trends & requirements for dynamic security assessment.pdf
TRANSCRIPT
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
1/98
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
2/98
FOR DYN ~IC SECURITY
ASSESSMEN ~
Task Fo rce 38.02.13
Convener
B. MEYER France),
Secretary G. NATIVEL France)
Members :
B. MEYER France)
M. BEISSLER Germany)
A. O. EKW UE United Kingdom )
M. EREMIA Rom ania)
N. HATZ IARGYRIOU Greece)
I. A. HISK ENS Australia)
P. KUNDU R Canada)
W, LEVY Sou th Africa)
R.J. MARCEAU Canada)
N. MARTINS Brazil)
M. MOLLER-REINKE Germany)
M. MOKH TARI USA)
T.T, NGU YEN Australia)
M. PAVELLA Belgium )
P. SC ARPELUN| Italy)
M. STUBBE Belgium)
H. TAOKA Japan)
L. Kr. VORMEDAL Norway)
L. W EHENKEL Belgium)
G. NATIVEL France)
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
3/98
CONTENTS
CHAPTER 1 : INTRODUCTION
CHAPTER 2 : DEFINITION OF DYNAMIC SECURITY ASSESSMENT
2.1.
2.2.
2.4.
Formal definitions
Security assessment in system and operations planning
Dynamic security assessment
Dynamic security criteria
CHAPTER 3 : OVERVIEW OF CURRENT PRACTICES
3.1.
3.2.
3.3.
3.4.
3.5.
3.6.
The choice of degraded networks
Stability limit determination
Use of Critical Clearance Time determination
Security limit determination
Understanding the challenge of Dynamic Security Assessment
Feedback from questionnaire to electric utilities
CHAPTER 4 : GE1WERAL NEEDS AND REQUIREMENTS
4olo
4.2
4.3.
4.4.
sources
~.6.
~.9.
Kinds of information required by control operators
Needs of screening to identify critical contingencies
Needs concerning external networks and data exchange
Needs of isolated system with a large penetration from renewable power
Performance requirements
Modelling requirements
Triggering mechanisms
Data management (data requirements to iron a DSA)
User interface
CHAPTER 5 : ANALYTICAL TECHNIQUES FOR DSA
5.1.
Analytical techniques
5.2.
Intelligent systems
5.3.
DSA techniques vs criteria
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
4/98
CHAPTER 6 : THE USE OF PARALLEL PROCESSING
6.1. Introduction
6.2.
Cluster architecture
6.2.1. Serial implementation
6.2. 2. Parallel implemenation
6.3. Parallel computer
CHAPTER 7 : CURRENT DSA EFFORTS AROUND THE WORLD
7.1.
7.2.
7.3.
7.4.
7.5.
7.6.
7.7.
Transient Stabili~ Control System at Chubu Electric Power Company
Hydro-Quebec DSA project
DSA at BC Hydro and Power~ech Labs Inc., Vancouver, CANADA
Electricit6 de France DSA project
University of BATH / The National Grid Company On-Line DSA facflRy
A first nucleus of DSA at ENEL
Project Joule II : JOU2-CT92-0053
CHAPTER 8 : TECHNICAL CHALLENGES AHEAD
8.2.
8.3.
8.4.
8.5.
8.6.
8.7.
8.8.
Necessary computing speed-ups
System size reduction
Probabitistic procedures
Preventive vs corrective controls
Validation procedure
Advanced interfaces for the operations environment
Limit search strategies and technologies
Security theory and erRefia
CHAPTER 9 : MEASbT~I~v~ENT-BASED ASSESSMENT
9.1.Motivation
9.2. Analytical techniques
CONCLUSION
REFERENCES
ANNEXE
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
5/98
-4-
CHAPTER
INTRODUCTION
Power system security can be defined as the art and science of the survival of power
systems. In order to ensure their survival, power systems are operated within certain power
transfer limits, commonly referred to as security limits. If such limits depend on steady state
feasibility or adequacy criteria, they are called steady-state or static security limits ; otherwise,
if such limits depend on transient or long-term stability criteria, these are referred to as
dynamic security limits [13A92].
For many utilities around the world, there is considerable pressure to increase power flows
over existing transmission corridors [WU93]. Though this need is partially met by existing
energy management system (EMS) technology which provides comprehensive on-line
security assessment based almost exclusively on steady-state analysis (i.e. steady-state or
static security) [ST87], the optimisation of security limits on many power systems now
frequently requires taking account of dynamic security assessment. Due to the important
constraint of determining dynamic security limits in a time-frame compatible with their use
on-line, this requirement has historically presented serious obstacles in terms of computer
hardware and soRware limitations. Indeed, this explains why dynamic sectu-ity analysis has
long remained an off-line activity, performed for small numbers of umbrella networks, even
though operations plamaers have long understood the combinatorial nature of off-line dynamic
security assessment and the consequent impossibility of optimising security limits for every
probable system topology [FO88b].
The need of a consistent data set absent of the standard EMS data bases, to perform dynamic
studies, is also a challenge. Furthermore, indicators obtained from such DSA facilities should
be concise and easily tmable by operators in control rooms.
The difficulty of gravitatirtg to the on-line environment has had considerable impact on the
evolution of the justifiably conservative philosophies, practices and criteria which today
characterise dynamic security assessment. These, in turn, affect the dayotooday operations of
power systems around fi~e world. However, thanks to the rapid evolution of computer
technology, not only in terms of raw hardware performance, but also in such areas as software
paradigms, human-machine interaction technologies, and massive networking of processors,
many formerly insurmountable constraints are on the threshold of being cast away.
Opportunities are now begir~ng to emerge, even though important challenges remain.
The most obvious opporamity, of course, is the perspective of rapid dynamic security
assessment in the on-line environment, with the attendant consequence that the security limits
of individual transmission corridors are determined for the system topology actually in the
field at any given time. Compared to the off-line methods presently employed by many
utilities, this in itself represents a form of optimisation. The existence of this capability has the
potential of transforming power system operations in a fiandamental way : such a capability
provides new degrees of freedom, enabling the system operator to adjust power flows far
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
6/98
-5-
more rapidly and confidently in response to changing system conditions. However, new
degrees of freedom bring new responsibilities one must anticipate that strategic decisions
affecting the economic performance and reliability of power systems will be made in shorter
time frames and at lower management levels.
The present report therefore attempts to describe dynamic security assessment as it is
practised today, identify the emerging trends which will shape the future as well as their
impact on power system operations. The report thus establishes what needs to be done in
order to assist in this task.
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
7/98
-6-
CHAPTER 2
DEFINITIONS OF DYNAMIC SECUPATY ASSESSMENT
This chapter presents the concept of Dynamic Security Assessment. It is introduced starting from thaz basic
definitions of power system security (2. I) and extending them in the dynamic dimension.
2.1. For.._._.~mal definitions
Most authors credit Dy Liacco for laying down the theoretical foundations of power system
security in a series of reports and papers published in the late 1960s and 1970s [DY67],
[DY68], [DY74], [DY78]. He originally defined security in terms of satisfying a set of
equality constraints over a subset of the possible disturbances called the next contingency
set [DY68].
Several definitions for power system security have since been proposed. For example, the
North American Electric Reliability Council (NERC) which provides reliability and security
guidelines to all the utilities in North America defines security as prevention of cascading
outages when the bulk power supply is subjected to severe disturbances ~A92]. More
recently, a CtGRE working group [HU93] has proposed that power system security is the
ability of the system to cope with incidents without the operator being compelled to suffer
uncontrolled loss of load : this definition implicitly includes the currently accepted criteria
used to perform deterministic security analysis in practice.
Beyond the specific details of each and every particular definition, it must be recognized that
security is a fundamental objective of power system operation and design. Also, if power
system security is achieved, one intuitively understands that system reliability arises as a
consequence. In a broad sense, hidden behind specialized power-domain termh~ology, lie
different attempts to circumscribe the capability of power systems to survivC unexpected
events [FO88b]. Because of the need for creativity in addition to detailed technical knowledge
in ensuring power system security, one should preferably define power system security as the
art and science of ensuring the survival of power systems. However, the specific tasks
related to this function differ according to whether the focus is system planning or operations
planning.
