0 оценок0% нашли этот документ полезным (0 голосов)

149 просмотров12 страницReliability, Fault Tree Analysis

© © All Rights Reserved

PDF, TXT или читайте онлайн в Scribd

Reliability, Fault Tree Analysis

© All Rights Reserved

0 оценок0% нашли этот документ полезным (0 голосов)

149 просмотров12 страницReliability, Fault Tree Analysis

© All Rights Reserved

Вы находитесь на странице: 1из 12

journal homepage: www.elsevier.com/locate/ress

system reliability

epin, Borut Mavko

Andrija Volkanovski , Marko C

Reactor Engineering Division, Jozef Stefan Institute, Jamova 39, 1000 Ljubljana, Slovenia

a r t i c l e in f o

a b s t r a c t

Article history:

Received 14 November 2007

Received in revised form

22 August 2008

Accepted 15 January 2009

Available online 30 January 2009

A new method for power system reliability analysis using the fault tree analysis approach is developed.

The method is based on fault trees generated for each load point of the power system. The fault trees are

related to disruption of energy delivery from generators to the specic load points. Quantitative

evaluation of the fault trees, which represents a standpoint for assessment of reliability of power

delivery, enables identication of the most important elements in the power system. The algorithm of

the computer code, which facilitates the application of the method, has been applied to the IEEE test

system. The power system reliability was assessed and the main contributors to power system

reliability have been identied, both qualitatively and quantitatively.

Crown Copyright & 2009 Published by Elsevier Ltd. All rights reserved.

Keywords:

Fault tree

Safety

Reliability

Power system

1. Introduction

The power systems are usually large, complex and, in many

ways, nonlinear systems. They include subsystems and components such as generators, switching substations, power lines and

loads. Switching substations include buses, transformers, circuit

breakers and disconnect switches. The evaluation of the overall

system reliability is extremely complex as it is necessary to

include detailed modeling of both generation and transmission

facilities and their auxiliary elements. A failure of components or

subsystems can result in a failure of power delivery to specic

loads or in certain cases in a full blackout of the power system.

The purpose of this paper is to develop a new method for

power system reliability analysis, because several blackouts have

been reported recently [1,2]. The need for analysis of power

system reliability additionally emerges from the aspect of the

consequent terrorist threats on major infrastructures including

the power systems [3].

Most of the approaches for determination of power system

reliability use approximation or simplication of the problem in

order to degrade the problem on a solvable level. The quasitransient approach [4] and examination of cascading failure using

the linear programming [5] method were proposed assuming only

Corresponding author.

point in the system, excluding the probability of failure of

components. Evaluation of system reliability concerning only the

generation facilities and their adequacy to satisfy load using

heuristic methodology was proposed, but this methodology does

not include transmission in the analysis [6].

The minimal cut set and the frequency duration method are

used for the planning and design of industrial and commercial

electric power distribution systems and their reliability evaluation, but the whole methodology considers only lines and

transformers and is applicable only to small systems [79]. The

minimal cut-set method of evaluating load-point reliability

indices is proposed but it accounts for only topology of the

network [10]. Screening methodology for the identication and

ranking of infrastructure vulnerabilities, including a small power

system, due to terrorism based on a minimal cut-set approach and

event tree method was proposed [11,12], and also needing

conditional success rate estimation. A method for assessing and

improving the vulnerabilities of electric power transmission grids,

based on load-ow algorithm using direct current (DC) power

ow, is proposed but it accounts for only power grid reliability

[13]. An application of Monte Carlo network analysis for reliability

assessment of multiple infrastructures, including power system,

for terrorist actions [14] is proposed, but this method is

inadequate when infrastructures are analyzed individually. Application of the sum-of-disjoint products technique for evaluating

stochastic network reliability is proposed [15] with the simplication of the problem considering only one path between source

and sink nodes and assuming that each node is perfectly reliable.

A hybrid model that includes both power system dynamic

0951-8320/$ - see front matter Crown Copyright & 2009 Published by Elsevier Ltd. All rights reserved.

doi:10.1016/j.ress.2009.01.004

ARTICLE IN PRESS

A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

simulations and event trees for the protection was anticipated for

power system reliability estimation, accounting for only lines

protection failure [16].

Several variations of Monte Carlo simulation methods including cellular automata and system state transition sampling

approach were developed to probabilistically evaluate power

system long-term reliability [1723]. These methods do not

include all functional zones of the power system and some of

them face difculty with convergence. A method based on load

curtailment model is proposed to perform risk assessment of a

combinative system of transmission network and substation

congurations [24] and excluding generators failure from the

analysis.

A method for evaluating the terminal-pair reliability of the

network, based on an edge expansion tree and ordered binary

decision diagram, and a method for consideration of node failures

were developed [25,26].

The power system is usually divided into generation, transmission and distribution functional zones, which are analyzed

separately [27,28]. These functional zones can be combined to

form a series of hierarchical levels for conducting the system

reliability analysis. System reliability is usually predicted using

one or more indices that quantify the system reliability and that

are implemented using the criteria based on acceptable values of

these indices.

A methodology for the automated generation of fault trees for

electrical/electronic circuits from a representation of a schematic

diagram is developed [29]. The application of the fault tree

analysis approach for power system reliability analysis and

system design, development and modication is demonstrated

[30,31]. A recent probabilistic method for transmission grid

reliability evaluation uses event trees and fault trees and

combines them with power system dynamic simulations. The

substation protection and the trip operations after line faults are

modeled with the event trees. The power system reliability is

studied with a substation model, which includes possible

malfunctions of the protection and circuit breakers. Single faults

of lines, due to the protection failure, are accounted for in the

analysis [32,33].

