Smart Grid Handbook Dynamic Security Assessment

Dynamic Security Assessment
Lei Wang1 , Xi Lin1 , Fred Howell1 , and Kip Morison2

1 Powertech Labs Inc., Surrey, British Columbia, Canada
2 BC Hydro, Vancouver, British Columbia, Canada
1 Introduction
Power system security, in the context of this chapter, is concerned with the degree of risk in a power system
as it pertains to its ability to survive a disturbance without interruption to customer service (IEEE/CIGRE,
2004). It relates to robustness of the system to disturbances and, hence, depends on the system operat-
ing condition before the disturbance as well as the contingent probability of the disturbance. Note that the
concept of security should not be confused with the concept of stability. Stability refers to the ability of a
power system, for a given operating condition, to regain a state of operating equilibrium after being sub-
jected to a disturbance, with most system variables bounded so that practically the entire system remains
intact. A stable system condition may not necessarily be secure. For example, under certain conditions, a
disturbance may lead to unintentional loss of load (owing to the action of protective systems), which may
eventually render the system response stable. However, a secure system condition must be stable.
When disturbances occur, the various components of the power system respond and hopefully reach a new
equilibrium condition that is acceptable according to some criteria. The process of performing mathematical
analysis of these responses and determining the new equilibrium condition is called security assessment.
In terms of the dominant physical performance concerned, security assessment used to be classified into
static security assessment (SSA) and dynamic security assessment (DSA). On the basis of the primary system
responses, DSA may also be referred to as voltage security assessment (VSA) or transient security assessment
(TSA). Owing to the requirements of ensuring overall security of a system in practical security assessment,
the current trend is not to make such distinctions by generally referring to these as DSA. DSA has been
formally defined by IEEE as follows:
Dynamic Security Assessment is an evaluation of the ability of a certain power system to with-
stand a defined set of contingencies and to survive the transition to an acceptable steady-state
condition.
Smart Grid Handbook, Online © 2016 John Wiley & Sons, Ltd.
This article is © 2016 Crown Copyright in the UK and © 2016 John Wiley & Sons, Ltd in the rest of the world.
This article was published in the Smart Grid Handbook in 2016 by John Wiley & Sons, Ltd.
DOI: 10.1002/9781118755471.sgd090
2 Smart Grid Handbook
Normal
Restorative Alert
In extremis Emergency
Figure 1 Operation states of a power system
By a contingency, it refers to a series of events taking place in a system that eventually lead to the loss of
one or more power system elements, such as a transmission line and power transformer. From the security
perspective, operation of a power system can be classified in one of five states: normal, alert, emergency,
in extremis, and restorative as shown in Figure 1 (Kundur, 1994). The normal state is the state wherein
the system is stable with all components within operating constraints and the system is able to withstand all
creditable contingencies without sacrificing security. The system enters into the alert state when the system’s
security level is weakened, so that the occurrence of a credible contingency would cause the system to reach
a state, where certain security criteria might be violated (e.g., overloading on transmission equipment or
unacceptable voltages at key bus bars). The emergency state arises when the system begins to lose stability
or when component operating constraints are violated. The system can move to the in extremis state when
a severe contingency takes place at the alert state or when no corrective actions are taken at the emergency
state, resulting in the cascading loss of loads or system equipment. The system may further be split into
islands with possible blackout in large areas. The restorative state is when equipment and services lost in
the in extremis state start to be restored and the system is regaining the required level of security.
DSA is traditionally performed off-line using power system models assembled for studies. Transmis-
sion planning (TPL) (i.e., looking at future generation and load scenarios) is performed using planning
cases where preliminary data are used for planned future generation and transmission equipment. However,
off-line DSA for current (or imminent) system conditions are performed using models of the current system
configuration, where models of currently in-service equipment have preferably being validated. Recently,
online DSA performed using real-time system data has become more attractive due to advances in compu-
tation algorithm development, real-time data acquisition and analysis, and computer technologies. Another
fundamental difference between online and off-line DSA analysis is that in off-line studies, the engineer
attempts to envisage possible onerous conditions that may lead to operating challenges and thus develop
operating strategies to address them, whereas in online DSA, the tool is working in real time to address
actual present system operating conditions.
DSA contains three basic elements that are described in this chapter:
1. Setting the security criteria including the contingencies to be applied and the system performance
expected.
DOI: 10.1002/9781118755471.sgd090
Dynamic Security Assessment 3
2. Building a set of system models necessary for the assessment.

