Contribucion a la seguridad de los SEP

7/30/2019 Contribucion a la seguridad de los SEP

1/125

Diss. ETH No. 16492

Contributions to Security ofElectric Power Systems

A dissertation submitted to theSWISS FEDERAL INSTITUTE OF TECHNOLOGY

ZURICH

for the degree ofDoctor of Sciences

presented byMAREK ZIMA

MSc. Royal Institute of Technology (KTH), Stockholmborn February 11th, 1977

in Cadca, Slovakia

accepted on the recommendation ofProf. Dr. Goran Andersson, examiner

Prof. Dr. Ian Dobson, co-examinerProf. Dr. Manfred Morari, co-examiner

2006


2/125


3/125

Acknowledgments

I would like to express my deep thanks to Prof. G oran Andersson. Heintroduced me into research community and provided a lot of support,many valuable advices and opportunities for development of variousprofessional skills.

My PhD studies have been done externally, during my engagement inindustry, explicitly ABB Switzerland Ltd, which was represented in the

advisory committee of my PhD studies by Dr. Joachim Bertsch and Dr.Christian Rehtanz.

I am very grateful to Christian, his active constructive attitude andhis couching have been very valuable inspiration, from which I tried tolearn as much as I could.

I acknowledge the continuous support of Joachim during the whole PhDstudies, who provided me opportunities to interact both with researchcommunity (e.g. via time allocation for traveling to conferences) aswell as industrial partners (e.g. engineers from companies operatingtransmission systems).

At several occasions in the recent years I had a luck to experience veryinspiring discussions with Prof. Dr. Ian Dobson. Therefore I am veryhappy to have him as co-referee of my thesis. As a part of my thesisdeals with Model Predictive Control, I am honored to have Prof. Dr.Manfred Morari as my second co-referee. His course on Model PredictiveControl triggered my interest in this topic and in control as such.

During my PhD studies, I have interacted with many researchers invarious extend. Very enriching were discussions and correspondencewith Prof. Dr. Ian Hiskens, from University of Wisconsin in Madison.

3


4/125

4 Acknowledgments

As a different type of inspiration, I would like to mention Prof. Dr.Imrich Solk, my uncle. Although starting from unfavorable conditions,thanks to his talent and hard work, he achieved a maximum in circum-stances and time given to him, both in the industry and academia. Letthis thesis also be a small memory of him.

Most of all, I want to thank my family, especially my mom. She hasbeen always very supportive and encouraging in taking new professionaland personal challenges.

Marek Zima


5/125


6/125


7/125

Kurzfassung

Ein grundlegendes Bedurfnis jeder modernen Gesellschaft ist die sichereund ausreichende Versorgung mit Elektrizitat. Die Versorgung erfolgtdabei im Hinblick auf das Kriterium der Zuverlassigkeit, d.h. es wirdangestrebt, das Energieversorgungssystem in einem sicheren Zustand zubetreiben. In einem sicheren Zustand ist das Risiko, dass sich eine lokaleStorung ausbreitet und die Systemintegritat gefahrdet, minimal.

Die standige Aufrechterhaltung der Systemzuverlassigkeit ist ein inter-disziplinares multidimensionales Problem, das von verschiedensten Fak-toren beeinflusst wird. Wahrend ein Teil dieser Faktoren, wie extremeWetterverhaltnisse oder Naturkatastrophen, als exogen gegeben ange-sehen werden muss, existieren andere Faktoren, die durch das Systemselbst und seinen Betrieb gegeben sind. Letztere konnen unter demBegriff Sicherheitskonzept zusammengefasst werden.

Aktuelle Entwicklungen haben die Rahmenbedingungen in denen En-ergieversorgungssysteme heutzutage betrieben werden nachhaltig verandert.In diesem Zusammenhang offenbaren traditionelle Sicherheitskonzeptezunehmend Mangel.

Vorliegende Arbeit schlgt Modifikationen bereits existierender Sicher-heitskonzepte auf grundlegender Ebene vor. In diesem Zusammenhangwird ein Konzept - alternativ zum N-1 Kriterium - entwickelt, mitdessen Hilfe sich die Zuverlassigkeit eines Systems in angemessenererArt und Weise determinieren lasst. Weiterhin beschreibt vorliegendeArbeit einen Regelalgorithmus fur typische, hher-dimensionale Prob-leme in Energiesystemen. Der Algorithmus basiert auf Methoden derModel Predictive Control und Trajectory Sensitivities. In einem letztenSchritt wird ein Konzept zur besseren Evaluierung von Regelstrategienabgeleitet.

7


8/125

8 Kurzfassung

Die vorgeschlagenen Modifikationen und Konzepte werden ausfuhrlichmit Hilfe von Beispielen und Simulationen dargestellt.


9/125

Contents

1 Introduction 13

1.1 Positioning and Goal of the Work . . . . . . . . . . . . . 13

1.2 Dissertation Outline . . . . . . . . . . . . . . . . . . . . 15

1.3 Contributions of the Work . . . . . . . . . . . . . . . . . 15

1.4 List of Publications . . . . . . . . . . . . . . . . . . . . . 16

2 Power Systems Security 19

2.1 Threats of Power Systems Security . . . . . . . . . . . . 19

2.2 Present Power Systems Control . . . . . . . . . . . . . . 21

2.2.1 Normal and Preventive Control . . . . . . . . . . 23

2.2.2 Emergency Control . . . . . . . . . . . . . . . . . 27

2.3 Last Decade Trends . . . . . . . . . . . . . . . . . . . . 34

2.4 Shortcomings of Present Security . . . . . . . . . . . . . 36

3 Improvements in Power Systems Security 39

3.1 A New Security Index . . . . . . . . . . . . . . . . . . . 40

3.1.1 Introduction . . . . . . . . . . . . . . . . . . . . 40

3.1.2 Cascading Failures . . . . . . . . . . . . . . . . . 41

3.1.3 Operation Criteria . . . . . . . . . . . . . . . . . 42

3.1.4 N-1 Criterion . . . . . . . . . . . . . . . . . . . . 42

3.1.5 N-2 Criterion . . . . . . . . . . . . . . . . . . . . 45

3.1.6 Relevant Topics in Literature . . . . . . . . . . . 45

9


10/125

10 Contents

3.1.7 Proposed Security Index . . . . . . . . . . . . . . 45

3.1.8 Example . . . . . . . . . . . . . . . . . . . . . . . 48

3.1.9 Remarks . . . . . . . . . . . . . . . . . . . . . . . 48

3.2 Proposed Control Philosophy Essentials . . . . . . . . . 49

3.3 Proposed Control Structure . . . . . . . . . . . . . . . . 51

4 MPC Employing Tra jectory Sensitivities 55

4.1 Introduction - Problem Description . . . . . . . . . . . . 55

4.2 Model Predictive Control Fundamentals . . . . . . . . . 57

4.2.1 General (Nonlinear) Model Predictive Control . . 57

4.2.2 Approaches to Reduction of Complexity of Gen-eral MPC Formulation . . . . . . . . . . . . . . . 58

4.3 Proposed MPC Formulation . . . . . . . . . . . . . . . . 60

4.4 Voltage Control Example . . . . . . . . . . . . . . . . . 62

4.4.1 Illustrative Example . . . . . . . . . . . . . . . . 624.4.2 Application to Realistic System . . . . . . . . . . 67

5 Benefits of Better Power Systems Control 73

5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 73

5.2 Economical Benefits of Control . . . . . . . . . . . . . . 76

5.2.1 Methodology and Modeling . . . . . . . . . . . . 77

5.2.2 Simulation Results . . . . . . . . . . . . . . . . . 79

5.2.3 Remarks . . . . . . . . . . . . . . . . . . . . . . . 83

5.3 Security Benefits of Optimal Control . . . . . . . . . . . 83



5.3.3 Remarks . . . . . . . . . . . . . . . . . . . . . . . 85

5.4 Considerations . . . . . . . . . . . . . . . . . . . . . . . 86



5.4.3 Remarks . . . . . . . . . . . . . . . . . . . . . . . 92


11/125

Contents 11

6 Conclusions and Future Prospects 95

6.1 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . 95

6.2 Directions for Future Work . . . . . . . . . . . . . . . . 96

A Test Systems Data 99

A.1 The IEEE Reliability Test System - 1996 . . . . . . . . 99A.2 A Simple Radial Test System . . . . . . . . . . . . . . . 99

A.3 The Nordic 26 Bus Test System . . . . . . . . . . . . . . 101

B Computation of Tra jectory Sensitivities 107

B.1 Trajectory Sensitivities . . . . . . . . . . . . . . . . . . . 107

B.2 Numerical Computations . . . . . . . . . . . . . . . . . 109

B.2.1 Nominal Trajectory . . . . . . . . . . . . . . . . 109

B.2.2 Trajectory Sensitivities . . . . . . . . . . . . . . 110

B.2.3 Remarks . . . . . . . . . . . . . . . . . . . . . . . 111

C Benefits of Better Control - Computations 113

C.1 Traditional Generation Dispatch . . . . . . . . . . . . . 113

C.2 Traditional Generation Dispatch Including a FACTS De-vice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

C.3 Proposed Control Including a FACTS Device . . . . . . 114

C.3.1 Generation Dispatch . . . . . . . . . . . . . . . . 114

C.3.2 Emergency Conditions . . . . . . . . . . . . . . . 115

Bibliography 115


12/125


13/125

Chapter 1

Introduction

This chapter briefly explains the objective of the research work describedin this dissertation and positions it in the context of power systemsresearch. Contributions and publication activities related to the carried

out research work are listed too.

