-
ARTICLE IN PRESS
Reliability Engineering and System Safety 94 (2009)
11161127Contents lists available at ScienceDirectReliability
Engineering and System Safety0951-83
doi:10.1
CorrE-mjournal homepage: www.elsevier.com/locate/ressApplication
of the fault tree analysis for assessment of powersystem
reliabilityAndrija Volkanovski, Marko Cepin, Borut Mavko
Reactor Engineering Division, Jozef Stefan Institute, Jamova 39,
1000 Ljubljana, Sloveniaa r t i c l e i n f o
Article history:
Received 14 November 2007
Received in revised form
22 August 2008
Accepted 15 January 2009Available online 30 January 2009
Keywords:
Fault tree
Safety
Reliability
Power system20/$ - see front matter Crown Copyright & 20
016/j.ress.2009.01.004
esponding author.
ail address: [email protected] (A. Volka b s t r a c
t
A new method for power system reliability analysis using the
fault tree analysis approach is developed.
The method is based on fault trees generated for each load point
of the power system. The fault trees are
related to disruption of energy delivery from generators to the
specific load points. Quantitative
evaluation of the fault trees, which represents a standpoint for
assessment of reliability of power
delivery, enables identification of the most important elements
in the power system. The algorithm of
the computer code, which facilitates the application of the
method, has been applied to the IEEE test
system. The power system reliability was assessed and the main
contributors to power system
reliability have been identified, both qualitatively and
quantitatively.
Crown Copyright & 2009 Published by Elsevier Ltd. All rights
reserved.1. Introduction
The power systems are usually large, complex and, in manyways,
nonlinear systems. They include subsystems and compo-nents such as
generators, switching substations, power lines andloads. Switching
substations include buses, transformers, circuitbreakers and
disconnect switches. The evaluation of the overallsystem
reliability is extremely complex as it is necessary toinclude
detailed modeling of both generation and transmissionfacilities and
their auxiliary elements. A failure of components orsubsystems can
result in a failure of power delivery to specificloads or in
certain cases in a full blackout of the power system.
The purpose of this paper is to develop a new method forpower
system reliability analysis, because several blackouts havebeen
reported recently [1,2]. The need for analysis of powersystem
reliability additionally emerges from the aspect of theconsequent
terrorist threats on major infrastructures includingthe power
systems [3].1.1. State of the art of power system reliability
analysis
Most of the approaches for determination of power
systemreliability use approximation or simplification of the
problem inorder to degrade the problem on a solvable level. The
quasi-transient approach [4] and examination of cascading failure
usingthe linear programming [5] method were proposed assuming
only09 Published by Elsevier Ltd. All
anovski).single components failure and identification of only
one criticalpoint in the system, excluding the probability of
failure ofcomponents. Evaluation of system reliability concerning
only thegeneration facilities and their adequacy to satisfy load
usingheuristic methodology was proposed, but this methodology
doesnot include transmission in the analysis [6].
The minimal cut set and the frequency duration method areused
for the planning and design of industrial and commercialelectric
power distribution systems and their reliability evalua-tion, but
the whole methodology considers only lines andtransformers and is
applicable only to small systems [79]. Theminimal cut-set method of
evaluating load-point reliabilityindices is proposed but it
accounts for only topology of thenetwork [10]. Screening
methodology for the identification andranking of infrastructure
vulnerabilities, including a small powersystem, due to terrorism
based on a minimal cut-set approach andevent tree method was
proposed [11,12], and also needingconditional success rate
estimation. A method for assessing andimproving the vulnerabilities
of electric power transmission grids,based on load-flow algorithm
using direct current (DC) powerflow, is proposed but it accounts
for only power grid reliability[13]. An application of Monte Carlo
network analysis for reliabilityassessment of multiple
infrastructures, including power system,for terrorist actions [14]
is proposed, but this method isinadequate when infrastructures are
analyzed individually. Ap-plication of the sum-of-disjoint products
technique for evaluatingstochastic network reliability is proposed
[15] with the simplifica-tion of the problem considering only one
path between sourceand sink nodes and assuming that each node is
perfectly reliable.A hybrid model that includes both power system
dynamicrights reserved.
www.sciencedirect.com/science/journal/resswww.elsevier.com/locate/ressdx.doi.org/10.1016/j.ress.2009.01.004mailto:[email protected]
-
ARTICLE IN PRESS
A. Volkanovski et al. / Reliability Engineering and System
Safety 94 (2009) 11161127 1117simulations and event trees for the
protection was anticipated forpower system reliability estimation,
accounting for only linesprotection failure [16].
Several variations of Monte Carlo simulation methods includ-ing
cellular automata and system state transition samplingapproach were
developed to probabilistically evaluate powersystem long-term
reliability [1723]. These methods do notinclude all functional
zones of the power system and some ofthem face difficulty with
convergence. A method based on loadcurtailment model is proposed to
perform risk assessment of acombinative system of transmission
network and substationconfigurations [24] and excluding generators
failure from theanalysis.
A method for evaluating the terminal-pair reliability of
thenetwork, based on an edge expansion tree and ordered
binarydecision diagram, and a method for consideration of node
failureswere developed [25,26].
The power system is usually divided into generation,
transmis-sion and distribution functional zones, which are
analyzedseparately [27,28]. These functional zones can be combined
toform a series of hierarchical levels for conducting the
systemreliability analysis. System reliability is usually predicted
usingone or more indices that quantify the system reliability and
thatare implemented using the criteria based on acceptable values
ofthese indices.
A methodology for the automated generation of fault trees
forelectrical/electronic circuits from a representation of a
schematicdiagram is developed [29]. The application of the fault
treeanalysis approach for power system reliability analysis
andsystem design, development and modification is
demonstrated[30,31]. A recent probabilistic method for transmission
gridreliability evaluation uses event trees and fault trees
andcombines them with power system dynamic simulations.
