TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf

8/10/2019 TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf

1/98


2/98

FOR DYN ~IC SECURITY

ASSESSMEN ~

Task Fo rce 38.02.13

Convener

B. MEYER France),

Secretary G. NATIVEL France)

Members :

B. MEYER France)

M. BEISSLER Germany)

A. O. EKW UE United Kingdom )

M. EREMIA Rom ania)

N. HATZ IARGYRIOU Greece)

I. A. HISK ENS Australia)

P. KUNDU R Canada)

W, LEVY Sou th Africa)

R.J. MARCEAU Canada)

N. MARTINS Brazil)

M. MOLLER-REINKE Germany)

M. MOKH TARI USA)

T.T, NGU YEN Australia)

M. PAVELLA Belgium )

P. SC ARPELUN| Italy)

M. STUBBE Belgium)

H. TAOKA Japan)

L. Kr. VORMEDAL Norway)

L. W EHENKEL Belgium)

G. NATIVEL France)


3/98

CONTENTS

CHAPTER 1 : INTRODUCTION

CHAPTER 2 : DEFINITION OF DYNAMIC SECURITY ASSESSMENT

2.1.

2.2.

2.4.

Formal definitions

Security assessment in system and operations planning

Dynamic security assessment

Dynamic security criteria

CHAPTER 3 : OVERVIEW OF CURRENT PRACTICES

3.1.

3.2.

3.3.

3.4.

3.5.

3.6.

The choice of degraded networks

Stability limit determination

Use of Critical Clearance Time determination

Security limit determination

Understanding the challenge of Dynamic Security Assessment

Feedback from questionnaire to electric utilities

CHAPTER 4 : GE1WERAL NEEDS AND REQUIREMENTS

4olo

4.2

4.3.

4.4.

sources

~.6.

~.9.

Kinds of information required by control operators

Needs of screening to identify critical contingencies

Needs concerning external networks and data exchange

Needs of isolated system with a large penetration from renewable power

Performance requirements

Modelling requirements

Triggering mechanisms

Data management (data requirements to iron a DSA)

User interface

CHAPTER 5 : ANALYTICAL TECHNIQUES FOR DSA

5.1.

Analytical techniques

5.2.

Intelligent systems

5.3.

DSA techniques vs criteria


4/98

CHAPTER 6 : THE USE OF PARALLEL PROCESSING

6.1. Introduction

6.2.

Cluster architecture

6.2.1. Serial implementation

6.2. 2. Parallel implemenation

6.3. Parallel computer

CHAPTER 7 : CURRENT DSA EFFORTS AROUND THE WORLD

7.1.

7.2.

7.3.

7.4.

7.5.

7.6.

7.7.

Transient Stabili~ Control System at Chubu Electric Power Company

Hydro-Quebec DSA project

DSA at BC Hydro and Power~ech Labs Inc., Vancouver, CANADA

Electricit6 de France DSA project

University of BATH / The National Grid Company On-Line DSA facflRy

A first nucleus of DSA at ENEL

Project Joule II : JOU2-CT92-0053

CHAPTER 8 : TECHNICAL CHALLENGES AHEAD

8.2.

8.3.

8.4.

8.5.

8.6.

8.7.

8.8.

Necessary computing speed-ups

System size reduction

Probabitistic procedures

Preventive vs corrective controls

Validation procedure

Advanced interfaces for the operations environment

Limit search strategies and technologies

Security theory and erRefia

CHAPTER 9 : MEASbT~I~v~ENT-BASED ASSESSMENT

9.1.Motivation

9.2. Analytical techniques

CONCLUSION

REFERENCES

ANNEXE


5/98

-4-

CHAPTER

INTRODUCTION

Power system security can be defined as the art and science of the survival of power

systems. In order to ensure their survival, power systems are operated within certain power

transfer limits, commonly referred to as security limits. If such limits depend on steady state

feasibility or adequacy criteria, they are called steady-state or static security limits ; otherwise,

if such limits depend on transient or long-term stability criteria, these are referred to as

dynamic security limits [13A92].

For many utilities around the world, there is considerable pressure to increase power flows

over existing transmission corridors [WU93]. Though this need is partially met by existing

energy management system (EMS) technology which provides comprehensive on-line

security assessment based almost exclusively on steady-state analysis (i.e. steady-state or

static security) [ST87], the optimisation of security limits on many power systems now

frequently requires taking account of dynamic security assessment. Due to the important

constraint of determining dynamic security limits in a time-frame compatible with their use

on-line, this requirement has historically presented serious obstacles in terms of computer

hardware and soRware limitations. Indeed, this explains why dynamic sectu-ity analysis has

long remained an off-line activity, performed for small numbers of umbrella networks, even

though operations plamaers have long understood the combinatorial nature of off-line dynamic

security assessment and the consequent impossibility of optimising security limits for every

probable system topology [FO88b].

The need of a consistent data set absent of the standard EMS data bases, to perform dynamic

studies, is also a challenge. Furthermore, indicators obtained from such DSA facilities should

be concise and easily tmable by operators in control rooms.

The difficulty of gravitatirtg to the on-line environment has had considerable impact on the

evolution of the justifiably conservative philosophies, practices and criteria which today

characterise dynamic security assessment. These, in turn, affect the dayotooday operations of

power systems around fi~e world. However, thanks to the rapid evolution of computer

technology, not only in terms of raw hardware performance, but also in such areas as software

paradigms, human-machine interaction technologies, and massive networking of processors,

many formerly insurmountable constraints are on the threshold of being cast away.

Opportunities are now begir~ng to emerge, even though important challenges remain.

The most obvious opporamity, of course, is the perspective of rapid dynamic security

assessment in the on-line environment, with the attendant consequence that the security limits

of individual transmission corridors are determined for the system topology actually in the

field at any given time. Compared to the off-line methods presently employed by many

utilities, this in itself represents a form of optimisation. The existence of this capability has the

potential of transforming power system operations in a fiandamental way : such a capability

provides new degrees of freedom, enabling the system operator to adjust power flows far


6/98

-5-

more rapidly and confidently in response to changing system conditions. However, new

degrees of freedom bring new responsibilities one must anticipate that strategic decisions

affecting the economic performance and reliability of power systems will be made in shorter

time frames and at lower management levels.

The present report therefore attempts to describe dynamic security assessment as it is

practised today, identify the emerging trends which will shape the future as well as their

impact on power system operations. The report thus establishes what needs to be done in

order to assist in this task.


7/98

-6-

CHAPTER 2

DEFINITIONS OF DYNAMIC SECUPATY ASSESSMENT

This chapter presents the concept of Dynamic Security Assessment. It is introduced starting from thaz basic

definitions of power system security (2. I) and extending them in the dynamic dimension.

2.1. For.._._.~mal definitions

Most authors credit Dy Liacco for laying down the theoretical foundations of power system

security in a series of reports and papers published in the late 1960s and 1970s [DY67],

[DY68], [DY74], [DY78]. He originally defined security in terms of satisfying a set of

equality constraints over a subset of the possible disturbances called the next contingency

set [DY68].

Several definitions for power system security have since been proposed. For example, the

North American Electric Reliability Council (NERC) which provides reliability and security

guidelines to all the utilities in North America defines security as prevention of cascading

outages when the bulk power supply is subjected to severe disturbances ~A92]. More

recently, a CtGRE working group [HU93] has proposed that power system security is the

ability of the system to cope with incidents without the operator being compelled to suffer

uncontrolled loss of load : this definition implicitly includes the currently accepted criteria

used to perform deterministic security analysis in practice.

Beyond the specific details of each and every particular definition, it must be recognized that

security is a fundamental objective of power system operation and design. Also, if power

system security is achieved, one intuitively understands that system reliability arises as a

consequence. In a broad sense, hidden behind specialized power-domain termh~ology, lie

different attempts to circumscribe the capability of power systems to survivC unexpected

events [FO88b]. Because of the need for creativity in addition to detailed technical knowledge

in ensuring power system security, one should preferably define power system security as the

art and science of ensuring the survival of power systems. However, the specific tasks

related to this function differ according to whether the focus is system planning or operations

planning.

