Post on 27-Mar-2021
transcript
UE Project N.261788
F T ER
Global risk assessment
AFTER Final Workshop
Rome, 27 November 2014
RSE, Alstom Grid, City University London, JRC, SINTEF, Univ. Genoa
D. Cirio, RSE
Outline
• Background & Motivations
• AFTER Risk assessment tools
• Results & Conclusions
2
Severe disturbances in power systems
• Multiple initiating events
3Geographic dependencies Functional dependencies
• Inadvertent system response
4
Fiber optics damaged by rodents
Wrong settings of protections Cyber security issuesCircuit breaker failure
Severe disturbances in power systems
Cascading phenomena simulation with Statistical PF Model on
Colombian case: 17 Oct 2013
• Cascading effects
Severe disturbances in power systems
Multi-layer perspective of the Power & ICT Systems
6
Threat classification
7
ICT External Internal
Naturale.g. Ice and snow, flood,
Fire and high temperature,
Geomagnetic storm
e.g. ICT component internal faults…
Operation out of range,
Ageing
Human relatede.g. Hacker, Sabotage,
Malicious outsider
e.g. Employee errors,
Malicious actions by
unfaithful employees,
SW bugs
Power External Internal
Naturale.g. lightnings, fires,
ice/snow storms, solar storms
e.g. Component faults,
strained operating conditions
Human related
e.g. unintentional damage
by operating a crane;
Sabotage, terrorismoutsider errors
e.g. Employee errors
Malicious actions by unfaithful employees
Results
• Methods and Tools
– Global Risk Assessment Tool (RSE)
– Preliminary Interdependency Analysis (PIA+)
(City University)
– Statistical Power Flow Tool with Self-
Organised Criticality (SOC) (Alstom Grid)
– Tool for predicting renewable power
generation (Alstom Grid)
8
Approach: The bow tie model
9
How to handle high impact low probability (HILP) contingencies?
Risk approach => Probabilistic models
Black out
10… Uncertainties …
Risk of… what?
Uncontrolled islanding
Cascading
Voltage instability
Loss of load
Current violation
Initiating event(s)
Frequency instability
Angle instability
Voltage violation
€
F T ER
AFTER Global Risk Assessment tool
Application contexts:
• Quasi on-line operation
• Operational planning
• (Security analyses in planning)
11
0 20 40 60 80 100 120 140
SSB2_B15Y211_PP_no_signal_to_one_CBSB_B03I301_BUSFAULT_stuckCB_L_IQ36
SB_B24Y221_BUSFAULT_stuckCB_L_YY210SB_B03I301_BUSFAULT_stuckCB_T_B24Y224T2
SSB2_B15Y211_PP_BUSFAULT_stuckCB_L_YY27SB_B24Y221_stuckCB_FAULT_ON_L_YY210
SB_B24Y221_BDP_OOSSSB2_B09Q301_stuckCB_FAULT_ON_T_B11Q211T1
SB_B03I301_stuckCB_FAULT_ON_L_II32SB_B03I301_stuckCB_FAULT_ON_L_IQ36
SSB2_B09Q301_stuckCB_FAULT_ON_L_IQ37SB_B03I301_stuckCB_FAULT_ON_T_B24Y224T2
SSB1_B15Y211_PP_stuckCB_FAULT_ON_L_YY210SSB1_B15Y211_PP_stuckCB_FAULT_ON_L_YW28SSB2_B15Y211_PP_stuckCB_FAULT_ON_L_YW29SSB2_B15Y211_PP_stuckCB_FAULT_ON_L_YY27
SSB1_B09Q301_stuckCB_FAULT_ON_L_KQ311SSB1_B09Q301_stuckCB_FAULT_ON_L_IQ36
SSB1_B09Q301_stuckCB_FAULT_ON_T_B12Q212T3SB_B03I301_BDP_OOS
N-3_Ln_10 _Ln_36 _2WND_B24YT2N-2_Ln_36 _2WND_B24YT2
N-1_B01I301_B03I301N-1_B24YT2N-1_B24YT2
N-2_Ln_10 _2WND_B24YT2N-2_Ln_10 _Ln_36
N-1_B03I301_B09Q301N-1_B15Y211_B24Y221
SSB2_B09Q301SSB1_B09Q301