3. Performing the analysis using appropriate methods.
Extensive literature on DSA practices is available; for example, Fouad (1988) and CIGRE (2007) give
good review and summary on this subject. In this chapter, such practices are reviewed. The discussions are
given only to those that are well established and widely used; in other words, methods that are subject to
applications restrictions or are in research stage are not included.
2 Scope
While there are many phenomena that are of interest in the response of a power system following
a contingency, DSA focuses primarily on two types of phenomena – static and dynamic. The static
phenomena are the characteristics after the system settles to a new equilibrium, for example, power flow
in circuits and voltages at major substations. Sometimes, the concern could be the ability of the system
to settle into a new equilibrium, for example, the slow system collapse phenomenon due to voltage
instability (Taylor, 1994). The dynamic phenomena are more related to the transient behavior of the system
before settling into a new equilibrium, with the most basic concept concerning the issue of maintaining
synchronous operation of the AC generators. This is usually referred to as transient stability (Kundur,
1994).
The operation of the modern power system is becoming more and more complex and advanced. This is
due to many factors, such as
• highly interconnected systems, or on the contrary, highly independent microgrids,

• use of advanced and fast controls,
• large-scale integration of asynchronous (or even nonrotary) renewable generators such as wind turbines
and solar photovoltaic arrays,
• changing load characteristics, for example, power electronic-based loads such as variable frequency
drives,
• unique considerations from power market operation,
• looming prospect of mass deployment of electric vehicles,
• distributed generation,
• prevention of power infrastructure from natural disaster or terrorist attacks,
• deployment of advanced monitoring technologies such as phasor measurement units (PMUs).
These factors have significant impact on the phenomena of interest for DSA and thus lead to the con-
siderations on wider ranges of disturbances and power system responses to be covered in DSA. These
include electromechanical oscillations, subsynchronous resonance, fault-induced delayed voltage recovery,
low-voltage ride-through capabilities, transient frequency behavior, responses from remedial action schemes
(RASs), special protection systems (SPSs), and so on. DSA should address such phenomena to ensure the
overall security of the system.
This section discusses two topics used to set the scope for DSA:
1. Contingencies. These are the disturbances that may occur in a system.

2. System Performance. These criteria define the desired physical responses of a system following a
contingency.
DOI: 10.1002/9781118755471.sgd090
2.1 Contingencies
The NERC (North American Electric Reliability Corporation) reliability standards (NERC, 2015) define the
various system conditions to be used for system studies. The category A condition is the no-contingency or
precontingency condition (also referred as N-0) during which all facilities in a system are in service. In terms
of severity, contingencies may be further classified as the following:
• Category B. The contingencies in this category are generally referred to as N-1 as effectively one element
is lost after the contingency.
– A single line ground (SLG) or 3-phase (3Ø) fault with normal clearing resulting in loss of a single
generator, transmission circuit, or transformer.
– Loss of a transmission element (generator, transmission circuit, or transformer) without a fault.
– Single pole block with normal clearing for a DC link.
• Category C. These refer to events resulting in loss of two or more elements.
– SLG fault with normal clearing on a bus section or a breaker. This may result in loss of additional
transmission elements after the fault clearance; therefore, these might be N-x events.
– A category B contingency with manual postcontingency system conditions adjustment to ensure that
system is returned to the desired condition. Then another category B contingency is applied. This is
effectively an N-1-1 contingency.
– Bipolar block with normal clearing for a bipolar DC link. This is effectively an N-2 contingency.
– Loss of any two transmission circuits in a multiple circuit transmission corridor due to common-mode
failure. This is an N-2 contingency.
– SLG fault with delayed clearing (caused by stuck breaker or protection system failure) on generator,
transformer, transmission circuit, or bus section. These might be N-x events.
• Category D. These are extreme events with severe faults resulting in loss of two or more elements and
possibility of cascading outages. Examples include the following:
– Category C contingencies with 3Ø faults instead of SLG faults.
– Loss of an entire transmission corridor with three or more transmission circuits.
– Loss of a substation.
– Loss of all generating units at a station.
– Loss of a large load or major load center.
– Failure of a RAS or SPS.
– Operation, partial operation, or misoperation of a RAS or SPS in response to an event or abnormal
system condition for which it was not intended to operate.
Another way of defining contingencies is to use categories P0 to P7 (NERC, 2015). This is similar to
the definition above. In performing DSA, it is usually mandatory to consider category B contingencies and
optional for category C contingencies. Category D contingencies are studied only for special studies, for
example, in the NERC CIP-014 compliancy studies.
It should be recognized that application of certain contingency types may imply some modeling features.
For example, application of a stuck breaker or delayed fault clearance event will require details for the
node/breaker configuration at the substation. Studies of the RAS or SPS operation obviously need to include
such devices in simulation models.
Application of contingencies usually takes one of two forms, depending on the requirements in examining
system performance:
DOI: 10.1002/9781118755471.sgd090
• For examining postcontingency state–state system performance, such as thermal loading, only the equip-
ment lost needs to be applied to the study model. Some contingency details such as fault type and fault
clearance time can be ignored.
• For examining postcontingency dynamic system performance, such as transient stability, the full contin-
gency details are required.
2.2 System Performance