2.2. Seeur~~ssmenCm s~em and o erations lannin

The objective of security assessment is to design and operate networks which will stuwive

unforeseen events. At the planning stage, networks are generally designed to meet or exceed

previously specified overvoltage, stability and adequacy criteria. Stated in the simplest terms,

the system planner

seeks to meet some secure transmission capacity subject to established

criteria, and ~ the variabl_e (see Fig. 2. l).


8/98

-7-

Netwo~

Topology

]

F_~ure 2.1

The system planning problem : the search takes

p|ace in the space

of topo|ogies

This is a far-reaching statement it implies that transmission ca---and criteria-

~endent. Of course, the process must also yield a network design which is demonstrably

operate [GA92], a term usually equated with design simplicity.

For security to be assured in the ~ environment, it follows that system operations must

be consistent with fretwork design philosophy and criteria ; the original design criteria must

apply to every degraded topology of the complete, original network. Inherent to this is the

concept that the ne~ork to olo chart es in time, not ordy due to urLforeseen events but also

due to regularly scheduled mak,~tenanee.

F~_ j~re 2 .2

The operations plannh~g problem : the search takes

p|ace in the space of transmission capacities


9/98

-8-

The operations plaoaaing problem differs fundamentally from that of system plarming in that

the degraded topologies and criteria (i.e. such as overvoltage) a_re known at any given time,

and transmission cadre constitutes the onl remainin- de ree of freedo.._~m (see Fig.

2.2). Consequently, the guidelines provided to the system operator are transmission capacities

for the many possible degraded topologies, or as power engineers would say, for increasingly

weakened

networks.

The security limits provided to the system operator are power flow values which guarantee

that a given degraded topology is secure for every one of a list of likely contingencies,

including the worst. Individual transfer limits must be found for each likely contingency and

for each degraded topology, and the most restrictive limit, whether resulting from steady-state,

or transient or long-term (i.e. voltage) stability considerations, is the security limit. Generally,

the security limit is the most restrictive power transfer limit which identifies, in turn, the

worst contingency . Security limits are usually compiled in the form topology-dependent

tables [DE84, FO91] though decision trees have also been proposed [WE89, WE94a].

2.3. _Dynamic securit~

assessment

When referring to transmission capacity limits obtained in relation to post-contingency

thermal, voltage power-flow feasibility or adequacy criteria, these are called steady-state

security limits. When referring to limits obtained in relation to transient or long-terra voltage

stability criteria, the resulting limits are termed dynamic security limits. The various problems

and methodologies which call upon the use of transient or long-term stability software for

determining either i) system stability, ii) security limits or security margin, or iii) performing

different types of sensitivity studies which will optimize security limits in terms of various

network parameters is termed dynamic security assessment (DSA).

The dynamic security of a power system is characterised by the robustness of its operating

condition in ten~s of security margins with respect to defined operating constraints. The

dynamic security has to be guaranteed in order to maintain the reliability and quality of

service provided to the customers, mainly consisting of continuity and constancy of voltage

and frequency. Dangerous events, such as faults, loss of transmission equipment, loss of

generation and sudden change of load, cause imbalances between the mechanical power

inputs and the electrical power outputs of the generators, with consequent electromeehardeal

transients and long term dynamics of the system. In a dynamically secure power system, the

transients due to such phenomena are of small amplitude and well damped with little impact

on the quality of service. In an insecure system, during system transient evolution, voltage

and/or frequency large deviations may occur with possible cascade line tripping, loss of loads

and/or generators, which can lead to major incidents.

The dynamic security assessment aims at establishing whether the power system is able to

maintain a security condition in case of inception of predefmed contingencies. Such analysis

has to cover all the dynamic phenomena with the goal of verifying that the transient from the

initial to the final steady-state doesnt cause system crisis.


10/98

-9-

2.4 _D .ynam~c Secu rity_

The security concept is strictly connected to the type of considered contingencies, in the sense

that the system must be able to withstand at least credible contingencies ie. contingencies with

not too low probability of occurrence. More in general, the concept of security level has to be

included in the wider concept of reliability, defined as the degree to which the performance of

the system components gives lieu in electricity being delivered within prefixed standards in

terms of quality and continuity. Therefore, the security concept is connected to the severity of

the contingencies and to their occurrence probability.

Before introducing security criteria, reference has to be made to the concepts of secure,

insecure, emergency and blackout state.

One cart say that the system is in secure or normal state if, following any credible

contingency, all loadings are within the continuous capabilities of system components, with

voltage and frequency within prefixed operational limits and overall demand supplied ; in

alert or insecure state if the system is in acceptable steady-state but there is at least one

credible contingency able to get the system to enter.the emergency state ; in emergency state

when loading, voltage or frequency unacceptable conditions exist or the demand has been

even partially lost or the system is split or some facilities have been lost.

Criteria for security assessment can be of various types - empirical, probabilistie, economic ;

such as

i) The system robustness, mainly in terms of this ability to avoid topological changes in

the presence of classical (credible) disturbances.

2) The severity of the considered contingency, in terms of the type of the excited dynamic

phenomenon or in terms of its influence on the network structure or the acceptability (more ha

general the quality) of the final steady-state or the activation of special protection schemes

and/or defence plans.

3) The probability associated to the contingency.

4) The system vulnerability, defined as (I) system sensitivity with respect to one or more

operating parameters, (2) the security tor contingencies following the first one, (3) the

dil~culty of the restoration phase in ease of load disconnection or system breakdown.

Once assigned security criteria, the objective of DSA is to answer the following questions for

each postulated contingency, assuming that the precontingency steady-state of the system is

known-

.

Are there any topological changes, following the contingency ?

This can be answered affirmatively if (a) the system is unstable and (b) the system

dynamic beha,Aour is such as to initiate the operation of protective devices which can result in

system configuration changes. In such cases lake final system state is an emergency state ; the

system is insecure and a second verification has to be carried out on the consequences of


11/98

topological modifications in order to deten~ine the final system conditions. The following

questions have to be answered. Is a steady-state reachable ? In such a case, what are the

system characteristics ? Acceptability of the steady-state condition may depend on the amom~t

of load and/or generation rejected at the end of the topological changes following the

inception of the contingency.

In case of topological configuration of the system maintained indefinitely or at least

over a prespecified time period, foIlowing the contingency, is the steady-state condition

acceptable ?

Assuming that the system has no human interaction from the instant of the inception of the

contingency to the instant of reaching the steady state, it has to be verified whether the state of

the system is secure or not secure, that is all the system components are close to their

precontingency values and anyway within their operating limits or some action has to be

executed to restore secure steady-state conditions.

/

,

The answers to the two previous questions imply different levels of security in accordance

with the final state reached by the system at the end of the possible transients deriving from

the first contingency.

In an alternative but equivalent way of defining system security indexes, it is possible to

search for combinations of contingencies able to determine system crisis conditions or

component operating limits violations. The selection of a set of combined contk,~gencies may

be based on the concept of weak cutsets , or more severe contingencies than the usual

credible contingencies can be assumed, taking into account a sequence of outages or

considering individual more critical, but less probable, contingencies.


12/98

CHAPTER 3

OVERVIEW OF CURRENT PRACTICES

This chapter presents some main features of DSA as it is practiced today. Some important

concepts as the degraded network (3.1), the stability (3.2) and security (3.3) limits, the

critical clerance time (3.4) are introduced Also a summary of the responses to the

questionna ire to electric utilities is given in 3.6.

3.1.

Thechoi~raded networks

One main difficulty for DSA is the choice of the initial operating conditions for the

simulations and thus, the preparation of the study file. It is necessary to integrate all the

existing -knowledge about the targeted operating conditions. If a good knowledge exists, it is

possible to consider a relatively small number of initiai conditions sets. It is also possible to

consider only one initial conditions set, but in this case it must take into account the most

constraining conditions for the stability. When the future operating conditions are not well

k~-aown, it is necessary to consider a large number of initial conditions sets.

