Restricting Involuntary Extension of Failures in Smart ...xwang/public/paper/Failure... · power...

Restricting Involuntary Extension of Failures inSmart Grids using Social Network Metrics

Jose Cordova-Garcia1,2, Dong-Liang Xie1,3, Xin Wang11 Department of Electrical and Computer Engineering, State University of New York at Stony Brook, USA

2 Escuela Superior Politecnica del Litoral (ESPOL), Guayaquil, Ecuador2 Beijing University of Posts and Telecommunications, Beijing, China

[email protected], [email protected], [email protected]

Abstract—Modern communication technologies are expectedto be available in the future Smart Grids to enable the controlof equipments over the whole power grid. In this paper, weconsider such networked control approach to address failuresthat may occur at any location of the grid, due to attacks or unitmalfunction, and provide a wide-scale solution that prevent thefailure impacts from spreading over a large area. Different fromliterature work that focuses on modifying power equations underthe standard constraints of the power system, we estimate theimpact of controlling different nodes on topological areas of thegrid based on social metrics, which are derived from the graphcapturing both the topological and electrical properties of thepower grid. We propose a failure control algorithm for topologicalcontainment of failures in smart grid. Our algorithm also takescareful consideration of the impact the planned control has on thegrid to avoid the possibly involuntary failure extension. We showthat social metrics can efficiently trade off between the topologicaland electrical characteristics revealed by the power grid graphrepresentation. We evaluate the performance against networkedcontrol strategies that only use power models to determine theactions to be performed at power nodes. Our results show that theproposed control scheme can effectively contain failures withintheir original location range.

I. INTRODUCTION

The Smart Grid (SG) is envisioned to provide the neces-sary technology for a substantial improvement of monitoringand control applications of power systems. Failure controlis arguably one of the most important applications. Failurescan occur due to equipment malfunction, natural disasters,and planned attacks to grid infrastructure or systems. Legacycontrol and protection equipments often take automatic actionsbased on the local information. While such actions mayaddress small-scale failures, the recent occurrence of large-scale failures has demonstrated the prevailing vulnerabilitiesof the grid and the need for the improvement of its controlservices [1], [2], [3], [4]. The amount of power flowing througha line plays a crucial role in the effectiveness of failurecontrol as it is directly affected by failures and changes in thepower grid. Following a failure or change, succeeding powerflow redistribution can cause a power line to be tripped, andrepeated failures would induce a cascading failure.

Different from substations and major equipments, it is un-realistic to assume that every power line in the grid is directlymonitored and can provide reliable measurements. Due tothe large number of power lines, instead of being equipped

B

D

C

A

E F

(a) Failure

CB

D

A

E F

(b) Control

B

D

C

A

E F

(c) Failure

CB

D

A

E F

(d) Control

Fig. 1: Failure control and its impact on the grid

with a dedicated monitoring device, the majority of lines aremonitored indirectly through other type of measurements suchas voltage phasors. Also, many sections of the grid are eitherequipped with legacy monitoring devices that provide slowmonitoring rates or even not observable at all.

In the examples of Figure 1, we illustrate two majorproblems, due to the unreliable monitoring and the use ofconventional power control model respectively. The problemdue to unreliable monitoring can be seen in Figure 1a. Thepower line (D,E), marked as the bold solid red line, isoperating close to its thermal limit, beyond which the linewill be disconnected and result in a failure. The Control Center(CC) is unaware of the critical status of (D,E), but meanwhileidentifies a failure that occurs at (A,C). The failure effecton the power grid is marked with red dashed lines. A failurecontrol policy is generated at the control center and transmittedto relevant power nodes using the communication network.Large changes caused by the failure control are marked assolid blue lines in Figure 1b. A failure control strategy thatuses only power constraints has no restriction on the nodes tocontrol and nodes/lines affected by the control. Suppose thecontrol strategy following the basic power model has decidedto change the loads of nodes A,D,C,E to address the failure,with the restrictions that all line flows do not exceed theircapacity. While the failure at (A,C) has a distance fromthe critical line (D,E) and may not affect it greatly, thecontrol action executed at nodes D,E does and a controldue to inaccurate information may cause (D,E) to exceed itsthermal limit. Hence, a new failure is induced, and the originalfailure has been topologically extended. Therefore, while theCC might have expected the communicated control actions toaffect the region (lines) near the original fault, a topologically

IEEE INFOCOM 2018 - IEEE Conference on Computer Communications

978-1-5386-4128-6/18/$31.00 ©2018 IEEE 2510

unrestricted policy may arbitrarily affect any region.In Figure 1c, we can see another limitation of a control

strategy solely based on power considerations. (D,E) nowoperates safely within its capacity limit and the impact ofcontrol shown in Figure 1d does not cause its disconnection.The coordinated control actions taken by all blue nodes areload shedding, and one may expect load reductions to affectthe neighborhood of the region where the original failureis located. Although the control strategy may successfullyaddress the failure, the locations of load shedding nodes arearbitrarily decided based on a power model without topologicalrestrictions. As the load shedding reduces the amount of loadthat can be provided to the corresponding customers, from thecustomer view, the effects of failure (i.e. the amount of demandyielded) are topologically extended.