SB_B24Y221SSB2_B15Y211_PPSSB1_B15Y211_PP
SB_B03I301
Angle instability Risk (dt = 10 minutes)- TOTAL Risk= 0.02686
dB (Level O = 1e-015)
Novelties:
– Threat & Vulnerability models to evaluate component failure probability
– Link to actual weather conditions for contingency identification
– Multiple, dependent contingencies
– Effect of hidden failure and operator delays on cascading risk
– Dependency of risk on forecastuncertainties (renewables & loads)
From threats and component vulnerability probabilistic modeling …
… to risk basedcontingencyranking …
… through criticalcomponent
identification …
0 50 100 150 200 250 300180
200
220
240
260
280
300
320
ISBA111ISBA811ISBA821ISBA822ISBA831
RIZN111RIZN311RIZN312
ANPP211ANPP212ANPP731ANPP741
BLLP211BLLP311BLLP312
CRCP211CRCP311CRCP312CRCP313
CHGP111CHGP211CHGP311
CMRP211CMRP311CMRP312
CORP211CORP311
FAVP211FAVP311FAVP312
FULP211FULP311
MLLP211MLLP311MLLP312MLLP313
MSBP211MSBP311MSBP312
PNAP211PNAP311PNAP312
PRRP211
PTRP111PTRP311
PRGP211PRGP711PRGP811
RAGP211RAGP311
SFMP211SFMP212SFMP221SFMP231SFMP711SFMP821SFMP831SRGP111SRGP211SRGP311SRGP312
TIMP211TIMP711TIMP811
km
km
0.01 0.015 0.02 0.025 0.03 0.035 0.040
0.5
Stress distribution and vulnerability for element nr 16 of line 14
stress variable
0.01 0.015 0.02 0.025 0.03 0.035 0.040
500
12
Probability of
occurrence
of threats
LightningsSolar stormsLandslidesEarthquakesageing…
Threat & Vulnerability modeling
Experts’ knowledge
Statistical analyses on
historical data
+ real time monitoring
systems
12
Vulnerabilitydistribution
functionExperts’ knowledge
Fragility curvesfrom records and ad hoc tests…
Knowledge on physical protectionsystemsAssumptions on reactions to terrorist attacks
…
Statistical analyses on
historical data
Human errorsMalicious attacksSabotageTheft…
Set of contingenciesfor analyses
Contingency selection
13Contingency screening based on ex-ante risk
Calculation of “ex-ante” risk
Calculation of
contingency probabilityCalculation of ex-ante impact (i.e. prior to detailed analysis)
Defining N-1, N-k contingencies(including component dependencies)
Critical components screening(cumulative sum screening method based on probability)
Calculating probability of failure for power/ICT components
Threat modeling Vulnerability modeling
Complete set
of N-1 ctgs,
some N-2 ctgs
selected by
operators
14
System response
• Quasi-static cascading engine (enhanced power flow with steady state response of regulation, protection & operator action)
• Event tree(hidden failure and relay setting uncertainties)
• Time domain simulation, to evaluate the dynamic response by detailed dynamic model
Probabilistic Cascading
Different time sequences of protection intervention
(primary / backup)
Impact & Risk indicators
Impact• Indices based on immediate post-fault steady-state quantities
(currents and voltages)
• Indices based on cascading outcome (loss of load, cost of unsupplied energy)
• Indices related to instability mechanisms (angle and voltage deviations)
15
( )
∑
∑
=
=
×
=Nbranches
k
knom
Nbranches
k
knomkj
totj
A
ASev
iSev
1
1
,
,
0 0.5 1 1.50
1
2
3
4
5
6
7
current, I [p.u.]