Considering a small number of initial conditions sets

The initial conditions set is ideally obtained from a snapshot giving the state of the network at

a certain moment (i.e. topology, modules and phases of the voltages, active and reactive

powerflows). The snapshot can hhen be modified to take into account foreseen operating

conditions. Also different hypothesis can be applied, which are generally in disfavour with the

stability of the system. For example, generators outputs are raised to their maximums or to

their limits and, the voltage / reactive plan is put into its most constraining situation of the last

periods. This approach is convenient for short term operation studies.

Figure 3.1

The logic of dynamic security ana|ys~ in operations planning


13/98

-12-

Considering a large number of initial conditions sets

This approach is convenient for middle or long term operation studies. Dynamic security

assessment processes are typically applied to a network as illustrated as in Fig. 3.1. Given a

starting network topology, the base network Nb, the operations planner first selects a set of

probable degraded networks, Nd

i.

Each Nd

i

consists of the base network after the loss of an

EHV line section, a complete EHV line or a combination of line sections or lines in adjacent

transmission corridors. For each Nd

i

network, the plarmer assun~es unavailability of

combinations of voltage support components (SVCs, synchronous condensers or shunt

reactors) or of tie-lines between corridors ; this gives the Ndij networks. The Ndij networks are

those simulated for each of a set of normal contingencies C

k

: transient and long-term transfer

limits are obtained for each combination of Ndij and C

k

and dynamic security limits are

derived from these results. The studies which follow are therefore pararneterized in terms of

the unavailability of some subset of facilities. For each case, safe conditions are tabulated in

separate tables and, during on-line operation, a given network configuration is used as a key to

find and access the most applicable table [AV91]. The on-line use of these tables consists of

finding a previously studied network that is closest in terms of configuration and loading, and

secure operation of the network is ensured provided that system operators maintain power

transfers within these limits.

3.2.

Transient and long-term voltage stability limit determination is the key to this approach,

Typical examples are the stability transfer limit on a corridor and the active or reactive power

generation limits of some critical power stations. Finding such limits is a complex, iterative

process which requires the execution of many time-domain stability simulations and

considerable expertise.

DAT A FIL E INP UT S

T o po l o gy

Ndi j

Co n t in g en cy

L O A D F L O W

C k

INPUT

A N A L Y S I S

MODIFIC AT IONS

F_jgu re

3.2

The power transfer limit deternfination

process


14/98

-13-

Consider Fig. 3.2. To perform a single power transfer (or generation) limit search, one must

first execute a load-flow software package for a given topology, analyse the results, carry out

manual modifications to the data input and repeat the same procedure until a satisfactory

steady-state case is found. This initial step is not trivial : even such deceptively simple areas

as toad flow analysis and correction can be so complex as to warrant optimal load flow or

expert system tools on their own [CI93]. A satisfactory steady-state case is then used to

initialize the network for a transient-stability simulation, also manually initiated by the user.

When the sirrtuIation is finished, one will often need to extract results, perform transient or

long-term stability analysis, apply acceptance criteria, determine what the next step will be

(i.e. increase or decrease power transfer in the faulted corridor), modify load-flow software

inputs accordingly and re-enter the process. This is repeated until the required limit is found to

the desired accuracy.

In principle, to find the securit~ limit (for example, the transfer limit associated with a

transmission line section or corridor), one must repeat this process tor different contin ene

~and locations (i.e. on the line section or corridor) until the most constraining (i.e. lowest)

transfer limit has been identified.

3.3, Use of

Critical

Clearance Time determination

The critical clearance time (CCT) of a fault is a very co~,non transient stability indicator. It is

~ually defmed as the maximum duration time of the fault which is not leading to the loss of

synchronism of one or more generators. Thus, it is classically compared with the clearance

time of the fault after the action of a protection and breaker. It determines a k.k, ad of security

margin (in milliseconds) of the system.

Using time domain simulator, the CCT is computed by an iterative process based on a

dichotomy on the clearance time of the fault. Typically, 8 simulations are necessary to

compute one CCT with a precision of 10 ms. Each simulatioo ends with the detection of the

state of stability of the system following the etiminati~ of the fault stable or unstable

whether a generator has lost synchronism. The complete computation takes between 20 and 30

minutes on standard Unix workstations for a detailed modeling of a system composed of 1000

busses and 100 machines. However, this process can be easily parallelised. Also, direct

methods [CI95] can be used to improve computational efficiency.

CCT is usef~dl to know whether the system can sustain a certain contingency. It can be seen

also as a basic stage for transient stability security limits determination processes : being

given a contingency, the economically optimal operational conditions (for example, the

generator output limits) can be searched so that the CCT of the fault be superior or equal to

the typical clearance time of the fault.

3.4. See__~.q_~_~ limit determination

Dynamic security lkrrtit determination is a complex process which consists of many smaller,

individual problems. For on-line Dynamic Security Assessment (DSA) to provide useful

information, it must address the following basic problems


15/98

14 -

i) Obtaining results of a power flow which reflect the reality of the topology and

production - consumption system presently in service ;

(it) The security status of the topology (i.e. is it stable or not ?) and the security

margin (how stable ?) with respect to some contingency, location and criterion (i.e. steady-

state, transient or voltage stability) ;

(rio The power ta-ansfer limit of a transmission corridor (or boundary) with respect

to said contingency, location, and criterion ;

(iv) The generation limit of some power stations with respect to said contingency,

location, and criterion ;

v

a n d

The security limit of a transmission corridor with respect to said contingency,

(vi) The associated worst contingency location.

As can be seen, the statement of each of these problems relies heavily on predetermined

choices relating to contingency type, location mad criteria rather than probabilistic

distributions involving system topologies and contingencies in time and space. Existing

security assessment and control practices are therefore seen to be based on deterministic

methods rather than probabilistic analysis in order to identify secure operating regions by

means of security limits. The comparison of security limits and actual line flows guides the

system operator in the choice of specific operating strategies at any given time.

O f te n , d e t e r min i s t i c DS A a d ck , x~ se s the se ba s i c p ro b le m s w i~ J n a l a rge r f r a me w o r k , fo r e xa m ple ,

through sensitivity analysis by optimising security limits as a function of some network parameter

or some aslxct of power system economies. Transfer limit determination, based either on Wansient

or voltage (long-term) stability criteria can be viewed as the dividing line between the low, ard

high-level p~ in DSA. Items (i) and (it) represent the elementary functions required in

accomplishing item (iii) and (iv) ; this, in turn, constitutes *.he fundamental building block for

findingitems (v) and (vi). For example, security limit determination follows directly from a simple

comparison of the different transfer limits obtained for different contingencies at different locations

and analysed according to different criteria : the lowest transfer limit is the security limit.

Sensitivity analysis represents yet another level of complexity : this requires entering a process in

which item (v) becomes the primitive, and this primitive is performed for different values of some

n e t w o rk p a ram e t e r1 .

3.5. Understanding

the cha||en~namie

Securit

E

Assessment

To fully appreciate the impact of the inherent challenge of security assessment, one need only

consider that a very large number of network situations (see 3.1.), in addition to all credible

For exam ple, FACTS contro l ler set tm ints may be regular ly adjusted to m aximise the secur i ty l imit .


16/98

contingencies, must ideally be considered. Typical operations planning departments are

unable to consider all the combinations [AK89]. There are two main reasons for this :

1. Dynamic security assessment processes are extremely time-consuming, if only from the

point of view of expert analysis.

2. The analysis of every conceivable degraded topology is a problem of combinatorial

dimensions.

