS): DC Load Flow
Any contingency that causes
ikSMP ikik allfor
SMik =Magnitude of maximum apparent power flow of line ik
is eliminated from the list
Contingency Screening (CS): DC Load Flow
� Limitation of DC Load Flow
– Only real power is considered– Voltage violation is ignored
Contingency Screening (CS): Distribution Factor
� X(0): Predisturbance states
� : Contingency� X( ): Post disturbance states� Y: Change in system topology� XY: Sensitivity of system to change in topology
(Transfer matrix)
YXXX Y )()0()(
YXXY
Contingency Screening (CS): Distribution Factor
� Assumes linear relationship between pre and post contingency states
� Require the derivative XY
� Y could be hard to compute
Contingency Screening (CS): Performance Index (PI)
� Wi , Wik: weighting factors� Vi (ref): desired value of Vi� Sik (max): maximum rating of line ik
k i ik
ikik
iiii S
SWrefVVWPImax
)((
Contingency Evaluation (CE)
� A process by which a fast ac power-flow is used on successive individual cases in decreasing order of severity.
� The resulting security variables are checked for post contingency violations.
Contingency Evaluation (CE)� Assumes the system reaches a steady state� CE uses a full ac power-flow to calculate the
change in voltages and line flows after a contingency
� The system is insecure from static point of view if– any Voltage or power flow violations exists– substantial load is lost Operator View
System Display
Overloaded Line
Example Question
If any line trips, will another nearby line be overloaded?
Will a bus voltage be too low? Too high?
Must examine the entire system!
� Question: Given present operation, would any component outage cause an operating problem?
– What outages should be checked?� Difficult Question
– How do we check them?� System Power Flow Analysis
SSA: Issues� The objective of SSA is to detect
potential security violations before they actually occur.
� The detection– Warns operator of potential problems– gives operator sufficient time to steer
the system away from the insecure state.
SSA: Issues
� SSA is designed to performed periodically at the control center– based on the available computer
resources– the level of operational sophistication of
the particular utility
SSA: Issues
� For large scale power system, the task of security assessment is time consuming and computer intensive. – Large number of potential contingencies
that have to be analyzed– The different load levels– Changes in topologies– Changes in operational strategies
SSA: Issues
� Security assessment is a classificationproblem– the combination of system topologies,
states, and contingencies determine the security status of the system
� Hence, the concept of pattern recognition can be very effective
SSA: Issues� The concept of pattern recognition is to
capture common underlying characteristics between the pre and post-contingency status
� The captured knowledge can be generalized to classify independent test data originating from the same statistical source.
Advantages of Pattern Recognition
� Computational speed. – Classifiers can be developed off-line– Current and future operating states can
be quickly evaluated� classifying a new steady state power system
condition into a secure or insecure class is trivial and does not require the lengthy computations of an analytical solution.
� Pattern Recognition is discussed in Module 8
Dynamic Security Assessment (DSA)
DSA
� Deals with the stability of the system following a contingency
� The system is dynamically secured if– Oscillations damped out and the system
reaches a new steady state condition– Oscillations are within acceptable range– The new steady state is statically
secured
Main Challenges to DSA� DSA is computationally intensive process:
– DSA is a highly nonlinear problem– Closed form detailed models do not exist– Power network is large and extensive– Operating conditions are wide Range– Topology is continuously changing– The list of contingencies is long– Some of the failures are single events and
some as a sequence of events.
Main Challenges to DSA� DSA need to be continually repeated� On-line assessment is a challenge� Measurements and operating conditions
are noisy� Available knowledge in historical
examples
DSA Methods
� Time domain simulations� Direct stability methods (Energy
function)� Small signal analysis (Eigenvalues)� Critical Clearing Angle (Time)� Classification and Pattern Recognition
Time Domain Methods
� Time domain methods seek to solve a set of differential equations describing the motion of the generators in the system. – Rotor dynamics (Swing Equation)– Electric power often reduced to the
power curve
Time Domain MethodsPm: mechanical power inputPmax: maximum electrical
power outputH: inertia constant, in
MWs/MVA: rotor angle, in electrical
radianst: time, in secondss: synchronous speed of
the rotor
sinsin maxPXEV
P fe
sin2max2
2
PPdtdH
ms
Time Domain Methods
� By solving the swing equation in the time domain, the stability of the system can be assessed. – If the rotor oscillations damp out, the
system is stable– If not, it is unstable.
Time Domain Methods: Stable
Time
Time Domain Methods: Unstable
Time
Time Domain Methods
� Many factors influence the stability of the system– Prefault system topology– Generator loading conditions– Duration of the disturbance– Severity of the disturbance– Rotor inertia– … …
Time Domain Methods: Challenges
� Time domain methods uses numerical simulation (e.g. Euler or Runge-Kutta)
� Methods could be time consuming– Rotor dynamics is nonlinear differential
equation– Interaction between machines impose
heavy computational burden
Direct Methods� By the Direct Methods, the transient
behavior of a power system can be predicted without complete time domain simulation
� Direct methods advantages:– Compromise between fast and reasonably
accurate assessment � could be used in an on-line environment or as a pre-
screening filter for time domain simulations– Able to rank the severity of a given contingency
in terms of its energy margin.