Both limitations discussed and illustrated above are the con-sequence of the lack of precise information and considerationof the topological impact a control strategy will impose onthe grid. In this paper we address such limitations by usingsocial metrics inferred from both the topological and electricalrelationship of nodes in the power grid. While the graphconcept is often applied to represent the physical topology ofa network, there is little work to consider controlling the gridbased on the graph from the electrical relationship perspective.Some recent studies have shown that social metrics can beused to characterize power grid vulnerabilities. Rather than justunderstanding the social relationship of grid nodes, we proposeto leverage the observed social impact of power nodes on thegrid to effectively control the grid failures while minimizingits indirect and involuntary effects on the grid status.

The rest of the paper is organized as follows. Section IIreviews the related work on vulnerabilities of power grids andthe control of failures. Section III describes the models used byour proposed algorithm. In Section IV, we analyze the socialproperties useful for the failure control, and describe the designof the control scheme proposed along with its algorithmicdescription. Section V describes the simulation scenario andthe performance results. Finally, Section VI concludes thework.

II. RELATED WORK

In recent years, power grid vulnerability analysis has drawna lot of research attention. This analysis is necessary as atool for designing more reliable power grids. Also, there is asubstantial amount of work on applications and requirementsthat are feasible once modern communication systems becomeavailable in Smart Grids [5]. Timely planned failure controlbeing arguably one of the most important applications.

Some recent studies represent the Smart Grid as a graph [6],[7] and study the properties of the electrical structure of thepower grid. The goals are to identify “important” power nodesthat can cause the biggest damage in case of failure (or attacks)through social metrics.

In [6] the authors propose to analyze an alternative graphrepresentation of the power grid where links are constructedbased on the strength of electrical connections in contrast to

the physical power line connections. Instead of comparingthe similarities between the topological and electrical graphstructures, in this work, we study how nodes with differentsocial properties impact the power grid when controlled.Moreover, different from [6], [7], our goal is to exploit thesocial properties of power nodes to determine the controlstrategy upon the occurrence of a failure.

Different from the traditional trigger-based automatic con-trol and protection, the increasing adoption of modern com-munication technologies in power grids has provided thepossibility of controlling failures in a planned, organized andcoordinated way. Along the line of vulnerability analysis, thecontrol strategies in [8], [9] attempt to maintain the powerof the important nodes without shedding their load, where theimportant nodes are the ones that provide power to the controlnodes. On the other hand, the recent work in [10] presents themethodology of identifying geographically correlated failuresand evaluates the accuracy of its model using the historicaldata of the San Diego Blackout. The authors also present astandard control strategy based on the power model and itsrespective restrictions. In this paper, we agree on the generalstrategy of planned and coordinated control modeled by amathematical program. However, different from the literaturework, we make use of the graph representation of the powergrid along with its topological and electrical properties todesign the control strategy. Specifically, based on our observa-tions of the graph’s social properties, we provide the controlprogram the capability of deciding control actions that preventthe topological extension of failures by reducing the effects ofcontrol-induced power flow redistribution on regions far awayfrom the original failure.

III. MODELS

In this section, we present the system model used in thedesign of the control scheme. We start by introducing acommonly used graph representation of the smart grid and thecomponents that are considered in the failure control process.Using this model, we describe how topological and electricalinformation can be inferred from the graph according to themodel used for its edge weights.

A. Power Grid Model

A Smart Grid system contains two different networks: apower grid and a communication network to transmit datafor the grid monitoring and control. The power grid will bemodeled as a graph P(N , E), where the N = |N | nodesinclude power generators, consumer loads and pass-through(transmission) substations. The physical power lines in chargeof transmitting power from generation units to customer loadsare contained in the edge set E .

The communication network that provides monitoring andcontrol capabilities can be modeled by a graph P ′(N ′, E ′).If each node of the power grid is under the control, we willhave an one-to-one mapping between the controllable nodesN ′ and the grid nodes N . Although a communication networkis often established along the power lines, the topology of the


2511

communication network does not have to be exactly the sameas that of the grid.