2.2. Seeur~~ssmenCm s~em and o erations lannin
The objective of security assessment is to design and operate networks which will stuwive
unforeseen events. At the planning stage, networks are generally designed to meet or exceed
previously specified overvoltage, stability and adequacy criteria. Stated in the simplest terms,
the system planner
seeks to meet some secure transmission capacity subject to established
criteria, and ~ the variabl_e (see Fig. 2. l).
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
8/98
-7-
Netwo~
Topology
]
F_~ure 2.1
The system planning problem : the search takes
p|ace in the space
of topo|ogies
This is a far-reaching statement it implies that transmission ca---and criteria-
~endent. Of course, the process must also yield a network design which is demonstrably
operate [GA92], a term usually equated with design simplicity.
For security to be assured in the ~ environment, it follows that system operations must
be consistent with fretwork design philosophy and criteria ; the original design criteria must
apply to every degraded topology of the complete, original network. Inherent to this is the
concept that the ne~ork to olo chart es in time, not ordy due to urLforeseen events but also
due to regularly scheduled mak,~tenanee.
F~_ j~re 2 .2
The operations plannh~g problem : the search takes
p|ace in the space of transmission capacities
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
9/98
-8-
The operations plaoaaing problem differs fundamentally from that of system plarming in that
the degraded topologies and criteria (i.e. such as overvoltage) a_re known at any given time,
and transmission cadre constitutes the onl remainin- de ree of freedo.._~m (see Fig.
2.2). Consequently, the guidelines provided to the system operator are transmission capacities
for the many possible degraded topologies, or as power engineers would say, for increasingly
weakened
networks.
The security limits provided to the system operator are power flow values which guarantee
that a given degraded topology is secure for every one of a list of likely contingencies,
including the worst. Individual transfer limits must be found for each likely contingency and
for each degraded topology, and the most restrictive limit, whether resulting from steady-state,
or transient or long-term (i.e. voltage) stability considerations, is the security limit. Generally,
the security limit is the most restrictive power transfer limit which identifies, in turn, the
worst contingency . Security limits are usually compiled in the form topology-dependent
tables [DE84, FO91] though decision trees have also been proposed [WE89, WE94a].
2.3. _Dynamic securit~
assessment
When referring to transmission capacity limits obtained in relation to post-contingency
thermal, voltage power-flow feasibility or adequacy criteria, these are called steady-state
security limits. When referring to limits obtained in relation to transient or long-terra voltage
stability criteria, the resulting limits are termed dynamic security limits. The various problems
and methodologies which call upon the use of transient or long-term stability software for
determining either i) system stability, ii) security limits or security margin, or iii) performing
different types of sensitivity studies which will optimize security limits in terms of various
network parameters is termed dynamic security assessment (DSA).
The dynamic security of a power system is characterised by the robustness of its operating
condition in ten~s of security margins with respect to defined operating constraints. The
dynamic security has to be guaranteed in order to maintain the reliability and quality of
service provided to the customers, mainly consisting of continuity and constancy of voltage
and frequency. Dangerous events, such as faults, loss of transmission equipment, loss of
generation and sudden change of load, cause imbalances between the mechanical power
inputs and the electrical power outputs of the generators, with consequent electromeehardeal
transients and long term dynamics of the system. In a dynamically secure power system, the
transients due to such phenomena are of small amplitude and well damped with little impact
on the quality of service. In an insecure system, during system transient evolution, voltage
and/or frequency large deviations may occur with possible cascade line tripping, loss of loads
and/or generators, which can lead to major incidents.
The dynamic security assessment aims at establishing whether the power system is able to
maintain a security condition in case of inception of predefmed contingencies. Such analysis
has to cover all the dynamic phenomena with the goal of verifying that the transient from the
initial to the final steady-state doesnt cause system crisis.
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
10/98
-9-
2.4 _D .ynam~c Secu rity_
The security concept is strictly connected to the type of considered contingencies, in the sense
that the system must be able to withstand at least credible contingencies ie. contingencies with
not too low probability of occurrence. More in general, the concept of security level has to be
included in the wider concept of reliability, defined as the degree to which the performance of
the system components gives lieu in electricity being delivered within prefixed standards in
terms of quality and continuity. Therefore, the security concept is connected to the severity of
the contingencies and to their occurrence probability.
Before introducing security criteria, reference has to be made to the concepts of secure,
insecure, emergency and blackout state.
One cart say that the system is in secure or normal state if, following any credible
contingency, all loadings are within the continuous capabilities of system components, with
voltage and frequency within prefixed operational limits and overall demand supplied ; in
alert or insecure state if the system is in acceptable steady-state but there is at least one
credible contingency able to get the system to enter.the emergency state ; in emergency state
when loading, voltage or frequency unacceptable conditions exist or the demand has been
even partially lost or the system is split or some facilities have been lost.
Criteria for security assessment can be of various types - empirical, probabilistie, economic ;
such as
i) The system robustness, mainly in terms of this ability to avoid topological changes in
the presence of classical (credible) disturbances.
2) The severity of the considered contingency, in terms of the type of the excited dynamic
phenomenon or in terms of its influence on the network structure or the acceptability (more ha
general the quality) of the final steady-state or the activation of special protection schemes
and/or defence plans.
3) The probability associated to the contingency.
4) The system vulnerability, defined as (I) system sensitivity with respect to one or more
operating parameters, (2) the security tor contingencies following the first one, (3) the
dil~culty of the restoration phase in ease of load disconnection or system breakdown.
Once assigned security criteria, the objective of DSA is to answer the following questions for
each postulated contingency, assuming that the precontingency steady-state of the system is
known-
.
Are there any topological changes, following the contingency ?
This can be answered affirmatively if (a) the system is unstable and (b) the system
dynamic beha,Aour is such as to initiate the operation of protective devices which can result in
system configuration changes. In such cases lake final system state is an emergency state ; the
system is insecure and a second verification has to be carried out on the consequences of
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
11/98
topological modifications in order to deten~ine the final system conditions. The following
questions have to be answered. Is a steady-state reachable ? In such a case, what are the
system characteristics ? Acceptability of the steady-state condition may depend on the amom~t
of load and/or generation rejected at the end of the topological changes following the
inception of the contingency.
In case of topological configuration of the system maintained indefinitely or at least
over a prespecified time period, foIlowing the contingency, is the steady-state condition
acceptable ?
Assuming that the system has no human interaction from the instant of the inception of the
contingency to the instant of reaching the steady state, it has to be verified whether the state of
the system is secure or not secure, that is all the system components are close to their
precontingency values and anyway within their operating limits or some action has to be
executed to restore secure steady-state conditions.
/
,
The answers to the two previous questions imply different levels of security in accordance
with the final state reached by the system at the end of the possible transients deriving from
the first contingency.
In an alternative but equivalent way of defining system security indexes, it is possible to
search for combinations of contingencies able to determine system crisis conditions or
component operating limits violations. The selection of a set of combined contk,~gencies may
be based on the concept of weak cutsets , or more severe contingencies than the usual
credible contingencies can be assumed, taking into account a sequence of outages or
considering individual more critical, but less probable, contingencies.
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
12/98
CHAPTER 3
OVERVIEW OF CURRENT PRACTICES
This chapter presents some main features of DSA as it is practiced today. Some important
concepts as the degraded network (3.1), the stability (3.2) and security (3.3) limits, the
critical clerance time (3.4) are introduced Also a summary of the responses to the
questionna ire to electric utilities is given in 3.6.
3.1.