Thesubstation protection and the trip operations after line faults
aremodeled with the event trees. The power system reliability
isstudied with a substation model, which includes
possiblemalfunctions of the protection and circuit breakers. Single
faultsof lines, due to the protection failure, are accounted for in
theanalysis [32,33].2. Method description
The failure probability of power delivery to ith load (QGDi)
iscalculated through the top event probability of the respective
faulttree, and the values of weighted failure probabilities of
powerdelivery to loads are considered to get the overall measure of
thepower system reliability:
RPS 1XNLi1
QGDiKi
K 1 QPS (1)
where RPS is power system reliability; QPS, power
systemunreliability; QGDi, failure probability of power delivery to
ithload (top event probability of the respective fault tree);
NL,number of loads in system; Ki, capacity of ith load; K,
totalcapacity of the system; Ki/K, weighting factor for ith load,
where
K XNLi1
Ki (2)
The fault tree analysis is performed separately for each of
theloads in the power system, and the power system reliability,
givenby Eq. (1), is calculated. Calculation of the power flows
within thepower system is considered, in addition.2.1. Fault tree
analysis
The report entitled Reactor Safety Study: an assessment
ofaccident risk in US Commercial Nuclear Power Plants(NPPs)WASH
1400 [34] was an important attempt to providea detailed assessment
of the risks associated with the utilizationof commercial nuclear
power plants. A systematic probabilisticmethodology for assessment
of reliability and safety of complexsystems was developed and
applied. In most countries, themethod is referred to as
probabilistic safety assessment (PSA).The event tree and the fault
tree are two basic methods used inprobabilistic safety assessment
[35].
The fault tree is a tool to identify and assess the
combinationsof the undesired events in the context of system
operation and itsenvironment that can lead to the undesired state
of the system[3537]. It is recognized worldwide as an important
tool forevaluating safety and reliability in system design,
developmentand operation [35,3844]. The undesired state of the
system isrepresented by a top event. The fault tree is based on
Booleanalgebraic and probabilistic basis that relates probability
calcula-tions to Boolean logic functions. The fault tree analysis
is used forassessment of reliability indices in the power system
withinclusion of the major components of the system. The
logicalgates integrate the primary events to the top event,
whichcorresponds to the undesired state of the system. The
primaryevents are the events that are not further developed, e.g.
the basicevents (BE) and the house events. The basic events are
theultimate parts of the fault tree, which represent the
undesiredevents, e.g. the component or system failures.
The classic fault tree is mathematically represented by a set
ofBoolean equations. The qualitative fault tree analysis (in
theprocess of Boolean reduction of a set of equations) identifies
theminimal cut sets, which are combinations of the smallest
numberof basic events, which, if occur simultaneously, lead to the
topevent.
The quantitative fault tree analysis represents a calculation
ofthe top event probability, equal to the failure probability of
thecorresponding load. The calculation of the top event
probability:
QGD Xni1
QMCSiXioj
QMCSi\MCSj
Xiojok
QMCSi\MCSj\MCSk . . . 1n1Q\ni1
MCSi (3)
can be simplified and approximated (using rare event
approxima-tion) as
QGD Xni1
QMCSi (4)
where QGD is top event probability of the fault tree,
correspondingto probability of disruption of energy delivery to the
correspond-ing load.
Probability of each minimal cut set is calculated using
therelation of simultaneous occurrence of independent events:
QMCSi Ymj1
QBj (5)
where QMCSi is probability of minimal cut set i; m, number of
basicevents in minimal cut set i; QBj, probability of the basic
event Bjdescribing failure of the component (i.e. failure
probability ofcomponent Bj).
The fault tree analysis results include importance measuresrisk
achievement worth (RAW) and risk reduction worth (RRW) inaddition
to the top event probability [39,43]. Risk achievementworth
identifies components that should be maintained well in
-
ARTICLE IN PRESS
A. Volkanovski et al. / Reliability Engineering and System
Safety 94 (2009) 111611271118order that the reliability of the
system is not reduced significantly.Risk reduction worth identifies
components that are probablyredundant, because their reliability
significantly increases systemreliability(i.e. risk is
reduced):
RAWk QGDQk 1
QGD(6)
RRWk QGD
QGDQk 0(7)
where RAWk is risk achievement worth for component k; RRWk,risk
reduction worth for component k; QGD(Qk 1), top eventprobability
when failure probability of component k is set to 1;QGD(Qk 0), top
event probability when failure probability ofcomponent k is set to
0; QGD, top event probability.2.2. New importance measures
New risk importance measures are developed to evaluate thepower
system [44]. The network importance risk measures,namely network
risk achievement worth (NRAW) and networkrisk reduction worth
(NRRW), are defined using the definition ofthe importance measures
from a single fault tree given in Eqs. (6)and (7) and the power
system unreliability expression given in Eq.(1). As the term
network is a descriptive term for the powersystem in this paper,
NRAW and NRRW can be expressed as powersystem risk achievement
worth and power system risk reductionworth:
NRAWk QPSQk 1QPS
PNLi1
QGDiQk 1Ki
PNLi1
QGDiKi
PNLi1
QGDiQkKiRAWkGDi
PNLQGDiKi
(8)
where NRAWk is power system risk achievement worth ofcomponent
k; QPS, power system unreliability; QPS(Qk 1), powersystem
unreliability when unreliability of component k is set to 1;QGDi(Qk
1), failure probability of power delivery to ith load
whenunreliability of component k is set to 1; NL, number of loads
in thesystem; QGDi(Qk), failure probability of power delivery to
ith load;RAWkGdi, value of RAW for component k corresponding to
load i;and Ki, capacity of ith load.
NRRWk is defined as
NRRWk QPSQPSQk 0
PNLi1
QGDiKi
PNLi1
QGDiQk 0Ki
PNLi1
QGDiKi
PNLi1
QGDiQkKiRRWkGDi
(9)
where NRRWk is power system risk reduction worth of componentk;
QPS(Qk 0), power system unreliability when unreliability
ofcomponent k is set to 0; QGDi(Qk 0), failure probability of
powerdelivery to ith load when unreliability of component k is set
to 0;RRWkGdi, value of RRW for component k corresponding to load
i.
The system importance measures NRAW and NRRW forcomponents
groups are defined similarly as importance measuresfor single
components, substituting QPS and QGDi in Eqs. (8) and (9)with
QPS(Qg 1)power system unreliability when unreliability
ofcomponents in group g is set to 1.
QGDi(Qg 1)failure probability of power delivery to ith loadwhen
unreliability of components in group g is set to 1.