Each node i ∈ N in the grid P(N , E) is associatedwith a power Pi, and is a power generator if Pi > 0 or apower consumer if Pi < 0. We consider a power grid tobe balanced when

∑i∈N Pi = 0. The topology described

by E captures the physical connections of power lines in thegrid. Each power line ei,j ∈ E has an operational capacityci,j , and its associated flow fi,j should be kept below ci,jfor the normal operation. A line can be physically brokendue to natural disaster or get disconnected by its protectionequipment once it is overheated as a result of the sudden andfrequent flow variation or because it works over capacity foran extended period of time. When there exist failures, we have∑

i∈N Pi 6= 0 and P(N , E \ {ei,j}), where the set of failedlinks are excluded from the power grid graph. Failures thatcause long-term disconnections of lines can partition the gridinto several components, in which case the models presentedshould be applied to each connected component.

B. Graph Weight Models

In the grid graph, the weight of an edge can correspondto the electric parameters (i.e. admittance) associated to it orthe physical distance of the power line corridor that links twonodes (substations). We use the topological distance to reflectthe geographical distance, and di,j to represent the shortestdistance between a pair of nodes i and j. Power flows canalso be used as weights w(ei,j) = fi,j ,∀ei,j ∈ E and a failurelocation would be identified by the edge whose flow exceedsthe capacity threshold. However, power lines can operate overthe capacity for some time before being tripped. For moreeffective and timely failure control, it is more informativeto identify the locations where flows are changing. A powerflow model is often applied to describe the behaviors thatgovern the power grid and how flows change and traversethe nodes and edges in P , but it does not directly reflect thetopology information. However, the admittance matrix usedin flow models can be interpreted as a weighted Laplacianof the grid graph P , and the admittances of the lines canbe used as weights for the graph to capture both the graphrelationship and power interaction. Specifically, the elementsof the admittance matrix Y are defined as:

Yi,j =

{ ∑k 6=i yi,k if i = j

−yj,i if i 6= j,(1)

where yi,j ∈ C is the line admittance and it only exists if thephysical connection between i and j exists. Different from theliterature work which uses the admittance matrix to identifyvulnerable components or only refers to the admittance matrixwhen describing the power flow models [11], [8], [9], [10],we will exploit graph-based metrics that can infer topologicaland electrical information from Y to contain failures in powergrids to prevent their propagations to a large area.

IV. TOPOLOGICAL CONTAINMENT OF FAILURES IN SMARTGRIDS

The aim of this work is to control grid failures whileminimizing the indirect and involuntary detrimental effectson the grid caused by the control. We first introduce theissues involved when performing the optimal load sheddingto control the grid failures. We then discuss two types ofcentrality metrics adapted from social networks to the powergrid network, and examine the effect of using social powernodes on controlling failures over a typical grid topology.Finally, based on the insight gained from our observations,we describe the design of an optimal control scheme based onsocial metrics.

A. Load Shedding-based Failure Control

A power grid operating out of its normal state, e.g. due topower imbalance and/or power-line overcapacity, can return toits normal state by adjusting the total power in the network.Load shedding actions can help restore the power balance andmake the power flows to be under their capacity limits. Abasic mathematical formulation of such a control involves theoptimization of a function of the controllable loads, Pi ∈ P,in a way that the reduction from the power amount at the timeof failure, P 0

i , is minimized, subject to a tractable power flowmodel and the capacity constraints:

minimizePi∈loads

1 · (P−P0) (2a)

subject to P = Y ·Θ , (2b)

fi,j = βf̂i,j + (1− β)f0i,j , (2c)

fi,j ≤ ci,j , i, j ∈ N | ei,j ∈ E , (2d)

P 0i ≤ Pi ≤ 0,∀i ∈ loads (2e)

0 ≤ Pi ≤ P 0i ,∀i ∈ generators (2f)

The constraints (2b) and (2d) represent the power modelwith the voltage vector Θ and the capacity limits for thepower lines, while (2e) and (2f) represent the load andgeneration limits. Each active power Pi in (2b) correspondto∑

j∈N(i)fij = Pi,∀i, j ∈ N , (i, j) ∈ E and N(i) is the setof neighbors of i. Equation (2c) estimates the evolution of thepower flow fi,j after control, where β is a tuning parameter[10], ˆfi,j is the theoretical power flow calculated using (2b),and f0

i,j is the flow of the power line ei,j at the moment offailure. Thus, the model of the operating condition of a line,fi,j , in (2c) incorporates the thermal effect of changing theflow f0

i,j . The performance of this model depends on the timelyand reliable transmission of the value f0

i,j from its monitoringdevice.