Thechoi~raded networks
One main difficulty for DSA is the choice of the initial operating conditions for the
simulations and thus, the preparation of the study file. It is necessary to integrate all the
existing -knowledge about the targeted operating conditions. If a good knowledge exists, it is
possible to consider a relatively small number of initiai conditions sets. It is also possible to
consider only one initial conditions set, but in this case it must take into account the most
constraining conditions for the stability. When the future operating conditions are not well
k~-aown, it is necessary to consider a large number of initial conditions sets.
Considering a small number of initial conditions sets
The initial conditions set is ideally obtained from a snapshot giving the state of the network at
a certain moment (i.e. topology, modules and phases of the voltages, active and reactive
powerflows). The snapshot can hhen be modified to take into account foreseen operating
conditions. Also different hypothesis can be applied, which are generally in disfavour with the
stability of the system. For example, generators outputs are raised to their maximums or to
their limits and, the voltage / reactive plan is put into its most constraining situation of the last
periods. This approach is convenient for short term operation studies.
Figure 3.1
The logic of dynamic security ana|ys~ in operations planning
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
13/98
-12-
Considering a large number of initial conditions sets
This approach is convenient for middle or long term operation studies. Dynamic security
assessment processes are typically applied to a network as illustrated as in Fig. 3.1. Given a
starting network topology, the base network Nb, the operations planner first selects a set of
probable degraded networks, Nd
i.
Each Nd
i
consists of the base network after the loss of an
EHV line section, a complete EHV line or a combination of line sections or lines in adjacent
transmission corridors. For each Nd
i
network, the plarmer assun~es unavailability of
combinations of voltage support components (SVCs, synchronous condensers or shunt
reactors) or of tie-lines between corridors ; this gives the Ndij networks. The Ndij networks are
those simulated for each of a set of normal contingencies C
k
: transient and long-term transfer
limits are obtained for each combination of Ndij and C
k
and dynamic security limits are
derived from these results. The studies which follow are therefore pararneterized in terms of
the unavailability of some subset of facilities. For each case, safe conditions are tabulated in
separate tables and, during on-line operation, a given network configuration is used as a key to
find and access the most applicable table [AV91]. The on-line use of these tables consists of
finding a previously studied network that is closest in terms of configuration and loading, and
secure operation of the network is ensured provided that system operators maintain power
transfers within these limits.
3.2.
Transient and long-term voltage stability limit determination is the key to this approach,
Typical examples are the stability transfer limit on a corridor and the active or reactive power
generation limits of some critical power stations. Finding such limits is a complex, iterative
process which requires the execution of many time-domain stability simulations and
considerable expertise.
DAT A FIL E INP UT S
T o po l o gy
Ndi j
Co n t in g en cy
L O A D F L O W
C k
INPUT
A N A L Y S I S
MODIFIC AT IONS
F_jgu re
3.2
The power transfer limit deternfination
process
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
14/98
-13-
Consider Fig. 3.2. To perform a single power transfer (or generation) limit search, one must
first execute a load-flow software package for a given topology, analyse the results, carry out
manual modifications to the data input and repeat the same procedure until a satisfactory
steady-state case is found. This initial step is not trivial : even such deceptively simple areas
as toad flow analysis and correction can be so complex as to warrant optimal load flow or
expert system tools on their own [CI93]. A satisfactory steady-state case is then used to
initialize the network for a transient-stability simulation, also manually initiated by the user.
When the sirrtuIation is finished, one will often need to extract results, perform transient or
long-term stability analysis, apply acceptance criteria, determine what the next step will be
(i.e. increase or decrease power transfer in the faulted corridor), modify load-flow software
inputs accordingly and re-enter the process. This is repeated until the required limit is found to
the desired accuracy.
In principle, to find the securit~ limit (for example, the transfer limit associated with a
transmission line section or corridor), one must repeat this process tor different contin ene
~and locations (i.e. on the line section or corridor) until the most constraining (i.e. lowest)
transfer limit has been identified.
3.3, Use of
Critical
Clearance Time determination
The critical clearance time (CCT) of a fault is a very co~,non transient stability indicator. It is
~ually defmed as the maximum duration time of the fault which is not leading to the loss of
synchronism of one or more generators. Thus, it is classically compared with the clearance
time of the fault after the action of a protection and breaker. It determines a k.k, ad of security
margin (in milliseconds) of the system.
Using time domain simulator, the CCT is computed by an iterative process based on a
dichotomy on the clearance time of the fault. Typically, 8 simulations are necessary to
compute one CCT with a precision of 10 ms. Each simulatioo ends with the detection of the
state of stability of the system following the etiminati~ of the fault stable or unstable
whether a generator has lost synchronism. The complete computation takes between 20 and 30
minutes on standard Unix workstations for a detailed modeling of a system composed of 1000
busses and 100 machines. However, this process can be easily parallelised. Also, direct
methods [CI95] can be used to improve computational efficiency.
CCT is usef~dl to know whether the system can sustain a certain contingency. It can be seen
also as a basic stage for transient stability security limits determination processes : being
given a contingency, the economically optimal operational conditions (for example, the
generator output limits) can be searched so that the CCT of the fault be superior or equal to
the typical clearance time of the fault.
3.4. See__~.q_~_~ limit determination
Dynamic security lkrrtit determination is a complex process which consists of many smaller,
individual problems. For on-line Dynamic Security Assessment (DSA) to provide useful
information, it must address the following basic problems
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
15/98
14 -
i) Obtaining results of a power flow which reflect the reality of the topology and
production - consumption system presently in service ;
(it) The security status of the topology (i.e. is it stable or not ?) and the security
margin (how stable ?) with respect to some contingency, location and criterion (i.e. steady-
state, transient or voltage stability) ;
(rio The power ta-ansfer limit of a transmission corridor (or boundary) with respect
to said contingency, location, and criterion ;
(iv) The generation limit of some power stations with respect to said contingency,
location, and criterion ;
v
a n d
The security limit of a transmission corridor with respect to said contingency,
(vi) The associated worst contingency location.
As can be seen, the statement of each of these problems relies heavily on predetermined
choices relating to contingency type, location mad criteria rather than probabilistic
distributions involving system topologies and contingencies in time and space. Existing
security assessment and control practices are therefore seen to be based on deterministic
methods rather than probabilistic analysis in order to identify secure operating regions by
means of security limits. The comparison of security limits and actual line flows guides the
system operator in the choice of specific operating strategies at any given time.
O f te n , d e t e r min i s t i c DS A a d ck , x~ se s the se ba s i c p ro b le m s w i~ J n a l a rge r f r a me w o r k , fo r e xa m ple ,
through sensitivity analysis by optimising security limits as a function of some network parameter
or some aslxct of power system economies. Transfer limit determination, based either on Wansient
or voltage (long-term) stability criteria can be viewed as the dividing line between the low, ard
high-level p~ in DSA. Items (i) and (it) represent the elementary functions required in
accomplishing item (iii) and (iv) ; this, in turn, constitutes *.he fundamental building block for
findingitems (v) and (vi). For example, security limit determination follows directly from a simple
comparison of the different transfer limits obtained for different contingencies at different locations
and analysed according to different criteria : the lowest transfer limit is the security limit.
Sensitivity analysis represents yet another level of complexity : this requires entering a process in
which item (v) becomes the primitive, and this primitive is performed for different values of some
n e t w o rk p a ram e t e r1 .
3.5. Understanding
the cha||en~namie
Securit
E
Assessment
To fully appreciate the impact of the inherent challenge of security assessment, one need only
consider that a very large number of network situations (see 3.1.), in addition to all credible
For exam ple, FACTS contro l ler set tm ints may be regular ly adjusted to m aximise the secur i ty l imit .
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
16/98
contingencies, must ideally be considered. Typical operations planning departments are
unable to consider all the combinations [AK89]. There are two main reasons for this :
1. Dynamic security assessment processes are extremely time-consuming, if only from the
point of view of expert analysis.
2. The analysis of every conceivable degraded topology is a problem of combinatorial
dimensions.