Severity
function, S
ev(I)
Proximity base severity function
continuous function N=15, M=12
ramp-wise function
Risk = {Contingency, Probability, Impact}
Risk indicators are defined as
Expected Value of Impact
e.g. Expected cost of energy not supplied
Risk assessment tool applications (I)
• Identifying most risky multiple contingencies in short term – combining component failure probabilities
– complementing traditional N-1 criterion
• Identifying most vulnerable components in current
weather/environment conditions– probabilistic models of threats and
component vulnerability
• Evaluating sensitivity of specific
component parameters on the
probability of failure of ICT/Power components– to improve vulnerability with targeted
interventions
– To quantify the reduction of expected costs16
0 50 100 150 200 250 300180
200
220
240
260
280
300
320
ISBA111ISBA811ISBA821ISBA822ISBA831
RIZN111RIZN311RIZN312
ANPP211ANPP212ANPP731ANPP741
BLLP211BLLP311BLLP312
CRCP211CRCP311CRCP312CRCP313
CHGP111CHGP211CHGP311
CMRP211CMRP311CMRP312
CORP211CORP311
FAVP211FAVP311FAVP312
FULP211FULP311
MLLP211MLLP311MLLP312MLLP313
MSBP211MSBP311MSBP312
PNAP211PNAP311PNAP312
PRRP211
PTRP111PTRP311
PRGP211PRGP711PRGP811
RAGP211RAGP311
SFMP211SFMP212SFMP221SFMP231SFMP711SFMP821SFMP831SRGP111SRGP211SRGP311SRGP312
TIMP211TIMP711TIMP811
km
km
0 20 40 60 80 100 120 140
SB_B03I301_no_signal_to_one_CBSB_B03I301_no_signal_to_one_CB
SSB2_B09Q301_BUSFAULT_stuckCB_L_IQ37SSB2_B09Q301_BUSFAULT_stuckCB_T_B11Q211T1SSB1_B15Y211_PP_BUSFAULT_stuckCB_L_YY210
SB_B24Y221_BUSFAULT_stuckCB_T_B24Y224T2SSB1_B09Q301_BUSFAULT_stuckCB_L_KQ311
SSB1_B15Y211_PP_BUSFAULT_stuckCB_L_YW28SSB2_B15Y211_PP_BUSFAULT_stuckCB_L_YW29
SSB1_B09Q301_BUSFAULT_stuckCB_L_IQ36SB_B24Y221_stuckCB_FAULT_ON_T_B24Y224T2
SB_B03I301_BUSFAULT_stuckCB_L_II32SSB1_B09Q301_BUSFAULT_stuckCB_T_B12Q212T3
SSB1_B15Y211_PP_no_signal_to_one_CBSSB1_B15Y211_PP_no_signal_to_one_CBSSB2_B15Y211_PP_no_signal_to_one_CBSSB2_B15Y211_PP_no_signal_to_one_CBSB_B03I301_BUSFAULT_stuckCB_L_IQ36
SB_B24Y221_BUSFAULT_stuckCB_L_YY210SB_B03I301_BUSFAULT_stuckCB_T_B24Y224T2
SSB2_B15Y211_PP_BUSFAULT_stuckCB_L_YY27SB_B24Y221_stuckCB_FAULT_ON_L_YY210