QPS(Qg 0)power system unreliability when unreliability
ofcomponents in group g is set to 0.
QGDi(Qg 0)failure probability of power delivery to ith loadwhen
unreliability of components in group g is set to 0.
Component groups may contain components (elements) of thesame
type, components corresponding to specific substation or/and any
other combination.2.3. Approximate DC load-flow model and line
overload test
The approximate direct current power flow model is obtainedfrom
the alternating current model of power system if taken to
beapproximated, voltages in all buses are equal to the
nominal,differences of angles of voltages are very small and
neglecting thelosses in power system. The DC power flow model gives
a linearrelationship between the power flowing through the lines
and thepower input at the nodes. The DC power flow equations can
bewritten as
F AP (10)
where F is a vector whose components are the active power
flowsthrough the lines; P, vector whose components are power
ofgenerators in the substations; A, constant matrix with
elementscalculated from the impedance of the lines and load in
substations(dimensions of A are NlNg, where Nl is the number of
lines andNg the number of substations directly connected to a
generator orgenerators in a system).
Using the calculated active power flows from Eq. (10) and
theapproximate methodology [45], reactive power flows and
voltagesin the buses are calculated for normal regime and for the
singleline failure state (when each of the lines in the system
fails). Thecalculated flows and voltages are stored and used for
the overloadchecking procedure.
The procedure for overload checking contains the
followingsteps:1. Compare flows through the lines, which constitute
tested flowpath, with continuous load rating of those lines, when
linesthat are not included in the flow path fail (single line
failure).2. If the overloaded line is found in step 1, then discard
that flowpath and check the next flow path.3. Check if there are
violated voltages (outside the predeterminednominal range) in the
buses constituting flow path when linesthat are not included in the
flow path fail.4. If flow path passes the overload and voltage
tests, accept it forthe fault tree construction.5. Go to step 1,
until all flow paths are checked.
In step 1, the maximum (absolute value) of the reactive
powerflow thought to line together with active power flow is
consideredin the evaluation. The single peak load model is used in
theanalysis accounting for the size of the loads during
peakconsumption.
Continuous load rating of the lines is updated with theambient
temperature using the correction factor defined as
kcorr
ffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi80
Tamb
40
r(11)
-
ARTICLE IN PRESS
A. Volkanovski et al. / Reliability Engineering and System
Safety 94 (2009) 11161127 1119where kcorr is correction factor for
continuous load rating and Tambis ambient temperature.
Many power systems are built or have been designed with
arelatively strong transmission network. When analysis is done
tothose systems, several modifications are made in order [20]
toweaken the system for conducting the transmission
reliabilitystudies. Those modifications are mostly connected with
thedisconnection of multiple lines in the power system. With
thedisconnection of lines, the overall structure and power
flowswithin the system are changed, not corresponding to flows in
areal system. In the proposed method, power flows in normal
andsingle line failure regime are accounted for together with
voltagesin the substations. Only selected energy paths are
accounted for inthe fault tree construction, discarding those that
are overloaded asa result of limitations of transfer capacity of
lines or violatedvoltages in substations. Discarded flow paths,
depending onpower flows, have direct implication on the reliability
of powerdelivery and on overall power system reliability (a
smallernumber of flow paths results in a smaller number of
alternativepower delivery paths and higher failure probability).
Reducing thenumber of flow paths reduces the number of gates in a
fault treeand the overall size of the fault tree, decreasing the
calculationtimes.2.4. Procedure
Switching substations are important elements of powersystems. A
generator and/or a load can be connected to theswitching
substation. Switching substations are connected withpower lines,
through which the power is transferred fromgenerators and other
switching substations to loads. The mainFig. 1. Example substation
and simptask of the analysis is to identify the possible paths of
interruptionof power supply to the load, to evaluate the
probability of thatinterruption and to recognize the main
components that con-tribute to the interruption of supply.
In order to start with the fault tree analysis, the
correspondingfault tree should be built first for each switching
substation,which is connected to a load. The principle of continuum
ofenergy delivery is taken in account during the analysis. The
faulttree structure corresponds to the configuration of the system
andincludes all possible flow paths of disruption of the power
supplyfrom generators to loads. The power transfer limitations
andcommon cause failures (CCF) of power lines are included in
themodel together with power flows and capacity of generators
andloads in the power system. Common cause failures are failures
ofmultiple equipment items occurring from a single cause that
iscommon to all of them [46]. The failure of the multiple lines
dueto the severe weather conditions or earthquakes in a
specifiedregion can be additionally modeled adding supplementary
CCFgroups for each initiator.
Switching substations used in the model correspond tosubstations
in real power systems, which normally include severalcomponents
including circuit breakers, protective relays, cut-outswitches,
disconnect switches, lightning arresters, fuses, transfor-mers and
other communication and protection equipment.
The first step in the proposed method is the building of
faulttrees for each substation in the power system and the
calculationof corresponding top event probabilities. Example of a
switchingsubstation, consisting of load, two buses, four generators
andthree lines (up) together with a corresponding simplified
modelrepresentation of the substation (down), is given in Fig.
1.
In the simplified substation representation, given in thebottom
of Fig. 1, bus BUS01 failure will result in interruption oflified
model of the substation.
-
ARTICLE IN PRESS
Fig. 2. Fault tree for simplified substation representation.
Fig. 3. An example system consisting of six substations.
A. Volkanovski et al. / Reliability Engineering and System
Safety 94 (2009) 111611271120energy delivery from generators and
lines to load, disruption ofpower delivery from generators to lines
and disruption of energyexchange between power lines, representing
substation failuremode in the developed method. Disruption of
energy deliverypaths through elements of the substation is
accounted for duringthe construction of the fault tree. Fig. 2
shows a part of the faulttree of the substation. Normal states of
the circuit breakers anddisconnect switches (normally open or
normally closed) areassumed and modeled in the fault tree using two
failureprobabilities, for active and passive failures, for each of
theelements (fails to close, fails to remain closed). Building of
thefault trees and calculation of top event probability and
corre-sponding importance measures are done using commercial
soft-ware [47].
The presented reliability assessment of the substation does
notinclude protection and control systems. The inclusion of
thesesystems can improve the models, but it can additionally
increasethe complexity of the overall procedure [48].