As a result, one clearly understands the importance of automating such processes and
gravitating them to the on-line environment. Additionally, when the system finds itself in an
insecure state, being given the high complexity of the dynamic phenomena in play, the
operator requires considerable expertise in order to crystallise a strategy which will bring the
system back to a secure state with minimum impact on utility customers. Software which not
only synthesises but also advises operators on possible courses of action and enables them a
real understanding of the dynamic behaviour of their system is therefore a vital component of
future EMS systems.
3.6 Feedback from ~uestionnaire to electric utilities
Introduction :
A questionnaire on the current DSA practices and requirements was prepared by the
Task Force and distributed to major utilities world-wide. More than 40 responses
were received from 20 countries. Most responses came from Germany, Japan and
Australia. The summary of the responses will be presented in this section. The
complete survey analysis is available in the annexe.
Structure of the questionnaire
:
The questionnaire was divided into 3 parts. Section A addressed the defufition of the
DSA from the specific utility point of v/ew as well as the types of phenomena of
concern to that utility. Section B examined the current practices such as the types of
stability limits and the measures (preventive or corrective) being used to knprove
stability limits. The final section concentrated on the DSA needs e.g. size of system a
DSA software should handle, kinds of dynamic sect~ity indicators, importance /
economic benefits of a DSA facility to a utility, how to present information to the
control engineers, needs for screening, etc.
Qu estionnaire responses :
Most utilities see the DSA as either a short term operation or extended real-time
analysis from a snapshot. The main types of phenomena of concern were transient
and voltage stability. It was highlighted that any modern DSA facility should address
both subjects. Most utilities have suffered from transient instability, dynamic
instability or voltage collapse due to the pole slipping on long transmission lines with
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
17/98
remote generation, instability of a nuclear power plant, poor damping after a
switching phenomenon, AGC interaction on weak transmission system, etc.
The main preventive measures to improve stability were control of generation
system, control of transmission system, use of power system stabilizers, excitation
eontrot, addition of series/shunt compensators, etc. For corrective measures-
loadshedding including load curtailment tkrough voltage reduction, switching of
capacitors and reactors as well as full or partial rejection were mentioned.
The DSA is becoming important because of the increasing number of independent
power producers due to institutional changes such as open access~ The economic
benefit of having a DSA facility is difficult to quantify. The information to be passed
on to the control engineers should be easy to use so as to assist them in understanding
the location and types of phenomena as well as effeeting remedial actions. The User
Interface should have line diagrams with affected circuits hatched and warnings via
alarm that the system is in critical dynamic state. Screening is desirable to cover a
large number of configurations that would not have been studied otherwise, to select
the most critical contingencies from a list of eriticaI contingencies as well as to
achieve high speed of operation.
On general comments regarding a DSA facility, it was mentioned that a useful DSA
should be established on a detailed representation and modelling of the power system
in order to provide conclusions based on aeettrate results. It should also integrate a
user friendly interface and faster algorithm to be used by operators in real-time, as far
as tremendous progress made by computer ha calculation can help shorten the cycle
time.
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
18/98
-17-
CHAPTER 4
GENERAL NEEDS AND REQUIREMENTS
4.1.
Kinds of
informa_~b
K
control o_.perators
According to Debs and Benson [DE75], the advantages of hhe operator in the control room
include
1.
He relies on a global perception of events in interpreting events.
2, He can take into consideration peculiar situations not originally programmed.
3. He can be trained to assess the impact of a given contingency.
4.
He can override the computer when the results are unreasonable.
whereas the disadvantages of the operator are
1. Slow reaction time.
2. Judgement is dependent on training and intelligence of particular operators.
3.
Knowledge of software capabilities and limitations is operator-dependent .
Generally, the requirements for the DSA varies. First-swing stability (1-2 seconds) may be
sufficient in some cases whereas in other cases, damper and stabiliser responses (10-15
seconds) may be more important. Others may require much longer periods. However, for
practical purposes, these may be classified into
. stable/unstable,
damped/undamped and,
. margins to instability/undamped oscillation.
These are usually expressed (for transient stability) in terms of critical clearing times, which
are not helpful to the operators (control engineers). Tlae needs of the control engineer may
include
(a) Knowledge of the margin on power transfer from a particular machine or
across a boundary,
Co) A ranked list of the critical contingencies (about 10) using fast filterkng
techniques (which maybe AI based) for detailed dynamic study,
(c) The DSA analysis updated regularly, say every 15 minutes,
(d) Knowledge of how the future power systems will look like,
(e) What mechanisms caused the outages, were they due to loss of synchronism,
distance relay settings etc. and,
(f) The operator needs to know what control actions may be taken to move the
system to a more secure state. The boundaries between the secure and insecure states should
be stated so that the operator can easily recognise this and be able to control the system
[FO88b].
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
19/98
-18-
4~2o
Needs
of screenin_g~ ~o id~encies
Studying the dynamic performance of a power system means to evaluate the ability of the
system to withstand -
the sudden loss of any major generator or transmission line,
. specified line faults maintaining stability and with no loss of generators,
. combined sets of contingencies, like loss of more than one generator, cascading line
outages, system splitting and loss of load.
Given the current steady-state of the power system, the operator has to check, following each
contingency, whether the transitions in system configuration are acceptable, Besides, he needs
to evaluate if the final condition of the system subject to each contingency is acceptable or
not. The steady-state condition reached subsequent to a contingency depends upon the
contingency. It is impossible to enumerate all possible contingencies and the corresponding
steady-state conditions, and then to check whether the steady state conditions are acceptable.
Hence, only a predefined set of contingencies is considered.
Appropriate selection of contingencies for further more detailed processing is very impor*.ant ;
the aim is to reduce reasonably the number of contingencies, without overlooking potentially
severe credible contingencies and study in detail only the worst and the most probable eases.
A contingency must be classified as non-critical or critical and contingencies belonging to
these two sets must be ranked in a severity order. Non-critical contingencies are those for
which the transitions of system configurations are limited to those implied by the predefined
events used to describe the eontingeney. In other words non-critical contingencies do not
result in unstable behaviour of the system or system protection operation, always causing
unforeseen modifications of the system structure. Critical contingencies determine system
configuration changes not included in the series of events used to describe the contingency.
Screening and ranking functions may be used to
...
.classify all contingencies of interest into severe and non-severe groups,
, rank all contingencies of each (critical or no-critical) set in order to analyse in detail
only the most severe ones (or all the contingencies included in the critieaI group) and the ones
near to the security limits,
. identify interfaces of concern and assess corresponding transfer limits.
Need s concernin externa| networks and d at_a exchan.gg
Power systems are interconnected hence many dynamic security problems are not confmed
within the boundaries of any utility. Also, problems result within the state estimation/security
assessment due to duff external data. Therefore, there is the need for co-operation ha shafng
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
20/98
19-
network data as technology advances ; better co-ordination between utilities and more
understanding shown to be able to resolve any organisational problems that may arise.
For example, Pacific Gas and Electric Company [FO88b] encompasses Not, them and Central
California and the bulk transmission consists of two 500 kv AC transmission lines that
transfer power between the North and the Southern boundaries hence it becomes vital to
become familiar with the transmission system Mthin and outside the PG and E area of
operation. Also, between the England and Wales transmission network/Scottish boundaries.
Some of the issues which may affect such utilities, generally, include -
(a ) the adequacy of communication facilities available to achieve the data
exchange,
(b) the requirement for a unified communication protocol,
(e ) the potential regulatory difficulties which might prevent the exchange of all the
necessary data between different companies.
In analysing the responses from the utilities to the questionnaires, there were more concerns
regarding the adequacy of cormrmmication facilities as well as the requirement for a unified
communication protocol. Some of the specific comments of these utilities are
. the greatest difficulty is the reluctance to pass information which may affect the
competitive position of the utility due to the commercial sensitivity of data,
o the data exchange and the external network representation are adequate for off-line
studies but for on-line application a better process is needed for data exchange and the
development of an inter-utility data exchange consortium by that utility is in the right
direction,
where external information is received this may not be adequate hence this is being
a d d r e s s e d ,
as there are no e-mail facilities in this particular utility, exchange of external data is
effeeted by fax or through the post,
. the communication protocol with neighbouring utilities may exist for data exchange
but different utilities have different protocols hence the need for better co-ordination,
. uses AC-DC interconneetion hence there is no need for external network data.