The report entitled Reactor Safety Study: an assessment of

accident risk in US Commercial Nuclear Power Plants

(NPPs)WASH 1400 [34] was an important attempt to provide

a detailed assessment of the risks associated with the utilization

of commercial nuclear power plants. A systematic probabilistic

methodology for assessment of reliability and safety of complex

systems was developed and applied. In most countries, the

method is referred to as probabilistic safety assessment (PSA).

The event tree and the fault tree are two basic methods used in

probabilistic safety assessment [35].

The fault tree is a tool to identify and assess the combinations

of the undesired events in the context of system operation and its

environment that can lead to the undesired state of the system

[3537]. It is recognized worldwide as an important tool for

evaluating safety and reliability in system design, development

and operation [35,3844]. The undesired state of the system is

represented by a top event. The fault tree is based on Boolean

algebraic and probabilistic basis that relates probability calculations to Boolean logic functions. The fault tree analysis is used for

assessment of reliability indices in the power system with

inclusion of the major components of the system. The logical

gates integrate the primary events to the top event, which

corresponds to the undesired state of the system. The primary

events are the events that are not further developed, e.g. the basic

events (BE) and the house events. The basic events are the

ultimate parts of the fault tree, which represent the undesired

events, e.g. the component or system failures.

The classic fault tree is mathematically represented by a set of

Boolean equations. The qualitative fault tree analysis (in the

process of Boolean reduction of a set of equations) identies the

minimal cut sets, which are combinations of the smallest number

of basic events, which, if occur simultaneously, lead to the top

event.

The quantitative fault tree analysis represents a calculation of

the top event probability, equal to the failure probability of the

corresponding load. The calculation of the top event probability:

Q GD

n

X

QMCSi

2. Method description

NL

X

i1

Q GDi

Ki

1 Q PS

K

(1)

unreliability; QGDi, failure probability of power delivery to ith

load (top event probability of the respective fault tree); NL,

number of loads in system; Ki, capacity of ith load; K, total

capacity of the system; Ki/K, weighting factor for ith load, where

K

NL

X

Ki

(2)

i1

loads in the power system, and the power system reliability, given

by Eq. (1), is calculated. Calculation of the power ows within the

power system is considered, in addition.

QMCSi\MCSj

iojok

RPS 1

X

ioj

i1

calculated through the top event probability of the respective fault

tree, and the values of weighted failure probabilities of power

delivery to loads are considered to get the overall measure of the

power system reliability:

1117

n

\

MCSi

(3)

i1

Q GD

n

X

QMCSi

(4)

i1

to probability of disruption of energy delivery to the corresponding load.

Probability of each minimal cut set is calculated using the

relation of simultaneous occurrence of independent events:

Q MCSi

m

Y

Q Bj

(5)

j1

events in minimal cut set i; QBj, probability of the basic event Bj

describing failure of the component (i.e. failure probability of

component Bj).

The fault tree analysis results include importance measures

risk achievement worth (RAW) and risk reduction worth (RRW) in

addition to the top event probability [39,43]. Risk achievement

worth identies components that should be maintained well in

ARTICLE IN PRESS

1118

Risk reduction worth identies components that are probably

redundant, because their reliability signicantly increases system

reliability(i.e. risk is reduced):

RAW k

Q GD Q k 1

Q GD

(6)

RRW k

Q GD

Q GD Q k 0

(7)

risk reduction worth for component k; QGD(Qk 1), top event

probability when failure probability of component k is set to 1;

QGD(Qk 0), top event probability when failure probability of

component k is set to 0; QGD, top event probability.

2.2. New importance measures

New risk importance measures are developed to evaluate the

power system [44]. The network importance risk measures,

namely network risk achievement worth (NRAW) and network

risk reduction worth (NRRW), are dened using the denition of

the importance measures from a single fault tree given in Eqs. (6)

and (7) and the power system unreliability expression given in Eq.

(1). As the term network is a descriptive term for the power

system in this paper, NRAW and NRRW can be expressed as power

system risk achievement worth and power system risk reduction

worth:

NL

P

Q GDi Q k 1K i

Q

Q

1

NRAW k PS k

i1 NL

Q PS

P

Q GDi K i

i1

NL

P

i1

NL

P

(8)

Q GDi K i

component k; QPS, power system unreliability; QPS(Qk 1), power

system unreliability when unreliability of component k is set to 1;

QGDi(Qk 1), failure probability of power delivery to ith load when

unreliability of component k is set to 1; NL, number of loads in the

system; QGDi(Qk), failure probability of power delivery to ith load;

RAWkGdi, value of RAW for component k corresponding to load i;

and Ki, capacity of ith load.

NRRWk is dened as

NL

P

Q PS

NL

NRRW k

Q PS Q k 0 P

Q GDi K i

i1

Q GDi Q k 0K i

i1

NL

P

Q GDi K i

i1

NL

P

Q GDi Q k K i

RRW kGDi

i1

for single components, substituting QPS and QGDi in Eqs. (8) and (9)

with

QPS(Qg 1)power system unreliability when unreliability of

components in group g is set to 1.

QGDi(Qg 1)failure probability of power delivery to ith load

when unreliability of components in group g is set to 1.

QPS(Qg 0)power system unreliability when unreliability of

components in group g is set to 0.

QGDi(Qg 0)failure probability of power delivery to ith load

when unreliability of components in group g is set to 0.

Component groups may contain components (elements) of the

same type, components corresponding to specic substation or/

and any other combination.