As a result, one clearly understands the importance of automating such processes and

gravitating them to the on-line environment. Additionally, when the system finds itself in an

insecure state, being given the high complexity of the dynamic phenomena in play, the

operator requires considerable expertise in order to crystallise a strategy which will bring the

system back to a secure state with minimum impact on utility customers. Software which not

only synthesises but also advises operators on possible courses of action and enables them a

real understanding of the dynamic behaviour of their system is therefore a vital component of

future EMS systems.

3.6 Feedback from ~uestionnaire to electric utilities

Introduction :

A questionnaire on the current DSA practices and requirements was prepared by the

Task Force and distributed to major utilities world-wide. More than 40 responses

were received from 20 countries. Most responses came from Germany, Japan and

Australia. The summary of the responses will be presented in this section. The

complete survey analysis is available in the annexe.

Structure of the questionnaire

:

The questionnaire was divided into 3 parts. Section A addressed the defufition of the

DSA from the specific utility point of v/ew as well as the types of phenomena of

concern to that utility. Section B examined the current practices such as the types of

stability limits and the measures (preventive or corrective) being used to knprove

stability limits. The final section concentrated on the DSA needs e.g. size of system a

DSA software should handle, kinds of dynamic sect~ity indicators, importance /

economic benefits of a DSA facility to a utility, how to present information to the

control engineers, needs for screening, etc.

Qu estionnaire responses :

Most utilities see the DSA as either a short term operation or extended real-time

analysis from a snapshot. The main types of phenomena of concern were transient

and voltage stability. It was highlighted that any modern DSA facility should address

both subjects. Most utilities have suffered from transient instability, dynamic

instability or voltage collapse due to the pole slipping on long transmission lines with


17/98

remote generation, instability of a nuclear power plant, poor damping after a

switching phenomenon, AGC interaction on weak transmission system, etc.

The main preventive measures to improve stability were control of generation

system, control of transmission system, use of power system stabilizers, excitation

eontrot, addition of series/shunt compensators, etc. For corrective measures-

loadshedding including load curtailment tkrough voltage reduction, switching of

capacitors and reactors as well as full or partial rejection were mentioned.

The DSA is becoming important because of the increasing number of independent

power producers due to institutional changes such as open access~ The economic

benefit of having a DSA facility is difficult to quantify. The information to be passed

on to the control engineers should be easy to use so as to assist them in understanding

the location and types of phenomena as well as effeeting remedial actions. The User

Interface should have line diagrams with affected circuits hatched and warnings via

alarm that the system is in critical dynamic state. Screening is desirable to cover a

large number of configurations that would not have been studied otherwise, to select

the most critical contingencies from a list of eriticaI contingencies as well as to

achieve high speed of operation.

On general comments regarding a DSA facility, it was mentioned that a useful DSA

should be established on a detailed representation and modelling of the power system

in order to provide conclusions based on aeettrate results. It should also integrate a

user friendly interface and faster algorithm to be used by operators in real-time, as far

as tremendous progress made by computer ha calculation can help shorten the cycle

time.


18/98

-17-

CHAPTER 4

GENERAL NEEDS AND REQUIREMENTS

4.1.

Kinds of

informa_~b

K

control o_.perators

According to Debs and Benson [DE75], the advantages of hhe operator in the control room

include

1.

He relies on a global perception of events in interpreting events.

2, He can take into consideration peculiar situations not originally programmed.

3. He can be trained to assess the impact of a given contingency.

4.

He can override the computer when the results are unreasonable.

whereas the disadvantages of the operator are

1. Slow reaction time.

2. Judgement is dependent on training and intelligence of particular operators.

3.

Knowledge of software capabilities and limitations is operator-dependent .

Generally, the requirements for the DSA varies. First-swing stability (1-2 seconds) may be

sufficient in some cases whereas in other cases, damper and stabiliser responses (10-15

seconds) may be more important. Others may require much longer periods. However, for

practical purposes, these may be classified into

. stable/unstable,

damped/undamped and,

. margins to instability/undamped oscillation.

These are usually expressed (for transient stability) in terms of critical clearing times, which

are not helpful to the operators (control engineers). Tlae needs of the control engineer may

include

(a) Knowledge of the margin on power transfer from a particular machine or

across a boundary,

Co) A ranked list of the critical contingencies (about 10) using fast filterkng

techniques (which maybe AI based) for detailed dynamic study,

(c) The DSA analysis updated regularly, say every 15 minutes,

(d) Knowledge of how the future power systems will look like,

(e) What mechanisms caused the outages, were they due to loss of synchronism,

distance relay settings etc. and,

(f) The operator needs to know what control actions may be taken to move the

system to a more secure state. The boundaries between the secure and insecure states should

be stated so that the operator can easily recognise this and be able to control the system

[FO88b].


19/98

-18-

4~2o

Needs

of screenin_g~ ~o id~encies

Studying the dynamic performance of a power system means to evaluate the ability of the

system to withstand -

the sudden loss of any major generator or transmission line,

. specified line faults maintaining stability and with no loss of generators,

. combined sets of contingencies, like loss of more than one generator, cascading line

outages, system splitting and loss of load.

Given the current steady-state of the power system, the operator has to check, following each

contingency, whether the transitions in system configuration are acceptable, Besides, he needs

to evaluate if the final condition of the system subject to each contingency is acceptable or

not. The steady-state condition reached subsequent to a contingency depends upon the

contingency. It is impossible to enumerate all possible contingencies and the corresponding

steady-state conditions, and then to check whether the steady state conditions are acceptable.

Hence, only a predefined set of contingencies is considered.

Appropriate selection of contingencies for further more detailed processing is very impor*.ant ;

the aim is to reduce reasonably the number of contingencies, without overlooking potentially

severe credible contingencies and study in detail only the worst and the most probable eases.

A contingency must be classified as non-critical or critical and contingencies belonging to

these two sets must be ranked in a severity order. Non-critical contingencies are those for

which the transitions of system configurations are limited to those implied by the predefined

events used to describe the eontingeney. In other words non-critical contingencies do not

result in unstable behaviour of the system or system protection operation, always causing

unforeseen modifications of the system structure. Critical contingencies determine system

configuration changes not included in the series of events used to describe the contingency.

Screening and ranking functions may be used to

...

.classify all contingencies of interest into severe and non-severe groups,

, rank all contingencies of each (critical or no-critical) set in order to analyse in detail

only the most severe ones (or all the contingencies included in the critieaI group) and the ones

near to the security limits,

. identify interfaces of concern and assess corresponding transfer limits.

Need s concernin externa| networks and d at_a exchan.gg

Power systems are interconnected hence many dynamic security problems are not confmed

within the boundaries of any utility. Also, problems result within the state estimation/security

assessment due to duff external data. Therefore, there is the need for co-operation ha shafng


20/98

19-

network data as technology advances ; better co-ordination between utilities and more

understanding shown to be able to resolve any organisational problems that may arise.

For example, Pacific Gas and Electric Company [FO88b] encompasses Not, them and Central

California and the bulk transmission consists of two 500 kv AC transmission lines that

transfer power between the North and the Southern boundaries hence it becomes vital to

become familiar with the transmission system Mthin and outside the PG and E area of

operation. Also, between the England and Wales transmission network/Scottish boundaries.

Some of the issues which may affect such utilities, generally, include -

(a ) the adequacy of communication facilities available to achieve the data

exchange,

(b) the requirement for a unified communication protocol,

(e ) the potential regulatory difficulties which might prevent the exchange of all the

necessary data between different companies.

In analysing the responses from the utilities to the questionnaires, there were more concerns

regarding the adequacy of cormrmmication facilities as well as the requirement for a unified

communication protocol. Some of the specific comments of these utilities are

. the greatest difficulty is the reluctance to pass information which may affect the

competitive position of the utility due to the commercial sensitivity of data,

o the data exchange and the external network representation are adequate for off-line

studies but for on-line application a better process is needed for data exchange and the

development of an inter-utility data exchange consortium by that utility is in the right

direction,

where external information is received this may not be adequate hence this is being

a d d r e s s e d ,

as there are no e-mail facilities in this particular utility, exchange of external data is

effeeted by fax or through the post,

. the communication protocol with neighbouring utilities may exist for data exchange

but different utilities have different protocols hence the need for better co-ordination,

. uses AC-DC interconneetion hence there is no need for external network data.