Needs
of
isolated system w~th a [are enetrat~on from renew~._~__~ower
The importance of renewable power sources for the production of electric energy has been
increasing in the last years. This is particularly the case with autonomous power systems
typically found on islands isolated from the mainland, In these cases, electricity is produced
by diesel twSts which make the investment for the exploitation of renewables particularly
attractive. A typical example is the situation found in the small and medium size autonomous
power systems operating on the islands of Greece, Portugal, etc. with high wind potential. For
instance, in medium size Greek islands with 25 MW peak demand, wind power penetration
exceeding 10 MW has been found to be economically and technieally feasible. In larger
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
21/98
- 20-
islands, like in Crete, with 300 MW of peak load, wind power penetration in excess of 80 MW
is foreseen.
The dynamic performance of autonomous power systems with a large penetration from
renewables presents a number of unique features, mainly because of the highly intermittent
natus-e of wind. Thus, fast wind power changes and very high wind speeds resulting in sudden
loss of wind generator production can cause voltage and frequency excursions and
dynamically unstable situations. It should be noted that, unlike classic power systems where
serious disturbances like faults etc. are relatively exceptional events, disturbances due to the
wind variability occur very frequently. In order to guard the system against these disturbances,
very conservative operation scheduling policies are applied which result in increased spirtning
reserves from the conventional urfits and underexploitation of the renewables. Therefore, in
order to achieve a large penetration of renewable sources without degrading secure operation,
it is very helpful for system operators to be equipped with on-line assessment of the dynamic
security of the system for fast wind power changes.
4.5. Performance requirements
An on-line DSA function must be capable of assessing hundreds of credible dynamic
contingencies in the time frame of the execution cycles of the real-time sequence of the
Energy Management System (EMS) which is in the order of 15 to 20 minutes. In other words,
when the results of state estimator become available, the DSA triggering mechanism should
start the DSA cycle to process the contingencies. DSA must complete the assessment of all
contingencies within 10 to 15 minutes.
The performance requirements of the DSA should be measured on a power system model of
some 1000 buses or more.
The performance requirements based on the sizing parameters above shall be as follows -
DSA execution periodicity - 10 to 20 minutes as requested by the operator
Pre-defmed contingencies 300 contingencies with no more than 30 severe contingencies
(i.e., such that the screerting process would filter out all contingencies but 30 severe
contingencies for full time domain simulation).
Simulation time 10 seconds of time domain simulation with possibility of early
termination or in ease of long term dynamic phenomena, up to one minute or more.
DSA execution DSA execution will include contingency selection, screertkqg,
classification, and ranking.
Limit calculation 5 minutes to compute transfer flow limits for the worst
5 contingencies.
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
22/98
-21 -
4.6. Mode|~uiremen~s
Network models
The network model includes topology and representation of branch devices (lines, series
devices, transformers, and phase shifters), generators, loads, DC converters, status of breakers
and configuration of bus bar arrangements in substations. Power transfer interfaces between
companies or zones shall be identified. The DSA network model shall be able to identify and
model different islands. As a minimum the following shall be represented :
a) _Static device power flow models
curve
t
.
lines represented as pi sections,
transformers represented as pi sections with admittance components as functions of tap
settings,
phase shifting transformers,
generators represented as constant real-power source with reactive power capability
shunt elements represented by their admittance,
DC lines with converter station modelling,
Static Var Compensators (SVCs),
loads represented as constant real/reactive injections.
b) ~ device models
. generator models shall include : swing equation with damping, machine models
including classical model, two axis model, representation of damper windings,
excitation systems,
governor models,
power system stabilisers,
DC line dynamic models,
SVC dynamic models,
FACTS device models,
capability to represent user-defined models,
. load models shall include non linear voltage dependence as in ZIP (constant
impedance, constant current, constant power) model and as a function of frequency. The load
model shall also provide representation of large induction motor loads.
On-Load Tap Changer
Automatic devices and relays (as loss of synchronism, overcurrent protection, power
protection, generator minimum and maximum voltage protection, generator and motor over-
and tmderspeed protection, static distance protection, frequency load shedding)
Modelling requirements of the DSA based on requirements of various components are listed
below:
~ Selectiorg~Definition
A predefined contingency list should be checked for validity of each contingency for the
current operating conditions and topology. For unbalanced faults the correct value of fault
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
23/98
- 22 -
impedance may be computed using a short circuit program. The following types of fault shall
b e sup p or te d
three phase to ground,
phase to phase,
two phase to ground,
single phase to ground,
single pole tripping and reclosing,
three phase or single phase breaker reclosing,
bus split.
At a minimum the following types of switching shall be supported -
breaker opening/closing,
recloser action,
dynamic braking action,
capacitor/reactor insertions and/or removal,
generator and SVC tripping,
load shedding,
automatic transfer tripping.
screening
The contingency screening shall derive its models from the most detailed models available to
the DSA. However, in order to achieve required speed of solution, this component may use
approximate models.
Simulation en.g2~
The simulation engine shall have the capability to model all equipment necessary to conduct a
transient stability study for periods of 5-20 seconds.
4.7. Tri erin mechani~ns
The aim of a triggering mechanism is to start a new assessment when required. Its most
important function is to check whether the changes in system conditions are significant
enough to require a new cycle of DSA. A DSA cycle may be also activated by a specific
operator request and automatically at prefixed time intervals.
The triggering mechanisms may be connected to the system security monitoring and exploit
the same information available at all times to facilitate proper decisions during normal
operation, following a contingency.
Whenever in each control area potential problem caused by any events or significant changes
in power transfer capabilities are detected, reflecting voltage, reactive, thermal, and stability
limits, DSA shall provide information about possible contingency consequences and / or
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
24/98
- 23 -
possible remedial actions before or after further contingencies besides events or outages
modifying system conditions.
After the loss of any significant facilities, DSA shall be triggered ; scheduled outages of
facilities should be taken into account. When important deviations in operating conditions
occur, sufficient monitoring shall be provided through DSA so that the existence of possible
system crisis conditions may be checked.
The main triggering quantities, capable of activating DSA, should be :
- short circuits, implying transmission configuration changes,
- loss of important generation groups, or, more in general, any unit status modification,
- loss of important cormections,
- significant change of active or reactive power output of generating units.
A DSA cycle could be activated even by changes, greater than predefmed thresholds, of other
significant variables such as :
- phase angle difference between buses,
- speed deviation of generator or frequency deviation,
-
rate of change of power transfer over one or more lines,
- rate of change of apparent impedance on important predefined connections,
- voltage at a bus or at generator terminals, or power in a critical interface.
The limits or control options are pre-entered and remain valid until changed by the operator.
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
25/98
- 24 -
4.8. D ata mana~gemen~_~d ata requirements to run a DS A~
To run a DSA, the following data are required :
a) Solved Real-time State Estimator or Power Flow data describing the power system
network and associated components, as well as the static conditions at all network buses
(voltages, angles, loads and generation MW/MVar, etc.).
b) Dynarnie data describing the device characteristics required for a transient stability
study (generator inertia, exciter characteristics, governor models, etc.).
e) Contingency data describing the faults needed for DSA, plus related tripping
information.
d) Control data for DSA applications, such as convergence thresholds, time frame to be
simulated, etc.
The modelling requirements for DSA are already addressed in chapter 7.3. The objective
of this chapter is to describe :
- the construction ofthe DSA data model,
- the requirements for DSA data base,
- the requirements for data interfaces.
Construction of the DSA data model
The Principe construction of the DSA data model is shown in Fig. 4.1. The source of the
network model for On-line DSA is the results of On-line State Estimator, which normally
comprises the internal network and important parts of the external networks.