The approximate direct current power ow model is obtained

from the alternating current model of power system if taken to be

approximated, voltages in all buses are equal to the nominal,

differences of angles of voltages are very small and neglecting the

losses in power system. The DC power ow model gives a linear

relationship between the power owing through the lines and the

power input at the nodes. The DC power ow equations can be

written as

F AP

(10)

through the lines; P, vector whose components are power of

generators in the substations; A, constant matrix with elements

calculated from the impedance of the lines and load in substations

(dimensions of A are Nl Ng, where Nl is the number of lines and

Ng the number of substations directly connected to a generator or

generators in a system).

Using the calculated active power ows from Eq. (10) and the

approximate methodology [45], reactive power ows and voltages

in the buses are calculated for normal regime and for the single

line failure state (when each of the lines in the system fails). The

calculated ows and voltages are stored and used for the overload

checking procedure.

The procedure for overload checking contains the following

steps:

1. Compare ows through the lines, which constitute tested ow

path, with continuous load rating of those lines, when lines

that are not included in the ow path fail (single line failure).

2. If the overloaded line is found in step 1, then discard that ow

path and check the next ow path.

3. Check if there are violated voltages (outside the predetermined

nominal range) in the buses constituting ow path when lines

that are not included in the ow path fail.

4. If ow path passes the overload and voltage tests, accept it for

the fault tree construction.

5. Go to step 1, until all ow paths are checked.

(9)

k; QPS(Qk 0), power system unreliability when unreliability of

component k is set to 0; QGDi(Qk 0), failure probability of power

delivery to ith load when unreliability of component k is set to 0;

RRWkGdi, value of RRW for component k corresponding to load i.

The system importance measures NRAW and NRRW for

components groups are dened similarly as importance measures

ow thought to line together with active power ow is considered

in the evaluation. The single peak load model is used in the

analysis accounting for the size of the loads during peak

consumption.

Continuous load rating of the lines is updated with the

ambient temperature using the correction factor dened as

r

80 T amb

kcorr

(11)

40

ARTICLE IN PRESS

A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

where kcorr is correction factor for continuous load rating and Tamb

is ambient temperature.

Many power systems are built or have been designed with a

relatively strong transmission network. When analysis is done to

those systems, several modications are made in order [20] to

weaken the system for conducting the transmission reliability

studies. Those modications are mostly connected with the

disconnection of multiple lines in the power system. With the

disconnection of lines, the overall structure and power ows

within the system are changed, not corresponding to ows in a

real system. In the proposed method, power ows in normal and

single line failure regime are accounted for together with voltages

in the substations. Only selected energy paths are accounted for in

the fault tree construction, discarding those that are overloaded as

a result of limitations of transfer capacity of lines or violated

voltages in substations. Discarded ow paths, depending on

power ows, have direct implication on the reliability of power

delivery and on overall power system reliability (a smaller

number of ow paths results in a smaller number of alternative

power delivery paths and higher failure probability). Reducing the

number of ow paths reduces the number of gates in a fault tree

and the overall size of the fault tree, decreasing the calculation

times.

2.4. Procedure

Switching substations are important elements of power

systems. A generator and/or a load can be connected to the

switching substation. Switching substations are connected with

power lines, through which the power is transferred from

generators and other switching substations to loads. The main

1119

of power supply to the load, to evaluate the probability of that

interruption and to recognize the main components that contribute to the interruption of supply.

In order to start with the fault tree analysis, the corresponding

fault tree should be built rst for each switching substation,

which is connected to a load. The principle of continuum of

energy delivery is taken in account during the analysis. The fault

tree structure corresponds to the conguration of the system and

includes all possible ow paths of disruption of the power supply

from generators to loads. The power transfer limitations and

common cause failures (CCF) of power lines are included in the

model together with power ows and capacity of generators and

loads in the power system. Common cause failures are failures of

multiple equipment items occurring from a single cause that is

common to all of them [46]. The failure of the multiple lines due

to the severe weather conditions or earthquakes in a specied

region can be additionally modeled adding supplementary CCF

groups for each initiator.

Switching substations used in the model correspond to

substations in real power systems, which normally include several

components including circuit breakers, protective relays, cut-out

switches, disconnect switches, lightning arresters, fuses, transformers and other communication and protection equipment.

The rst step in the proposed method is the building of fault

trees for each substation in the power system and the calculation

of corresponding top event probabilities. Example of a switching

substation, consisting of load, two buses, four generators and

three lines (up) together with a corresponding simplied model

representation of the substation (down), is given in Fig. 1.

In the simplied substation representation, given in the

bottom of Fig. 1, bus BUS01 failure will result in interruption of

ARTICLE IN PRESS

1120

power delivery from generators to lines and disruption of energy

exchange between power lines, representing substation failure

mode in the developed method. Disruption of energy delivery

paths through elements of the substation is accounted for during

the construction of the fault tree. Fig. 2 shows a part of the fault

tree of the substation. Normal states of the circuit breakers and

disconnect switches (normally open or normally closed) are

assumed and modeled in the fault tree using two failure

probabilities, for active and passive failures, for each of the

elements (fails to close, fails to remain closed). Building of the

fault trees and calculation of top event probability and corresponding importance measures are done using commercial software [47].

The presented reliability assessment of the substation does not

include protection and control systems. The inclusion of these

systems can improve the models, but it can additionally increase

the complexity of the overall procedure [48].

The next step in developing the corresponding fault trees is

identication of all the possible energy delivery ow paths from

the adjacency matrix of the corresponding power system. The six

substations system, which is shown in Fig. 3, is presented as an

example for description of the methodology.