Needs

of

isolated system w~th a [are enetrat~on from renew~._~__~ower

The importance of renewable power sources for the production of electric energy has been

increasing in the last years. This is particularly the case with autonomous power systems

typically found on islands isolated from the mainland, In these cases, electricity is produced

by diesel twSts which make the investment for the exploitation of renewables particularly

attractive. A typical example is the situation found in the small and medium size autonomous

power systems operating on the islands of Greece, Portugal, etc. with high wind potential. For

instance, in medium size Greek islands with 25 MW peak demand, wind power penetration

exceeding 10 MW has been found to be economically and technieally feasible. In larger


21/98

- 20-

islands, like in Crete, with 300 MW of peak load, wind power penetration in excess of 80 MW

is foreseen.

The dynamic performance of autonomous power systems with a large penetration from

renewables presents a number of unique features, mainly because of the highly intermittent

natus-e of wind. Thus, fast wind power changes and very high wind speeds resulting in sudden

loss of wind generator production can cause voltage and frequency excursions and

dynamically unstable situations. It should be noted that, unlike classic power systems where

serious disturbances like faults etc. are relatively exceptional events, disturbances due to the

wind variability occur very frequently. In order to guard the system against these disturbances,

very conservative operation scheduling policies are applied which result in increased spirtning

reserves from the conventional urfits and underexploitation of the renewables. Therefore, in

order to achieve a large penetration of renewable sources without degrading secure operation,

it is very helpful for system operators to be equipped with on-line assessment of the dynamic

security of the system for fast wind power changes.

4.5. Performance requirements

An on-line DSA function must be capable of assessing hundreds of credible dynamic

contingencies in the time frame of the execution cycles of the real-time sequence of the

Energy Management System (EMS) which is in the order of 15 to 20 minutes. In other words,

when the results of state estimator become available, the DSA triggering mechanism should

start the DSA cycle to process the contingencies. DSA must complete the assessment of all

contingencies within 10 to 15 minutes.

The performance requirements of the DSA should be measured on a power system model of

some 1000 buses or more.

The performance requirements based on the sizing parameters above shall be as follows -

DSA execution periodicity - 10 to 20 minutes as requested by the operator

Pre-defmed contingencies 300 contingencies with no more than 30 severe contingencies

(i.e., such that the screerting process would filter out all contingencies but 30 severe

contingencies for full time domain simulation).

Simulation time 10 seconds of time domain simulation with possibility of early

termination or in ease of long term dynamic phenomena, up to one minute or more.

DSA execution DSA execution will include contingency selection, screertkqg,

classification, and ranking.

Limit calculation 5 minutes to compute transfer flow limits for the worst

5 contingencies.


22/98

-21 -

4.6. Mode|~uiremen~s

Network models

The network model includes topology and representation of branch devices (lines, series

devices, transformers, and phase shifters), generators, loads, DC converters, status of breakers

and configuration of bus bar arrangements in substations. Power transfer interfaces between

companies or zones shall be identified. The DSA network model shall be able to identify and

model different islands. As a minimum the following shall be represented :

a) _Static device power flow models

curve

t

.

lines represented as pi sections,

transformers represented as pi sections with admittance components as functions of tap

settings,

phase shifting transformers,

generators represented as constant real-power source with reactive power capability

shunt elements represented by their admittance,

DC lines with converter station modelling,

Static Var Compensators (SVCs),

loads represented as constant real/reactive injections.

b) ~ device models

. generator models shall include : swing equation with damping, machine models

including classical model, two axis model, representation of damper windings,

excitation systems,

governor models,

power system stabilisers,

DC line dynamic models,

SVC dynamic models,

FACTS device models,

capability to represent user-defined models,

. load models shall include non linear voltage dependence as in ZIP (constant

impedance, constant current, constant power) model and as a function of frequency. The load

model shall also provide representation of large induction motor loads.

On-Load Tap Changer

Automatic devices and relays (as loss of synchronism, overcurrent protection, power

protection, generator minimum and maximum voltage protection, generator and motor over-

and tmderspeed protection, static distance protection, frequency load shedding)

Modelling requirements of the DSA based on requirements of various components are listed

below:

~ Selectiorg~Definition

A predefined contingency list should be checked for validity of each contingency for the

current operating conditions and topology. For unbalanced faults the correct value of fault


23/98

- 22 -

impedance may be computed using a short circuit program. The following types of fault shall

b e sup p or te d

three phase to ground,

phase to phase,

two phase to ground,

single phase to ground,

single pole tripping and reclosing,

three phase or single phase breaker reclosing,

bus split.

At a minimum the following types of switching shall be supported -

breaker opening/closing,

recloser action,

dynamic braking action,

capacitor/reactor insertions and/or removal,

generator and SVC tripping,

load shedding,

automatic transfer tripping.

screening

The contingency screening shall derive its models from the most detailed models available to

the DSA. However, in order to achieve required speed of solution, this component may use

approximate models.

Simulation en.g2~

The simulation engine shall have the capability to model all equipment necessary to conduct a

transient stability study for periods of 5-20 seconds.

4.7. Tri erin mechani~ns

The aim of a triggering mechanism is to start a new assessment when required. Its most

important function is to check whether the changes in system conditions are significant

enough to require a new cycle of DSA. A DSA cycle may be also activated by a specific

operator request and automatically at prefixed time intervals.

The triggering mechanisms may be connected to the system security monitoring and exploit

the same information available at all times to facilitate proper decisions during normal

operation, following a contingency.

Whenever in each control area potential problem caused by any events or significant changes

in power transfer capabilities are detected, reflecting voltage, reactive, thermal, and stability

limits, DSA shall provide information about possible contingency consequences and / or


24/98

- 23 -

possible remedial actions before or after further contingencies besides events or outages

modifying system conditions.

After the loss of any significant facilities, DSA shall be triggered ; scheduled outages of

facilities should be taken into account. When important deviations in operating conditions

occur, sufficient monitoring shall be provided through DSA so that the existence of possible

system crisis conditions may be checked.

The main triggering quantities, capable of activating DSA, should be :

- short circuits, implying transmission configuration changes,

- loss of important generation groups, or, more in general, any unit status modification,

- loss of important cormections,

- significant change of active or reactive power output of generating units.

A DSA cycle could be activated even by changes, greater than predefmed thresholds, of other

significant variables such as :

- phase angle difference between buses,

- speed deviation of generator or frequency deviation,

-

rate of change of power transfer over one or more lines,

- rate of change of apparent impedance on important predefined connections,

- voltage at a bus or at generator terminals, or power in a critical interface.

The limits or control options are pre-entered and remain valid until changed by the operator.


25/98

- 24 -

4.8. D ata mana~gemen~_~d ata requirements to run a DS A~

To run a DSA, the following data are required :

a) Solved Real-time State Estimator or Power Flow data describing the power system

network and associated components, as well as the static conditions at all network buses

(voltages, angles, loads and generation MW/MVar, etc.).

b) Dynarnie data describing the device characteristics required for a transient stability

study (generator inertia, exciter characteristics, governor models, etc.).

e) Contingency data describing the faults needed for DSA, plus related tripping

information.

d) Control data for DSA applications, such as convergence thresholds, time frame to be

simulated, etc.

The modelling requirements for DSA are already addressed in chapter 7.3. The objective

of this chapter is to describe :

- the construction ofthe DSA data model,

- the requirements for DSA data base,

- the requirements for data interfaces.

Construction of the DSA data model

The Principe construction of the DSA data model is shown in Fig. 4.1. The source of the

network model for On-line DSA is the results of On-line State Estimator, which normally

comprises the internal network and important parts of the external networks.