Direct Methods: Main Steps� Step1: Calculate the transient energy at the instant
the disturbance is cleared (e.g. accelerating energy Ea)
� Step2: Determine the critical energy for the current disturbance (maximum amount of damping energy that can be absorb by the power system Ed max)
� Step3: Calculate the difference (energy margin)Energy Margin= Ed max - Ea
Small Signal Analysis� The power system is linearize about
the current operating point. � The eigenvalues of the linearized
equations are calculated� The method is only accurate for small
disturbances
Critical Clearing Angle� It is another indication of the
balance between the accelerated Kinetic Energy due to a contingency versus the damping kinetic energy of the system.
Critical Clearing Angle
P
3 max
3-max
crCritical Clearing angle
2
Pm
1
Ad minAa max The critical
clearing angle (cr)is the maximum angle for a stable system, i.e. whenAa max = Ad min
Classification and Pattern Recognition (CPR)
� Several off-line simulations are made for several loading conditions assuming a class of contingencies
� The operating points identified with secure and insecure states are clustered in the input space
� The current operating condition is compared with the cantroids of the clusters– The minimum distance to the centroid of the clusters
determines the security status of the system.
Universe (X)
Subset A
Subset B
Subset C
1A1B
1C
0ACPR
Classification and Pattern Recognition (CPR)
� Merits:– Fast for on-line application– Can be made adaptive to system changes– Could use historical data in addition to simulations
� Challenges:– Input space can be very large– Features that determine the security status are hard to
obtain– Accuracy of clusters depends on the quality and quantity
of data
DSA Process
DSADSA Classification DSA Border
Features IdentificationFeatures Selection Features Extractions
System DataTopology States
Features Identification
Why Feature Identification?� Eliminates curse of dimensionality.� Enhances class separability.� Reduces pattern dimension � Maintains classification accuracy.� Reduce training time� Reduce computational time for other application
– Border Identification
Feature Selection
Sensors
Classifie
r
Feature
Selector
X1
Xn
X2
Xn
Most important features are selectedTechniques: Fisher Discriminate
Feature
Extractor
Feature Extraction
Sensors
Classifie
r
X1
Xn
Y2
Yk
All features are combined to form a new reduced set of featuresTechniques: Principal components, NN
Assessment
Challenges� All DSA methods assess given
operating conditions� Generalization is not possible unless
data is clustered– Data within clusters can be assessed
without querying power system models (Fast assessment)
– Data between clustered is unclassified
Security Assessment
Insecure
Secure
Region of Confusion
Border Identification
What is Border Identification
� A method to track the edge of the security region
� Allows users to identify security margins
Assessment with Border Identification
Insecure
Secure
Security Margin
Security Border
Operating Point 1
Margin of security
Challenges� Identifying a border point is
computationally intensive process� Identifying several points on the border
that are uniformly distributed is extremely difficult to achieve
� Identifying the border in high dimension space is extremely difficult and requires unrealistic computational power
Border Identification Techniques
� Border tracking– Gradient method– Projection technique
� Intelligent Techniques– Inverse intelligence– Border sectionalization
DSA Indices
Vulnerability Index� Reflect the level of system strength or
weakness relative to the occurrence of an undesired event
� The vulnerability of power system will change if :– The operating state change– Environmental conditions change– System equipment status change
� We need a quantitative measures
Common Vulnerability Index� Critical Clearing Time (CCT)
– Good accuracy, reliability, and modeling capability– Requires intensive computation time
� Energy Margin– Avoid the time-consuming computation– Modeling limitation, Less accurate than CCT
� Eigenvalues� Anticipated loss of load� ----------…………
Vulnerability Index based on Distance from Border
Vulnerability Border
Operating Point 1
Margin
Operating Point 2
Degree of Vulnerability
Vulnerability Border Visualization� After First Event
0 0.5 1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Qg 77
Qg 65
T PL
Pg 77
Pg 65
Qg 103
Qg 36
Pg 70
Pg 45
Pg 9
T QL
Pg 162
Qg 140
Pg 15
Pg 149
0 0.5 1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Qg 116
Qg 118
Pg 118
Qg 6
Qg 18
Qg 9
Pg 144
Pg 140
Qg 15
Qg 148
Qg 162
Qg 159
Pg 18
Qg 112
Qg 138
-1 0 1
1
Vulnerability Index
VI = -0.20057
Vulnerability Border Visualization� After Second Event
0 0.5 1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Qg 77
Qg 65
T PL
Pg 77