SB_B24Y221_BDP_OOSSSB2_B09Q301_stuckCB_FAULT_ON_T_B11Q211T1
SB_B03I301_stuckCB_FAULT_ON_L_II32SB_B03I301_stuckCB_FAULT_ON_L_IQ36
SSB2_B09Q301_stuckCB_FAULT_ON_L_IQ37SB_B03I301_stuckCB_FAULT_ON_T_B24Y224T2
SSB1_B15Y211_PP_stuckCB_FAULT_ON_L_YY210SSB1_B15Y211_PP_stuckCB_FAULT_ON_L_YW28SSB2_B15Y211_PP_stuckCB_FAULT_ON_L_YW29SSB2_B15Y211_PP_stuckCB_FAULT_ON_L_YY27
SSB1_B09Q301_stuckCB_FAULT_ON_L_KQ311SSB1_B09Q301_stuckCB_FAULT_ON_L_IQ36
SSB1_B09Q301_stuckCB_FAULT_ON_T_B12Q212T3SB_B03I301_BDP_OOS
N-3_Ln_10 _Ln_36 _2WND_B24YT2N-2_Ln_36 _2WND_B24YT2
N-1_B01I301_B03I301N-1_B24YT2N-1_B24YT2
N-2_Ln_10 _2WND_B24YT2N-2_Ln_10 _Ln_36
N-1_B03I301_B09Q301N-1_B15Y211_B24Y221
SSB2_B09Q301SSB1_B09Q301
SB_B24Y221SSB2_B15Y211_PPSSB1_B15Y211_PP
SB_B03I301
Angle instability Risk (dt = 10 minutes)- TOTAL Risk= 0.02686
Contingency ID
dB (Level O = 1e-015)ContingencyRanking lists
Spatial distributionof threat magnitude
Component failure probabilityvs threat magnitude
Risk assessment tool applications (II)
• Quantifying the effects of hidden failures and
operators’ delay on the
cascading risk
• and in the future
…linking the contingency
probabilities to real time data from monitoring
systems– to improve vulnerability with
targeted interventions
17
0 10 20 30 40 500
0.5
1
1.5
2
2.5
3LOL Risk Index Cumulative Curve (time interval = 10 minutes)
Contingency
1% Hidden failures
one path (no hidden failures)
0
0.02
0.04
0.06
0.08
0.1
0.12
no control S_d1200 S_d180 S_d60 S_d30
MW
lo
st
operators' delay scenario
Loss of load severity [MW] - ctg: N-2_Ln_B01-B03_Ln_B03-B09
Loss of load severity [MW]
Cumulative curves for loss of load
risk indicators as a function of hidden failure probability
Loss of load severity of a specific
N-2 contingency for different values
of operators’ delay
Application for control center: risk assessment of a system state (uncertainty on contingencies)
18operator
EMS
Powersystem
SCADA
RTU’s, PMU’s
Security level
requirements
Alarms/alerts/
(suggested
control
actions)
On-line alert systems
Control actions
Some N-2’s
N-1’s
Conventional
security
assessment
Se
cu
rity
Asse
ssm
en
t
State Estimation / Power flow
Risk basedsecurity