System performance may be interpreted in two levels. First, the performance of a power system may be
characterized by a set of physical response types, including the following:
• Thermal loading
• Steady-state voltage
• Transient voltage
• Voltage stability
• Transient stability
• Damping of electromechanical oscillations
• Transient frequency
• Frequency stability
• Other (such as short-circuit ratio, stability limits, reactive power reserve, and relay margin).
Second, for each of the aforementioned response types, the system must operate within a specified per-
formance range in order to maintain security. These are explained briefly in the following.
For thermal loading, the flow (measured by either current or apparent power) on each transmission circuit
(line or transformer) must be within its rating. For different system conditions, different ratings may be
used. For example, at the normal (precontingency) condition, the standard rating is applied, while at the
postcontingency condition, an emergency rating may be used. For online DSA applications, dynamic ratings
adjusted at real time with measured temperature, wind speed, and so on may be used to achieve better
accuracy.
For steady-state voltage, the magnitudes of voltages in a system must be within specified ranges. Values of
these ranges may depend on the contingency condition, region of the system, and voltage levels. Commonly
used ranges are between 0.95 and 1.05 pu for precontingency conditions and between 0.9 and 1.1 pu for
postcontingency conditions.
For transient voltage, the main concerns are to avoid undervoltage and overvoltage protection relays to
react following a contingency, as well as to avoid widespread induction motor stalling, which may lead
to cascading voltage decline. Further, when applicable, criteria should be set to ensure the proper voltage
recovery to restore loads and to ensure the continued operation of certain equipment at low voltages (such as
wind turbine generators). A transient voltage criterion is normally defined as the maximum time for which
the system voltages are allowed to be continuously below or over specified thresholds. More sophisticated
transient voltage criteria can be in the form of specific voltage recovery curves (EPRI, 2015).
For voltage stability, a system must be able to settle at a new equilibrium following a contingency. If this
is not achievable, voltage collapse will occur, either in a transient time frame due to the inability to recover
voltages or in steady-state time frame due to the inability to supply the required load (Taylor, 1994).
For transient stability, a system must be transiently stable following any contingency, that is, all syn-
chronous generators must remain in synchronism when reaching the new equilibrium. For damping of
electromechanical oscillations, the criterion is usually set for the damping ratio of an oscillatory mode
DOI: 10.1002/9781118755471.sgd090
(Kundur, 1994). Although a positive damping ratio is sufficient for the oscillations to damp out, a minimum
value (say between 3% and 5%) is usually required to provide reasonable margin (CIGRE, 1996).
For transient frequency, the main concern is to avoid underfrequency and overfrequency protection relays
to react following a contingency. This is especially important in systems where there is high level of renew-
ables with poor frequency regulation capabilities. Transient frequency criterion is normally defined as the
maximum time for which the system frequency is allowed to be continuously below or over specified
thresholds.
For frequency stability, a system must be able to settle at a new equilibrium following a contingency that
involves loss of load or generation. This criterion is usually checked for small systems or for an islanding
situation in a large interconnected system. The key to maintaining frequency stability is the proper coordina-
tion between load shedding schemes and generation protection schemes after a large active power imbalance
occurs in the system as a result of a contingency.
For DSA, different performance criteria may be required for different types of contingencies, and to a
lesser degree for different types of transmission systems [EHV (extra high voltage), HV (high voltage), dis-
tribution, etc.]. Such performance criteria are normally set by regulatory bodies and reliability coordination
councils for large interconnected systems. For example, the NERC issues a set of standards for TPL and
transmission operation (TOP) for its members to enforce (NERC, 2015).
3 Modeling
In order to perform analysis for the phenomena of interest in DSA, it is necessary to formulate mathematical
models that capture the fundamental characteristics to be analyzed. Such models must cover all system
components that are essential in considering the required security criteria and the modeling methods must
also be consistent with the types of performance to be examined. For example, for SSA, static algebraic
models are used for loads. In DSA, however, dynamic load components often need to be added to capture
the required phenomena (such as delayed voltage recovery). The entire modeling work for DSA consists of
three steps:
1. Determine appropriate models to be included for the specific study.

2. Build the models to be used.
3. Validate the models.
This section provides comments on general modeling requirements for major power system components
for DSA. The emphasis is on the provision of a modeling guideline, rather than the detailed derivation and
presentation of the mathematical models, which can be found in a number of good references (Fouad and
Vittal, 1992; Kundur, 1994; Taylor, 1994; Sauer and Pai, 1998; Anderson and Fouad, 2002).
3.1 Power System Network