The next step in developing the corresponding fault trees
isidentification of all the possible energy delivery flow paths
fromthe adjacency matrix of the corresponding power system. The
sixsubstations system, which is shown in Fig. 3, is presented as
anexample for description of the methodology.
The system consists of six substations, five generators
insubstations 13 and 6 and two loads in substations 1 and 4.
Thereare multiple generators (two in substation three) and
multiplelines (marked Li1 and Li2 in Fig. 3) between substations 1
and 2 inthe example system. The lines for which common cause
failuresare accounted for are marked in Fig. 3: CCF of lines due to
thecommon tower and CCF1 for lines that are assumed to be on
acommon right-of way for part of their length.
The adjacency matrix A of a simple graph is a matrix with
rowsand columns labeled by graph vertices, with a 1 or 0 in
position(vi, vj) according to whether graph vertices vi and vj are
adjacentor not. Using the adjacency matrix A, all possible flow
pathsbetween generation (source) and consumer (load) substations
areidentified, using developed recursive procedure for the
formationof rooted trees of the graph of the system. The energy
flow pathsbetween the load and other substations in the system
areidentified using the rooted tree. A rooted tree is a tree in
whicha labeled node is singled out. The rooted tree for substation
1 isgiven in Fig. 4. Dashed lines identify the energy flow
pathsbetween substations 3 and 6 and substation 1.
-
ARTICLE IN PRESS
Fig. 4. Rooted tree for substation 1 with energy flow paths to
substations 3 and 6for example system.
Fig. 5. Discarded and accepted flow paths for test system.
A. Volkanovski et al. / Reliability Engineering and System
Safety 94 (2009) 11161127 1121The identified flow paths of energy
delivery between substa-tions are tested for consistency, namely:1.
Only a part of the flow path ending with substation, which
isdirectly connected to generators with total installed
capacityequal or larger than load, is taken further for the
overload test.2. If there is an overloaded line in the flow path
obtained from theprevious test, then that flow path is
discarded.Test of overloaded lines or violated voltages in a flow
path isdescribed in Section 2.3.
In these consistency tests, it is assumed that energy
isdelivered to the load only from substations, where the
totalinstalled capacity of generators is equal to or larger than
the load.This assumption does not correspond to real power
systemswhere each generator has a share of energy delivered to each
loadin the power system. However, taking into account the fact that
allpossible combinations of flow paths of all substations
withgenerators and loads are included in the model, it is
postulatedthat the model will correspond to the state of a real
power system.
Example of a consistency test, for load 1 with tree shown in
Fig.4, is given in Fig. 5. Let the total installed capacity of the
generatorin substation 2 be smaller than the load in substation 1,
lines 24are overloaded for the specific flow path corresponding to
energydelivery from substations 3 to 1 and voltage in bus 5 is
higherthan nominal in case of the failure of lines 13. In that
case, onlyflow paths marked with dark solid lines in Fig. 5 will be
acceptedfor the fault tree construction. All other flow paths will
bediscarded due to the lack of generator (black dashed
lines,substation 4), smaller generation than load (green lines,
substa-tion 2), violated voltage (blue line from substation 6) or
overloadof the line (red dashed line between substations 2 and 4
showsoverloaded line; red line between substations 2 and 3 is
discardedtoo).
Flow paths, which were accepted in a previous test
ofconsistency, are used in the next step for fault tree
construction.The fault tree for each substation, which is connected
to a load, iscreated using the modular fault tree, shown in Fig. 6,
with thestructure and the failure probabilities inserted depending
on theelements modeled. Basic events marked in red squares
areoptional, depending if there are CCF between lines or if
thereare multiple generators in the substation. The procedure
ofbuilding fault tree includes the following steps:1. Add OR gate
(top gate named 50,000) corresponding to failureof power delivery
to that substation.2. If the previously added gate is top gate,
exclude the linefailures gate, else add OR gate for those failures
(named600,000 or above) and corresponding basic events for
linefailures and CCF of lines (named with numbers starting
from200,000 and 650,000).3. Add OR gate corresponding to substation
failure (named withnumbers starting from 700,000).4. Add OR gates
corresponding to substation failure (named withnumbers starting
from 800,000) and corresponding basicevents (named with numbers
starting from 100,000).5. Add AND gate corresponding to failure to
deliver energy tospecific substation (named 900,000 or above).6.
Add OR gates corresponding to generators failure in thatsubstation
(750,000 and above) or no energy from othersubstations connected to
that substation (500,001 and above).7. Go to step 1 until all
energy flow paths are accounted for.Fig. 7 shows the top section of
the fault tree constructed for load1 in substation 1 in Fig. 3. The
maintenance activities of thecomponents in the power system can be
implemented byexcluding the components planned for maintenance from
inputdata.
The evaluation of the network reliability is an NP-hardproblem
[15] requiring processor power and memory allocation.Two major
elements identify the necessary calculation time. Firstis the size
of the fault trees built for each of the loads in thesystem. Fault
trees size depend on the number of substations(correlated to size
of adjacency matrix), loads (number ofgenerated fault trees), lines
in the power system (related tonumber of possible energy flow
paths) and size of the loads andgenerators and their disposition in
the system (number ofaccepted flow paths accounting for power
transfer capabilities ofthe lines and substation voltages). Second
is the efficiency of theused fault tree analysis module and the
used cut-off values in the
-
ARTICLE IN PRESS
Fig. 6. Modular fault tree used for fault tree construction.
Fig. 7. Part of the fault tree built for load 1 in substation
1.
A. Volkanovski et al. / Reliability Engineering and System
Safety 94 (2009) 111611271122
-
ARTICLE IN PRESS
A. Volkanovski et al. / Reliability Engineering and System
Safety 94 (2009) 11161127 1123calculations and this element is most
time demanding andlimiting in the method.
During the construction of the fault tree model for each of
thesubstations in the system, the following important issues
areconsidered: Logical looping was avoided by careful consideration
of flowpaths. All ends of flow paths are considered in order not to
double-count contributions modeled previously in the tree.The
verification of a proper fault tree modeling was donethrough the
examination of minimal cut sets of small test systemsin sense: If
all minimal cut sets are really minimal.