assessment
Co
ntin
ge
ncy
se
lectio
n
0 5 10 15 20 25 30 35 400
2
4
6
8x 10
-4 High current Risk Index Cumulative Curve (time interval = 10 minutes)
Contingency
ctg: N-2-Ln-10 -Ln-36 ( cum % risk: 94.3)
ctg: N-1-B15Y211-B24Y221 ( cum % risk: 32.0)
ctg: SB-B24Y221 ( cum % risk: 99.6)
0 20 40 60 80 100 120 140
SB_B03I301_no_signal_to_one_CBSB_B03I301_no_signal_to_one_CB
SSB2_B09Q301_BUSFAULT_stuckCB_L_IQ37SSB2_B09Q301_BUSFAULT_stuckCB_T_B11Q211T1
SSB1_B15Y211_PP_BUSFAULT_stuckCB_L_YY210SB_B24Y221_BUSFAULT_stuckCB_T_B24Y224T2
SSB1_B09Q301_BUSFAULT_stuckCB_L_KQ311SSB1_B15Y211_PP_BUSFAULT_stuckCB_L_YW28SSB2_B15Y211_PP_BUSFAULT_stuckCB_L_YW29
SSB1_B09Q301_BUSFAULT_stuckCB_L_IQ36SB_B24Y221_stuckCB_FAULT_ON_T_B24Y224T2
SB_B03I301_BUSFAULT_stuckCB_L_II32SSB1_B09Q301_BUSFAULT_stuckCB_T_B12Q212T3
SSB1_B15Y211_PP_no_signal_to_one_CBSSB1_B15Y211_PP_no_signal_to_one_CBSSB2_B15Y211_PP_no_signal_to_one_CBSSB2_B15Y211_PP_no_signal_to_one_CBSB_B03I301_BUSFAULT_stuckCB_L_IQ36
SB_B24Y221_BUSFAULT_stuckCB_L_YY210SB_B03I301_BUSFAULT_stuckCB_T_B24Y224T2
SSB2_B15Y211_PP_BUSFAULT_stuckCB_L_YY27SB_B24Y221_stuckCB_FAULT_ON_L_YY210
SB_B24Y221_BDP_OOSSSB2_B09Q301_stuckCB_FAULT_ON_T_B11Q211T1
SB_B03I301_stuckCB_FAULT_ON_L_II32SB_B03I301_stuckCB_FAULT_ON_L_IQ36
SSB2_B09Q301_stuckCB_FAULT_ON_L_IQ37SB_B03I301_stuckCB_FAULT_ON_T_B24Y224T2
SSB1_B15Y211_PP_stuckCB_FAULT_ON_L_YY210SSB1_B15Y211_PP_stuckCB_FAULT_ON_L_YW28SSB2_B15Y211_PP_stuckCB_FAULT_ON_L_YW29SSB2_B15Y211_PP_stuckCB_FAULT_ON_L_YY27
SSB1_B09Q301_stuckCB_FAULT_ON_L_KQ311SSB1_B09Q301_stuckCB_FAULT_ON_L_IQ36
SSB1_B09Q301_stuckCB_FAULT_ON_T_B12Q212T3SB_B03I301_BDP_OOS
N-3_Ln_10 _Ln_36 _2WND_B24YT2N-2_Ln_36 _2WND_B24YT2
N-1_B01I301_B03I301N-1_B24YT2N-1_B24YT2
N-2_Ln_10 _2WND_B24YT2N-2_Ln_10 _Ln_36
N-1_B03I301_B09Q301N-1_B15Y211_B24Y221
SSB2_B09Q301SSB1_B09Q301
SB_B24Y221SSB2_B15Y211_PPSSB1_B15Y211_PP
SB_B03I301
Angle instability Risk (dt = 10 minutes)- TOTAL Risk= 0.02686
Co
ntin
ge
ncy
ID
dB (Level O = 1e-015)
N-2’s
N-1’s
«Risky»N-k’s
Application for operational planning: risk assessment of a forecast system state
(uncertainty on contingencies and initial state)
19
Prob(Risk > Acceptable R*)
> εεεε?