A power system network described here refers to transmission lines, cables, transformers, reactive com-
pensation devices (either series or shunt reactors/capacitors) connected to form the power grid. Modeling
of more complex devices, such as HVDC (high-voltage, direct current) transmission (and other advanced
forms of transmission technologies), generation, and loads, is discussed in separate subsections.
As a good approximation, for purpose of DSA (Kundur, 1994), a power system network can be represented
mathematically by a set of algebraic equations, establishing the relationship of bus voltage and current
DOI: 10.1002/9781118755471.sgd090
injection phasors evaluated at the nominal frequency. Such a model is adequate for both static and dynamic
analyses. In special situations, additional modeling considerations are required, for example,
• Transformer under-Load Tap Movements. This is important when studying voltage stability. Static and
dynamic models can be included to account for such controls. Similar modeling practice is required for
phase shifter transformers.
• Switched Shunts. Some shunt compensation devices are installed in a set of reactor/capacitor blocks,
which can be switched in or out of the system automatically, depending on the set control strategy. This
type of devices may be critical in evaluating system voltage performance, and when necessary, their
control strategy and reactor/capacitor switching should be included in the system model.
• Network Frequency Variation. As mentioned earlier, the network algebraic equation is usually established
at the nominal system frequency. This is acceptable except for some islanding situations in which system
frequencies can be significantly higher or lower than the nominal value during the transients. In such
situations, it might be necessary to compensate the network admittances to account for the frequency
fluctuations.
• Dynamics in Network. When analyzing higher frequency phenomenon, such as electromagnetic transients
and subsynchronous resonance, dynamics in network could be important. In this situation, the portion of
the network associated with the study region needs to be represented with differential equations.
3.2 Generators
Generators are the most important component in a power system. In static analysis, modeling of generators
(all types) is quite simple, usually supplying a specified active power while holding the voltage at a specified
bus. In addition to this, the capabilities of a generator may be specified simply as the minimum and maximum
active and reactive power it can supply, and for some studies, details of such capabilities can be provided by
lookup tables describing the relationship between its active and reactive power outputs.
For dynamic analysis, however, the generator modeling can be complex. A synchronous machine may be
represented by a set of differential equations of the second to sixth order, along with a few algebraic equations
(Kundur, 1994). In addition to these, the following models are usually included with the synchronous
machine models to form the entire generator model:
• Exciter/automatic voltage regulator (AVR) model

• The turbine-governor model
• Power system stabilizer (PSS) model
• Minimum and maximum excitation limiter models (for dynamic voltage stability studies)
Some of the recently developed renewable generation technologies do not use synchronous machines. For
example, one of the main wind generation technologies is based on the doubly fed asynchronous generator,
while a solar photovoltaic array can be represented as a controlled power source behind a voltage-sourced
converter. Models of these devices have been developed and used in DSA (EPRI, 2013; Xue et al., 2009).
3.3 Loads
Loads are another important component in a power system, and its modeling presents different types of
challenges, owing largely to the difficulties in deriving an accurate yet simple aggregated model for all asso-
ciated load components connected at a feeder in a substation. In addition, the load profile and composition
DOI: 10.1002/9781118755471.sgd090
are constantly changing both daily and seasonally. Furthermore, the load composition (i.e., types of load,
industrial vs residential, etc.) varies from region to region. In practice, reasonable approximations are made
to capture the main characteristics required for the system performance to be studied. Two types of load
models are often used in DSA:
1. Static Models. These models are described by algebraic equations. The most commonly used is the
so-called ZIP model in which the model is a weighted linear combination of constant impedance, constant
current, and constant power load components. More complicated static models may include components
that are general functions of voltage and frequency.
2. Dynamic Models. As the majority of the dynamic components in loads are various types of induction
motors, most dynamic load models take the format of a composite load model including aggregated
induction motor models. Inclusion of dynamic load models in DSA is critical when assessing voltage
stability phenomena, particularly transient voltage performance.
It is common that a mixture of static and dynamic models is used for loads in DSA, with the weight factors
set based on seasons and regions where the loads are located. Figure 2 shows a sample composite load model
used for practical stability studies (WECC, 2015). In this model, the load starts with a step-down transformer
at a substation and then a feeder connects it to six load components: a conventional static load, an electronic
load that shuts off at low voltages, and four motors that can be 3-phase motor model or single-phase air
conditioner performance-based model.
3.4 Advanced Transmission Technologies

Advanced transmission technologies include HVDC transmission, flexible AC transmission system
(FACTS), and so on. These devices usually include complex controls and thus dynamic models described
by differential equations are required to study their performances. HVDC transmission technology is very
mature and has had wide applications in power systems around the world. Arrillaga, Liu, and Watson
(2007) has good coverage on HVDC modeling and analysis. The story on FACTS is a little different. While
some of the FACTS devices [such as static Var compensators (SVCs), static Var systems (SVSs), and static
synchronous compensator (STATCOM) (Pourbeik et al., 2010)] enjoy great popularity in applications,
other devices (such as united power flow controller or UPFC) stay mostly at research stage.
System bus Low-side bus Load bus

Static
Feeder
Electronic
RF +jXF
jXT M Motor A
BSS
M Motor B
M Motor C
M Motor D
Figure 2 Composite load model
DOI: 10.1002/9781118755471.sgd090
3.5 Protective Devices