1.1 Positioning and Goal of the Work

The purpose of power systems is to supply electric energy to consumers,i.e. industry, commercial and residential subjects and entities. Maincriteria for assessing capabilities of power systems to do so, are:

Reliability

Economy

Quality

Environmental impact

Environmental impact on the nature and humans shall be kept minimal,e.g. minimal pollution, noise, radiation and taken space. Quality, ormore frequently used term power quality, expresses how the suppliedenergy in form of current and voltage waveform differs from the regularsinusoidal shape. Power quality problems have usually a local nature,

13


14/125

14 Chapter 1. Introduction

i.e. significantly influencing only certain limited area. Typical examplesof power quality problems are distortions of the voltage shape by powerelectronics equipment, significant short-term drops of the voltage etc.Economy has an obvious meaning of minimal cost related to assuringpower supply under the three other criteria (environmental friendliness,power quality and reliability).

According to the official definition published in [49], reliability is

probability of the power system satisfactory operation overthe long run. It denotes the ability to supply adequate elec-tric service on a nearly continuous basis, with few interrup-tions over an extended time period.

According to the same source, another important term is security:

Security of a power system refers to the degree of risk inits ability to survive imminent disturbances (contingencies)without interruption of customer service. It relates to ro-bustness of the system to imminent disturbances and, hence,depends on the system operating condition as well as thecontingent probability of disturbances.

Relations between reliability and security are also provided in the samepublication as:

Security and stability are time-varying attributes which canbe judged by studying the performance of the power systemunder a particular set of conditions. Reliability, on the otherhand, is a function of the time-average performance of the

power system; it can only be judged by consideration of thesystems behavior over an appreciable period of time.

Note that the term stability is discussed later in the next chapter. Inthe context of this chapter it is not relevant.

Reliability is the overall objective in power system designand operation. To be reliable, the power system must besecure most of the time.


15/125

1.2. Dissertation Outline 15

When the security is jeopardized and a power system is subjected toa disturbance, which is not eliminated, it can lead to catastrophic sce-narios [65], [46], [69], [35] and [3], having a very serious impact on thesociety. If this happens, a complicated and complex restoration proce-dure must take place [30].

This thesis focuses on the aspect of security, however, the other aspects

have to be considered too. Finding an appropriate balance and compro-mise between above listed criteria, which are often in contradiction (forexample, a cheaper power plant may cause more severe pollution etc.),is generally very challenging in most of power systems design problems.

1.2 Dissertation Outline

The thesis starts with chapter 2 identifying shortcomings of the securityof present power systems originating in inadequacy of traditional con-trol and operation approaches in the context of recent trends in powersystems. Chapter 3 suggests improvements of power systems security

as a compact concept of operation philosophy addressing power systemssecurity, possessing following main features: using a different index, in-stead of well known N-1, for expressing power systems security (section3.1); modifying existing power systems control philosophy (section 3.2)and the structure in which it is implemented (section 3.3). Chapter 4goes deeper into the principle and an application example of a particu-lar control method, which could be employed within the control conceptmentioned in the previous sentence. Chapter 5 provides a reasoning andjustification of advantages, which would be brought by such a new con-trol method.

1.3 Contributions of the Work

Major contributions of the PhD studies research work summarized inthis dissertation are as follows:

Outline of a compact concept of operation philosophy addressingpower systems security in several ways (chapter 3). In particu-lar, by using an index expressing the system security better thanexisting one (e.g. N-1), by applying a new control philosophyimplemented in a modified control structure.


16/125


Proposal of a new security index (as an alternative to N-1), al-lowing to measure the extent in which the system is robust (i.e.how much is the system secure) against large disturbances (section3.1). Furthermore, the proposed security index provides a basisfor a generation dispatch providing highest probable security fora given amount of load.

Proposal and derivation of a Model Predictive Control (MPC)scheme employing trajectory sensitivities to reduce complexitywhile acceptably allowing capturing of nonlinear system behav-ior of power systems (chapter 4).

This introduces much higher control performance, allowing modi-fication of power systems control philosophy, i.e. moving towardscontrol decisions formulated and adjusted very closely to the ac-tual system state and lumping together preventive (i.e. control,to be executed in normal and/or alert conditions, for more details,see section 2.2) and emergency control.

Proposal of a framework and criteria to be considered when eval-

uating a control method (chapter 5).The proposed framework suggests how to measure both economyand security impacts and possible benefits if a new control philos-ophy and/or controls, in this particular case a FACTS device, areunder consideration.

1.4 List of Publications

The work reported in this dissertation has been partially covered by thefollowing publications:

1. M. Zima and G. Andersson, Model Predictive Control Employ-ing Trajectory Sensitivities for Power Systems Applications, 44thIEEE Conference on Decision and Control, 12 - 15 December,2005, Seville, Spain.

2. M. Zima and G. Andersson, Model Predictive Control of Elec-tric Power Systems under Emergency Conditions, chapter in thebook Real Time Stability in Power Systems - Techniques for EarlyDetection of the Risk of Blackouts, Kluwer Academic Publishers,2005.


17/125

1.4. List of Publications 17

3. M. Zima and D. Ernst, On Multi-Area Control in electric PowerSystems, 15th Power Systems Computation Conference, 22 - 26August, 2005, Liege, Belgium.

4. M. Zima and G. Andersson, On Security Criteria in Power Sys-tems Operation, IEEE PES General Meeting, 12 - 16 June, 2005,

San Francisco, USA.5. M. Zima and G. Andersson, Wide Area Monitoring and Con-

trol as a Tool for Mitigation of Cascading Failures, ProbabilityMethods Applied to Power Systems (PMAPS), 13 - 16 September,2004, Ames, USA.

6. M. Zima, C. Rehtanz and G. Andersson, Aspects of Wide AreaControl of FACTS Devices, Bulk Power System Dynamics andControl VI (IREP), 22 - 27 August, 2004, Cortina D. Ampezzo,Italy.

7. M. Zima and G. Andersson, Emergency Voltage Control UsingTrajectory Sensitivities, IX SEPOPE, 23 - 27 May, 2004, Rio de

Janeiro, Brazil.

8. M. Zima and G. Andersson, Stability Assessment and Emer-gency Control Method Using Trajectory Sensitivities, 2003 IEEEBologna PowerTech, 23 - 26 June, 2003, Bologna, Italy.

9. M. Zima, P. Korba and G. Andersson, Power Systems Volt-age Emergency Control Approach Using Trajectory Sensitivities,IEEE Conference on Control Application, 23 - 25 June, 2003, Is-tanbul, Turkey.

Besides the above list, I participated in several other publications whichdeal with topics relevant to the dissertation, but the material coveredby them is out of the scope of this dissertation:

1. M. Weibel, K. Imhof, W. Sattinger, U. Steinegger, M. Zima andG. Biedenbach, Overhead Line Temperature Monitoring PilotProject, CIGRE Session 2006, B2-311, Paris, to appear.

2. M. Zima, M. Larsson, P. Korba, C. Rehtanz and G. Andersson,Design Aspects for Wide-Area Monitoring and Control Systems,in Proceedings of the IEEE, Vol. 93, No. 5, May 2005.


18/125


3. M. Zima, Wide Area Monitoring Systems: For which Purposes?,8th International Workshop on Electric Power Control Centers, 5- 8 June, 2005, Les Diablerets, Switzerland.