operator
EMS Security level requirements
Driving operational
planning decisions …
k-hour ahead
forecasts for RES and
load
Forecasting critical gridscenarios (weather
forecasts, monitoringequipment conditions
over days…)
Allocate resources to
preservedesired security
levels
global risk assessmentAFTER tool
Conventionalplanning
tools
subset
of N-2’s
«Risky»
N-k’s
N-1’s
Risk basedOperational
planning supporttool
Contingency
selection
2 2.5 3 3.5 4 4.5
x 10-5
0
0.2
0.4
0.6
0.8
1
CTG N-2-Ln-248 -Ln-249 : probability of overcoming the value of risk of high currents on x axis
0 1 2 3 4
x 10-5
mean standard deviat ion
-0.5 0 0.5 1
skewnesskurtosis
CTG N-2-Ln-248 -Ln-249 - skewness and ku rtosis of ris k o f high currents
3.3 3.4 3.5 3.6 3.7 3.8
x 10-5
0
0.2
0.4
0.6
0.8
1
CTG N-2-Ln-248 -Ln-249 : probability of overcoming the value of risk of low voltages on x axis
0 1 2 3 4
x 10-5
mean standard deviat ion
-0.6 -0.4 -0.2 0 0.2
skewnesskurtosis
CTG N-2-Ln-248 -Ln-249 - skewness and kurtosis of risk of low voltages
0.85 0.9 0.95 1 1.05 1.1 1.15 1.2 1.25 1.3 1.35
x 10-4
0
0.5
1
Probability of overcoming the value of total risk of high currents on x axis
6.7 6.8 6.9 7 7.1 7.2 7.3 7.4
x 10-5
0
0.5
1
Probability of overcoming the value of total r isk of low voltages on x axis
0 0.5 1 1.5 2 2.5 3 3.5 4
x 10-3
0
0.5
1Probability of overcoming the value of total risk of loss of load on x axis
SE
Risk assessment tool - Synthesis
• Possible to link the risk based security assessment
prototype to real time monitoring systems
• Identification of most vulnerable components
• Assessment of effects of human behaviour
(operators’ delays) on security
• Improved awareness of what is going on
• Helpful in operational planning studies to evaluatethe impact of RES and load uncertainties on
operational security
• Easy-to-intepret visualisation of results
20
Studies with PIA+
21
Risk of cyber attacks on the modelled power system• Base case (no attacks) vs. system under attack cases (Adversary is active)• Two modelled attacks were compared
(switch off a power element vs. changing the protection threshold of a power line)
• Operator “inspection” restores the settings modified by the attacker, thus
assuring correct protection response following component outages
Increasingfrequency of inspections
Increasingfrequency of inspections
Distribution of «average value of the loadover a time series of operating states»
Distribution of «minimum supplied loadover a time series of operating states»
• If not countered by a suitable maintenance/inspection regime, the potency of attacks on
line-protection thresholds tends to increase over time.
• In some cases, we observe an increasingly significant impact on the quality of service
provided, with increasing certainty
• These time-series were also very useful model validation tools: unwanted statistical
properties of our complex models were easily detected
PIA+: Validation of Complex Models
22
Increasingfrequency of inspections
No inspection
Increasing frequency of inspections
Statistical analysis of supplied load over a short time interval
Power Grid
Power Grid + random events
Improvements in
operating policies,
maintenance,
equipment, controls, …
DC/AC Power Flow + optimization
+ Statistical Estimation (cascading)
+ Decision support
Feedback
Power Grid + random events + environment (actions)
Identify the need for transmission enhancements over planning horizons, based on the
analysis of sequences of operating states
10-1
100
101
102
103
104
10-4
10-3
10-2
10-1
100
Shed power (MW)
Pro
babi
lity
Real historical data
Simulated with ideal dispatch
Simulated with network dispatch
Simulated with coordinated dispatchUniversal
behavior
Statistical power flow tool withSelf-Organised Criticality
Self Organized Critical – Power Flow model
ΣΣΣΣ Line capacity = constant
ΣΣΣΣ Demand
Mean line loading = constant
Tool for predicting renewable power generation
Intermittent power generationElia North Sea Off-shore Windfarm
• Estimation of Intermittent resources
• Model MS(3)AR(2) & Bayesian technique
• Efficiency & Robustness over time resolution (from 15 mn to 1-4 hours)
• Exogenous variables for middle & long term forecast
Input to the risk
assessment
(uncertainty of
forecast state)
Operational Risk Assessment
Conclusions
25
Together with probabilistic tools for analysis of…
• cyber risk exposure
• need for grid reinforcements due to security issues
…accounting for uncertainties
• Power system response(hidden failures)
• Renewables & loads(forecast errors)
«smart» probabilistic N-k
contingency analysis
• accounting for dependencies
• avoiding combinatorialexplosion
• adapted to the current threatexposure (e.g. weather)
From deterministic N-1 security assessment …