For Study and/or Off-line DSA the network model can also be based on Dispatcher Power

Flow Data or Off-line Power Flow results. Depending on the performance requirements,

importance of network pa~ts with respect to

D S A and availability of appropriate external

dynamic model data, etc. a reduction of the network model is performed, especially for On-

line DSA. After merging DSA-specific dynamic device models and progr,an specific

parameters~ the DSA data model is ready for being used by UI functions, the DSA application

programs and other tasks, e.g. data export for exchange.


26/98

- 25 -

in te rna l external

\ /

I

ase Case from

State Estimator

(On-line DSA)

r

B a s e Ca s e f r o m

wl

D is p a tche r P o w e r F io

O n - li n e D S A )

Base Case

from

~

or pff-line Power Flow

M o d e l r e d uc tio n f o r D S A

( O n - l in e D S A ) o r u s e o f f u ll m o d e l ( s tu d i e s )

t

S A - s p e c if i c d a t a

- g o v e rn o r m o d e l s

~.xci ta t ion systems

D S A - p r o g ra m

Time Domain Simulator

D SA D ata Model

D S A

Applications

*others

Data E x p o r t

F _ F j g u r e 4 .1

Principle construction of the DSA data model

_ ~ _ q u i r e m e n t s for

DSA

data

base

For DSA the use of wide-spread RDBMS (e.g. ORACLE, SYBASE, 12qGRES, etc.) behag

available for various hardware platforms is highly recommended. The data base should be

object-oriented or support object-oriented access to the data to ease the connection of

powerful UI-packages.


27/98

- 26 -

The RDBMS should at least include all input and output data of DSA, which are to be

entered, modified or viewed by the normal DSA user ; internal data of DSA applications

including special data for DSA-specialists (e.g. debug infos) could be stored as flat files or

private data bases in order to avoid performance problems.

The data base used for DSA must allow easy definition of DSA cases and must be able to

efficiently manage a lot of study cases.

R_~e..quirements for da ta interfaces

Several types of interfaces are required :

-

interface to EMS applications and data,

- interfaces to other power system analysis software (e.g. Off-line Power Flow),

- i - n t e r face to U I - subsys t em ,

-data import and export using pseudo-standardised formats, such as IEEE-load flow

exchange format

- internal interfaces between DSA applications doing Contingency Selection, Screening,

Ranking, Time Domain Simulation and so forth.

4.9.

User interface

The DSA user interface requirements have to take carefully into account several classes of

users. For each class, the User Interface has to be adequately adapted to the kind of

interactions which exist between the users and the power system.

~rators IOn-line

DSA)

System operators need a DSA user interface supporting their task of maintaining the security

of the real-time system in an practical way, i.e. as simple and uncomplicated as possible.

Typical.answers of DSA, such as system is stable , system is trustable for contingency case

X , allowable time for preventive/corrective actions , overall system state is getting

better/worse will be appreciated very much. The DSA environment should be easy to

understand and comfortable to manipulate.

_System eng~_neer/O~n-line DSA and/or Off-line~

System engineer/operation planer is assumed to be an experienced analyst, having detailed

knowledge of the power systems various phenomena impacting the security and economy of

the system. He tmderstands very well the DSA modelling aspects, knows how the DSA

applications work and his task includes to tune and tailor the DSA software to meet his

specific systems needs. System engineer needs a flexible UI, enabling him to view all details,

e.g. generator voltage angles vs. time, block diagrams and parameters of dynamic de-Ace

models, comparison of time domain simulation results vs. approximate screening, etc.


28/98

- 27 -

Manag.~

The UI of DSA should include features to create reports on system performance, statistics of

critical events, summary logs of critical equipment and last but not least diagrams comparing

actual versus computed results to demonstrate the validity of the DSA function and its

usefulness for their electrical power system.

Common requirement from all types of DSA users is, that DSA needs to have a state-of-the.

art, flexible and user-friendly brl, which among others has to fulfil following general

requirements

- provide an quick overview about the system stability status (e.g. traffic light symbols)

arid pinpoint the most critical contingencies and associated network parts,

- show ranked lists of severe contingency cases identifying the most critical network parts

and provide the possibility to perform detailed analysis by simple selections (e.g. cursor

click),

-present binding or near-to-binding operating lirnits associated with predescribed

contingencies,

-

clear proposals for possible preventive and/or corrective measures,

-graphical display of time trends associated with expected system changes, e.g. system

changes, e.g. system is getting better/worse and show the available time for the operator for

interventions,

o in On-line DSA show period of the validity of the current DSA results and indicate

clearly when the results get invalid and what event caused the change,

-comfortable option to add and/or delete contingencies to/from contingency lists by

adopting drag & drop and copy/paste techniques, e.g. pick-up a network component from a

single lone diagram and drop it into a contingency list,

-capability to compare eases against each other, allowing the user to select key

parameters to be compared, e.g. stability indices, margins, sensitivities, etc.,

-provide the user with measures to evaluate the accuracy and reliability of the DSA

results,

-

capability of Off-line study mode with more detailed output and increased flexibility.

Major design principles for bq being well-suited for On-line as well as Off-line DSA

functionality should be

-extensive use of graphical displays like curves, bar-charts, strip-charts, dynamically

coloured symbols for quick assessment of complex situations,

o easy and flexible access from the currently used display to other displays,

- guided operation of the various DSA components via context-sensitive menus, toolbars,

buttons, pop-up windows, etc.,

-

provision of a help mode that is easy to access,

-clearly doettmentation of DSA including functional descriptions and det~led user

guides,

-

multi user capability.


29/98

28-

CHAPTER 5

ANALYTICAL TECHNIQUES FOR DSA

The .tbllowing sections gather DSA techniques ( 5.1., 5.2.) and assess them in terms of

criteria of practical concern ( 5.3.). A relatively large place is dedicated to Intelligent

System( 5.2)for the reason that the knowledge of these new techniques still needs to be

developed in the Power System analysts community. This chapter contains also a table

techniques vs. criteria w here each technique is rated through certain criteria relative to som e

possible functions of a D S A tool

The results of the comparison are summ arized in the Table of subsection 5.3.

5. I.

A na |y f i ea l t echn l uqy_ .~

This section identifies well known DSA techniques. Next section will describe in some detail

Intelligent Systems.

General techniclues :time-domain methods

Time-domain methods represent the mainstay of existing DSA tools. Commercial time-

domain simulation sofiwares are able to treat large-scale disturbances, complex non-linear and

active network elements and elaborate contingency scenarios, including protections. Such

sowares are sufficiently reliable as to be capable of performing very short simulations, for

example in evaluating first-swing or mid-term stability for the study of voltage phenomena

evolving over tens of minutes.

Such sowares constitute the focal point of existing off-line DSA processes and are readily

considered as candidates to on-line DSA provided that seethe transmission levels and

operating margins can be identified within an acceptable time-frame. Needless to say,

computational speed is an issue. However, R&D efforts in DSA have begun to move towards

increasing the speed of limit search processes as a whole rather than concentrating ortly on

increasing the speed of execution of a single simulation (i.e. either through improved

algorithms, multiple or parallel processor strategies or advanced computer hardware

architectures [HA 93]).

The major advantages of time-domain methods are :

great flexibility with respect to power system modelling,

ability to provide time responses of machines rotor angles, speeds, accelerations, of bus

voltages and of other parameters of concern.

~ sensitivi~


30/98

- 29-

Trajectory sensitivity analysis provides a systematic approach to exploring the influence of

parameters on large disturbance behaviour. These ideas have recently been applied to power

system dynamic security assessment [LA95] [ST96].

Techni~ecific to transient stability : direct methods

Application of direct methods to transient stability have been developing for over 30 years

[FO92, PA89, PA93]. The most popular members are [CI95] : the transient energy function

(TEF) together with the exit point or BCU method to assess its limit value ; the extended

equal area criterion (EEAC).