4. M. Zima, Wide Area Monitoring - a Move towards Future Su-pervision of Power Systems, ETG Tagung: Forschung und neueTechnologien im Energiebereich, 8 March, 2005, Zurich, Switzer-land.

5. C. Carnal, J. Bertsch and M. Zima, Guarding the Grid, ABBReview Special Report, September, 2004.

6. M. Zima, T. Krause and G. Andersson, Evaluation of SystemProtection Schemes, Wide Area Monitoring and Control Systems,Advances in Power System Control, Operation and Management(APSCOM), 11 - 14 November, 2003, Hong Kong, China.

7. M. Zima, Blackout a Deregulacia Trhu s Elektinou, SME, 21August, 2003, in Slovak.

8. J. Bertsch, M. Zima et al., Experiences with and Perspectives ofthe System for Wide Area Monitoring of Power Systems, Qualityand security of Electric Power Delivery Systems, CIGRE/IEEEPES International Symposium, 8 - 10 October, 2003, Montreal,Canada.

9. C. Rehtanz, M. Larsson, M. Zima et al., System for Wide AreaProtection, Control and Optimization based on Phasor Measure-ments, Power Systems and Communication Systems Infrastruc-tures for the Future (CRIS), 23 - 27 September, 2002, Beijing,China.

In addition, some attitudes expressed in this thesis have been formed

also taking into account experience collected during 5 years of engage-ment in power industry, which has resulted into 7 pending or alreadyregistered patents in the area of power systems stability monitoring andcontrol.


19/125

Chapter 2

Power Systems Security

This chapter provides an overview of the present situation in securityof power systems and main factors influencing it. Weaker points in theconcept of power systems control, which may not be adequate anymore

in the present and future conditions and thus should be addressed, areidentified.

2.1 Threats of Power Systems Security

Power systems have originally arisen as individual self-sufficient units,where the power production matched the consumption. In the case ofa severe failure, a system collapse was unavoidable and meant a totalblackout and interruption of the supply for all customers. But therestoration of the whole system and synchronization of its generatorswere relatively easy due to the small size of the system.

Power systems size and complexity have grown to satisfy a larger andlarger power demand. Phenomena, having a system-wide, global nature,endangering the normal operation of power systems have appeared, ex-plicitly:

Frequency Instability - is inability of a power system to maintainsteady frequency within the operating limits. Keeping frequencywithin the nominal operating range (ideally at nominal constantvalue) is essential for a proper operation of a power system. A

19


20/125

20 Chapter 2. Power Systems Security

maximal acceptable frequency deviation (usually 2 Hz) is dictatedby an optimal setting of control circuits of thermal power plants.When this boundary is reached, unit protection disconnects thepower plant. This makes the situation even worse - frequencyfurther decreases and it may finally lead to the total collapse ofthe whole system. Frequency instability is in its nature rather a

tracking than truly a stability control problem.

Voltage Instability - is the inability of a power system to maintainsteady acceptable voltages at all buses in the system under normaloperating conditions and after being subjected to a disturbance.A system enters a state of voltage instability when a disturbance,increase in load demand, or change in system conditions causes aprogressive and uncontrollable drop in voltage.

Transient Angular Instability (also called Generators Out-of-step)- is the inability of the power system to maintain synchronismwhen subjected to a severe transient disturbance. The resultingsystem response involves large excursions of generator angles and

is influenced by the nonlinear power-angle relationship [47]. Incase of transient angle instability, a severe disturbance is a dis-turbance, which does not allow a generator to deliver its outputelectrical power into the network (typically a tripping of a lineconnecting the generator with the rest of the network in order toclear a short circuit). This power is then absorbed by the rotorof the generator, increases its kinetic energy, which results in thesudden acceleration of the rotor above the acceptable revolutionsand eventually damage of the generator.

Small-signal Angular Instability (also mentioned as GeneratorsSwinging or Power Oscillations) - is the inability of the power sys-tem to maintain synchronism under small disturbances. Such dis-turbances occur continually on the system because of small vari-ations in loads and generation. The disturbances are consideredsufficiently small for linearization of system equations to be per-missible for purposes of analysis. Local modes or machine-systemmodes are associated with the swinging of units at a generatingstation with respect to the rest of the power system. The termlocal is used because the oscillations are localized at one stationor small part of the power system [47]. Inter-area modes are as-sociated with the swinging of many machines in one part of the


21/125

2.2. Present Power Systems Control 21

system against machines in other parts. They are caused by twoor more groups of closely coupled machines being interconnectedby weak ties [47].

Note, that transient phenomena, having purely local nature, such asshort-circuits, usually do not have a direct system-wide impact (Al-

though they may be an initiating trigger of instabilities, e.g. a slowshort-circuit fault clearing may cause transient instability of a closelylocated generator etc.), therefore they are excluded from further con-siderations.

With the rising importance of the electricity for industry (and the entiresociety), the reliability of supply, and thus power systems security, hasbecome a serious issue. Interconnection of the separated/individualpower systems have offered a number of benefits [33] [26], such as sharingthe reserves both for a normal operation and emergency conditions,dividing of the responsibility for the frequency regulation among allgenerators and a possibility to generate the power in the economicallymost attractive areas, thus providing a good basis for the power trade.

Although this has reduced some negative features mentioned above, onthe other hand it has also introduced new problems - such as a potentialfor spreading of disturbances over large distances and thus paralyzingvast geographical areas etc.

2.2 Present Power Systems Control

Control methods mitigating the listed dangerous phenomena (frequency,voltage, transient and small-signal instability) and keeping the powersystem in a secure state are mainly based on the classification of powersystem states. Explicitly, according to [47], these states are:

Normal All system variables are within the normal range and no equip-ment is being overloaded. The system operates in a secure mannerand is able to withstand a contingency without violating any ofconstraints.

Alert All system variables are still within the acceptable range andall constraints are satisfied. However, the system has been weak-ened to a level where a contingency may cause an overloading ofequipment that places the system in an emergency state.


22/125


Normal

Emergency

Alert

In Extremis

Restorative

Figure 2.1: Power system operating states. Arrows express possible

transitions among them.

Emergency Some system variables are outside of acceptable range(e.g. voltages too low, lines overloaded). If no control changesare introduced, system progresses into In Extremis.

In Extremis Cascading spreading of system components outages re-sulting in partial or system-wide blackout (loss of supplied load).

Restoration Energizing of the system or its parts and reconnectionand resynchronization of system parts.

Mutual relations and possible transitions among the operation statesare shown in figure 2.1.

With respect to the above categorization of operation states, controlapproaches for keeping power systems secure are usually applied in twostages:

Normal and preventive control This control is applied in the nor-mal and alert state. Its objective is either to stay in or to returninto normal state.


23/125


Emergency control This control is applied in emergency or in ex-tremis state to stop the further progress of the failure and tobring the system into normal or alert state.

2.2.1 Normal and Preventive Control

Typical representatives of normal and preventive control are:

Hierarchical automatic control:

Frequency control

Voltage control

Centralized manual control based on:

Contingency screening

Operator judgment

Control measures usually include:

Change of active power generation set-points, i.e. redispatch.

Change of reference points of flow controlling (FACTS) devices.

Start-up of generation units.

Change of voltage set-points of generators and Static VAR Com-pensators (SVC).

Switching of shunts elements (reactors, capacitors).

Change of substation configuration (e.g. splitting of busbars).

Common Practice

The hierarchical frequency control concept has been established in powersystems for decades. Its description can be found in any textbook deal-ing with power systems control or operation, e.g. [47].

On the other hand, hierarchical voltage control has been implementedonly in a few countries (e.g. France, Italy). Two additional higher levels- Secondary Voltage Regulation (SVR) and Tertiary Voltage Regulation


24/125


(TVR), enrich primary voltage regulation. National TVR shall coordi-nate SVRs that control the areas voltage profiles. The objective here isto create a system-wide voltage profile minimizing the transmission ofreactive power over longer distances and maximizing the reactive powergeneration reserves. Larger reactive power generation reserves meanthat they can be activated in case of a disturbance, i.e. the system is

made more robust. More details about implemented hierarchical voltagecontrol schemes are reported in [70].

Hierarchical frequency and voltage control concepts are usually fullyautomated, i.e. the control loop is closed and does not involve anyhuman intervention. Possible negative interactions among layers areminimized by appropriate selection of their time constants, e.g. primarylayer dynamics is in order of seconds, secondary layer in tens of secondsto minutes and tertiary layer minutes to hour.