The system consists of six substations, ve generators in

substations 13 and 6 and two loads in substations 1 and 4. There

are multiple generators (two in substation three) and multiple

lines (marked Li1 and Li2 in Fig. 3) between substations 1 and 2 in

the example system. The lines for which common cause failures

are accounted for are marked in Fig. 3: CCF of lines due to the

common right-of way for part of their length.

The adjacency matrix A of a simple graph is a matrix with rows

and columns labeled by graph vertices, with a 1 or 0 in position

(vi, vj) according to whether graph vertices vi and vj are adjacent

or not. Using the adjacency matrix A, all possible ow paths

between generation (source) and consumer (load) substations are

identied, using developed recursive procedure for the formation

of rooted trees of the graph of the system. The energy ow paths

between the load and other substations in the system are

identied using the rooted tree. A rooted tree is a tree in which

a labeled node is singled out. The rooted tree for substation 1 is

given in Fig. 4. Dashed lines identify the energy ow paths

between substations 3 and 6 and substation 1.

ARTICLE IN PRESS

A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

Fig. 4. Rooted tree for substation 1 with energy ow paths to substations 3 and 6

for example system.

The identied ow paths of energy delivery between substations are tested for consistency, namely:

1. Only a part of the ow path ending with substation, which is

directly connected to generators with total installed capacity

equal or larger than load, is taken further for the overload test.

2. If there is an overloaded line in the ow path obtained from the

previous test, then that ow path is discarded.

Test of overloaded lines or violated voltages in a ow path is

described in Section 2.3.

In these consistency tests, it is assumed that energy is

delivered to the load only from substations, where the total

installed capacity of generators is equal to or larger than the load.

This assumption does not correspond to real power systems

where each generator has a share of energy delivered to each load

in the power system. However, taking into account the fact that all

possible combinations of ow paths of all substations with

generators and loads are included in the model, it is postulated

that the model will correspond to the state of a real power system.

Example of a consistency test, for load 1 with tree shown in Fig.

4, is given in Fig. 5. Let the total installed capacity of the generator

in substation 2 be smaller than the load in substation 1, lines 24

are overloaded for the specic ow path corresponding to energy

delivery from substations 3 to 1 and voltage in bus 5 is higher

than nominal in case of the failure of lines 13. In that case, only

ow paths marked with dark solid lines in Fig. 5 will be accepted

for the fault tree construction. All other ow paths will be

discarded due to the lack of generator (black dashed lines,

substation 4), smaller generation than load (green lines, substation 2), violated voltage (blue line from substation 6) or overload

of the line (red dashed line between substations 2 and 4 shows

overloaded line; red line between substations 2 and 3 is discarded

too).

Flow paths, which were accepted in a previous test of

consistency, are used in the next step for fault tree construction.

The fault tree for each substation, which is connected to a load, is

created using the modular fault tree, shown in Fig. 6, with the

structure and the failure probabilities inserted depending on the

elements modeled. Basic events marked in red squares are

1121

are multiple generators in the substation. The procedure of

building fault tree includes the following steps:

of power delivery to that substation.

2. If the previously added gate is top gate, exclude the line

failures gate, else add OR gate for those failures (named

600,000 or above) and corresponding basic events for line

failures and CCF of lines (named with numbers starting from

200,000 and 650,000).

3. Add OR gate corresponding to substation failure (named with

numbers starting from 700,000).

4. Add OR gates corresponding to substation failure (named with

numbers starting from 800,000) and corresponding basic

events (named with numbers starting from 100,000).

5. Add AND gate corresponding to failure to deliver energy to

specic substation (named 900,000 or above).

6. Add OR gates corresponding to generators failure in that

substation (750,000 and above) or no energy from other

substations connected to that substation (500,001 and above).

7. Go to step 1 until all energy ow paths are accounted for.

Fig. 7 shows the top section of the fault tree constructed for load

1 in substation 1 in Fig. 3. The maintenance activities of the

components in the power system can be implemented by

excluding the components planned for maintenance from input

data.

The evaluation of the network reliability is an NP-hard

problem [15] requiring processor power and memory allocation.

Two major elements identify the necessary calculation time. First

is the size of the fault trees built for each of the loads in the

system. Fault trees size depend on the number of substations

(correlated to size of adjacency matrix), loads (number of

generated fault trees), lines in the power system (related to

number of possible energy ow paths) and size of the loads and

generators and their disposition in the system (number of

accepted ow paths accounting for power transfer capabilities of

the lines and substation voltages). Second is the efciency of the

used fault tree analysis module and the used cut-off values in the

ARTICLE IN PRESS

1122

A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

limiting in the method.

During the construction of the fault tree model for each of the

substations in the system, the following important issues are

considered:

paths.

All ends of ow paths are considered in order not to doublecount contributions modeled previously in the tree.

The verication of a proper fault tree modeling was done

through the examination of minimal cut sets of small test systems

in sense:

If all expected minimal cut sets appear in their respective

listing.

1123

3. Results

The new method is tested on the IEEE One Area RTS-96

(IEEEInstitute of Electrical and Electronics Engineers,

RTSReliability Test System), consisting of 24 substations17

substations that are directly connected to loads and 7 substations

that are directly connected to generators32 generators and 38

power lines [49]. For 14 lines, the common cause failures are

considered. The IEEE reliability test system is specially designed to

be used for different static and dynamic analyses and to compare

the results obtained by different methods. Diagram of the IEEE

One Area RTS-96 is given in Fig. 8.