Simply reducing the total amount of load may require nodesall around the grid to change loads, so customers at locationsdistant from the original failures may be also affected. Also,as discussed in Section I, altering the load of a node cancause power flow changes in lines relatively far away fromthe node. In case that a critical line is affected, this willintroduce more uncertainty in control effectiveness. Moreover,


2512

(a) IEEE 39: High Cc control (b) IEEE 39: High Cd control (c) IEEE 39: Cc vs Cd

(d) IEEE 118: High Cc control (e) IEEE 118: High Cd control (f) IEEE 118: Cc vs Cd

Fig. 2: Using centrality to select controlled nodes: Average flow changes at different distances from the location of the controlnode.

controlling loads all over the grid is more prone to lossand delay of control packets, which can take the network tounplanned states, temporarily or permanently. The variabilityof flows at the unplanned states contribute to the overheatingof the power lines and/or the false tripping which furtherextends the failure. Furthermore, while the power variablesinvolved in (2) are related with the graph representation ofthe grid, no characteristics or information that can be extractedfrom the graph is used in this control formulation. A controlstrategy as the one described before could assign the amountof load shed as a function of the distance in an effort togeographically contain the failure expansion and the impact ofcontrol. However, different from communication networks orsocial networks where mainly the network graph is considered,power grids are governed by physical characteristics that haveto be taken into account when defining their topology andconstraining the control extension. Next, we describe thephysical features of the grid that can be adapted from its graphrepresentation to design the control scheme.

B. Topological/Electrical features of the GridIn order to constrain the failure extension to a large geo-

graphic distance, we also need to consider the tradeoff betweenphysical topology connections and the inherent electrical cou-pling that governs the distribution of flows and consequentlydefines the status of the grid and its stability. The admittancematrix Y can be used to describe the electrical coupling ofnodes and lines in the grid.

An “electrical” connection represented by ri,j can be de-fined along with the physical connection ei,j described inP(N , E) to measure the impact on the grid after modifying thepower of a controlled node. Analogous to the length (distance)

of a power line between two nodes ei,j , the electric resistancedistance is defined as [12]:

ri,j = zi,i + zj,j − 2zi,j (3)

where zi,j ∈ Z = Y−1. The electric resistance distances in Rdescribe the connectivity between any pair of nodes i, j. Thusa matrix R can be defined to capture all resistance distances inthe grid. As the power grid is known to have a sparse topology,the matrix Y is sparse because its entry yi,j corresponds to theadmittance of the power line ei,j which physically connects iand j. Hence, its inverse Z is a full matrix with entries zi,jeven for the case ei,j /∈ E .

To contain a failure and its effects, we need to consider boththe topological and electrical closeness between the controllednodes and the failure location. As the physical topology infor-mation is embedded in Y and the electric coupling is describedwith the matrix R, our control criteria will incorporate bothfactors. In light of the metric from social network, we considerbuilding up from two centrality metrics to capture the impactof the control of a specific node on the overall grid nodes:closeness centrality and degree centrality.

Different from studies that asses the impact of social-nodefailures/removals on the grid to identify system vulnerabilities,we focus on investigating the impact of controlling centralnodes to define a control scheme that leverage social charac-teristics to restrict the failure extension.

C. Closeness Centrality and its Impact on Control

In order to evaluate the impact of power flow change of anode on other nodes, we would like to have a metric electriccloseness centrality to determine how “close” a controllable


2513

node is to all other nodes. This may be evaluated in terms ofthe electric resistance distance as:

Cc(i) =1∑N

j=1ri,jN−1

, (4)

where ri,j of the matrix R contains the electric distancebetween nodes i and j in the network, and R is a full matrix.Analogous to the social network closeness centrality, whena node i with a high electric closeness centrality performs achange (control), it is expected to have a great impact on thegrid.

However, unlike a social network, power networks are alsosubject to a power model to determine how flows traversethe nodes. To verify this, we perform a preliminary study toevaluate the closeness centrality metric of the IEEE 39 andIEEE 118 bus systems [13]. We select the top 10 nodes withhigher closeness centrality to evaluate the percentage of theflow change they impose on the grid when load shedding isperformed at these nodes. For illustration purpose, the amountof load shedding is randomly selected within a range of 5%to 20%, so the flow changes correspond to the average changeinduced by different levels of load shedding.

In Figures 2a and 2d, the flow change is measured for allpower lines represented by the topological edge ek,l ∈ E , k, l ∈N , and we show the average flow change as a function of thetopological distance from the controlled nodes.

By the analogy to the social metrics, nodes with the highcloseness centrality are expected to have a great influenceon the network. However, in Figure 2a and 2d, we can seethat large changes in the grid states such as power flowsare contained within a distance. This implies that controllinga high Cc(i) node allows us to reduce the amount of flowdirected to it while restraining the rest of the flow changes.This can be explained by the fact that in the power grid, thecloseness centrality of a node i describes how likely it is forthe power to flow to or through the node. However, while largechanges are contained within a distance, the flow changes maynot exhibit the desired decreasing trend as seen in the largestpeak of figure 2d.