As mentioned above, in a large majority of power systems, hierarchicalfrequency control is the only fully automated closed loop control inNormal and Alert state. In all other cases, human factor is involved inform of power system operator. Then a control scheme/loop basically

consists of:

Data acquisition and monitoring This stage is usually handled bySupervisory Control and Data Acquisition (SCADA) system.

Operators decision Operator based on the knowledge about the presentstate of the system, coming from SCADA system, decides, whetherto intervene by modifying actual values of controls. Operator canbase his intervention decision either on his experience and judg-ment or on decision support tools.

Control execution This stage materializes either via link SCADA -Substation Automation, or communication with the personnel ex-

ecuting the control manually in substations or/and power plants.

In this control scheme, the main objective is to keep the power systemin a secure state, expressed by the compliance with N-1 criterion. Thatmeans that a possible outage of any single component shall not createan unacceptable stress of other component(s) or instability problem. Inmost power systems, a procedure called Security Assessment is employedfor this purpose. Security Assessment is usually implemented as a pro-gram belonging to the Energy Management System (EMS) processing


25/125


present state information given by SCADA system. Security Assess-ment is then done in a continuous cycle, typically every 5 or 15 minutes.The consequences of possible component outages, which are then exam-ined, are components operated outside their limits (line overloads andundervoltage or overvoltage), voltage instability, transient instability).Usually, each type of consequences is analyzed by a separate software

package, independently of others. Security Assessment is often executedin two steps:

1. Complete set of possible contingencies is processed using fast (some-times only approximate) static analysis, neglecting system dynam-ics. This procedure is often referred to as Contingency Screening.

2. Reduced set of contingencies, identified as possibly most severeones in the Contingency Screening, are analyzed in detail in formof time domain simulation considering all relevant dynamics as-pects.

For checking of unacceptable components stresses, employment of purelystatic methods (i.e. Contingency Screening) is sufficient. Essentially, foreach assumed contingency a power flow computation is done, followedby a simple comparison of computed post-contingency state and com-ponents operational limits.

The relation between the active power consumed in the monitored areaand the corresponding voltages is expressed by so called PV-curves (of-ten referred as nose curves). The increased values of loading areaccompanied by a decrease of voltage. When the loading is furtherincreased, the maximum loadability point is reached, from which no ad-ditional power can be transmitted to the load under those conditions.In case of constant power loads, i.e. loads whose power consumption isindependent of the voltage magnitude, the voltages in the nodes becomeuncontrollable and rapidly decrease, resulting in voltage collapse. How-ever, the voltage level close to this point is sometimes very low, whatis not acceptable under normal operating conditions, although it is stillwithin the stable region. But in emergency cases, some utilities acceptit for a short period. There are also other alternative graphical repre-sentations, e.g. QV-curves (amount of needed reactive power to keepa certain voltage at a given active power loading). PV-curves (or QV-curves) starting from actual system state are computed for consideredset of contingencies. If any of the resulting PV-curves indicates that


26/125


the system would be unstable (or would have an unacceptably low volt-age profile) after a contingency, the operator takes preventive measures,such as switching shunt capacitors, generation redispatch etc.

Proposed Improvements

Most of the research in power systems security area follows the frame-work of the existing control structure described above.

The major part of the research activities in voltage instability area hasfocused on the steady state aspects, i.e. finding the maximum loadabil-ity point of the PV-curve. The solution of the Newton - Raphson powerflow calculations becomes unfeasible close to this critical point due tothe singularity of Jacobian matrix. This provides a basis for a numberof indices, expressing the proximity to the voltage collapse, which hasbeen derived, e.g. [21], [14], [72] and [8].

Continuation Power Flow (CPF) can overcome the numerical problemsindicated above. In principle, it is a slightly reformulated conventional

power flow. The equations are augmented by the term quantifying theload increase and containing a new variable - the load parameter. Anew equation is introduced, which basically forces a continuation pa-rameter chosen in the predictor step to hold its value in the iterativecorrection process. This continuation parameter is optimally loadingin the beginning of the PV -curve and when approaching the nose,voltage. Various techniques have been developed for predictor step inorder to speed up the computations and increase the accuracy. A verygood explanatory example of tangent method is in [1]. Secant predictor(in fact linear approximation estimate) can be found in [13]. An appli-cation on inter area power transfer security evaluation is demonstratedin [28]. CPF has probably become the most widely accepted tool for the

voltage instability assessment/evaluation and a huge number of papershave been written about it.

A step forward is the QSS (Quasi Steady-State) approximation proposedin [17]. This method consists of voltage stability evaluation based onthe time domain simulation with a simplified description of the powersystem dynamics, such as load behavior etc.

An application of traditional measure of transient angle instability -equal area criterion (expressing a balance between the accelerating anddecelerating energy), on emergency control has been presented in [22],


27/125


which describes the method called SIME (single machine equivalent).The angles of the generators in the system are predicted approximately200 ms ahead. According to this, the machines are ranked and groupedinto two categories. For the generators from the critical category, OMIB(one machine, infinite bus) equivalent is modeled and extended equalarea criterion is applied to assess their stability. Pre-assigned corrective

action is executed if an unstable generator is identified.A similar procedure/algorithm is used in the commercially availableprogram TSAT intended for both off-line and on-line use [48], developedby Powertech Labs. Here the Dynamic Extended Equal Area Criterionis employed for screening of the most severe contingencies that are thenanalyzed in detail in form of time domain simulation.

2.2.2 Emergency Control

Typical representatives of emergency control in today power systemsare:

Protection based systems:

Under frequency load shedding (UFLS) schemes

Under voltage load shedding (UVLS) schemes

System Protection Schemes (SPS)

Damping control

Emergency control measures may include:

Tripping of generators

Fast generation reduction through fast-valving or water diversion

Fast HVDC power transfer control

Load shedding

Controlled opening of interconnection to neighboring systems toprevent spreading of frequency problems

Controlled islanding of local system into separate areas with match-ing generation and load

Blocking of tap changer of transformers

Insertion of a braking resistor


28/125


Common Practice

The main challenge in emergency control is the urgency, in which ithas to be applied. Since historically very high demands for high perfor-mance communication system and control decision logic could not bemet, emergency control strategy relies on devices reacting to their local

measurements based on their setting determined off-line by simulationsof assumed dangerous scenarios.

Under frequency load shedding (UFLS) schemes Local devicesused for UFLS schemes are UFLS relays. UFLS schemes and relaysmight be sorted in various categories [20], but their functionality isessentially the same. They are usually triggered when frequency dropsto a predefined level and/or with a predefined rate of change. Theiraction is disconnection of the load in several steps (5 - 20 % each)from the feeders they supervise. However, their effectiveness is stronglydependent on their careful tuning based on prestudies, since there is noon-line coordination between them.

Under voltage load shedding (UVLS) schemes Under voltageload shedding relays are a conventional local solution to prevent voltageinstability [64]. The criterion triggering the load shedding action is apredefined voltage level in the supervised node (For example 88 % and86 % of the nominal voltage in one particular isolated network.).

System Protection Schemes (SPS) The abbreviation SPS is of-ten also referred to as Special Protection Schemes. However, through-out this thesis the System Protection Scheme interpretation is assumeddue to more appropriate descriptive value (expression special may bemisleading due to large room left for its interpretation).

SPS differ from UFLS and UVLS schemes and relays essentially in twoaspects:

1. SPS use in addition to (or instead of) measurements also a par-ticular topology change (i.e. contingency) information to detect adangerous system state.

2. SPS consist of several relays, which often use an information froma remote location (e.g. measurement taken by one relay is sent toother relay, which processes it and executes a control action).


29/125


According to [2], SPS are defined as:

a protection scheme that is designed to detect a particularsystem condition that is known to cause unusual stress tothe power system and to take some type of predeterminedaction to counteract the observed condition in a controlled

manner. In some cases, SPSs are designed to detect a sys-tem condition that is known to cause instability, overload,or voltage collapse. The action prescribed may require theopening of one or more lines, tripping of generators, ramp-ing of HVDC power transfers, intentional shedding of load,or other measures that will alleviate the problem of con-cern. Common types of line or apparatus protection are notincluded in the scope of interest here.

In 1992, CIGRE and IEEE performed a survey about the installed SPSamong utilities. The detailed statistical results of the answers reporting111 installed SPSs can be found in [2]. Very important and interesting

observations and information can be extracted from it, although theyare not explicitly stated there:

The trend is quite obvious; the most SPSs have been commissionedin the nineties. The degree of complexity is rapidly increasing andthe solutions are more and more sophisticated.