Protective devices are widely used in power systems to protect power equipment and systems. In DSA
performed for system planning purposes (i.e., off-line DSA), protective devices are usually not explicitly
included in the system models. It is assumed in this case that either they would operate (e.g., when clearing
faults) or they would not operate (when prohibited by planning standards). The current practice, however,
is to include these devices in the system models, after the lessons learnt from some recent incidents (FERC
and NERC, 2012). In DSA performed for system operation purposes (or online DSA), it is usually required
to explicitly model protective devices, particularly those designed to prevent the system from losing stability
(Wang, Howell, and Morison, 2008a; Wang et al., 2008b). Such protective devices include generation rejec-
tion schemes, load shedding schemes, cross-tripping of transmission lines, out-of-step relays, SPS, and so
on. In most cases, inclusion of these devices in online DSA has three objectives: (i) ensuring that the system
maintains stability when the system conditions designed for the protective devices do occur; (ii) determining
the appropriate arming and tripping parameters (also referred to as lookup tables) for the specified system
conditions so that the effectiveness of corrective actions can be guaranteed if the designed events do occur;
and (iii) ensuring no unintentional action is triggered in unforeseen system conditions, which may cause
adverse consequences.
3.6 Model Validation

As seen from previous sections, a complete power system model for DSA includes models for many com-
ponents in the system. It is very important to ensure that these components are represented by appropriate
models and the parameters in these models are suitable for the intended studies. Model validation is the pro-
cess by which the mathematical models used for power system analysis are verified against the measured
responses of the actual equipment. There are various approaches to model validation (Pourbeik, 2010). There
are two aspects to verifying the appropriateness of the model:
• Checking the consistency of models through simulation-based methods

• Validating that equipment models do emulate the expected dynamic response of the device through
measurement-based methods
Simulation-based method uses various computer analysis programs to test the models (and in most situa-
tions the steady-state system conditions) for which DSA is performed. These may be simple tests to check
basic model and data consistency. For example,
• Unusual transmission line reactance to resistance (X/R) ratios and transformer tap ratios
• Flows on transmission lines exceeding their surge impedance loading
• Very small time constants in dynamic models
• Inconsistent ratings of generator and its controls causing limit violations at the steady-state condition
More elaborated tests can be performed to help identify hidden problems in models. The following are
some of these tests:
• No-Fault Simulation Test. In this test, a time-domain simulation is performed without applying a distur-
bance. It is expected that the system responses stay unchanged from the starting steady-state values. If
not, the models or the initial system conditions may be incorrect, or they may not be consistent.
DOI: 10.1002/9781118755471.sgd090
• Device Eigenvalue Test. In this test, a component is decoupled from the system (e.g., by connecting to an
infinite bus) and the eigenvalues of its linearized dynamic model are computed. An unstable or critically
stable mode from such a model may indicate incorrect parameters and operating conditions.
Measurement-based model validation methods, on the other hand, validate models by measuring the
responses of physical equipment from the designated field tests. From the measured responses, the model
and its parameters for the equipment can be derived or validated. There are well-established procedures in
conducting tests and model validation for commonly used equipment such as generators (WECC, 2006).
More recently, methods have been developed and demonstrated for using online disturbance monitoring or
PMU for the validation of power equipment models (Kosterev and Davies, 2010).
4 Analysis Methods
Depending on the types of performance concerned, or the criteria to be applied, different analysis methods
can be used for DSA. An overview of these methods is provided in the following sections. Details of most of
these methods can be found in a number of good references (Fouad and Vittal, 1992; Kundur, 1994; Taylor,
1994; Sauer and Pai, 1998; Pavella, Ernst, and Ruiz-Vega, 2000; Anderson and Fouad, 2002).
4.1 Power Flow Analysis

Power flow analysis refers to the determination of the steady-state operation condition of a power system
for a given set of network configuration, controls, and known inputs. It is used for most of the SSA tasks,
for example, thermal loading and voltage analysis. Mathematically, the power flow analysis problem is
formulated as a set of nonlinear algebraic equations, and well-developed solution methods are available,
including the fast decoupled method and the Newton–Raphson method. Power flow analysis is also the
foundation of many of the more advanced analyses for DSA. For example, it provides the initial condition
for the time-domain simulations in transient stability analysis.
4.2 P–V Analysis

In voltage stability analysis, it is often required to determine the voltage stability margin, for example, the
maximum power that can be transferred from generation (source) to meet load demand (sink).
This can be done by power–voltage (P–V) analysis as shown in Figure 3. This analysis consists of the
following steps:
1. Start from a solved power flow (A) at the precontingency (base) condition for a specified transfer level
(a pair of matching source/sink conditions).
2. Apply the contingencies to be considered and solve the power flow (A′ ).
3. If all postcontingency power flows can be solved without security violations, increase the transfer level
by a preset step and solve the power flow (B). Go to step 2 to repeat the contingency analysis. If any of
postcontingency power flows cannot be solved, or can be solved but with security violations (such as low
voltages), the voltage security limit is found.
The aforementioned process results in a series of P–V curves, corresponding to the precontingency and
all postcontingency conditions. The voltage stability margin is then defined as the distance from the current
DOI: 10.1002/9781118755471.sgd090
V
A B
Precontingency
A′
Postcontingency
Postcontingency
nose point
Voltage stability margin
P0 Pm P
Figure 3 P–V analysis
operation condition (P0 ) and the condition (Pm ) on the precontingency P–V curve corresponding to the node
point of the most critical postcontingency P–V curve:
Pm − P0
Voltage Stability Margin (%) = × 100
Pm
4.3 Time-Domain Simulations

The problems for transient stability and other security criteria related to transient performance are com-
monly solved by the so-called time-domain simulations. This refers to the application of numerical integra-
tion algorithms to solve the set of nonlinear differential equations that describe the dynamics of a system
model (Dommel and Sato, 1972). Different from the modeling assumptions and techniques used in the
electromagnetic transient simulations, the simulations for DSA give the following system responses:
• Positive sequence root-mean-square (RMS) phasor values (where applicable).