If all expected minimal cut sets appear in their respective
listing.Fig. 8. IEEE one a3. Results
The new method is tested on the IEEE One Area
RTS-96(IEEEInstitute of Electrical and Electronics
Engineers,RTSReliability Test System), consisting of 24
substations17substations that are directly connected to loads and 7
substationsthat are directly connected to generators32 generators
and 38power lines [49]. For 14 lines, the common cause failures
areconsidered. The IEEE reliability test system is specially
designed tobe used for different static and dynamic analyses and to
comparethe results obtained by different methods. Diagram of the
IEEEOne Area RTS-96 is given in Fig. 8.
The available data for component reliability are used in
theanalysis [49,50]. Each substation is approximated with
substationfailure basic event calculated by the procedure given in
Section2.4. The extended single line diagram of IEEE One Area
RTS-96Substation System [49], including station configurations,
wasused for substations reliability assessment. Failures of
thedisconnect switches at the end of the power lines, circuit
breakersand transformers in the lines were included in the
calculation ofrea RTS-96.
-
ARTICLE IN PRESS
Table 1Failure data for selected elements of the IEEE test
system.
Component name Component failure probability Subsystem
failure
probability
Beta factor for common
cause failures
Substation one failure 3.57E8
Substation two failure 3.57E8
Substation three failure 2.33E9
Substation eleven failure 3.00E9
Line between substations 1 and 2 4.39E4
Line between substations 1 and 3 5.83E4
Line between substations 1 and 5 3.77E4
Beta factor for lines 89 2.00E1
Beta factor for lines 1722 3.00E1
Circuit breaker (active failure: fails to close) 8.14E05
Circuit breaker (passive failure: fails to remain closed)
6.16E06
Disconnect switch (active failure: fails to close) 4.09E06
Disconnect switch (passive failure: fails to remain closed)
6.16E07
Generator size 12MW 2.00E02
Generator size 20MW 1.00E01
Generator size 50MW 1.00E02
Generator size 76MW 2.00E02
Generator size 100MW 4.00E02
Generator size 155MW 4.00E02
Generator size 197MW 5.00E02
Generator size 350MW 8.00E02
Generator size 400MW 1.20E01
Bus section 138kV 5.44E05
Bus section 230 kV 4.43E05
Table 2Calculated top event probabilities of IEEE RTS.
Load
substation
Failure
probability of
power delivery
to respective
load
Weight FT top event
prob.weightCapacity
(MW)
A. Volkanovski et al. / Reliability Engineering and System
Safety 94 (2009) 111611271124failure probabilities of the lines.
Only the length of the commonstructure or the common path of power
lines is given in IEEE data;therefore, the estimated values are
considered for the Beta factorfor CCF of lines. Table 1 shows the
component reliability data forselected elements of the test system
as used in the analysis.Ambient temperature Tamb 40 1C is
considered in the analysis.
The following results are obtained for the test system:15
2.31E03 1.10E01 2.54E04 317
18 2.30E03 1.16E01 2.66E04 333
13 1.39E04 9.20E02 1.28E05 265
20 4.47E05 4.44E02 1.99E06 128fault tree model and top event
probability for each of theselected loads,7 4.11E05 4.34E02 1.79E06
125 system unreliability,
10 9.96E06 6.77E02 6.74E07 195
9 9.96E06 6.08E02 6.05E07 175power system risk achievement worth
for all elements of thesystem,14 3.71E06 6.74E02 2.50E07 194
19 3.55E06 6.28E02 2.23E07 181
3 2.56E06 6.25E02 1.60E07 180power system risk reduction worth
for all elements of thesystem and6 7.29E07 4.72E02 3.44E08 136
8 6.56E07 5.94E02 3.90E08 171importance measures for components
and selected groups ofcomponents in the system.4 1.88E07 2.57E02
4.83E09 74
5 1.51E07 2.47E02 3.71E09 71
2 3.59E08 3.37E02 1.21E09 97
1 3.57E08 3.75E02 1.34E09 108
16 1.99E08 3.47E02 6.91E10 100The selected quantitative results
are presented in the followingtables.
Results in Table 2 include failure probability of the
powerdelivery to respective loads in the power system,
correspondingweighting factor for each load and final weighted
failureprobability for each load separately. The total system
failureprobability is evaluated as 5.41E04. The total capacity of
thesystem is 2850MW. The results in Table 2 show that the loadswith
the highest top event probability are loads in substations 15,18,
13 and 20, mainly due to the size of the loads and
failureprobabilities of those substations. The obtained results
werecompared with the results obtained for bus indices for IEEE
RTSshown in Table 3 taken from Table 3.16 of the corresponding
Ref.[50]. Comparison of the obtained results show that
samesubstations have the highest failure probabilities in the first
fourpositions of both tables. The energy index of unreliability in
Table3.17 of the corresponding Ref. [50] was estimated to be
5.84E3.This value is of an order of magnitude higher than the
systemunreliability measure obtained from the proposed method, but
itshould be noted that both measures have been obtained bydifferent
approaches and they correspond to different powersystem elements
(the power deliver capability in the first and theenergy in the
second case).
The importance measures NRRW and NRAW for selectedcomponents in
the power system are given in Table 4. Resultsshow that components
with the highest value of NRRW impor-tance measure are generators
situated in substations 18, 21 and 23and this result is expected
accounting for that those units are thelargest generating units in
the power system. The high value ofNRRW implies that the
reliability of the respective components isworth increasing in
order that the system reliability is signifi-cantly increased. The
identified power plants are candidates fordesign change, e.g.
installation of redundant components in the
-
ARTICLE IN PRESS
Table 3The results for the IEEE RTS from Ref. [50].
Load Failure probability
18 8.34E02
13 7.13E02
15 5.65E02
20 4.62E02
2 4.10E02
16 2.60E02
3 2.26E02
5 2.24E02
1 2.24E02
6 2.24E02
4 2.24E02
8 1.60E02
7 1.59E02
19 1.17E02
14 9.56E03
9 3.17E03
10 3.17E03
Table 4Importance measures for selected components of IEEE
RTS.