All installed SPSs are dedicated solutions for particular powersystems. There is no scheme that could be applied to anotherpower system with minor modifications.

SPS should be armed (i.e. ready for operation) all the time, notonly in the periods when the power system is heavily stressed.

An explicit quotation:

... the costs of the false trips is generally much lowerthan the cost of failure of the SPS to operate whenrequired ...

This implies, that even with the risk of malfunction, SPS installa-tions have generally proven to bear a relatively low economic risk(at least the cases discussed in the reference).


30/125


Damping Control Some power systems lack a natural dampingof oscillations, which may occur, and they would be unstable whensubjected to any minor disturbance and sometimes even under normaloperation conditions [68] if no measures increasing the damping wereintroduced. As stated in [61], extension of the transmission capacity byadding a new line does not necessarily improve the damping significantly

and solve the problem (as the authors show on the eigen-sensitivityanalysis applied on Korean network).

A traditional way of introducing an additional damping in the systemis using of Power System Stabilizer (PSS), which modulates the outputvoltage of the generator.

Besides generators, PSS can be installed and used for modulation ofFACTS devices control.

The coordinated tuning of PSSs is a complex task, since they should berobust - work in the wide range of operation conditions and provide thebest possible performance. This process is done off-line. Data neededfor tuning of PSSs are usually obtained by modal analysis of powersystem model linearized around its operating point.

Proposed Improvements

Under frequency load shedding (UFLS) schemes Using of Neu-ral Network to estimate the dynamic response of the power system tothe under-frequency load shedding is proposed in [55]. This informationis then used to calculate an optimal amount of load to be disconnected.

Under voltage load shedding (UVLS) schemes An alternativelocal approach for detection and evaluation of voltage instability hasbeen presented in [71] and [31]. The grid is in the supervised node

represented/replaced by a Thevenin equivalent and the load is modeledby an impedance. The point of equal impedances (rule known from thebasic circuit theory) is then representing a boundary between stable andunstable conditions. However, there is an open issue of coordination ofseveral such local devices.

The exclusion of the system dynamics might bring a risk of missedinformation about the inertia of the system, with which it responds todisturbances. An attempt to include it and optimize the load sheddingmay involve a genetic algorithm [56]. However, there is a danger, that an


31/125


important scenario may be omitted from the training/tuning procedureof the algorithm and failure of SPS in case of occurrence of such situationin reality. Alternative solutions proposed by the same research groupfor implementation in Hydro-Qubec network are more or less rule basedrelying on the off-line studies and setting of local relays [18]. The rootsof these considerations and probably the most complete coverage can be

found in [4] and in a bit more condensed form in [5]. The author exploresthe dynamics of loads, especially the timing aspect of load shedding andits location.

A centralized approach based on PV-curves has been implemented inpractice and proven to work properly [44] when the automatic loadshedding system VSHED, installed in Entergy (utility serving Arkansas,Mississippi, Louisiana and a portion of Texas), successfully operated incase of major disturbance on September 22nd, 1998.

System Protection Schemes (SPS) The mentioned weakness ofUFLS relays (uncoordination) can be overcome by centralized load shed-ding schemes. Some of them are already in the operation. One part of

the SPS included in a new Hydro-Qubecs defence plan [67], commis-sioned in 2000, is Remote Load Shedding System (RLSS). RLSS is trig-gered by Extreme Contingencies Detection Systems (ECDS) monitoringand supervising the highest 735 kV transmission network [15]. RLSScalculates the power to be shed depending on the severity of the event.RLSS sends the commands to the communication processors. Eachof them communicates with 24 Programmable Load Shedding Systems(PLSS). PLSSs are in operation in Hydro-Quebec for more than 20years, currently installed in 140 distribution substations. PLSS is a de-vice that executes the received load shedding commands and in extremecases it works as a back up using the same criteria as any conventionallocal UFLS relay. It is also capable of taking measurements, performing

self-diagnostics etc.Simple rules derived from the classical relations of OMIB equivalent areproposed in [54] and compared with the conventional out-of-step relay.The simulation results of Tokyo Interconnected Network show that theprediction of the loss of synchronism is 0.7 second faster, thus providinglonger time for countermeasures.

Simulation results show how the blackout of Taiwans power system onJuly 29th, 1999 could have been avoided employing a protection schemeagainst transient instability described in [74]. The proposed algorithm


32/125


aims at the protection of EHV-tie line connecting the generation areain the south with the load area in the north of the country. Thereforethe line power flow limit was used to modify the Equal Area Criterionfor stability of the generators in the south.

Reference [40] suggests an algorithm, which does not require knowledgeof the system and uses only the on-line measurements of generators

rotor angles and power mismatches to predict the transient angularstability of the generator. It implies that there would not be any needfor tuning/adaptation procedure when applying this method to anotherpower system. The valves of the steam turbines affecting the mechanicalinput of a generator are controlled in order to stabilize the generator.Simulation tests on the WSCC system have been carried out, showingthe successful operation of the proposed method.

The experience with the transient stability control systems (TSC Sys-tems) is reported in [43]. CEPCO (Chubu Electric Power Co.) in Japanhas commissioned two systems, one in June 1995 and the other one inMay 1996. In the paper, mainly the statistics are listed. The principlebehind, as mentioned, is an on-line pre-calculation cycle including all

possible operating scenarios but no details are provided. In case of adangerous situation, the result of pre-calculations is recalled and appro-priate generator is disconnected. The calculation time of the cycle isalways less then 5 minutes (usually 3) for 30 cases and power systemmodel consisting of 300 nodes, 400 branches and 30 generators. Thisimpressive number is achieved by employing several arithmetic unitsperforming parallel calculations. The TSC system has the features:

automatic recognition of change in operating conditions of gen-erators and transmission lines which information determines thegenerators to be controlled for stabilization

CEPCO system is stabilized with the minimum amount of gener-ation shedding, since the controlled generators are chosen on-line

coping with an extension (new built generators or lines) of theCEPCO system is relatively easy by update of network data data-base

Damping Control Various techniques aiming at the identification ofoscillation modes from measurements of various quantities have been


33/125


reported. This should compensate for model inaccuracies affecting theresult of modal analysis.

For estimation of NORDEL inter-area oscillation modes, the frequencymeasurements from the common distribution network have been uti-lized [32]. However, the distribution network is probably not the bestchoice since the measurements contain quite a lot of noise (distortion

from higher harmonics) and extraction of information about the twotypical NORDEL oscillation modes was difficult. The monitoring offrequency on the transmission level, triggered by disturbances, showsmore promising results [24], although another important factor, whichhas played a certain role, is the size of the system and thus the fre-quency of the oscillations. UCTE/CENTREL system is a magnitudelarger than NORDEL system, so the recorded oscillations (measure-ments have been taken directly on the transmission level) have muchlower frequency and the measurement noise is more easily filtered out.The authors also make an important statement about the increase ofmeaning/importance of inter-area oscillations monitoring using WAMS(Wide Area Measuring System) due to the growing size of the power

systems.The oscillations along the north-eastern Australian coast (Queensland)have been investigated in [51]. The voltage angle at the ends of twolong lines have been measured and analyzed. The authors state thatthe angle signals have greater potential for modal identification thanpower. Promising simulation results with voltage angles measured withPMUs and fed into the PSS designed for it and placed at two generatorsin Norwegian network are demonstrated in [68].

Employment of Kalman filtering techniques is reported in [45].

A Remote Feedback Controller (RFC) design methodology using PMUmeasurements is presented in [62]. The simulation results show robust-ness and good performance of the RFC applied to the damping of low

frequency inter-area oscillations.A research group in Hydro-Qubec under lead of Kamwa has done sig-nificant work in the field of damping of inter-area oscillations. In [38]two-loop PSSs are proposed. The speed sensitive local loop operatingthe usual way is extended with a global loop using wide-area measure-ments from two suitably selected areas, in this case frequency mea-surements. Five control sites comprising 4 generators and one synchro-nous condenser have been chosen for implementation of the proposedmethod. The simulations (without considering a time delay caused by


34/125


communication synchronization of values, processing and execution ofa command) have proved a significant improvement in the damping ofinter-area oscillations, which have been excited by a contingency (tripof one of the major lines). The device that is assumed to be used formeasuring in the practice is a Phasor Measurement Unit (PMU). Thelocations for their placement are shortly discussed. The author sug-

gests placement of 65 PMUs for multifunctional SPS in Hydro-Quebecsystem. The described work has been extended in [39].