The available data for component reliability are used in the

analysis [49,50]. Each substation is approximated with substation

failure basic event calculated by the procedure given in Section

2.4. The extended single line diagram of IEEE One Area RTS-96

Substation System [49], including station congurations, was

used for substations reliability assessment. Failures of the

disconnect switches at the end of the power lines, circuit breakers

and transformers in the lines were included in the calculation of

ARTICLE IN PRESS

1124

Table 1

Failure data for selected elements of the IEEE test system.

Component name

Substation two failure

Substation three failure

Substation eleven failure

Line between substations 1 and 2

Line between substations 1 and 3

Line between substations 1 and 5

Beta factor for lines 89

Beta factor for lines 1722

Circuit breaker (active failure: fails to close)

Circuit breaker (passive failure: fails to remain closed)

Disconnect switch (active failure: fails to close)

Disconnect switch (passive failure: fails to remain closed)

Generator size 12 MW

Generator size 20 MW

Generator size 50 MW

Generator size 76 MW

Generator size 100 MW

Generator size 155 MW

Generator size 197 MW

Generator size 350 MW

Generator size 400 MW

Bus section 138 kV

Bus section 230 kV

Subsystem failure

probability

cause failures

3.57E8

3.57E8

2.33E9

3.00E9

4.39E4

5.83E4

3.77E4

2.00E1

3.00E1

8.14E05

6.16E06

4.09E06

6.16E07

2.00E02

1.00E01

1.00E02

2.00E02

4.00E02

4.00E02

5.00E02

8.00E02

1.20E01

5.44E05

4.43E05

structure or the common path of power lines is given in IEEE data;

therefore, the estimated values are considered for the Beta factor

for CCF of lines. Table 1 shows the component reliability data for

selected elements of the test system as used in the analysis.

Ambient temperature Tamb 40 1C is considered in the analysis.

The following results are obtained for the test system:

fault tree model and top event probability for each of the

selected loads,

system unreliability,

power system risk achievement worth for all elements of the

system,

system and

components in the system.

The selected quantitative results are presented in the following

tables.

Results in Table 2 include failure probability of the power

delivery to respective loads in the power system, corresponding

weighting factor for each load and nal weighted failure

probability for each load separately. The total system failure

probability is evaluated as 5.41E04. The total capacity of the

system is 2850 MW. The results in Table 2 show that the loads

with the highest top event probability are loads in substations 15,

18, 13 and 20, mainly due to the size of the loads and failure

probabilities of those substations. The obtained results were

compared with the results obtained for bus indices for IEEE RTS

shown in Table 3 taken from Table 3.16 of the corresponding Ref.

[50]. Comparison of the obtained results show that same

substations have the highest failure probabilities in the rst four

positions of both tables. The energy index of unreliability in Table

3.17 of the corresponding Ref. [50] was estimated to be 5.84E3.

This value is of an order of magnitude higher than the system

unreliability measure obtained from the proposed method, but it

Table 2

Calculated top event probabilities of IEEE RTS.

Load

substation

Failure

probability of

power delivery

to respective

load

Weight

FT top event

prob.weight

Capacity

(MW)

15

18

13

20

7

10

9

14

19

3

6

8

4

5

2

1

16

2.31E03

2.30E03

1.39E04

4.47E05

4.11E05

9.96E06

9.96E06

3.71E06

3.55E06

2.56E06

7.29E07

6.56E07

1.88E07

1.51E07

3.59E08

3.57E08

1.99E08

1.10E01

1.16E01

9.20E02

4.44E02

4.34E02

6.77E02

6.08E02

6.74E02

6.28E02

6.25E02

4.72E02

5.94E02

2.57E02

2.47E02

3.37E02

3.75E02

3.47E02

2.54E04

2.66E04

1.28E05

1.99E06

1.79E06

6.74E07

6.05E07

2.50E07

2.23E07

1.60E07

3.44E08

3.90E08

4.83E09

3.71E09

1.21E09

1.34E09

6.91E10

317

333

265

128

125

195

175

194

181

180

136

171

74

71

97

108

100

different approaches and they correspond to different power

system elements (the power deliver capability in the rst and the

energy in the second case).

The importance measures NRRW and NRAW for selected

components in the power system are given in Table 4. Results

show that components with the highest value of NRRW importance measure are generators situated in substations 18, 21 and 23

and this result is expected accounting for that those units are the

largest generating units in the power system. The high value of

NRRW implies that the reliability of the respective components is

worth increasing in order that the system reliability is signicantly increased. The identied power plants are candidates for

design change, e.g. installation of redundant components in the

A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

Table 3

The results for the IEEE RTS from Ref. [50].

Table 5

Power ows through lines in IEEE RTS.

Load

Failure probability

18

13

15

20

2

16

3

5

1

6

4

8

7

19

14

9

10

8.34E02

7.13E02

5.65E02

4.62E02

4.10E02

2.60E02

2.26E02

2.24E02

2.24E02

2.24E02

2.24E02

1.60E02

1.59E02

1.17E02

9.56E03

3.17E03

3.17E03

Table 4

Importance measures for selected components of IEEE RTS.

Component identication

NRRW

NRAW

G2

G2

G2

G2

G2

1.04E+02

1.04E+02

1.98E+00

1.33E+00

1.33E+00

8.26E+00

8.26E+00

6.70E+00

6.94E+00

6.94E+00

1.00E+00

1.00E+00

1.00E+00

1.00E+00

1.00E+00

2.20E+02

2.05E+02

1.07E+01

1.31E+00

1.29E+00

118-1

121-1

123-3

123-1

123-2

B1-118

B1-115

L1-107 108

L1-116 119

L2-120 123

1125

The identied components with the highest NRAW in Table 4 are

as follows: substations 18 and 15, line between switching

substations 7 and 8, line between substations 16 and 19 and

CCF of the lines between substations 20 and 23. Components with

the highest value of NRAW should be maintained well, in order

that the reliability of the system is not reduced signicantly, so

the maintenance priority should be high for those components.