For Study and/or Off-line DSA the network model can also be based on Dispatcher Power
Flow Data or Off-line Power Flow results. Depending on the performance requirements,
importance of network pa~ts with respect to
D S A and availability of appropriate external
dynamic model data, etc. a reduction of the network model is performed, especially for On-
line DSA. After merging DSA-specific dynamic device models and progr,an specific
parameters~ the DSA data model is ready for being used by UI functions, the DSA application
programs and other tasks, e.g. data export for exchange.
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
26/98
- 25 -
in te rna l external
\ /
I
ase Case from
State Estimator
(On-line DSA)
r
B a s e Ca s e f r o m
wl
D is p a tche r P o w e r F io
O n - li n e D S A )
Base Case
from
~
or pff-line Power Flow
M o d e l r e d uc tio n f o r D S A
( O n - l in e D S A ) o r u s e o f f u ll m o d e l ( s tu d i e s )
t
S A - s p e c if i c d a t a
- g o v e rn o r m o d e l s
~.xci ta t ion systems
D S A - p r o g ra m
Time Domain Simulator
D SA D ata Model
D S A
Applications
*others
Data E x p o r t
F _ F j g u r e 4 .1
Principle construction of the DSA data model
_ ~ _ q u i r e m e n t s for
DSA
data
base
For DSA the use of wide-spread RDBMS (e.g. ORACLE, SYBASE, 12qGRES, etc.) behag
available for various hardware platforms is highly recommended. The data base should be
object-oriented or support object-oriented access to the data to ease the connection of
powerful UI-packages.
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
27/98
- 26 -
The RDBMS should at least include all input and output data of DSA, which are to be
entered, modified or viewed by the normal DSA user ; internal data of DSA applications
including special data for DSA-specialists (e.g. debug infos) could be stored as flat files or
private data bases in order to avoid performance problems.
The data base used for DSA must allow easy definition of DSA cases and must be able to
efficiently manage a lot of study cases.
R_~e..quirements for da ta interfaces
Several types of interfaces are required :
-
interface to EMS applications and data,
- interfaces to other power system analysis software (e.g. Off-line Power Flow),
- i - n t e r face to U I - subsys t em ,
-data import and export using pseudo-standardised formats, such as IEEE-load flow
exchange format
- internal interfaces between DSA applications doing Contingency Selection, Screening,
Ranking, Time Domain Simulation and so forth.
4.9.
User interface
The DSA user interface requirements have to take carefully into account several classes of
users. For each class, the User Interface has to be adequately adapted to the kind of
interactions which exist between the users and the power system.
~rators IOn-line
DSA)
System operators need a DSA user interface supporting their task of maintaining the security
of the real-time system in an practical way, i.e. as simple and uncomplicated as possible.
Typical.answers of DSA, such as system is stable , system is trustable for contingency case
X , allowable time for preventive/corrective actions , overall system state is getting
better/worse will be appreciated very much. The DSA environment should be easy to
understand and comfortable to manipulate.
_System eng~_neer/O~n-line DSA and/or Off-line~
System engineer/operation planer is assumed to be an experienced analyst, having detailed
knowledge of the power systems various phenomena impacting the security and economy of
the system. He tmderstands very well the DSA modelling aspects, knows how the DSA
applications work and his task includes to tune and tailor the DSA software to meet his
specific systems needs. System engineer needs a flexible UI, enabling him to view all details,
e.g. generator voltage angles vs. time, block diagrams and parameters of dynamic de-Ace
models, comparison of time domain simulation results vs. approximate screening, etc.
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
28/98
- 27 -
Manag.~
The UI of DSA should include features to create reports on system performance, statistics of
critical events, summary logs of critical equipment and last but not least diagrams comparing
actual versus computed results to demonstrate the validity of the DSA function and its
usefulness for their electrical power system.
Common requirement from all types of DSA users is, that DSA needs to have a state-of-the.
art, flexible and user-friendly brl, which among others has to fulfil following general
requirements
- provide an quick overview about the system stability status (e.g. traffic light symbols)
arid pinpoint the most critical contingencies and associated network parts,
- show ranked lists of severe contingency cases identifying the most critical network parts
and provide the possibility to perform detailed analysis by simple selections (e.g. cursor
click),
-present binding or near-to-binding operating lirnits associated with predescribed
contingencies,
-
clear proposals for possible preventive and/or corrective measures,
-graphical display of time trends associated with expected system changes, e.g. system
changes, e.g. system is getting better/worse and show the available time for the operator for
interventions,
o in On-line DSA show period of the validity of the current DSA results and indicate
clearly when the results get invalid and what event caused the change,
-comfortable option to add and/or delete contingencies to/from contingency lists by
adopting drag & drop and copy/paste techniques, e.g. pick-up a network component from a
single lone diagram and drop it into a contingency list,
-capability to compare eases against each other, allowing the user to select key
parameters to be compared, e.g. stability indices, margins, sensitivities, etc.,
-provide the user with measures to evaluate the accuracy and reliability of the DSA
results,
-
capability of Off-line study mode with more detailed output and increased flexibility.
Major design principles for bq being well-suited for On-line as well as Off-line DSA
functionality should be
-extensive use of graphical displays like curves, bar-charts, strip-charts, dynamically
coloured symbols for quick assessment of complex situations,
o easy and flexible access from the currently used display to other displays,
- guided operation of the various DSA components via context-sensitive menus, toolbars,
buttons, pop-up windows, etc.,
-
provision of a help mode that is easy to access,
-clearly doettmentation of DSA including functional descriptions and det~led user
guides,
-
multi user capability.
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
29/98
28-
CHAPTER 5
ANALYTICAL TECHNIQUES FOR DSA
The .tbllowing sections gather DSA techniques ( 5.1., 5.2.) and assess them in terms of
criteria of practical concern ( 5.3.). A relatively large place is dedicated to Intelligent
System( 5.2)for the reason that the knowledge of these new techniques still needs to be
developed in the Power System analysts community. This chapter contains also a table
techniques vs. criteria w here each technique is rated through certain criteria relative to som e
possible functions of a D S A tool
The results of the comparison are summ arized in the Table of subsection 5.3.
5. I.
A na |y f i ea l t echn l uqy_ .~
This section identifies well known DSA techniques. Next section will describe in some detail
Intelligent Systems.
General techniclues :time-domain methods
Time-domain methods represent the mainstay of existing DSA tools. Commercial time-
domain simulation sofiwares are able to treat large-scale disturbances, complex non-linear and
active network elements and elaborate contingency scenarios, including protections. Such
sowares are sufficiently reliable as to be capable of performing very short simulations, for
example in evaluating first-swing or mid-term stability for the study of voltage phenomena
evolving over tens of minutes.
Such sowares constitute the focal point of existing off-line DSA processes and are readily
considered as candidates to on-line DSA provided that seethe transmission levels and
operating margins can be identified within an acceptable time-frame. Needless to say,
computational speed is an issue. However, R&D efforts in DSA have begun to move towards
increasing the speed of limit search processes as a whole rather than concentrating ortly on
increasing the speed of execution of a single simulation (i.e. either through improved
algorithms, multiple or parallel processor strategies or advanced computer hardware
architectures [HA 93]).
The major advantages of time-domain methods are :
great flexibility with respect to power system modelling,
ability to provide time responses of machines rotor angles, speeds, accelerations, of bus
voltages and of other parameters of concern.
~ sensitivi~
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
30/98
- 29-
Trajectory sensitivity analysis provides a systematic approach to exploring the influence of
parameters on large disturbance behaviour. These ideas have recently been applied to power
system dynamic security assessment [LA95] [ST96].
Techni~ecific to transient stability : direct methods
Application of direct methods to transient stability have been developing for over 30 years
[FO92, PA89, PA93]. The most popular members are [CI95] : the transient energy function
(TEF) together with the exit point or BCU method to assess its limit value ; the extended
equal area criterion (EEAC).