Thus, the electrical closeness reveals some important fea-tures of nodes in the power grid, and some of these featurescan be carefully exploited to control these nodes to topo-logically contain the failures with a decreasing effect withdistance.

D. Degree Centrality and its Impact on Control

Besides the closeness centrality, to capture the coupling of apower node with the rest of the components of the grid (powerlines and nodes), we will investigate another measurement ofcentrality, electric degree centrality:

Cd(i) =|| Yi,i ||N − 1

, (5)

where Yi,i is the corresponding entry of the diagonal com-ponent of Y, the admittance matrix. This measurement of

centrality considers the total admittance of power lines ter-minating at the node i. Different from Cc(i), it captures thephysical connections instead of all the electrical connections.

Similar to the analyses with the closeness centrality, weselect the top 10 nodes ranked with the highest degree cen-trality, Cd(i). In Figures 2b and 2e, compared to the control ofnodes with high closeness degree, large effects of controllingnodes with high degree centrality appear to expand to longertopological distances from the controlled location. Thus, whileCd alone may not provide a favorable impact on the grid, thedegree centrality of a node can provide information about thelarge peaks that interrupt the decreasing trend of flow changesfrom the controlled point. Hence, Cd(i) will be used in ourdesign with Cc(i) to quantify the effect of controlling the nodei for the failure recovery.

E. Failure Control based on Social Metrics

Our preliminary observations have shown that social cen-trality metrics can be applied to more effectively control thefailure in the power grid. We showed that the closeness anddegree centralities contain different information that can beleveraged for control. However, some nodes may have highvalues for both types of centralities as shown in Figures 2cand 2f. The two metrics can be used to trade off betweencontrolling nodes topologically close to the failure and con-trolling nodes whose electric impact is low but may be distantfrom the failure. The latter can prevent impacting power linesfrom uncertain monitoring, at the cost of controlling nodespossibly far from the original failure location. Next, we needto determine the amount of load to shed at a controllable nodeto contain failures.

The metric Cc(i) helps identify how electrically close anode i is to the rest of the network and quantify the impactof load change at i on the overall grid. On the other hand, themetric Cd(i) helps identify nodes that have a high couplingwith the grid based on the physical connections and charac-teristics of power lines. Thus, the amount of load shed at acontrollable node i should be a function of three factors: itspossible impact on the grid, its physical connections, and itselectrical characteristics.

Following our previous observations, the desired decreasingtrend of flow changes is sometimes interrupted by large peakswhen controlling nodes with Cc alone. Then, Cd(i) can beused to address the limitation of Cc as it provides informationof the effect at longer topological distances. Therefore, weconsider the ratio 1

Cd(i)Cc(i) as a proportion factor of theamount of load to shed. This factor considers both the im-pact at locations close and the impact at longer topologicaldistances as described by the social metrics. In this centralityfactor, the contained impact described by Cc(i) is dominantas it can be seen from (5) that the variance of Cd(i) is muchless than that of Cc(i). In this way, we use Cd(i) as a weightfor Cc(i) that will constrain shedding to not be abrupt andcontribute to a smoother decreasing trend.

Moreover, failures can occur anywhere in the network, andit is desirable to constrain the impact on loads to nodes close to


2514

the failure locations. Controlling nodes based solely on theircentrality factor can restrict the impact of load changes tonodes near the controlled node, but these changes may not berestricted to be close to the failed node if a node with small

1Cd(i)Cc(i) rank is far from the failure location. We will furtherconsider the impact due to both the electric and topologydistances from the controllable node i to the failure. For asingle-line failure located at ej,k, we can define an electrical-topological distance to each controllable node as:

r̄i,ej,k =

(1−

ri,ej,k∑i∈N ri,ej,k

)di,ej,k (6)

where, di,ej,k is the topological distance from node i to lineej,k which can be defined analogously to the electrical distanceto an edge. Then each node i ∈ N can use the aforementionedmetrics to determine the amount of load to be shed by defining:

α(i) =1

Cd(i)Cc(i)

r̄i,ej,k∑i∈N r̄i,ej,k

(7)

In (7), we model a mixed metric of social centralities andtopological/electrical distances. The centrality factor providesthe information of i’s impact when controlled. A node witha large 1

Cd(i)Cc(i) is more likely to impact largely the gridand should have less load shedding when controlled. Thenormalized factor r̄ helps balance the topological and electricaldistances to the failure location. The metric in (7) can beused to provide a weighted version of equation (2), whichdetermines the amount of load shedding at each node.