The high value of NRAW for substations 18 and 15 is expected

accounting for the size of the loads connected in those substations. The failure of line between substations 7 and 8 will disrupt

power delivery from the generator and to the load situated in

substation 7, resulting in a high value of NRAW. The high values of

NRAW for the line between substations 16 and 19 and CCF of the

lines between substations 20 and 23 are obtained because failure

of those lines will disrupt power delivery from generators situated

in substations 19 and 20 to the power system and interrupt power

transfer between substations 16 and 23.

The calculated power ows through lines in the power system

using DC power ow method for the normal operation are given in

Table 5. The minus sign indicates the reverse ow between two

substations. The highest power ows are between lines 1416 and

1617. Comparison of the most important power lines in the

system given in Table 4 and the power ows given in Table 5

shows that the most important power lines are not always those

that have the highest power ows during normal regime of work.

The importance measures for selected components of

substation 15, identied to have the highest failure probability

Line

Power ow

(MW) start

Power ow

(MVAr)

start

Power ow

(MW) end

Power ow

(MVAr)

end

Lines 1416

Lines 1617

Lines 1323

Lines 1223

Lines 324

Lines 1524

Lines 1521

Lines 1521

Line 1718

Lines 1012

Lines 2122

Lines 1114

Lines 1619

Lines 1722

Lines 1011

Lines 912

Lines 78

Lines 1516

Lines 911

Lines 610

Lines 1113

Lines 2023

Lines 2023

Lines 15

Lines 1821

Lines 1821

Line 26

Lines 89

Lines 1213

Lines 24

Lines 39

Lines 49

Lines 1920

Lines 1920

Lines 810

Lines 13

Lines 12

Lines 510

343.3

322.2

250.6

243.9

236.7

233.2

214.9

214.9

181

166.2

158.9

149.3

143.5

141.1

140.7

122.2

115

109.6

96.7

84.4

83.1

82.7

82.7

64.8

57

57

51.6

39.2

38.5

37.9

37.8

36.1

18.8

18.8

16.8

15.3

14.5

6.2

38

19.2

31.6

21.9

35.5

28.6

41.9

41.9

51.4

57.2

24.6

63.8

68.1

10.1

66.3

20.1

26.5

70.1

10.5

73

36.4

58.3

58.3

1.2

8.9

8.9

28.4

12.9

21.5

31.3

27.3

16.9

53

53

27.2

40.8

40

13.4

343.3

322.2

250.6

243.9

236.7

233.2

214.9

214.9

181

166.2

158.9

149.3

143.5

141.1

140.7

122.2

115

109.6

96.7

84.4

83.1

82.7

82.7

64.8

57

57

51.6

39.2

38.5

37.9

37.8

36.1

18.8

18.8

16.8

15.3

14.5

6.2

25.3

43.1

9

19.8

10.6

10.2

57.7

57.7

53.9

30.2

21.6

62.5

68.4

11.5

45.9

34

18.2

69

18.9

210.1

30

55.7

55.7

0.4

14

14

28.4

15

11.5

31

26.1

18.4

45.1

45.1

24.3

43.4

13.2

10.9

Table 6

Importance measures for selected components of substation 15.

Component ID

Failure probability

RRW

RAW

DS15024

DS15023

BUS15A1

BUS15B2

BUS15A2

CB15010

CB15011

5.00E04

5.00E04

1.67E05

1.67E05

1.67E05

6.60E03

6.60E03

1.43E+00

1.43E+00

1.00E+00

1.00E+00

1.00E+00

1.12E+00

1.12E+00

6.01E+02

6.01E+02

5.27E+01

2.61E+01

2.52E+01

1.72E+01

1.72E+01

disconnect switches DS15023 and DS15024 are the most important components with the highest values of RRW and RAW.

The data for causes of major blackouts in USA in the period

19941997 [51] clearly indicate that the equipment failures and

the weather conditions are the main initiators of blackouts.

Quantication of reliability of the power system is important

owing to the social, economical and safety implications of the

overall population. On August 14, 2003, a widespread loss of the

ARTICLE IN PRESS

1126

power (LOOP) initiating event (IE) at nine US commercial NPPs.

In a power system that consists of at least one NPP, reliability

of the power system inuences the safety of the NPP. The NRC

initiated a comprehensive program to review grid stability and

offsite power issues as they relate to the safety of NPPs [52,53].

The presented methods for assessment of power system

reliability can be used as an alternative approach for estimation

of the frequency of the loss of offsite power and station blackout

(SBO) initiating events in NPP PSA, thus resulting in an overall

improvement of PSA analysis of the plants. The loss of offsite

power initiating event occurs when all power to the plant from

external sources (the grid or a dedicated transmission line from

another onsite plant) is lost. The station blackout event is induced

by a loss of offsite power event followed by the failure of all onsite

diesel generators (DG) to start and run.

Taking into account that SBO and LOOP are major contributors

to CDF [54], the changes of LOOP IE frequency can result in

substantial changes of the results. For example, after initiating

events SBO and LOOP, their corresponding scenarios contribute,

respectively, 32.1% and 11.5% to the core damage frequency (CDF)

of specic NPP [54]. A LOOP initiating event frequency of 5.17E2

events/year is assumed. The LOOP results from three possible

causes, namely plant centred causes (PCL), grid causes (GD) and

weather related causes. If shares of 58%, 35% and 7% are assumed

for each of them correspondingly, then the value of 1.81E02

events/year is obtained for the GD LOOP. If the GD LOOP initiating

event frequency is changed based on power system evaluations,

the core damage frequency may change signicantly.