Besides the pure approaches,
v a r i a n t s coupling with time-domain methods makes them able
to comply with detailed power system models. Such a hybrid search strategy is the second
kick method, which requires less than 4 simulations [MA95a]. This development has led to
the implementation of an on-line dynamic security analysis system for B.C. Hydro [DE94].
Independently of transient energy function analysis, another strategy has emerged for
accelerating the transient stability limit search process [MA94]. It is based on the signal
energy analysis of power system simulation waveforrn behaviour and may be summarized as
follows : if two stable time-domain simulations of a normal contingency are performed at
respectively two different values of power transfer and the sigr~l energy of the transient rms
voltage response is computed, it is possible to estimate the transfer limit for the specified
contingency and the error in the limit estimate.
Yet another hybrid method emanates from the dynamic EEAC. It consists of computing
appropriate stability margins, using one stable and up to tbxee unstable time-domain
simulations. It assesses critical clearing times [ZH96a] or power limits [ZH96b] as
appropriate.
Techni ue eifie Ion -term stabili
Simp|ified time-domain techniques exploit the separation between long-term and
transient time scales, replacing the latter by equilibrium equations and concentration on the
former.dynamics. This yields the Quasi Steady-State (QSS) time-domain simulation, which
merely requires to solve at each time step the algebraic equations of the network together with
equilibrium equations of the transient dynamics.
Energy function methods have recently been extended to allow long-term voltage
stability assessment. Tbfis extension follows from the incorporation of load dynamics into
standard multimaehine energy function [HI96]. Reactive power limits, which play a major
role in long-term voltage stability, can be handled using the approach described in [I-[I91 ].
Continuation methods in general enable system equilibria to be tracked as a parameter
of the system is varied. Frequently the free parameter corresponds to a load, or a combination
of loads, and so describes movement in a particular loading direction. Continuation power
flows deal with the particular problem of tracking the system long-term equilibrium when bus
load is increased. It is an efficient way of performing successive load flows and dealing with
the nose point of the PV curves.
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
31/98
-30-
Post-contingency optimal power flows. The divergence of a post-contingency power
flow computation is a necessary but not sufficient condition of voltage instability (it may
result from numerical problems or other physical problems where there is no solution to the
load flow equations). Post contingency OPF may be useful to determine acceptable solutions.
Eigenanalysis (or modal analysis) involves both eigenvalue and eigenvector analysis.
The reduced QV load flow Jacobian or the long-term differential equations can be used. It is
aimed at finding instability mechanisms and suggesting corrective actions. In principle it must
be coupled to continuation power flow or time-domain methods. Interpretation of eigenvalue
far from the critical point is of limited use.
5.2.
Intelligent technl uq _u __ ~
We distinguish among expert systems and automatic learning methods. The emphasis will
essentially be put on these latter methods which have already provided innovative systematic
approaches to analysis, sensitivity analysis and suggestions to control, for both transient and
long-term voltage stability.
The basic components of an expert system are knowledge base (KB) and inference engine
(IE). KB is a collection of rules and dates. IE is mechanism of induction of decision tree
searching rules to find those that can be applied to specific cases. Tiffs mechanism is based on
the sentence and predicate logic.
Expert systems can contribute in two ways to improving power system stability evaluation.
Firstly, they can be used to guide the engineer in the choice of models and computer programs
for off-line stability analyses. Secondly, they can help on evaluating the present stability
situation of a power system with respect to the power system variables and control. Existing
knowledge-based system approaches to power system security assessment mainly focus on the
development of heuristics or empirical knowledge. The knowledge acquisition process is
aimed at identifying and representing knowledge from the expert. The objective of this
process is to understand, for a given load and generation state of the power system, how the
operators orgarhze their knowledge.
As an example of applications of knowledge-based methods for security assessment we
mention the following : the effect of contingencies and system conditions upon dynamic
security assessment are built in an ES, using sensitivity analysis of the transient energy
function [EL89] [EL90]o Further, using the concept of vulnerability, which indicates the rate
of deterioration in system security, an ES was developed which uses the energy function as a
stability measure. The identification of the conditions that may lead to voltage collapse and
the suggestions for necessary corrective actions are embedded in some expert system
frameworks. There are expert systems that evaluate power flow divergence indicators
concerning controls and parameters change to detect the voltage collapse knee-point.
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
32/98
-31
-
Automatic Learning (AL) in general is concerned w/th the design of automatic procedures
able to learn a task on the basis of a learning set of solved instances of this task, There exist
th.ree main families of automatic learning methods (i) machine learning, a subfield of
symbolic artificial intelligence ; (it) statistical pattern recognition and regression ; (iii)
artificial neural network based learning.
Two broad classes of AL problems may be distinguished : supervised and unsupervised
learning. Supervised learning usually aims at constructing a model for an assttmed
relationship between input and output parameters. Unsupervised learning (or clustering), on
the other hand, aims at either uncovering similarities among groups of instances or
correlations among groups of attributes used to describe such instances. The main focus will
be on supervised learning methods.
In what follows, we consider only non-parametric AL methods, that is, methods which make
no ass...urnption about the mathematical functional form of the underlying particular density
distr/bcttion (such as that of a normal, bell shaped curve). Indeed, parametric methods could
not properly solve the wide variety of dynamic security problems.
N.B___ ~ The essen t ia l of th is no te is taken f rom [WE96b].
Supervised learning
Problem statement
In the context of power system security assessment - and hence of DSA, the general AL
approach may be schematically described by Fig. 5.1 : random sampling teelmiques are
considered to screen all relevant situations in a given context, while existing numerical
simulation tools are exploited - if necessary in parallel o to derive detailed security
information. The heart of the framework is provided by automatic learning methods used to
extract and synthesize relevant information and to reformulate it in a suitable way for decision
making. This consists of transforming the data base (DB) of case by case numerical
simulations into a power system sectary knowledge base (KB). As illustrated ha Fig. 5.1, a
large variety of automatic learning methods may be used in a toolbox fashion, according to
the type of information they may exploit and/or produce. The f;mal step consists of using the
etraet~d, synthetic information either in real-thne, for fast and effective decision rnakJng, or
in the off-line study environment, so as to gain more physical insight and to derive better
system and/or operation planning strategies.
How will this automatic learning based framework complement classical analytical methods
for security assessment ? In practice, t.here are three dimensions along which important
fallouts are expected.
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
33/98
32-
Random
D ata base generation
St ud y D e f i n i ti o n
R a n d o m S a m p l in g
N u m e r i c a l S i m u l a t io n s
G ~ l in e automaac, in parallel
Synth e t ic
M a c h in e L e a r n i n g
Stat i s t ica l Analysis
Neura l Ne t wo rks
Off 4ine in s t u ~ em,ironmenl
F a s t D e c i s io n M a k i n g
Physical in terpre ta t ion
U n c e r t a in t y M a n a g e m e n t
O n l in e o r o f f q i n e
F ~ _ j g _ u r e 5 .1
Automatic learning framework for security assessment
Computational efficiency. By using synthetic information extracted from automatic
learning, instead of analytical methods, much higher speed may be reached for real-time
decision making. Further, in terms of data requirements, whereas analytical methods need a
full description of the system model, the approximate models constructed via automatic
learning may be tailored to exploit only the significant and/or available input parameters.
Besides, the synthetic information may itself be complementary to and generally more
powerful than that provided in a ease by case fashion by existing analytical methods. In
particular, much more attention is paid nowadays to
interpretability and management of
uncertainties, the two
other important fallouts of automatic learning methods.
Interpretability. It was shown that machine learning may indeed efficiently generate
security rules from large bodies of simulated examples, even for as complex systems as are
real large-scale power systems. The extracted rules are found to express explicitly problem
specific properties, similarly to human expertise, and hence may be easily appraised, criticized
and eventually adopted by engineers in charge of security studies. The flexibility of the
automatic learning framework allows one to tailor the resulting information to analysis,
sensitivity analysis and control applications.