• The valid frequency range is approximately 0.1–5 Hz.
• The typical time frame for the analysis is 10–30 s for transient stability analysis, which may be extended
to minutes for dynamic voltage stability analysis when appropriate models are included.
Time-domain simulations are performed with three basic sets of input data:
• A solved power flow case, which provides the power network topology, parameters, and initial operating
conditions of the system.
• A set of dynamic models that match the components in the power flow case.
• A set of contingencies to be applied as disturbances during simulations.
The basic outputs from simulations are the time-domain responses of various physical quantities in the
system, such as generator rotor angles, speeds, bus voltages, flows in transmission lines, and load powers.
DOI: 10.1002/9781118755471.sgd090
More advanced applications of time-domain simulations include use of special techniques to postprocess
simulation results in order to obtain more insightful results to determine transient performance of the system.
Typical advanced applications include the following:
• Calculation of critical clearance time (CCT) of a fault. This is useful to rank contingencies and thus to
find weak regions in a system that are prone to transient instability.
• Identification of critical oscillatory modes captured in time-domain responses using the Prony method
(Hauer, 1991). This can be used as a complementary method with eigenvalue analysis for small-signal
stability analysis.
• Determination of transient stability limits (IEEE, 1999). Once a transient stability limit is determined, a
transient stability margin defined in a way similar to voltage stability margin can be calculated and applied
to measure the degree of stability for the system.
4.4 Eigenvalue Analysis

For studies of low-frequency oscillations (in the frequency range of 0.1–5 Hz), the frequency-domain
method using eigenvalue analysis is a common choice in addition to time-domain simulations. In this
method, the nonlinear differential equations describing the system dynamics are linearized around an
operating condition and eigenvalues corresponding to electromechanical oscillations are computed from
the linearized model. These eigenvalues, together with other relevant information such as eigenvectors and
transfer function zeros and residues, give valuable information on the characteristics of the oscillations
in the system and provide the directions on how to improve damping for these oscillations (Rogers,
2000).
Another application of eigenvalue analysis is for voltage stability analysis (Gao, Morison, and Kundur,
1992). The smallest eigenvalue of the power flow Jacobian matrix gives good indication of how close the
system is to its nose point (or stability limit). In addition, the eigenvector associated with this eigenvalue
contains information on the mode of voltage instability, that is, the region in the system that is likely to expe-
rience voltage collapse. This is very useful in practice for the understanding of voltage stability problems
and for deriving remedial controls.
4.5 Direct Methods

Direct methods refer to a class of methods that assess the transient stability of a power system and also
give a measure of degree of stability (stability margin), based on partial responses of the system obtained
from time-domain simulations. Two main types of such methods have been developed. The first is often
called the transient energy function (TEF) method (Pai, 1989; Fouad and Vittal, 1992). The idea is to
replace the numerical integration by stability criteria. The value of a suitably designed Lyapunov function V
is calculated at the instant of the last switching in the system and compared to a previously determined
critical value Vcr . If V is smaller than Vcr , the postfault transient process is stable. The second type of
the direct methods is called EEAC (extended equal-area criterion) (or SIME, single-machine equivalent),
in which a parametric single-machine-infinite-bus (SMIB) system is constructed from the time-domain
simulation results and the system stability is determined from this SMIB system (Xue, Van Custem, and
Ribbens-Pavella, 1989; Pavella, Ernst, and Ruiz-Vega, 2000). Both types of direct methods have found
applications in transient stability analysis, particularly in online DSA (Fang and Xue, 2000; Chiang, Tong,
and Tada, 2010).
DOI: 10.1002/9781118755471.sgd090
4.6 Other Methods

In addition to the methods previously described, others have been proposed and applied to DSA problem,
including the following:
• V–Q analysis for voltage stability assessment (Taylor, 1994).