If the GD LOOP initiating event frequency is changed to

1.55E04 events/year, the value of LOOP is changed to 3.36E2

events/year. If the linear relation between CDF contribution and IE

frequency is assumed, the calculated contributions of SBO and

LOOP to CDF of the same NPP are 20.9% and 7.48%, respectively,

with change of core damage frequency being around 10%.

The presented method can be applied for reliability analysis of

other critical infrastructures such as trafc, communication and

gas networks. The identication and protection of the critical

components of a given networks can directly reduce the

consequences of terrorist attacks.

4. Conclusions

A new method for assessment of power system reliability is

developed. The method integrates the fault tree analysis and the

power ow model. The results are qualitative and quantitative

and they depend on the failure probabilities of components and

on the power ows in the power system. The results identify the

reliability measures connected to particular loads and the

reliability measures connected to the power system as a whole:

the probability of failed power delivery to selected loads, the

importance measures of components corresponding to selected

loads and the importance measures of components corresponding

to the whole power system.

An important feature of the method is that system deciencies

can be readily identied, using newly dened importance

measures. Both quantitative and qualitative results help in

focusing attention on those sections of a power system that

contribute the most to the unreliability of power delivery to

specic loads. Application of the method on IEEE area test system

is demonstrated. The method can be adapted for reliability

analysis of other critical infrastructures, which have similar

topology as the power system.

Future work may include integration of evaluation of substations into the power system evaluation, procedure for calculation

identication and analysis of minimal cut sets, which is capable to

consider even larger models.

Acknowledgement

This research was supported by the Slovenian Research Agency

(contract no. 1000-05-310016).

References

[1] Jeffrey S, Restrepo C, Zimmerman R. Risk-management and risk-analysisbased decision tools for attacks on electric power. Risk Analysis

2007;27(3):54770.

[2] Bruce F, Wollenberg B. From blackout to blackout 1965 to 2003: how far have

we come with reliability? IEEE Power and Energy Magazine, 2004;(January/

February):868.

[3] Rose A, Oladosu G, Liao S. Business interruption impacts of a terrorist attack

on the electric power system of Los Angeles: customer resilience to a total

blackout. Risk Analysis 2007;27(3):51331.

[4] Koonce AM, Apostolakis GE, Cook BK. Bulk power grid risk analysis: ranking

infrastructure elements according to their risk signicance, ESD-WP-2006-19,

Engineering Systems Division. Cambridge, MA: MIT Press; 2006.

[5] Carreras BA, Lynch VE, Dobson I, Newman DE. Critical points and transitions

in an electric power transmission model for cascading failure blackouts.

Chaos 2002;12(4):98594.

ausevski A, C

epin M. Genetic algorithm

[6] Volkanovski A, Mavko B, Bosevski T, C

optimisation of the maintenance scheduling of generating units in a power

system. Reliability Engineering and System Safety 2008;93(6):77989.

[7] IEEE Gold Book, IEEE Recommended practice for the design of reliable

industrial and commercial power system. ANSI/IEEE Std 493-2007, 2007.

[8] Save P. Substation reliabilitypractical application and system approach.

IEEE Transactions on Power Systems 1995;10(1):3806.

[9] Awosope COA, Akinbulire TO. A computer program for generating powersystem load-point minimal paths. IEEE Transactions on Reliability

1991;40(3):3028.

[10] Awosope COA, Akinbulire TO. A computer program for generating powersystem load-point minimal paths. IEEE Transactions on Reliability 1991;

40(3):3028.

[11] Apostolakis GE, Lemon DM. Screening methodology for the identication and

ranking of infrastructure vulnerabilities due to terrorism. Risk Analysis

2005;25(2):36176.

[12] Garrick BJ, Hall JE, Kilger M, McDonald JC, OToole T, Probst PS, et al.

Confronting the risk of terrorism: making the right decisions. Reliability

Engineering and System Safety 2004;86:12976.

[13] Bier VM, Gratz ER, Haphuriwat NJ, Magua W, Wierzbicki KR. Methodology for

identifying near-optimal interdiction strategies for a power transmission

system. Reliability Engineering and System Safety 2007;92(9):115561.

[14] Patterson SA, Apostolakis GE. Identication of critical locations across

multiple infrastructures for terrorist actions. Reliability Engineering and

System Safety 2007;92(9):1183203.

[15] Wei-Chang Y. An improved sum-of-disjoint-products technique for the

symbolic network reliability analysis with known minimal paths. Reliability

Engineering and System Safety 2007;92(2):2608.

[16] Miki T, Okitsu D, Kushida M, Ogino T. Development of a hybrid type

assessment method for power system dynamic reliability. In: IEEE international conference on systems, man and cybernetics, IEEE SMC 99 conference

proceedings, vol. 1, 1999. p. 96873.

[17] Zio E, Podollini L, Zille V. A combination of Monte Carlo simulation and

cellular automata for computing the availability of complex network systems.

Reliability Engineering and System Safety 2006;91:18190.

[18] Yishan L. Short-term and long-term reliability studies in deregulated power

system. Doctoral dissertation, Texas A&M University, 2005. p. 155+4.

[19] Ran M. Deterministic/probabilistic evaluation in composite system planning.

Master thesis, University of Saskatchewan, Saskatoon, 2003. p. 124+35.