Management of uncertainties. The need to devise a rational way to take decisions
despite the existence of uncertainties about the power system state becomes more and more
apparent. Today, for example, operators are often sorely missing guidance in the context of
unusual system states reached after major disturbances, where reliable real-time L, fformafion is
generally lacking. Tomorrow, technological and economic changes will probably lead to a
higher and physically more irrational distribution of decision making and thus to more
uncertainties in routine operation and plmmJng activities. In particular, increased competition
among economic actors may reduce their willingness to share information on theh respective
subsystems, despite the stronger physical interactions.
S u__q p e r vi se d l e a r n ing m e thods
In what follows, we discuss three classes of methods providing three complementary ~s of
imeormation.
Symbolic knowledge via decision trees.
Top down induction of decision trees
i s one o f
the most successful classes of machine learning (i.e. symbolic learrfing) methods. Figure 5.2
shows a hypothetical binary decision tree : to hffer hhe output information corresponding to
given input attribute values, one traverses the tree, starting at the top-node, and applying
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
34/98
- 33 -
sequentially the dichotomous tests encountered to select the appropriate successor. When a
terminal node is reached, the output information stored there is retrieved. The right part of
Figure 5.2 shows how the decision tree decomposes its input space into
non-overlapping
subregions. Ideally, the number of these latter should be as small as possible and at the same
time the states contained by each subregion should belong to a same class.
VI
Class
Cl as s 1
V 2 1
Class 2
F_j~re 5.2
Hypothetical decision tree and its corresponding input space decomposition
Sing le - l ayer pe r c ep t r on
Multi-layer ~ r c e p t r o n
1 + e x p - l l i )
Input layer
a~
H i d d e n l a y e r s
Feed-forwsrd mulfil~yer perceptron
A main asset of decision trees lies in the explicit and logical representation of the induced
classification rules and the resulting tmique explanatory capability. In particular, the method
identifies the most discriminating at*aibutes and provides systematic correlation analyses
among them. From the computational viewpoint it is efficient at the learning stage as well as
at the prediction stage.
There are two generalizations of decision trees of interest in the context of DSA, namely :
regression trees which infer information about a numerical output variable [WE95a], and
fuzzy trees which ttse fuzzy logic instead of standard logic to represent output information in a
smooth fashion. Both approaches allow inferring information about security margins,
sim~larly to the techniques discussed below. In particular, fuzzy trees are able to combine
smooth input/ouput approximation capabilities of neur~M networks with haterpretability
features of symbolic machine learning [/3095].
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
35/98
- 34 -
Smoothnonlinear approximations
via artificial neural networks. The field of
artificial neural networks (ANNs) has grown since the early work on perceptrons to an
important and productive research field. We restrict ourselves to multilayer perceptrons,
MLPs for short. Figure 5.3 illustrates the classical feedforward MLP. The first or
input layer
corresponds to the attribute values, and the last or
output layer to the desired security
classification or margin information. Intermediate layers enable the network to approximate
arbitrarily complex input/output mappings, provided that its topology and weights are chosen
prope r ly [ G E93, N I93],
Similarly to decision trees, an interesting property of MLPs is their ability to achieve feature
extraction and learning in a single step. However, one of their difficulties comes from the very
large number of weights and thresholds related in a nonlinear fashion, wl-dch makes it almost
impossible to give any insight into the relationship learned. All in all, one can say that MLPs
offer a flexible, easy to apply, but essentially black-box type of approach to function
approximation.
Memory based reasoning vh statistica| pattern recognition.
The previous two
approaches essentially compress detailed information about individual simulation results into
general, more or less global security characterizations.
Additional information may however be provided in a case by case fashion, by matching an
unseen (e.g. real-time) situation with similar situations found in the data base. This may be
achieved by defining generalized distances so as to evaluate similarities among power system
situations, together with appropriate fast data base search algoritlh, ns.
A well known such technique is the K nearest neighbors (K- NN) method able to
complement decision trees and multilayer pereeptrons. It consists of classifying a state into
the majority class among its K nearest neighbors in the learning set. The maha characteristics
of this method are high simplicity but sensitivity to the type of distances used.
U nsupervised |ear~ing and clu sCer~ng
In contrast to supervised learning, unsupervised learning methods are not oriented towards a
particular prediction task. Rather, they try to identify existing underlying relationships among
a set of objects characterized by a set of variables or among a set of variables used to
characterize a set of objects.
One of the purposes of clustering is to identify homogeneous groups of similar objects, Lrt
order to represent a large set of objects by a small number of representative
prototypes.
Graphical, two-dimensional scatter plots may be used as a tool to analyze the data and identify
clusters. P,mother application of the same techniques is to identify similarities (and
redundancies) among t_he different attributes used to characterize objects. In the context of
D SA both applications may be useful as complementary data analysis and preprocesshag
tools.
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
36/98
-35-
Applic ation of automatic [earning to D S A
Unsupervised learning for data pre -p rocess ing
In security problems, many different attributes often turn out to provide equivalent
information, due to the very strong physical correlations among geographically close
components of a power system. Thus, clustering methods may be used to define a small set of
representative attributes from a larger number of elementary variables.
For example, in the case of voltage magnitudes, correlation coefficients among any pair of bus
voltages may easily be computed then used as similarity measures by a clustering algorithm
searching for a reduced number of voltage coherent regions. In particular, two-dimensional
Kohonen feature maps may be exploited to visualize the relationships among voltage regions
and cpmpare them easily with the geographic location of busbars in the power system
[WE95a ] .
Clustering techniques have also been proposed in a more conventional way, to identify groups
of shnilar power system operating states. One possible purpose is to partition a very large data
base into smaller subsets for which the security assessment problem could be easier to solve.
Another interesting application would be to condense the full data base into a reduced
number of representative prototypes, thereby decreasing the number of required sec~rty
simulations and shortening the associated computation delays.
_~pervised learning of security
criteria
Given a data base composed of examples, for which security margins have been pre-
determined for several contingencies and a number of candidate attributes have been
computed, supervised learning may derive appropriate security criteria. Below we point out
specific interesting aspects ofeach class of AL methods.
What can decision trees do ? First, we need to define security classes by appropriate
thresholds on the security margin. Then, the decision tree building includes (i) the automatic
identification of the subset of attributes among the candidate ones relevant for the prediction
of the secu.rty class (say ten to twenty among one or two hundred), a~d (ii) the definition of
appropriate threshold values for these attributes so as to provide an approximate mcrdel of the
dynamic security region of the studied power system area. In addition to a global tree
covering all disturbances simultaneously, s~gle-contingency trees may also be constructed to
provide tnore specific information and additional insight. Depending on the type of problem,
and upon whether normal pre-disturbance or just after disturbance attribute values are used,
the decision trees may be used either ha a preventive or in an emergency wise approach
~O94; VA93 ; WE91 ; WE94a].
What can neural networks add ? In addition to the decision trees simplified view of a
discrete model relating a small number of security classes and thresholds on attribute values,
one is generally interested in a continuous security margin, at least ha the neighborhood of the
threshold values used to define security classes [DI9 l ; EL89 ; FI89 ; Mc95a ; MO91 ; SH94 ;
SO89] .
-
8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf
37/98
-36-
Since a strong point of the MLP is its nonlinear modeling capability, and of the decision tree
is the identification of the attributes relevant to a classification problem, a hybrid approach
may use the latter attributes as input variables to a MLP model, to get a normalized security
margin as output information.
What do distance based methods offer ? With the previous two approaches, we have
essentially compressed detailed inforrnation about individual simulation results into general,
more or less global security characterizations. This provides the required physical
understanding, tharuks to the data analysis component of decision trees and attribute clustering
techniques. In addition, the derived models may be used efficiently for on-line security
analysis.
In this latter context, further information may be obtained via memory based reasoning
exploiting appropriate distances to find the most similar pre-analyzed situations to the real-
time state. Once identified, these may be used in multitudinous ways. For example, their
distance to the current state would provi