Finally, to further minimize the direct effect of load shed-ding on the power delivered to customers, a regularization termcan be added to the objective function of Eq. (2). With theregularization term, the sparsity of the solution of the controlproblem can be controlled. In this way, the regularizationterm contributes to the minimization of the number of (large)control actions required to address a failure. Moreover, asthe proposed scheme corresponds to networked control, it isdesirable to have fewer control message transmissions, in orderto reduce the chance of delaying or missing control packetsthus the possible compromise of the reliability of the controlscheme. The objective in Eq. (2) can be modified as:

α · (P−P0) + λ || P−P0 || (8)

where λ is the regularization parameter that induces the controlalgorithm to require large shedding to the least number ofnodes as possible. Thus, the number of nodes that can havegreat impact is reduced. Algorithm 1 summarizes the proposedcontrol approach. Step 7 details that the control algorithm willoptimize (8) which in turn makes controlled nodes performpower changes proportionally to αs. When there are multi-line failures, we can apply the proposed control by adapting(6) and (7) to use the topological-electrical distance fromthe controllable node i to the closest failed line ej,k ∈ F0,where F0 is the set of failed lines. Furthermore, calculatingthe different metrics involved in (7) requires the matrix Y, its(pseudo)-inverse and simple arithmetical computations, which

are known a priori by the control center and can be calculatedoffline. After identifying failures, the control center can updateY,Z. For very large networks, as well as common real lifeimplementations, a distributed version of Algorithm 1 can beimplemented to improve the scalability of the control, wherethe proposed metric (7) does not increase the complexity ofsuch a task.

Algorithm 1 Social Based ControlINPUT: Power Grid graph P(N , E), set of initial line failuresF0 ⊂ E

1: Calculate R2: for all ej,k ∈ F0 do3: Obtain candidate nodes Nej,k ⊂ N4: for all i ∈ Nej,k do5: Compute load shedding contributions α(i) ∈ α:

α(i) = 1Cd(i)Cc(i)

r̄i,ej,k∑i∈Nh

r̄i,ej,k6: end for7: Compute eq. (2) with objective: α · (P − P0) + λ ||

P−P0 ||, using α(i) to determine the load sheddings.8: end for9: Transmit control actions to all nodes i ∈ Nej,k ,∀ej,k ∈ F0

V. PERFORMANCE EVALUATION

In this section, we evaluate the performance of the proposedcontrol scheme and its capability of restraining failures andtheir effects when restoring the power grid status back to itsnormal operation. Here, the topological extension of a failureis measured by the effect that control actions have on powerflow changes in all the lines of the grid.

We compare the performance of the proposed control (Al-gorithm 1) with a topologically unrestricted load sheddingcontrol strategy proposed in [10], based on (2) and refer toit as standard control. Standard control only makes use of thepower flow equations that govern the behavior of the powergrid, and the restrictions imposed on its equipments e.g. powerflow capacities.

A. Simulation Scenario

We evaluate two different scenarios, which are differenti-ated by the location of the failure that triggers the controlprocess: targeted attacks and random failures. In the targetedattack scenario, there is a disconnection of a node with highcentrality. That is, there is an attack against the power lines ofthe targeted node. As discussed in Section IV-D, Cd is a localmetric directly related to the number of lines associated tonode i. Thus, it is more likely that an attacker could estimatesuch centrality nodes without requiring complete informationof the power grid. Hence, the metric used to select the failurelocation (faulted node) is the degree centrality as defined in(5). We also evaluate the scenario where the failure of a powernode occurs at a random location in the power grid.

The test cases used for evaluation correspond to IEEE bussystems of different sizes. Such cases are based on portions of


2515

(a) IEEE 39 (b) IEEE 57 (c) IEEE 118

Fig. 3: Targeted Failures: Average flow changes due to failure control at different distances from the location of failure.


Fig. 4: Targeted Failures: Maximum flow changes due to failure control at different distances from the location of failure.

the American Electric Power System, e.g. New England IEEE39 bus system. Besides having a variety of sizes, differentIEEE test cases also present different topologies, which in turnimpact the social metrics. Thus, the 39, 57, and 118 test casesallow us to evaluate the scalability of the proposed solution.

B. Impact of Control on Power flows

The execution of a failure control strategy causes an amountof flow change in all power lines of the grid. Figure 3 showsthe average amount of power flow change, due to control, atdifferent distances from the original failure location.

The x-axis indicates the topological distance (in number ofhops) from the power line to the failure location. The goalof our control strategy is to restrain such great changes tooccur in locations as close as possible to the original failurelocations and provide a monotonically decreasing trend forsuch changes.