Component identification NRRW NRAW
G2 118-1 1.04E+02 8.26E+00
G2 121-1 1.04E+02 8.26E+00
G2 123-3 1.98E+00 6.70E+00
G2 123-1 1.33E+00 6.94E+00
G2 123-2 1.33E+00 6.94E+00
B1-118 1.00E+00 2.20E+02
B1-115 1.00E+00 2.05E+02
L1-107 108 1.00E+00 1.07E+01
L1-116 119 1.00E+00 1.31E+00
L2-120 123 1.00E+00 1.29E+00
Table 5Power flows through lines in IEEE RTS.
Line Power flow
(MW) start
Power flow
(MVAr)
start
Power flow
(MW) end
Power flow
(MVAr)
end
Lines 1416 343.3 38 343.3 25.3Lines 1617 322.2 19.2 322.2
43.1Lines 1323 250.6 31.6 250.6 9Lines 1223 243.9 21.9 243.9
19.8Lines 324 236.7 35.5 236.7 10.6Lines 1524 233.2 28.6 233.2
10.2Lines 1521 214.9 41.9 214.9 57.7Lines 1521 214.9 41.9 214.9
57.7Line 1718 181 51.4 181 53.9Lines 1012 166.2 57.2 166.2
30.2Lines 2122 158.9 24.6 158.9 21.6Lines 1114 149.3 63.8 149.3
62.5Lines 1619 143.5 68.1 143.5 68.4Lines 1722 141.1 10.1 141.1
11.5Lines 1011 140.7 66.3 140.7 45.9Lines 912 122.2 20.1 122.2
34Lines 78 115 26.5 115 18.2Lines 1516 109.6 70.1 109.6 69Lines 911
96.7 10.5 96.7 18.9Lines 610 84.4 73 84.4 210.1Lines 1113 83.1 36.4
83.1 30Lines 2023 82.7 58.3 82.7 55.7Lines 2023 82.7 58.3 82.7
55.7Lines 15 64.8 1.2 64.8 0.4Lines 1821 57 8.9 57 14Lines 1821 57
8.9 57 14Line 26 51.6 28.4 51.6 28.4Lines 89 39.2 12.9 39.2 15Lines
1213 38.5 21.5 38.5 11.5Lines 24 37.9 31.3 37.9 31Lines 39 37.8
27.3 37.8 26.1Lines 49 36.1 16.9 36.1 18.4Lines 1920 18.8 53 18.8
45.1Lines 1920 18.8 53 18.8 45.1Lines 810 16.8 27.2 16.8 24.3Lines
13 15.3 40.8 15.3 43.4Lines 12 14.5 40 14.5 13.2Lines 510 6.2 13.4
6.2 10.9
Table 6Importance measures for selected components of substation
15.
Component ID Failure probability RRW RAW
DS15024 5.00E04 1.43E+00 6.01E+02DS15023 5.00E04 1.43E+00
6.01E+02BUS15A1 1.67E05 1.00E+00 5.27E+01BUS15B2 1.67E05 1.00E+00
2.61E+01BUS15A2 1.67E05 1.00E+00 2.52E+01CB15010 6.60E03 1.12E+00
1.72E+01CB15011 6.60E03 1.12E+00 1.72E+01
A. Volkanovski et al. / Reliability Engineering and System
Safety 94 (2009) 11161127 1125corresponding substations where those
generators are connected.The identified components with the highest
NRAW in Table 4 areas follows: substations 18 and 15, line between
switchingsubstations 7 and 8, line between substations 16 and 19
andCCF of the lines between substations 20 and 23. Components
withthe highest value of NRAW should be maintained well, in
orderthat the reliability of the system is not reduced
significantly, sothe maintenance priority should be high for those
components.The high value of NRAW for substations 18 and 15 is
expectedaccounting for the size of the loads connected in those
substa-tions. The failure of line between substations 7 and 8 will
disruptpower delivery from the generator and to the load situated
insubstation 7, resulting in a high value of NRAW. The high values
ofNRAW for the line between substations 16 and 19 and CCF of
thelines between substations 20 and 23 are obtained because
failureof those lines will disrupt power delivery from generators
situatedin substations 19 and 20 to the power system and interrupt
powertransfer between substations 16 and 23.
The calculated power flows through lines in the power
systemusing DC power flowmethod for the normal operation are given
inTable 5. The minus sign indicates the reverse flow between
twosubstations. The highest power flows are between lines 1416
and1617. Comparison of the most important power lines in thesystem
given in Table 4 and the power flows given in Table 5shows that the
most important power lines are not always thosethat have the
highest power flows during normal regime of work.
The importance measures for selected components ofsubstation 15,
identified to have the highest failure probabilityin Table 2, are
given in Table 6. The results show that twodisconnect switches
DS15023 and DS15024 are the most im-portant components with the
highest values of RRW and RAW.3.1. Additional application of the
results
The data for causes of major blackouts in USA in the
period19941997 [51] clearly indicate that the equipment failures
andthe weather conditions are the main initiators of
blackouts.Quantification of reliability of the power system is
importantowing to the social, economical and safety implications of
theoverall population. On August 14, 2003, a widespread loss of
the
-
ARTICLE IN PRESS
A. Volkanovski et al. / Reliability Engineering and System
Safety 94 (2009) 111611271126US electrical power grid (blackout)
resulted in the loss of offsitepower (LOOP) initiating event (IE)
at nine US commercial NPPs.
In a power system that consists of at least one NPP,
reliabilityof the power system influences the safety of the NPP.
The NRCinitiated a comprehensive program to review grid stability
andoffsite power issues as they relate to the safety of NPPs
[52,53].
The presented methods for assessment of power systemreliability
can be used as an alternative approach for estimationof the
frequency of the loss of offsite power and station blackout(SBO)
initiating events in NPP PSA, thus resulting in an
overallimprovement of PSA analysis of the plants. The loss of
offsitepower initiating event occurs when all power to the plant
fromexternal sources (the grid or a dedicated transmission line
fromanother onsite plant) is lost. The station blackout event is
inducedby a loss of offsite power event followed by the failure of
all onsitediesel generators (DG) to start and run.