2.3 Last Decade Trends

Majority of control concepts described in the previous section, whichrepresent an absolutely dominant part of present power systems con-trol, have been developed for the traditional structure of power sys-tems, which prevailed several decades ago, based on the limitation andcapabilities of infrastructure existing in the time of their development.

However, power systems operation environment has been changing quite

significantly as well as technological implementation possibilities (suchas computers, communication infrastructure etc.).

Most significant factors influencing power systems operation in the lastdecade are related to:

Electricity Market Liberalization

Distributed Generation

Environmental Restrictions

Electricity Market Liberalization There are many publication de-scribing in detail process of market liberalization, the new organizational

framework and all related aspects. But in the context of this thesis itis important to stress only some consequences of them.

Unbundling of utilities, part of liberalization, caused separation of trans-mission, distribution and generation parts of power systems. Responsi-bility for the security of power systems lies then on the System Opera-tor (SO) operating transmission system. There is no uniform electricitymarket design. In different power markets the entity bearing respon-sibility for the system operation have different names, such as Trans-mission System Operator (TSO), Independent System Operator (ISO),


35/125

2.3. Last Decade Trends 35

Transmission System Coordinator (TSC), related mainly to the fact ifthe possess, or only operate transmission assets. To avoid confusion andrestriction to only specific cases, the abbreviation SO is used throughoutthis thesis hence, since ownership of transmission assets does not playany role in the context of this thesis. The main complication, broughtby the separation of ownership of generation and transmission, is lack of

coordination in the long-term system expansion planning. This resultsin the very reduced predictability of utilization of transmission assetsand correct allocation of controls.

Involvement of many parties in generation and distribution of energycreates a more complex economical environment - many more econom-ical links and large volatility of economical factors. This in turn in-troduces a strong variation of power flow patterns. Interconnectinglinks (frequently called tie-lines) , that were originally built for powerexchange under emergency conditions, are now used for regular elec-tricity trading over long distances. Now tie-lines are often the moststressed/loaded elements in transmission systems.

Distributed Generation Penetration of distribution (Hence the ex-pression distributed generation. Additionally, this expression also refersto the fact of spatial sparse geographical spreading of many units withlow power rating.) systems with small generation units has been rapidlyincreasing because of technological advances in this area and a verystrong legislation support in some countries. As an example, utilities inGermany are obliged to connect new distributed generation and buy en-ergy from distributed generation any time it produces it. Similar rulesapply in many other countries.

A large portion of distributed generation is wind and solar generation,whose production is weather dependent and thus very volatile, less pre-

dictable and its controllability is very limited. Many generators of lowratings are asynchronous machines, which need to be energized from thenetwork side (This implies that they can not be used for so-called blackstart in case of system restoration.) and do not offer a voltage supportand control. Flows in distribution networks are strongly affected fromdistribution generation, which is injecting its power directly there.

Environmental Restrictions Last, but not least, increasing pres-sure from public side, due to environmental concerns, has made it very


36/125


difficult to build any larger primary equipment assets both on the gen-eration (power plants) and transmission side (lines, substations). Thusonly existing primary assets can be used to serve continuously increas-ing power demand. (Primary equipment is the expression referring tothe equipment in power systems, which is subjected to high voltageand/or high currents. Measurement, monitoring and control systems

are referred to as secondary equipment.)

2.4 Shortcomings of Present Security

Main assumptions, which were used in the design of control concepts inthe traditional power system, are:

Predictability - such as typical loading pattern etc. as a conse-quence of the fact that all aspects were managed by a single entity.

Substantial equipment loading margin.

Good controllability of generators.

Distribution systems having purely consumption character.

These assumptions led to the fundamental features of the control con-cept described in the section 2.2 as follows:

Control schemes dedicated separately to each dangerous phenom-enon, i.e. separate scheme for control of frequency, voltage etc.

Strict distinction between preventive and emergency control.

Control policies (especially for emergency control) formulated off-line for a reduced set of typical system conditions.

N-1 criterion used as a quantitative measure of the system security.

However, present conditions in power systems differ significantly fromthe above listed assumptions, as shown in the previous section. Thisdiscrepancy may lead to many dangerous situations, two examples canillustrate this:


37/125

2.4. Shortcomings of Present Security 37

When avoiding one instability problem, system can be pushedinto another one. For example, when executing Under VoltageLoad Shedding, unconsumed generated power can result in a sharpfrequency rise yielding frequency stability problems.

Under Frequency Load Shedding acting by disconnection of a dis-tribution feeder may actually disconnect a significant portion ofdistributed generation and make the situation even worse.

Power systems security is a very complex multidimensional problem.It is suggested that improvements of power systems security can beachieved by complementing and/or modifying both operational philos-ophy and control, which naturally includes technology and infrastruc-ture. However, suggestions for such improvements should be supportedby demonstration of incentives. These statements also form basis forthe work summarized in this dissertation.


38/125


39/125

Chapter 3

Improvements in PowerSystems Security

Power systems security can be influenced in many ways. This chapterattempts to put the security of power systems into a wider perspectivefor possible future power systems operation and control. Essential forthis proposal is a use of different criteria expressing system security;shift to real-time formulation of both preventive and emergency controlpolicies and a modification of the control structure.

There are many factors influencing power systems security. Overviewof their today form and weaknesses have been provided in sections 2.2and 2.4, respectively.

In this chapter a proposal of a compact concept of operation philosophyaddressing power systems security is presented. The following featuresrepresent the essence of this concept:

Use of new index expressing security The objective of the new se-curity index, replacing the standard N-1 criterion extensively usedtoday, is to drive a power system on a trajectory more robustagainst spreading of large system disturbances. This topic will befurther discussed in the section 3.1.

Adopting a new control philosophy Central for the proposed phi-losophy is that normal, preventive and emergency control shouldbe combined (That means there should not be a strict distinction

39


40/125

40 Chapter 3. Improvements in Power Systems Security

between these two types of control, which are today implementedeven on two different completely decoupled hardware platforms.)and their control policies should be formulated based on the ac-tual system conditions, that means not based on off-line studiesof typical situations as is common practice today. More detaileddiscussion follows in the section 3.2.

Modification of the existing control structure This may seem tobe necessary in order to accommodate a new control philosophy.Section 3.3 elaborates on this topic further.

3.1 A New Security Index

In this section a new way of minimizing the risk of cascading events ispresented. A method to dispatch the system in such a way that therisk for subsequent line trips after the first initial event is minimized ispresented. This method is based on the assumption that the probability

of a line trip is a continuous increasing function of the line overloading.A slight overload implies a smaller probability of a line trip than a largeroverload does. The new method is compared with the N-1 criterion andit is shown that the proposed method makes a system more robustagainst multi contingencies than the N-1 criterion.

3.1.1 Introduction

A secure operation of power systems requires that the system has ap-propriate security margins so it can withstand various disturbances.Ideally, the security margin should be calculated and monitored on-line, but due to the size and complexity of modern power systems thisis either done using very simplified models of the system or not at all.Instead different simplified security criteria are used to ensure that thesecurity margins are sufficient. One such criterion is the N-1 criterion,which was introduced after the 1965 Northeast USA blackout. Thiscriterion, in its simplest form, says that the system should be able towithstand the loss of any component, e.g. line, transformer, generator,etc, without jeopardizing system operation. This criterion, with slightmodifications, is widely used in power system operation today all overthe world. In some systems where a higher security is required, the N-2


41/125

3.1. A New Security Index 41

criterion is applied, and one can also envisage in general N-K criterion,with obvious meaning.

The recent large blackouts have initiated a discussion regarding therelevance of the N-1 criterion. It can be argued that the situation todayis significantly different from the one thirty years ago when this criterionwas generally adopted. The power systems today are generally more

stressed due to higher loadings than earlier, and the power transfersdue to trading, which are hard to predict, have increased dramatically.The N-1 criterion deals with one single event, but recent blackouts haveoften been triggered as a consequence of several independent or coupledevents. Particularly, so called cascading sequences of events have playedcrucial roles in several blackouts.

Another important issue is the temporal aspects of the N-1 criterion. Arelevant question in this context concerns the time delay to bring thesystem back to N-1 security after a contingency.

Also, the discrete nature of N-1 criterion can be questioned, since fromthe N-1 definition, the system is in a higher risk, if its component isloaded 100% of its rating 1% of the time, than 99% of its rating 100%of the time, what is perceived as secure according to N-1 criterion.