When a failure occurs at a high centrality node, the proposedscheme properly assigns different levels of load shedding ina way that the shedding on power flows decreases with thedistance from the failure location. Figure 3 shows a clearmonotonically decreasing trend of power flow changes withdistance. Moreover, such a trend is present regardless of thepower grid evaluated, which demonstrates the scalability ofour solution.

On the other hand, the standard control is driven only bythe power flow equations, and thus can perform relatively large

control (shedding) away from the failure. Thus, the standardcontrol can include more nodes that are of higher centralityrather than the ones close to the failure. Furthermore, withoutrestriction on the controlled nodes, the standard control canchoose to perform load shedding at high centrality nodeswithout considering the effect of such actions on the grid.

As discussed before, controlling high degree centralitynodes can have a relatively large effect on the grid evenat locations far away from the controlled node. Such effectresults in the occurrence of peaks of flow change at powerlines far away from the failure location as shown in Figure3b, where the decreasing trend achieved by the proposedcontrol is slightly interrupted at the hop 4 with a small peak.This is a consequence of controlling nodes that have highvalues for both types of centralities. In this case, the centralityfactor in (7) will result in large shedding for such nodes andfarther away flows are impacted as with the standard control.Fortunately, the distance factor in Equation (7) takes effectto properly restrain peaks at far away nodes to be as smallas possible. Figure 4 helps to visualize such effects, wherethe maximum flow change recorded for the targeted failuresscenario is presented. Note the maximum flow change of aline does not imply that the line exceeds its capacity, butonly indicates how much change it experiences in order tocontrol the failure while working within its line capacity limit.The figure shows that the peaks of flow change can reach


2516


Fig. 5: Random Failures: Average flow changes.


Fig. 6: Random Failures: Maximum flow changes.

considerably large values. For example, Figures 3c and 4creveal that while on average both control schemes show similarmonotonic behavior, there exist cases where the flow changecaused by the standard control can be more than double thatby the control based on the social metrics. Similarly, in Figure4b, our proposed control shows a few considerable large peaksof flow changes that resemble those of the standard control.However, Figure 3b shows that on average the control basedon social metrics can restrict the propagation of effects severaltimes smaller than that from the standard control. Moreover,using the recorded maximum flow change, a power operatorcan track and identify the node whose disconnection results inthis behavior and provide preventive measures to address thevulnerability of such particular grid.

Figures 5 and 6 show results when the failure location israndomly selected without considering the centrality of theaffected node. It can be inferred that failures that involvehigh centrality nodes dominate the performance of control,as our control scheme again effectively applies the electrical-topological distance along with the centrality informationmetric to capture the possible effect of controlling every nodein the grid when taking shedding actions. Thus, the similarityof the trends in both scenarios suggests that social metricscan be used to identify the nodes that would cause the mostdamage to the grid, as also reported in related power gridvulnerability studies.

As discussed in Section I, restraining the propagation ofcontrol effects close to the original failure location is extremelyimportant in case power lines are unknowingly operatingnear their capacity limit. The standard control relies on theassumption that the capacity constraint accurately describesthe line status and the monitoring of the status of all powerlines in the grid is timely and reliable. In contrast, we haveseen that our social scheme, without relying on the monitoringinformation, provides a “decaying with distance” control effectthat will become benefitial in presence of critical lines.

C. Impact of Measurement Reliability

Now we evaluate the effect of monitoring conditions onthe efficiency of a failure control strategy. In the previousevaluations, we have considered that all edges are workingwithin their capacity limits at the moment of failure, and theirstates are timely known when the control strategy is calculated.Now we randomly select 10% of the grid edges to be operatingat full capacity, where a power flow increase will cause theline to be tripped. At the same time, we generate failures thattrigger the control process, and evaluate the 3 locations ofinterest as done before.

In the following evaluations we vary the reliability todescribe the amount of information the control center hasabout the sensitive edges. The impact of the reliability on thecontrol efficiency is presented in terms of the system yield,i.e. the ratio of total demand supplied at the stable state after


2517

the failure to the total demand supplied before the failure. Theyield is affected proportionally to the amount of load sheddingdecided by the control strategy. In the case of 100% reliability,a control strategy should be able to stop the failure and take thenetwork back to the stability. In the case of 0% reliability, noneof the sensitive lines could inform its condition to the controlcenter. However there exist some power lines that are affectedsignificantly while being far away from the failure, whichcompromises its performance. When the reliability decreases,a control strategy may not be able to bring the grid back tothe stability due to new failures. Then, a new control strategyneeds to be communicated to the grid until it reaches thestability. We show these results in Figure 7.