Taking into account that SBO and LOOP are major contributorsto
CDF [54], the changes of LOOP IE frequency can result insubstantial
changes of the results. For example, after initiatingevents SBO and
LOOP, their corresponding scenarios contribute,respectively, 32.1%
and 11.5% to the core damage frequency (CDF)of specific NPP [54]. A
LOOP initiating event frequency of 5.17E2events/year is assumed.
The LOOP results from three possiblecauses, namely plant centred
causes (PCL), grid causes (GD) andweather related causes. If shares
of 58%, 35% and 7% are assumedfor each of them correspondingly,
then the value of 1.81E02events/year is obtained for the GD LOOP.
If the GD LOOP initiatingevent frequency is changed based on power
system evaluations,the core damage frequency may change
significantly.
If the GD LOOP initiating event frequency is changed to1.55E04
events/year, the value of LOOP is changed to 3.36E2events/year. If
the linear relation between CDF contribution and IEfrequency is
assumed, the calculated contributions of SBO andLOOP to CDF of the
same NPP are 20.9% and 7.48%, respectively,with change of core
damage frequency being around 10%.
The presented method can be applied for reliability analysis
ofother critical infrastructures such as traffic, communication
andgas networks. The identification and protection of the
criticalcomponents of a given networks can directly reduce
theconsequences of terrorist attacks.4. Conclusions
A new method for assessment of power system reliability
isdeveloped. The method integrates the fault tree analysis and
thepower flow model. The results are qualitative and
quantitativeand they depend on the failure probabilities of
components andon the power flows in the power system. The results
identify thereliability measures connected to particular loads and
thereliability measures connected to the power system as a
whole:the probability of failed power delivery to selected loads,
theimportance measures of components corresponding to selectedloads
and the importance measures of components correspondingto the whole
power system.
An important feature of the method is that system
deficienciescan be readily identified, using newly defined
importancemeasures. Both quantitative and qualitative results help
infocusing attention on those sections of a power system
thatcontribute the most to the unreliability of power delivery
tospecific loads. Application of the method on IEEE area test
systemis demonstrated. The method can be adapted for
reliabilityanalysis of other critical infrastructures, which have
similartopology as the power system.
Future work may include integration of evaluation of
substa-tions into the power system evaluation, procedure for
calculationof common cause failures and a more efficient algorithm
foridentification and analysis of minimal cut sets, which is
capable toconsider even larger models.Acknowledgement
This research was supported by the Slovenian Research
Agency(contract no. 1000-05-310016).
References
[1] Jeffrey S, Restrepo C, Zimmerman R. Risk-management and
risk-analysis-based decision tools for attacks on electric power.
Risk Analysis2007;27(3):54770.
[2] Bruce F, Wollenberg B. From blackout to blackout 1965 to
2003: how far havewe come with reliability? IEEE Power and Energy
Magazine, 2004;(January/February):868.
[3] Rose A, Oladosu G, Liao S. Business interruption impacts of
a terrorist attackon the electric power system of Los Angeles:
customer resilience to a totalblackout. Risk Analysis
2007;27(3):51331.
[4] Koonce AM, Apostolakis GE, Cook BK. Bulk power grid risk
analysis: rankinginfrastructure elements according to their risk
significance, ESD-WP-2006-19,Engineering Systems Division.
Cambridge, MA: MIT Press; 2006.
[5] Carreras BA, Lynch VE, Dobson I, Newman DE. Critical points
and transitionsin an electric power transmission model for
cascading failure blackouts.Chaos 2002;12(4):98594.
[6] Volkanovski A, Mavko B, Bosevski T, Causevski A, Cepin M.
Genetic algorithmoptimisation of the maintenance scheduling of
generating units in a powersystem. Reliability Engineering and
System Safety 2008;93(6):77989.
[7] IEEE Gold Book, IEEE Recommended practice for the design of
reliableindustrial and commercial power system. ANSI/IEEE Std
493-2007, 2007.
[8] Save P. Substation reliabilitypractical application and
system approach.IEEE Transactions on Power Systems
1995;10(1):3806.
[9] Awosope COA, Akinbulire TO. A computer program for
generating power-system load-point minimal paths. IEEE Transactions
on Reliability1991;40(3):3028.
[10] Awosope COA, Akinbulire TO. A computer program for
generating power-system load-point minimal paths. IEEE Transactions
on Reliability 1991;40(3):3028.
[11] Apostolakis GE, Lemon DM. Screening methodology for the
identification andranking of infrastructure vulnerabilities due to
terrorism. Risk Analysis2005;25(2):36176.
[12] Garrick BJ, Hall JE, Kilger M, McDonald JC, OToole T,
Probst PS, et al.Confronting the risk of terrorism: making the
right decisions. ReliabilityEngineering and System Safety
2004;86:12976.
[13] Bier VM, Gratz ER, Haphuriwat NJ, Magua W, Wierzbicki KR.
Methodology foridentifying near-optimal interdiction strategies for
a power transmissionsystem. Reliability Engineering and System
Safety 2007;92(9):115561.
[14] Patterson SA, Apostolakis GE. Identification of critical
locations acrossmultiple infrastructures for terrorist actions.
Reliability Engineering andSystem Safety 2007;92(9):1183203.
[15] Wei-Chang Y. An improved sum-of-disjoint-products technique
for thesymbolic network reliability analysis with known minimal
paths. ReliabilityEngineering and System Safety
2007;92(2):2608.
[16] Miki T, Okitsu D, Kushida M, Ogino T. Development of a
hybrid typeassessment method for power system dynamic reliability.
In: IEEE interna-tional conference on systems, man and cybernetics,
IEEE SMC 99 conferenceproceedings, vol. 1, 1999. p. 96873.
[17] Zio E, Podofillini L, Zille V. A combination of Monte Carlo
simulation andcellular automata for computing the availability of
complex network systems.Reliability Engineering and System Safety
2006;91:18190.
[18] Yishan L. Short-term and long-term reliability studies in
deregulated powersystem. Doctoral dissertation, Texas A&M
University, 2005. p. 155+4.
[19] Ran M. Deterministic/probabilistic evaluation in composite
system planning.Master thesis, University of Saskatchewan,
Saskatoon, 2003. p. 124+35.
[20] Yifeng L. Bulk system reliability evaluation in a
deregulated power industry.Master thesis, University of
Saskatchewan, Saskatoon, 2003. p. 142+45.