Besides the pure approaches,

v a r i a n t s coupling with time-domain methods makes them able

to comply with detailed power system models. Such a hybrid search strategy is the second

kick method, which requires less than 4 simulations [MA95a]. This development has led to

the implementation of an on-line dynamic security analysis system for B.C. Hydro [DE94].

Independently of transient energy function analysis, another strategy has emerged for

accelerating the transient stability limit search process [MA94]. It is based on the signal

energy analysis of power system simulation waveforrn behaviour and may be summarized as

follows : if two stable time-domain simulations of a normal contingency are performed at

respectively two different values of power transfer and the sigr~l energy of the transient rms

voltage response is computed, it is possible to estimate the transfer limit for the specified

contingency and the error in the limit estimate.

Yet another hybrid method emanates from the dynamic EEAC. It consists of computing

appropriate stability margins, using one stable and up to tbxee unstable time-domain

simulations. It assesses critical clearing times [ZH96a] or power limits [ZH96b] as

appropriate.

Techni ue eifie Ion -term stabili

Simp|ified time-domain techniques exploit the separation between long-term and

transient time scales, replacing the latter by equilibrium equations and concentration on the

former.dynamics. This yields the Quasi Steady-State (QSS) time-domain simulation, which

merely requires to solve at each time step the algebraic equations of the network together with

equilibrium equations of the transient dynamics.

Energy function methods have recently been extended to allow long-term voltage

stability assessment. Tbfis extension follows from the incorporation of load dynamics into

standard multimaehine energy function [HI96]. Reactive power limits, which play a major

role in long-term voltage stability, can be handled using the approach described in [I-[I91 ].

Continuation methods in general enable system equilibria to be tracked as a parameter

of the system is varied. Frequently the free parameter corresponds to a load, or a combination

of loads, and so describes movement in a particular loading direction. Continuation power

flows deal with the particular problem of tracking the system long-term equilibrium when bus

load is increased. It is an efficient way of performing successive load flows and dealing with

the nose point of the PV curves.


31/98

-30-

Post-contingency optimal power flows. The divergence of a post-contingency power

flow computation is a necessary but not sufficient condition of voltage instability (it may

result from numerical problems or other physical problems where there is no solution to the

load flow equations). Post contingency OPF may be useful to determine acceptable solutions.

Eigenanalysis (or modal analysis) involves both eigenvalue and eigenvector analysis.

The reduced QV load flow Jacobian or the long-term differential equations can be used. It is

aimed at finding instability mechanisms and suggesting corrective actions. In principle it must

be coupled to continuation power flow or time-domain methods. Interpretation of eigenvalue

far from the critical point is of limited use.

5.2.

Intelligent technl uq _u __ ~

We distinguish among expert systems and automatic learning methods. The emphasis will

essentially be put on these latter methods which have already provided innovative systematic

approaches to analysis, sensitivity analysis and suggestions to control, for both transient and

long-term voltage stability.

The basic components of an expert system are knowledge base (KB) and inference engine

(IE). KB is a collection of rules and dates. IE is mechanism of induction of decision tree

searching rules to find those that can be applied to specific cases. Tiffs mechanism is based on

the sentence and predicate logic.

Expert systems can contribute in two ways to improving power system stability evaluation.

Firstly, they can be used to guide the engineer in the choice of models and computer programs

for off-line stability analyses. Secondly, they can help on evaluating the present stability

situation of a power system with respect to the power system variables and control. Existing

knowledge-based system approaches to power system security assessment mainly focus on the

development of heuristics or empirical knowledge. The knowledge acquisition process is

aimed at identifying and representing knowledge from the expert. The objective of this

process is to understand, for a given load and generation state of the power system, how the

operators orgarhze their knowledge.

As an example of applications of knowledge-based methods for security assessment we

mention the following : the effect of contingencies and system conditions upon dynamic

security assessment are built in an ES, using sensitivity analysis of the transient energy

function [EL89] [EL90]o Further, using the concept of vulnerability, which indicates the rate

of deterioration in system security, an ES was developed which uses the energy function as a

stability measure. The identification of the conditions that may lead to voltage collapse and

the suggestions for necessary corrective actions are embedded in some expert system

frameworks. There are expert systems that evaluate power flow divergence indicators

concerning controls and parameters change to detect the voltage collapse knee-point.


32/98

-31

-

Automatic Learning (AL) in general is concerned w/th the design of automatic procedures

able to learn a task on the basis of a learning set of solved instances of this task, There exist

th.ree main families of automatic learning methods (i) machine learning, a subfield of

symbolic artificial intelligence ; (it) statistical pattern recognition and regression ; (iii)

artificial neural network based learning.

Two broad classes of AL problems may be distinguished : supervised and unsupervised

learning. Supervised learning usually aims at constructing a model for an assttmed

relationship between input and output parameters. Unsupervised learning (or clustering), on

the other hand, aims at either uncovering similarities among groups of instances or

correlations among groups of attributes used to describe such instances. The main focus will

be on supervised learning methods.

In what follows, we consider only non-parametric AL methods, that is, methods which make

no ass...urnption about the mathematical functional form of the underlying particular density

distr/bcttion (such as that of a normal, bell shaped curve). Indeed, parametric methods could

not properly solve the wide variety of dynamic security problems.

N.B___ ~ The essen t ia l of th is no te is taken f rom [WE96b].

Supervised learning

Problem statement

In the context of power system security assessment - and hence of DSA, the general AL

approach may be schematically described by Fig. 5.1 : random sampling teelmiques are

considered to screen all relevant situations in a given context, while existing numerical

simulation tools are exploited - if necessary in parallel o to derive detailed security

information. The heart of the framework is provided by automatic learning methods used to

extract and synthesize relevant information and to reformulate it in a suitable way for decision

making. This consists of transforming the data base (DB) of case by case numerical

simulations into a power system sectary knowledge base (KB). As illustrated ha Fig. 5.1, a

large variety of automatic learning methods may be used in a toolbox fashion, according to

the type of information they may exploit and/or produce. The f;mal step consists of using the

etraet~d, synthetic information either in real-thne, for fast and effective decision rnakJng, or

in the off-line study environment, so as to gain more physical insight and to derive better

system and/or operation planning strategies.

How will this automatic learning based framework complement classical analytical methods

for security assessment ? In practice, t.here are three dimensions along which important

fallouts are expected.


33/98

32-

Random

D ata base generation

St ud y D e f i n i ti o n

R a n d o m S a m p l in g

N u m e r i c a l S i m u l a t io n s

G ~ l in e automaac, in parallel

Synth e t ic

M a c h in e L e a r n i n g

Stat i s t ica l Analysis

Neura l Ne t wo rks

Off 4ine in s t u ~ em,ironmenl

F a s t D e c i s io n M a k i n g

Physical in terpre ta t ion

U n c e r t a in t y M a n a g e m e n t

O n l in e o r o f f q i n e

F ~ _ j g _ u r e 5 .1

Automatic learning framework for security assessment

Computational efficiency. By using synthetic information extracted from automatic

learning, instead of analytical methods, much higher speed may be reached for real-time

decision making. Further, in terms of data requirements, whereas analytical methods need a

full description of the system model, the approximate models constructed via automatic

learning may be tailored to exploit only the significant and/or available input parameters.

Besides, the synthetic information may itself be complementary to and generally more

powerful than that provided in a ease by case fashion by existing analytical methods. In

particular, much more attention is paid nowadays to

interpretability and management of

uncertainties, the two

other important fallouts of automatic learning methods.

Interpretability. It was shown that machine learning may indeed efficiently generate

security rules from large bodies of simulated examples, even for as complex systems as are

real large-scale power systems. The extracted rules are found to express explicitly problem

specific properties, similarly to human expertise, and hence may be easily appraised, criticized

and eventually adopted by engineers in charge of security studies. The flexibility of the

automatic learning framework allows one to tailor the resulting information to analysis,

sensitivity analysis and control applications.