Pg 65
Qg 103
Qg 36
Pg 70
Pg 45
Pg 9
T QL
Pg 162
Qg 140
Pg 15
Pg 149
0 0.5 1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Qg 116
Qg 118
Pg 118
Qg 6
Qg 18
Qg 9
Pg 144
Pg 140
Qg 15
Qg 148
Qg 162
Qg 159
Pg 18
Qg 112
Qg 138
-1 0 1
1
Vulnerability Index
VI = 0.55317
Vulnerability Border Visualization� After Third Event
0 0.5 1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Qg 77
Qg 65
T PL
Pg 77
Pg 65
Qg 103
Qg 36
Pg 70
Pg 45
Pg 9
T QL
Pg 162
Qg 140
Pg 15
Pg 149
0 0.5 1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Qg 116
Qg 118
Pg 118
Qg 6
Qg 18
Qg 9
Pg 144
Pg 140
Qg 15
Qg 148
Qg 162
Qg 159
Pg 18
Qg 112
Qg 138
-1 0 1
1
Vulnerability Index
VI = 0.70661
Critical Clearing Time (CCT)
� : DSA Margin� CCT: Critical Clearing Time� CT: Actual Clearing Time
CTCCT
Critical Clearing Time (CCT)
� Advantages– Good accuracy– Reliability– Equal area criterion can be used (simple
modeling)
– Disadvantages– Requires intensive computation time
Energy Margin
EEref
� : DSA Margin� Eref : Allowable level of damping energy� E: Actual damping energy
Energy Margin
� Advantages– Faster than CCT
� Disadvantages– Less accurate than CCT
Eigenvalues
ref
� : DSA Margin� ref : Allowable real component of eigenvalues� : Actual real component of eigenvalues
Eigenvalues
� Advantages– Straight forward process
� Disadvantages– Doesn’t reflect the nonlinear nature of the
power system– Time consuming for large systems
Anticipated Loss of Load (ALL)
PPref
� : DSA Margin� Pref : Allowable amount of load to be shed� P : Actual load outage
Anticipated Loss of Load (ALL)� Advantages:
– This index is fully applicable in the case of cascading events
– Any control actions can be included (frequency shedding, …)
– Simple concept– Directly related to utility objectives (serving customers)
� Disadvantages– Computationally extensive
Anticipated Loss of Load (ALL)� For small System
– We can search all possible combinations of load reduction.� For realistic size system
– The exhaustive search is practically impossible.– For N loads, to shed each load from 0%-100% in 1% increment,
there are 100N possible combinations of load reductions
� Possible solution– Reduce N by selecting load to be shed from among the network
loads– Use intelligent technique to speed up the computation
Vulnerability Index (VI) based on anticipated loss of load
� It is proposed that the anticipated loss of load with respect to a sequence of events be used as a VI.
� This index is fully applicable in the case of cascading events.
� Any control actions can be considered.� This concept is simple but computationally
extensive.
Vulnerability Index (VI) based on anticipated loss of load (Cont’)
� Small System– We can search all possible combinations of load reduction.
� Realistic size system– The exhaustive search is practically impossible.– If we shed each load from 0% to 100% in 1% increment– N loads – 100N possible combinations of load reductions
� Fast search algorithms are needed for this technique to succeed.
Under Frequency Load Shedding
� Frequency decline, rate of frequency decline
59.5 Hz
59.3 Hz
58.8 Hz
58.6 Hz
58.3 Hz
Activated by frequency decline rate
20 % 5 % 4 % 4 %
Activated by frequency decline
10 % 15 %
Scenario 1
3332
31 30
35
80
78
74
7966
75
77
7672
8281
8683
84 85
156 157 161 162
vv
167165
158 159
15544
45 160
166
163
5 11
6
8
9
1817
43
7
14
12 13
138 139
147
15
19
16
112
114
115
118
119
103
107
108
110
102
104
109
142
376463
56153 145151
15213649
4847
146154
150149
143
4243
141140
50
57
230 kV345 kV500 kV The amount of Load Shedding
0
200
400
600
800
1000
1200
1400
1600
1800
119 117 101 113 112 116 118 105 106 TotalBus Number
Am
ount
of L
oad
Shed
ding
[MVA
]
Under Frequency Relay
PSO
The amount of Load Shedding
0
500
1000
1500
2000
2500
3000
3500
4000
119 117 101 113 112 116 118 105 106 TotalBus Number
Am
ount
of L
oad
Shed
ding
[MV
A]
Under Frequency RelayPSO with IslandingPSO without Islanding
� Scenario 2
77 82
86
83
vv
112
114
115
118
119
Three Phase Fault
at T = 0 ms
� Scenario 2 77 82
86
83
vv
112
114
115
118
119
Line Tripped
at T = 100 ms
� Scenario 2 77 82
86
83
vv
112
114
115
118
119
Additional Tripping due to Hidden Failure
at T = 100 ms
Load Shedding Control is Activated
at T = 400 ms
Under Frequency Relay– Cannot stabilize this event
The amount of Load Shedding
0
20
40
60
80
100
120
119 117 101 113 112 116 118 105 106 Total
Bus Number
Amou
nt o
f Loa
d S
hedd
ing
[MV
A]
Distribution of the Total Magnitude of Load Shedding for 1500 different operating conditions
� The amount of load shedding in MVA can be used directly. � This amount could be normalized between 0 and 1.� The load shedding percentage
the highest load shedding case : 3150 / 68398= 4.6 %
0 500 1000 1500 2000 2500 3000 35000
50
100
150
200
250
300
350
400
Total amount of Load Shedding[MVA]
Num
ber o
f Pat
tern
s