In the last years, several blackouts have been experienced worldwide.Their origins were various, but as a general consequence the traditionaloperation criteria started to be questioned, e.g. [60]. One main sugges-tion, which appear in the literature, is that moving from deterministiccriteria towards probabilistic ones could be the right step, e.g. [75].Perhaps the most comprehensive discussion with a particular proposalcan be found in [41].

A mixed approach will be proposed here. The probability of occurrenceof the initial event is not modeled, instead, we focus on the minimizationof the risk that any initiating event will proceed to a cascading failure.

An assumption in this approach is that it is possible to assign approxi-mate probability characteristics of the component trip as a function ofits loading.

3.1.2 Cascading Failures

A cascading failure is a process, in which an initiating event/failureincreases the stress of other system components, resulting in possibleoverloading above the limits for which they were designed. The outage


42/125


of overloaded components can progress either slowly (steady-state pro-gression), or quickly (transient progression) [52]. The elements involvedin the cascading failures are primarily branches (lines and transformers).However, we would like to emphasize that cascading process may gen-erally involve any type of component failures (even a wrong operatorscontrol action). The initiating event is usually a component trip due to a

factor, which cannot be influenced (e.g. such as lightning strike into thetransmission line tower and subsequent line tripping by the short-circuitrelay). The transient progression usually involves dangerous phenomenalike voltage instability, frequency instability and small-signal instabil-ity (power oscillations), and its time scale is between one second andseveral tens of seconds, depending on the type of instability. A typicalscenario is for example an outage of large power plant(s) as initiatingevent(s). The sudden lack of the active power generation results in asignificant drop of the frequency below the operating range of otherthermal power plants, which then are tripped. The line loading patternchanges dramatically and overloaded lines are tripped yielding in worstcase a blackout. A similar sequence of events occurred in the Swedishblackout on September 23rd 2003, but there thermal power plants weretripped due to a double busbar protection.

The slow progression involves line tripping between fairly large timeintervals, in order of minutes. In this case the line tripping occurseither after exceeding a short-term emergency line loading limit by theline protection, or the line sags and short-circuit between the line andground takes place, which also implies a line trip. An example of theslow progressing cascading is the initial phase of the Northeastern USblackout on August 14th, 2003.

3.1.3 Operation Criteria

3.1.4 N-1 Criterion

As mentioned in the Introduction, the N-1 criterion says that no otherelement should be overloaded after an outage of any single element.Some utilities continuously monitor on-line their compliance with N-1 criterion according to the actual power system state, whereas someother utilities apply N-1 check only in their day ahead dispatch plan.

Most of the time the N-1 criterion serves well. However, there are someweak points we want to discuss in this paragraph. The definition of


43/125


44/125


0 1 20

10

20

30

40

50

60

K

SystemL

oad[pu]

0 1 20

1

2

3

4

5

6x 10

4

K

NumberofOptimizationC

onstraints

Figure 3.1: Properties of N K dispatch. System load represents thesum of possibly consumed power while being compliant withthe security criterion. Number of constraints refers to theequation 3.3.

Pg RNg

Fi, Fmax RNb

i = 1, 2, . . . , N c

(3.6)

where Pg and Pl are the injected generation and load respectively. Fidenotes post-contingency flows in the remaining branches (i.e. linesand transformers) after the outage of the branch i. Nc is the numberof considered contingencies (here single element outages, thus numberof branches), Ng number of generators and Nl number of loads. Weassume that a node can be only either generation or consumption typein the analysis presented here. This assumption can be relaxed and it isbelieved to have no significant influence on the conclusions drawn here.


45/125


3.1.5 N-2 Criterion

A suggestion, which sometimes appears, is that a N-2 security criterioncould be adopted. However, its practical implementation has severaldrawbacks. First, the utilization of the network would be very low,second, the computation burden when doing the security analysis would

increase very significantly as shown in figure 3.1. As seen the maximumsystem load decreases with about 35 % for the N-2 dispatch as comparedwith the N-1 one, while the computational burden increases with anorder of magnitude. Here the comparison has been made on data from[23].

3.1.6 Relevant Topics in Literature

Besides aspects directly dealing with the operation of power systems,there are several topics, which we consider to be closely related. Aboveall, the mechanism of a blackout (i.e. cascading failure) evolution andfactors having a significant impact on it.

We believe that there is a certain potential for cascading failures relatedto the power system topology structure [76]. Actually, several paperson hidden failures in power systems have confirmed that there mightbe several paths, or system regions, which are much more vulnerablethan others in terms of the further spreading of a contingency, see [42]and [66]. Here we would like to point out that it is not clear thatall contingencies shall be treated equally from the system wide impactpoint of view.

3.1.7 Proposed Security Index

Assumptions The assumptions we list in this subsection form a basis

for the proposed security index.In the traditional N-1 operation criterion, overloads are aimed to bestrictly avoided for all single element contingencies. This means thatit is assumed that the probability for line trip is zero when line flow|F| < Fmax, and 1 if |F| Fmax. However, it can be believed thatthe probability will essentially rather follow a curve shown in figure 3.2.The authors in [12] use such a curve to describe a probability of a relaymalfunction (i.e. trip of a healthy line), but other factors contributingto the line trip may have a similar characteristics. For example, the


46/125


0

1

Probabilityoft

he

trip

k.Fmax

Fmax

Figure 3.2: Probability of the line trip as a function of its loading.

temperature of an overloaded line starts to increase, thus resulting in asag of the line, which may finally be so severe that a flashover towardsthe ground or trees may occur and cause the line trip.

It should once again be stressed that we do not intend to determinethe probability of an initial event occurrence, but the focus is on thepossible subsequent evolution.

As mentioned in the previous section, severity of the contingency onthe integrity of entire system may be determined by various types ofstudies or methods, and only these types of contingencies should be

considered. Thus, we suggest that for example a single element contin-gency threatening only a single load, not a larger portion of a system,may be tolerated and thus removed from the security dispatch proce-dure.

Proposed Method Similarly to N 1, we also focus on avoidingcascading by targeting its first triggering stages.

The main idea is to minimize the overall system cascading exposureexpressed as a sum of highest probabilities for the possible post con-


47/125


tingency trips of subsequent lines. In this minimization a probabilitydistribution of line trips as shown in figure 3.2 is assumed. This mini-mization can be mathematically formulated in the framework of MixedInteger Linear Programming. However, post-contingency overloads arevery rarely exceeding value k.Fmax (Which would typically represent140 % line loading.), thus the computationally more efficient Linear

Programming formulation can be used as follows:

minPg

Nci=1

max{Wi.si} (3.7)

|Fi| Fmax + si (3.8)

|Fnom| Fmax (3.9)

Ngm=1

Pgm =

Nln=1

Pln (3.10)

0 si (3.11)

0 Pg Pgmax (3.12)

Pg RNg

W RNbNb

si, Fi, Fnom, Fmax RNb

i = 1, 2, . . . , N c

(3.13)

where Nb is the number of branches and diagonal elements of W areweight factors corresponding to the slope of the characteristics shownin figure 3.2, which can be individually defined for each branch. Non-diagonal elements of W are zero1. An element of vector si is a slackvariable expressing the overload severity (when a post-contingency flows

1This implies that the outage of a component is only a function of its own load-

ing. However, this assumption should be further studied, since an overload of one

component may impose a higher outage probability also on other components.


48/125


are lower than the line ratings, its value is 0) of the corresponding branchas a consequence of contingency i.

In other words, the result of proposed optimization is a generation dis-patch under a contingency list (which may include multiple contingen-cies).

3.1.8 Example

One zone of the Reliability Test System from [23], which is also describedin the Appendix A.1, is chosen. A DC load flow modeling frameworksimilar to the one described in [66] is used.

First, we compute a generation dispatch for a maximum possible load,when the system complies with the N-1 criterion. When doing so, thepower injection is restricted in such a way, that in each node, there canbe either generation or load, not both of them. After obtaining theload values, we apply the proposed new dispatch method. The set ofdangerous contingencies considered in the procedure has been chosen

out of all possible double contingencies. As shown in figure 3.3, onlysmall modifications have been introduced.