If part of the states of the sensitive lines are known, thestandard control can prevent only this portion from failure. Asits strategy is not restricted by locations, its impact can stillaffect the sensitive lines not reliably monitored. On the otherhand, the proposed control topologically restricts failures andcontrols its impact along with the information from part of thesensitive lines, and can obtain about 30% more yield than thestandard control for the monitoring unreliability cases. Thiscan be seen in the case that failures are randomly locatedacross the grid in Figure 7b.

When failures occur near high Cc nodes, it is more likelyfor control actions to be performed close to the failure lo-cations. However, the standard control can still affect variedlocations across the grid away from failures. Then, when thereliability decreases, the performance of the standard control issignificantly compromised due to the lack of consideration ofthe topological extent of its control actions. In Figure 7a, wecan see that our control maintains its smooth increasing trend,providing almost 28% more yield than the standard controlwhen the reliability decreases.

VI. CONCLUSION

The load control of grid nodes without considering the topo-logical information may result in the involuntary disconnectionof power lines unknowingly operating at their capacity limits,which leads to the extension of power grid failures. We showthat social metrics derived from the graph representation ofthe grid can be used to infer the impact of failure controland the possible topological extension of the problem. Wepropose a networked control scheme based on the socialmetrics along with a metric that balances the topological andelectrical closeness of controllable nodes. Compared to theconventional schemes, our performance results demonstratethat control based on social metrics can effectively restrain thefailure and the impact of control to be close to the originalfailure locations. Moreover, even when the states of sensitivepower lines are unknown, the impact of the proposed controlon those lines is still considerably reduced.

REFERENCES

[1] U.S.-Canada Power System Outage Task Force. Final report on theaugust 14, 2003 blackout in the united states and canada: Causes andrecommendations, April 2004.

(a) Targeted Failures.

(b) Random Failure.

Fig. 7: Effect of power flow monitoring reliability on Yield.

[2] UCTE. Final report of the investigation committee on the 28 september2003 blackout in italy. 2004.

[3] Xiangyi Chen, Changhong Deng, Yunping Chen, and Chunyan Li.Blackout prevention: Anatomy of the blackout in europe. In PowerEngineering Conference, 2007. IPEC 2007. International, pages 928–932, Dec 2007.

[4] Chunyan Li, Yuanzhang Sun, and Xiangyi Chen. Analysis of theblackout in europe on november 4, 2006. In Power EngineeringConference, 2007. IPEC 2007. International, pages 939–944, Dec 2007.

[5] V.C. Gungor, D. Sahin, T. Kocak, S. Ergut, C. Buccella, C. Cecati,and G.P. Hancke. A survey on smart grid potential applications andcommunication requirements. Industrial Informatics, IEEE Transactionson, 9(1):28–42, 2013.

[6] E. Cotilla-Sanchez, P.D.H. Hines, C. Barrows, and S. Blumsack. Com-paring the topological and electrical structure of the north americanelectric power infrastructure. Systems Journal, IEEE, 6(4):616–626, Dec2012.

[7] Zhifang Wang, A. Scaglione, and R.J. Thomas. Electrical centralitymeasures for electric power grid vulnerability analysis. In Decision andControl (CDC), 2010 49th IEEE Conference on, pages 5792–5797, Dec2010.

[8] M. Parandehgheibi, E. Modiano, and D. Hay. Mitigating cascadingfailures in interdependent power grids and communication networks.In SmartGridComm Communications and Networks Symposium. IEEE,November 2014.

[9] M. Rahnamay-Naeini and M.M. Hayat. On the role of power-gridand communication-system interdependencies on cascading failures. InGlobal Conference on Signal and Information Processing (GlobalSIP),2013 IEEE, pages 527–530, Dec 2013.

[10] A. Bernstein, D. Bienstock, D. Hay, M. Uzunoglu, and G. Zussman.Power grid vulnerability to geographically correlated failures; analysisand control implications. In INFOCOM, 2014 Proceedings IEEE, pages2634–2642, April 2014.

[11] L. Galbusera, G. Theodoridis, and G. Giannopoulos. Intelligent energysystems: Introducing power-ict interdependency in modeling and controldesign. Industrial Electronics, IEEE Transactions on, 62(4):2468–2477,April 2015.

[12] D.J. Klein and M. Randi. Resistance distance. Journal of MathematicalChemistry, 12(1):81–95, 1993.

[13] University of Washington. Power systems test case archive.


2518

Restricting Involuntary Extension of Failures in Smart ...xwang/public/paper/Failure... · power...

Documents

Transcript of Restricting Involuntary Extension of Failures in Smart ...xwang/public/paper/Failure... · power...