[21] Rajesh UN. Incorporating substation and switching station
related outages incomposite system reliability evaluation. Master
thesis, University ofSaskatchewan, Saskatoon, 2003. p. 91+25.
[22] Hua C. Generating system reliability optimization. Doctoral
dissertation,University of Saskatchewan, Saskatoon, 2000. p.
160.
[23] Billinton R, Wangdee W. Delivery point reliability indices
of a bulk electricsystem using sequential Monte Carlo simulation.
IEEE Transactions on PowerDelivery 2006;21(1):34552.
[24] Wenyuan L, Jiping L. Risk evaluation of combinative
transmission networkand substation configurations and its
application in substation planning. IEEETransactions on Power
Systems 2005;20(2):114450.
[25] Fu-Min Yeh, Sy-Yen Kuo. OBDD-based network reliability
calculation.Electronics Letters 1997;33(9):75960.
-
ARTICLE IN PRESS
A. Volkanovski et al. / Reliability Engineering and System
Safety 94 (2009) 11161127 1127[26] Netes VA, Filin BP.
Consideration of node failures in network-reliabilitycalculation.
IEEE Transactions on Reliability 1996;45(1):1278.
[27] Allan RN, Billinton R. Reliability evaluation of power
systems. Berlin:Springer; 1996.
[28] Allan RN, Billinton R. Probabilistic assessment of power
systems. Proceedingsof the IEEE 2000;88(2):14062.
[29] Vries RC. An automated methodology for generating a fault
tree. IEEETransactions on Reliability 1990;39(1):7686.
[30] Galyean WJ, Fowler RD, Close JA, Donley ME. Case study:
reliability of theINELsite power system. IEEE Transactions on
Reliability 1989;38(3):27984.
[31] Hessian RT, Salter BB, Goodwin EF. Fault-tree analysis for
system design,development, modification, and verification. IEEE
Transactions on Reliability1990;39(1):8791.
[32] Haarla L. A method for analysing the reliability of a
transmission grid.Reliability Engineering and System Safety
2008;93(2):27787.
[33] Pottonen L. A method for the probabilistic security
analysis of transmissiongrids. Doctoral dissertation, Helsinki
University of Technology, 2005. p. 119+88.
[34] Rasmussen N, et al. Reactor safety study. WASH-1400, US
NRC, Washington,1975.
[35] Standard for Probabilistic Risk Assessment for Nuclear
Power Plant Applica-tions, ASME RA-S-2002, 2002.
[36] Roberts NH, Vesely WE, Haasl DF, Goldberg FF. Fault tree
handbook., NUREG-0492, US NRC, Washington, 1981.
[37] Vesely WE, Dugan J, Fragola J, Minarick J, Railsback J.
Fault tree handbookwith aerospace applications. National
Aeronautics and Space Administration,NASA; 2002.
[38] Cepin M, Mavko B. A dynamic fault tree. Reliability
Engineering and SystemSafety 2002;75(1):8391.
[39] CepinM. Method for assessing reliability of a network
considering probabilisticsafety assessment. In: Proceedings of the
international conference on nuclearenergy for New Europe 2005,
Bled, Slovenia, September 58, 2005.
[40] Cepin M. Development of new method for assessing
reliability of a network.In: PSAM 8: proceedings of the eighth
international conference onprobabilistic safety assessment and
management. New Orleans: ASME;2006. p. 45/18.[41] Cepin M, Mavko B.
Probabilistic safety assessment improves surveillancerequirements
in technical specifications. Reliability Engineering and
SystemsSafety 1997;56(1):6977.
[42] Cepin M. Optimization of safety equipment outages improves
safety.Reliability Engineering and System Safety
2002;77(1):7180.
[43] Cepin M. Analysis of truncation limit in probabilistic
safety assessment.Reliability Engineering and System Safety
2005;87(3):395403.
[44] Volkanovski A, Cepin M, Mavko B. Power system reliability
analysis usingfault trees. In: Proceedings, International
conference on nuclear energy forNew Europe, Portoroz, 2006. p.
704.110.
[45] Ackovski R. Methods for planning of development of power
systems usingMonte Carlo simulation. Doctoral dissertation,
Electrotechnical Faculty-Skopje, Macedonia, 1989. p. 138+18.
[46] Breeding RJ, Leahy TJ, Young J, Cramond WR. Probabilistic
risk assessmentcourse documentationvol. 1: PRA fundamentals.
NUREG/CR-4350/1, USNRC, Washington, 1985.
[47] RiskSpectrums PSA Professional, 19982003 RELCON AB.[48] Xu
X, Lam BP, Austria RR, Ma Z, Zhu Z, Zhu R, et al. Assessing the
impact of
substation-related outages on the network reliability, PowerCon
2002. In:International conference on power system technology,
Proceedings, vol. 2,2002. p. 8448.
[49] A report prepared by the Reliability Test System Task Force
of the Applicationof Probability Methods Subcommittee. The IEEE
reliability test system1996.IEEE Transactions on Power Systems
1999;14(3):101020.
[50] Allan RN, Billinton R. Reliability assessment of large
electric power systems.Boston: Kluwer; 1988.
[51] Carreras BA, Newman DE, Dobson I, Poole AB. Initial
evidence for self-organized criticality in electric power system
blackouts. In: Proceedings ofthe 33rd annual Hawaii international
conference on system sciences, 2000.
[52] Reevaluation of Station Blackout Risk at Nuclear Power
Plants. NUREG/CR6890. US NRC, Washington, 2005.
[53] Evaluation of Loss of Offsite Power Events at Nuclear Power
Plants:19801996. NUREG/CR 5496, US NRC, Washington, 1997.
[54] Cepin M, Prosen R. Update of human reliability analysis for
nuclear powerplant. In: Proceedings, International conference on
nuclear energy for NewEurope, Portoroz, 2006. p. 706.18.
Application of the fault tree analysis for assessment of power
system reliabilityIntroductionState of the art of power system
reliability analysis
Method descriptionFault tree analysisNew importance
measuresApproximate DC load-flow model and line overload
testProcedure
ResultsAdditional application of the results
ConclusionsAcknowledgementReferences