Then a Monte Carlo simulation to estimate the average blackout sizeafter applying random double contingencies is performed. The proba-bility distribution of the trip of other lines is used as displayed in figure3.2, where we chose k = 1.4 as in [12]. When a load or generation islost in the cascading process, remaining generators are scaled to matchthe load demand. As it can be observed in figure 3.4, convergence ofthe estimated average blackout is quite good. Its value is 3.8388 pu forthe N-1 criterion and 3.6389 pu for the proposed new method. Fromfigure 3.5 it is seen that the frequency of outages is smaller for the newdispatch method for all sizes of the blackouts. For the largest ones,

i.e. lost power greater than 25 pu, the difference is insignificant. Forthese large blackouts the initiating events have been so severe that acompletely different approach had to be taken to save the system

3.1.9 Remarks

The value of the cost function given by equation (3.7) may serve as anindex expressing overall system vulnerability. Theoretically, the bestvalue would be 0, and the worst case Nc. This index could then also


49/125

3.2. Proposed Control Philosophy Essentials 49

0 5 10 15 20 2510

5

0

5

10

15

Node Number

InjectedPowe

r[pu]

N 1 dispatch

Proposed dispatch

Figure 3.3: Bus power injections. The negative ones correspond to theloads, positive ones to the generators.

be used for transmission pricing or for congestion management. Forexample by evaluating how each transaction between a generator and aload contributes to the system vulnerability by increasing or decreasingthis index.

Relaxing some of the listed assumptions represents a future challengein the direction towards the practical implementation of the proposedmethod. Main issues of interest are validation and clarification of theshape of the probability characteristics in figure 3.2, consideration ofthe voltage stability problems etc.

3.2 Proposed Control Philosophy Essentials

As previously outlined, control policies should be adjusted as much aspossible to the actual system conditions and actual available controlsand their cost.

In addition, all relevant (That means for example excluding econom-ical interactions not having a direct impact on the short-term system


50/125


0 0.5 1 1.5 2 2.5 3

x 104

0

1

2

3

4

5

6

7

8

9

10

Iterations

EstimatedAverageBlackoutSize[pu]

N 1 dispatch

Proposed dispatch

Figure 3.4: The convergence of Monte Carlo simulation estimating av-

erage blackout size.

0 5 10 15 20 25 30 35 400

0.05

0.1

0.15

0.2

0.25

Lost Power [pu]

Cum

mulativeDistributionFunction

N 1 dispatch

Proposed dispatch

Figure 3.5: A distribution of the blackout sizes after convergence ofMonte Carlo simulation.


51/125

3.3. Proposed Control Structure 51

security.) types of interactions in power systems should be considered.

The next chapter proposes a particular control method following thiscontrol philosophy and the next section describes how such control phi-losophy could be implemented.

3.3 Proposed Control Structure

Features of the control philosophy presented in the previous section putvery high demands on the control performance and thus on the controlstructure, which should accommodate them.

Note that interconnected power systems are complex large-scale systemsfeaturing:

continuous dynamic states;

discrete states;

dynamics of various time scales (from milliseconds to years);

nonlinearities;

interactions between above four phenomena;

interactions between various parts of the system.

To capture all types of interactions, a fully centralized control struc-ture, supervising a complete interconnected system, would be a naturalchoice. However, there are many other obstacles to implement a fullycentralized power systems control, in particular:

1. legislation - interconnected power system may cover countries with

different laws and operation rules

2. competition and conflict of commercial interests between the in-volved parties

3. reliability of all involved components

4. robustness - vulnerability of the centralized scheme to the outageof one of its components

5. willingness to share the information


52/125


6. cost

7. technology performance limitations:

computation power

communication infrastructure

different communication and computation standards

Except in some isolated systems, there is today no such fully centralizedcontrol scheme supervising interconnected power system. In particular,it is very difficult to imagine a single agent supervising for example theentire European interconnection (including part of North Africa andEastern Europe).

Thus, we propose the control structure consisting basically from thesame layers as today hierarchical control:

1. Primary Control

2. Secondary Control

3. Tertiary Control

However, we suggest to redefine the roles of layers, their mutual relationsas well as level of fragmentation (This refers to the secondary layer.).Note, that the complete discussion, which follows, refers to a completeinterconnected power system. That means, for example in Europeanconditions, UCTE system consisting of many national power systemsinterconnected via tie-lines.

Similar ideas have naturally already appeared in a literature, e.g. [25].

Primary Control shall keep its present form of tracking local quantities

according to the reference values provided by the secondary layer.Secondary Control shall be performed from area controllers. The sizeof an area should correspond to a region. In geographical sense a regionwithin a country. That means closer to the voltage control secondarylayer in contrast to present frequency secondary control, where the su-pervised area usually corresponds to a country within the interconnectedsystem. Note that this discussion refers rather to the European context.An area controller shall be capable of addressing both normal and emer-gency conditions. An area controller would fulfill the tasks of secondary


53/125

3.3. Proposed Control Structure 53

frequency control, voltage control and avoidance of cascading spread-ing of components overloads. Mutual coordination of neighboring areaswould be used to redistribute the tertiary voltage control functionalityand spreading of cascading. In a case of very severe disturbance, a pos-sible control action would be fragmentation of the secondary layer intoindividual areas, which would be later resynchronized.

The role of Tertiary Control would be significantly reduced to handleexclusively tasks, which are very difficult to redistribute. Explicitly:

Coordination of tuning of damping controls

Tertiary frequency control

Electricity market functionalities

It is important to stress, that even in the case of addressing issues relatedto coordination (especially of the secondary layer) in a very efficientmanner, it will probably still be very difficult to completely avoid thespecific dynamics introduced by mutual interaction of secondary layer

controllers.

In the economy context of transmission pricing, this control structuremay actually support the concept of zonal pricing, where zones couldbe associated with secondary control areas, i.e. pricing based on con-trollability, which would be especially convenient for pricing of auxil-iary services, e.g. reactive power support. The value of the power tobe exchanged between two zones could be determined by an iterativeprocedure similar to the decomposition methodology of Optimal PowerFlow, described for example in [57] or [73].


54/125


55/125

Chapter 4

MPC EmployingTrajectory Sensitivities

This chapter starts with the description of a classical Model PredictiveControl formulation and outlining its complexity when applied to largenonlinear systems. Reduction of complexity by use of trajectory sensi-tivities and their use in Model Predictive Control are then described.

4.1 Introduction - Problem Description

This chapter deals with the topic of a single area controller as a part ofthe concept discussed in the section 3.3. Requirements on such an areacontroller are quite strict, as outlined in the section 3.2. Both normalas well as emergency conditions should be automatically detected andaddressed. Nonlinear behavior should be appropriately captured. Asufficiently high performance (i.e. fast control decision making process)shall be provided to allow acting under emergency conditions.

Traditional control schemes treat the different types of the problem sep-arately, e.g. frequency control, voltage control etc. The area controllershall treat them simultaneously.

Optimal control framework seems to fit the above requirements best, inparticular Model Predictive Control.

55


56/125

56 Chapter 4. MPC Employing Trajectory Sensitivities

Model Predictive Control (MPC) is a method, which determines a con-trol law by solving an optimization problem, whose formulation explic-itly incorporates control quality criteria and constraints imposed onsystem inputs, outputs and states, which is a very attractive feature.The effect of controlled inputs on the system behavior (i.e. states andoutputs) is predicted by using a model of the system.

However, drawbacks of MPC are its full dependence on an accurate sys-tem model and computational burden associated with the solution ofthe optimization problem. The first obstacle can be overcome by intro-ducing an implicit feedback in form of repetitive computation of controllaws in a receding horizon manner, what has been proven for infinitehorizon control. The second obstacle has restricted the application ofMPC mostly to control of slower processes, with the dynamics in orderof minutes (e.g. chemical industry), or to smaller systems. This is alsoprobably the factor limiting a wider spreading of MPC in power systemsup to now.

Power systems are large systems, comprising many components (thus

number of variables is very high), which interact with each other invarious ways and in different time scales, i.e. dynamics speed rangingfrom milliseconds to years. Dynamics present in power systems maybe very nonlinear and have a hybrid nature, i.e. both continuous anddiscrete state variables are involved. All these aspects complicate theemployment of MPC in power system.

Several authors have addressed the difficulties to apply MPC in powersystems. Reference [50] analyzes Euler nonlinear and linear approxima-tions with numerical computation of sensitivities to controlled inputs forprediction of the power system behavior. Reference [29] has proposedmixed Logic Dynamics (MLD) (A comprehensive explanation can befound in [7].) framework for dealing with the hybrid dynamics in MPC

of power systems. A

Contribucion a la seguridad de los SEP

Documents

Transcript of Contribucion a la seguridad de los SEP