[20] Yifeng L. Bulk system reliability evaluation in a deregulated power industry.

Master thesis, University of Saskatchewan, Saskatoon, 2003. p. 142+45.

[21] Rajesh UN. Incorporating substation and switching station related outages in

composite system reliability evaluation. Master thesis, University of

Saskatchewan, Saskatoon, 2003. p. 91+25.

[22] Hua C. Generating system reliability optimization. Doctoral dissertation,

University of Saskatchewan, Saskatoon, 2000. p. 160.

[23] Billinton R, Wangdee W. Delivery point reliability indices of a bulk electric

system using sequential Monte Carlo simulation. IEEE Transactions on Power

Delivery 2006;21(1):34552.

[24] Wenyuan L, Jiping L. Risk evaluation of combinative transmission network

and substation congurations and its application in substation planning. IEEE

Transactions on Power Systems 2005;20(2):114450.

[25] Fu-Min Yeh, Sy-Yen Kuo. OBDD-based network reliability calculation.

Electronics Letters 1997;33(9):75960.

A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

calculation. IEEE Transactions on Reliability 1996;45(1):1278.

[27] Allan RN, Billinton R. Reliability evaluation of power systems. Berlin:

Springer; 1996.

[28] Allan RN, Billinton R. Probabilistic assessment of power systems. Proceedings

of the IEEE 2000;88(2):14062.

[29] Vries RC. An automated methodology for generating a fault tree. IEEE

Transactions on Reliability 1990;39(1):7686.

[30] Galyean WJ, Fowler RD, Close JA, Donley ME. Case study: reliability of the

INELsite power system. IEEE Transactions on Reliability 1989;38(3):

27984.

[31] Hessian RT, Salter BB, Goodwin EF. Fault-tree analysis for system design,

development, modication, and verication. IEEE Transactions on Reliability

1990;39(1):8791.

[32] Haarla L. A method for analysing the reliability of a transmission grid.

Reliability Engineering and System Safety 2008;93(2):27787.

[33] Pottonen L. A method for the probabilistic security analysis of transmission

grids. Doctoral dissertation, Helsinki University of Technology, 2005. p. 119+88.

[34] Rasmussen N, et al. Reactor safety study. WASH-1400, US NRC, Washington,

1975.

[35] Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications, ASME RA-S-2002, 2002.

[36] Roberts NH, Vesely WE, Haasl DF, Goldberg FF. Fault tree handbook., NUREG0492, US NRC, Washington, 1981.

[37] Vesely WE, Dugan J, Fragola J, Minarick J, Railsback J. Fault tree handbook

with aerospace applications. National Aeronautics and Space Administration,

NASA; 2002.

epin M, Mavko B. A dynamic fault tree. Reliability Engineering and System

[38] C

Safety 2002;75(1):8391.

epin M. Method for assessing reliability of a network considering probabilistic

[39] C

safety assessment. In: Proceedings of the international conference on nuclear

energy for New Europe 2005, Bled, Slovenia, September 58, 2005.

epin M. Development of new method for assessing reliability of a network.

[40] C

In: PSAM 8: proceedings of the eighth international conference on

probabilistic safety assessment and management. New Orleans: ASME;

2006. p. 45/18.

1127

[41] C

requirements in technical specications. Reliability Engineering and Systems

Safety 1997;56(1):6977.

epin M. Optimization of safety equipment outages improves safety.

[42] C

Reliability Engineering and System Safety 2002;77(1):7180.

epin M. Analysis of truncation limit in probabilistic safety assessment.

[43] C

Reliability Engineering and System Safety 2005;87(3):395403.

epin M, Mavko B. Power system reliability analysis using

[44] Volkanovski A, C

fault trees. In: Proceedings, International conference on nuclear energy for

New Europe, Portoroz, 2006. p. 704.110.

[45] Ackovski R. Methods for planning of development of power systems using

Monte Carlo simulation. Doctoral dissertation, Electrotechnical FacultySkopje, Macedonia, 1989. p. 138+18.

[46] Breeding RJ, Leahy TJ, Young J, Cramond WR. Probabilistic risk assessment

course documentationvol. 1: PRA fundamentals. NUREG/CR-4350/1, US

NRC, Washington, 1985.

[47] RiskSpectrums PSA Professional, 19982003 RELCON AB.

[48] Xu X, Lam BP, Austria RR, Ma Z, Zhu Z, Zhu R, et al. Assessing the impact of

substation-related outages on the network reliability, PowerCon 2002. In:

International conference on power system technology, Proceedings, vol. 2,

2002. p. 8448.

[49] A report prepared by the Reliability Test System Task Force of the Application

of Probability Methods Subcommittee. The IEEE reliability test system1996.

IEEE Transactions on Power Systems 1999;14(3):101020.

[50] Allan RN, Billinton R. Reliability assessment of large electric power systems.

Boston: Kluwer; 1988.

[51] Carreras BA, Newman DE, Dobson I, Poole AB. Initial evidence for selforganized criticality in electric power system blackouts. In: Proceedings of

the 33rd annual Hawaii international conference on system sciences, 2000.

[52] Reevaluation of Station Blackout Risk at Nuclear Power Plants. NUREG/CR

6890. US NRC, Washington, 2005.

[53] Evaluation of Loss of Offsite Power Events at Nuclear Power Plants:

19801996. NUREG/CR 5496, US NRC, Washington, 1997.

epin M, Prosen R. Update of human reliability analysis for nuclear power

[54] C

plant. In: Proceedings, International conference on nuclear energy for New

Europe, Portoroz, 2006. p. 706.18.