Management of uncertainties. The need to devise a rational way to take decisions

despite the existence of uncertainties about the power system state becomes more and more

apparent. Today, for example, operators are often sorely missing guidance in the context of

unusual system states reached after major disturbances, where reliable real-time L, fformafion is

generally lacking. Tomorrow, technological and economic changes will probably lead to a

higher and physically more irrational distribution of decision making and thus to more

uncertainties in routine operation and plmmJng activities. In particular, increased competition

among economic actors may reduce their willingness to share information on theh respective

subsystems, despite the stronger physical interactions.

S u__q p e r vi se d l e a r n ing m e thods

In what follows, we discuss three classes of methods providing three complementary ~s of

imeormation.

Symbolic knowledge via decision trees.

Top down induction of decision trees

i s one o f

the most successful classes of machine learning (i.e. symbolic learrfing) methods. Figure 5.2

shows a hypothetical binary decision tree : to hffer hhe output information corresponding to

given input attribute values, one traverses the tree, starting at the top-node, and applying


34/98

- 33 -

sequentially the dichotomous tests encountered to select the appropriate successor. When a

terminal node is reached, the output information stored there is retrieved. The right part of

Figure 5.2 shows how the decision tree decomposes its input space into

non-overlapping

subregions. Ideally, the number of these latter should be as small as possible and at the same

time the states contained by each subregion should belong to a same class.

VI

Class

Cl as s 1

V 2 1

Class 2

F_j~re 5.2

Hypothetical decision tree and its corresponding input space decomposition

Sing le - l ayer pe r c ep t r on

Multi-layer ~ r c e p t r o n

1 + e x p - l l i )

Input layer

a~

H i d d e n l a y e r s

Feed-forwsrd mulfil~yer perceptron

A main asset of decision trees lies in the explicit and logical representation of the induced

classification rules and the resulting tmique explanatory capability. In particular, the method

identifies the most discriminating at*aibutes and provides systematic correlation analyses

among them. From the computational viewpoint it is efficient at the learning stage as well as

at the prediction stage.

There are two generalizations of decision trees of interest in the context of DSA, namely :

regression trees which infer information about a numerical output variable [WE95a], and

fuzzy trees which ttse fuzzy logic instead of standard logic to represent output information in a

smooth fashion. Both approaches allow inferring information about security margins,

sim~larly to the techniques discussed below. In particular, fuzzy trees are able to combine

smooth input/ouput approximation capabilities of neur~M networks with haterpretability

features of symbolic machine learning [/3095].


35/98

- 34 -

Smoothnonlinear approximations

via artificial neural networks. The field of

artificial neural networks (ANNs) has grown since the early work on perceptrons to an

important and productive research field. We restrict ourselves to multilayer perceptrons,

MLPs for short. Figure 5.3 illustrates the classical feedforward MLP. The first or

input layer

corresponds to the attribute values, and the last or

output layer to the desired security

classification or margin information. Intermediate layers enable the network to approximate

arbitrarily complex input/output mappings, provided that its topology and weights are chosen

prope r ly [ G E93, N I93],

Similarly to decision trees, an interesting property of MLPs is their ability to achieve feature

extraction and learning in a single step. However, one of their difficulties comes from the very

large number of weights and thresholds related in a nonlinear fashion, wl-dch makes it almost

impossible to give any insight into the relationship learned. All in all, one can say that MLPs

offer a flexible, easy to apply, but essentially black-box type of approach to function

approximation.

Memory based reasoning vh statistica| pattern recognition.

The previous two

approaches essentially compress detailed information about individual simulation results into

general, more or less global security characterizations.

Additional information may however be provided in a case by case fashion, by matching an

unseen (e.g. real-time) situation with similar situations found in the data base. This may be

achieved by defining generalized distances so as to evaluate similarities among power system

situations, together with appropriate fast data base search algoritlh, ns.

A well known such technique is the K nearest neighbors (K- NN) method able to

complement decision trees and multilayer pereeptrons. It consists of classifying a state into

the majority class among its K nearest neighbors in the learning set. The maha characteristics

of this method are high simplicity but sensitivity to the type of distances used.

U nsupervised |ear~ing and clu sCer~ng

In contrast to supervised learning, unsupervised learning methods are not oriented towards a

particular prediction task. Rather, they try to identify existing underlying relationships among

a set of objects characterized by a set of variables or among a set of variables used to

characterize a set of objects.

One of the purposes of clustering is to identify homogeneous groups of similar objects, Lrt

order to represent a large set of objects by a small number of representative

prototypes.

Graphical, two-dimensional scatter plots may be used as a tool to analyze the data and identify

clusters. P,mother application of the same techniques is to identify similarities (and

redundancies) among t_he different attributes used to characterize objects. In the context of

D SA both applications may be useful as complementary data analysis and preprocesshag

tools.


36/98

-35-

Applic ation of automatic [earning to D S A

Unsupervised learning for data pre -p rocess ing

In security problems, many different attributes often turn out to provide equivalent

information, due to the very strong physical correlations among geographically close

components of a power system. Thus, clustering methods may be used to define a small set of

representative attributes from a larger number of elementary variables.

For example, in the case of voltage magnitudes, correlation coefficients among any pair of bus

voltages may easily be computed then used as similarity measures by a clustering algorithm

searching for a reduced number of voltage coherent regions. In particular, two-dimensional

Kohonen feature maps may be exploited to visualize the relationships among voltage regions

and cpmpare them easily with the geographic location of busbars in the power system

[WE95a ] .

Clustering techniques have also been proposed in a more conventional way, to identify groups

of shnilar power system operating states. One possible purpose is to partition a very large data

base into smaller subsets for which the security assessment problem could be easier to solve.

Another interesting application would be to condense the full data base into a reduced

number of representative prototypes, thereby decreasing the number of required sec~rty

simulations and shortening the associated computation delays.

_~pervised learning of security

criteria

Given a data base composed of examples, for which security margins have been pre-

determined for several contingencies and a number of candidate attributes have been

computed, supervised learning may derive appropriate security criteria. Below we point out

specific interesting aspects ofeach class of AL methods.

What can decision trees do ? First, we need to define security classes by appropriate

thresholds on the security margin. Then, the decision tree building includes (i) the automatic

identification of the subset of attributes among the candidate ones relevant for the prediction

of the secu.rty class (say ten to twenty among one or two hundred), a~d (ii) the definition of

appropriate threshold values for these attributes so as to provide an approximate mcrdel of the

dynamic security region of the studied power system area. In addition to a global tree

covering all disturbances simultaneously, s~gle-contingency trees may also be constructed to

provide tnore specific information and additional insight. Depending on the type of problem,

and upon whether normal pre-disturbance or just after disturbance attribute values are used,

the decision trees may be used either ha a preventive or in an emergency wise approach

~O94; VA93 ; WE91 ; WE94a].

What can neural networks add ? In addition to the decision trees simplified view of a

discrete model relating a small number of security classes and thresholds on attribute values,

one is generally interested in a continuous security margin, at least ha the neighborhood of the

threshold values used to define security classes [DI9 l ; EL89 ; FI89 ; Mc95a ; MO91 ; SH94 ;

SO89] .


37/98

-36-

Since a strong point of the MLP is its nonlinear modeling capability, and of the decision tree

is the identification of the attributes relevant to a classification problem, a hybrid approach

may use the latter attributes as input variables to a MLP model, to get a normalized security

margin as output information.

What do distance based methods offer ? With the previous two approaches, we have

essentially compressed detailed inforrnation about individual simulation results into general,

more or less global security characterizations. This provides the required physical

understanding, tharuks to the data analysis component of decision trees and attribute clustering

techniques. In addition, the derived models may be used efficiently for on-line security

analysis.

In this latter context, further information may be obtained via memory based reasoning

exploiting appropriate distances to find the most similar pre-analyzed situations to the real-

time state. Once identified, these may be used in multitudinous ways. For example, their

distance to the current state would provi

Documents

TRENDS & REQUIREMENTS FOR DYNAMIC SECURITY ASSESSMENT.pdf