• Continuation power flow (CPF) for voltage stability assessment (Ajjarapu and Christy, 1992).
• Probabilistic methods (Anderson and Bose, 1983).
4.7 Control and Enhancements

The adoption of security concepts for electric power systems clearly separates the two functions of assess-
ment and control. Assessment is the analysis necessary to determine the outcome of a credible contin-
gency. Control is the operator intervention or automatic actions that are designed for use to avoid the
contingency entirely, or to remedy unacceptable postcontingency conditions. When the controls are imple-
mented, they may then become a part of the assessment analysis through a modification of the contingency
descriptions.
Controls may be classified into three types. Preventative control is the action taken to maneuver the system
from the alert state back to the normal state. This type of control may be slow and may be guided by extensive
analysis. Emergency control is the action taken when the system has already entered the emergency state.
This type of control must be fast and guided by predefined automatic remedial schemes. Restorative control
is the action taken to return the system from the restorative state to the normal state. This type of control
may be slow and may be guided by analysis and predefined remedial schemes.
5 Applications
5.1 Off-line DSA
In off-line DSA, detailed analysis is performed for a vast number of credible contingencies and a variety of
operating conditions, subject to a set of specified security criteria. In the basic form, this off-line analysis
is used to determine the security status of one system condition and this is referred to as the basecase
analysis. The results of a basecase analysis indicate whether or not the system is secure at the studied system
condition, and if not secure, which security criteria are violated and the contingencies under which the
security violations occur. Typically, the basecase condition used is the most onerous one, for most systems,
this is the forecasted peak load system condition.
Extending the basecase analysis leads to transfer analysis, in which power transfer limits across transmis-
sion corridors are determined in a way similar to the P–V analysis shown in Section 4.2. Such transfers are
defined by a set of sources and sinks and are measured by the flows on the key transmission interfaces. The
power transfer limits are defined as the maximum transfer levels at which no security criteria are violated.
The limits so computed may be used in system planning or operation. As the analysis is performed off-line,
there is no severe restriction on computation time and therefore detailed analysis can be done for a wide
range of conditions and contingencies.
A power transfer can be one dimensional, in which one source-and-sink pair of variables is defined and
changed to determine the transfer limit (a single number), or two dimensional, in which two indepen-
dent sources (or sinks) and one dependent sink (or source) variables are defined and changed to deter-
mine the transfer limit (a two-dimensional monogram). Higher-dimensional transfers are possible but they
DOI: 10.1002/9781118755471.sgd090
Precontingency
security boundary
Flow on interface #2
Current
operating
condition
Postcontingency
security boundary
Flow on interface #1
Figure 4 Two-dimensional transfer limit monogram
are normally analyzed by reducing to a series of one- or two-dimensional transfers. Figure 4 illustrates a
two-dimensional transfer limit monogram.
5.2 Online DSA

In the era of smart grid development, the need for achieving great situational awareness in grid operation and
the uncertainty of predicting future operating conditions have created a need for a new approach to DSA:
Online Dynamic Security Assessment (CIGRE, 2007; Savulescu, 2014). In this approach, system security
for the current operating condition is assessed as it occurs and with sufficient speed either to trigger an
automatic control action or to allow time for the operator to react if a contingency analyzed is shown to be
potentially insecure. As this approach performs analyses on a snapshot of the current system condition, the
uncertainty embedded in off-line analysis using forecasted condition is largely eliminated. This approach
provides a radar-like mechanism that continually sweeps the system for potential problems that may result
should a credible contingency occur.
While it is uncertain if online DSA could have prevented recent events such as the August 14, 2003 black-
out in Northeast US/Canada (US-Canada Power System Outage Task Force, 2004) and the September 8,
2011 blackout in Southern California (FERC and NERC, 2012), it is very likely that such assessments would
provide operators with early indications of pending trouble and provide the opportunity to take remedial
actions. In fact, the US-Canada Power System Outage Task Force’s Final Report (US-Canada Power System
Outage Task Force, 2004) on the August 14, 2003 blackout includes a number of recommendations (partic-
ularly Recommendations 13 and 22) related to the research, evaluation, and adaptation of reliability-related
tools and technologies, aiming at establishing guidelines for real-time operating tools. Similar recommen-
dations were made in FERC and NERC (2012) for the September 8, 2011 Southern California blackout.
Consequently, NERC requests that each transmission operator shall ensure that a real-time assessment
is performed at least once every 30 min, to prevent instability, uncontrolled separation, or cascading out-
ages that adversely impact the reliability of an interconnection [NERC Transmission Operations standard
TOP-001 (NERC, 2015)].
An online DSA system is a complex system consisting of many functions integrated for data/model assem-
bly, analysis with advanced computation algorithms, and result visualization, just to name a few, all done in
DOI: 10.1002/9781118755471.sgd090
Reporting and visualization:

Measurements: • Result display
• SCADA • System status monitoring
• WAMS • Coordination with other
apps (such as PMU)
Modeling:
• State estimator Computation:
• External equivalent • Security criteria
• Real-time equipment • Basecase analysis
status • Transfer analysis
• Auxiliary data • Remedial actions
• Other
Other functions: Controls:

• Study mode • Operator
• Failover protection invoked
• Result archive controls
• Alarm • Closed-loop
• Others controls
Figure 5 Main components of an online DSA system
an automatic and coordinated manner. Figure 5 shows the main functional components of an online DSA
system.
The following comments are made for each of the main functional components in an online DSA system.
5.2.1 Measurements
System measurements can be obtained from a number of sources including traditional SCADA (supervisory
control and data acquisition) systems using RTU (remote terminal unit) as the measurement units, WAMS
(wide area measurement system) using PMU as the measurement units, and additional disturbance monitors.
The measurements obtained are used for three primary purposes, as follows:
• Input to SE (state estimation) where network models (power flows) will be developed.
• Direct input to security assessment engines for purpose of setting real-time equipment status, customizing
contingencies, and so on.
• Benchmarking of SE results or computational results.
All power systems have SCADA systems. SCADA data is updated at reasonably fast rate that can meet
the data assembly requirements of online DSA systems.
On the other hand, PMUs in WAMS have substantial advantages in that they can provide accurate, contin-
uous, and time-synchronized data at very fast sampling rate for both magnitudes and phases of virtually
any quantities in the system. This helps improve the quality of system models (e.g., by enhancing the
SE function) for the online DSA applications.
DOI: 10.1002/9781118755471.sgd090
5.2.2 Modeling
When detailed analyses are to be performed for online DSA, high-quality models of the interconnected
power system are needed. In fact, as all analyses are dependent on the quality of the system models, it is
perhaps the most important component in an online DSA system. Conventional SE is the main source for
the power flow models, which must be supplemented with other data such as dynamic models. Development
of these models requires not only comprehensive technical capabilities but also an in-depth understanding
of the requirements for the intended applications for the online DSA system. Generally speaking, the model
development effort is focused on the following:
• Accuracy. The models must appropriately represent the characteristics of the physical phenomena to be
studied. One issue to be considered here is the external system equivalencing. Modern interconnected
power systems have grown very large in size. For example, the NERC planning models for the North
American eastern interconnection have now more than 65,000 buses. SCADA data (or other source
of system measurements) and the resulting state estimator output is most likely limited only to an
observable region in such an interconnection (usually corresponding to a few control areas). It is
therefore necessary to include representation of the external system (possibly in the form of equivalents)
before conducting analyses. Chow (2013) describes some of the techniques in performing system model
equivalencing.
• Completeness. Different aspects of the modeling must be addressed consistently to ensure the adequacy
of the entire set of models for the problems to be solved. Two examples are quoted here to illustrate this
aspect: (i) inclusion of special protection system (SPS) models as mentioned earlier; (ii) consideration of
real-time equipment status (such as in and out of service of PSSs). Obviously, correct representation of
these models helps significantly improve the analysis quality.
• Flexibility. Sufficient degree of freedom should be left in the models so that they can be used for a
wide variety of problems, with proper customization if necessary. One trend toward this is the use of
the so-called node/breaker model, instead of bus/branch model, in the process of system modeling and
analysis. Although the full node/breaker modeling adds complexity to the data processing, this does bring
significant benefits in the analysis; for instance, contingencies can be defined with breaker operations. This
corresponds to actual system operation, thus applicable to any real-time configuration at substations.
Often, an overall reconditioning for the real-time power flow obtained from SE is also required to create
study cases suitable for online DSA. Details of this technique are discussed in Savulescu (2014).
5.2.3 Computation
This is the heart of an online DSA system. The system condition and models assembled are assessed accord-
ing to the prespecified rules, such as
• types of security to be analyzed and the criteria to be applied,

• contingencies to be considered,
• stability limits to be determined for the power transfers defined,
• remedial actions to be identified if insecure conditions and/or insufficient limits are found.
Online DSA systems must be highly automated and be capable of completing all computational tasks,
repetitively, under varying conditions with little or no human intervention. This demands not only high stan-
dard on the DSA software but also functionalities with certain intelligence in order to provide the required
DOI: 10.1002/9781118755471.sgd090
results. For example, determination of appropriate remedial actions may need the assessment of additional
contingencies and/or system scenarios depending on the security assessment results.
When processing models and computational tasks of large systems, advanced computational technologies
must be employed to help meet the performance requirements. One such approach is the use of distributed
computations to enable analysis of multiple contingencies and/or transfers among multiple CPUs and/or
CPU cores (Wang, 2012). With such technologies, it can almost be ensured that any computational tasks
for any power system models can be completed within a reasonably specified time cycle (usually between
5 and 30 min). This is critical for some applications, for example, online update of SPS lookup tables.
Reliability is another important issue for an online DSA system. As illustrated in the blackout of
August 14, 2003, the potential consequences of the unavailability of mission-critical software applications
can be devastating. In addition to ensuring the deployment of high-quality software and hardware for an
online DSA system, techniques such as redundancy and self-healing should be considered to meet the
reliability requirements.
5.2.4 Reporting and Visualization

The ability to display the results of the security assessment in a simple, consolidated, and meaningful
manner is critical to the success of online applications. DSA results must clearly report on key findings
such as critical contingencies, potential criteria violations, affected elements (or region), security margins
(nomograms), key system responses (e.g., lowest voltages and frequencies), system conditions at the least
acceptable security level, and required remedial actions. If deployed as a mission-critical application, addi-
tional visualization effect, such as alarm, may need to be issued upon detection of severe system conditions.
Reporting and visualization is an evolving topic and significant effort has been spent to improve this. Some
of the current trends include consolidated display of calculated and measured (such as PMU) quantities. This
helps calibrate real-time measurements so that operators can react quickly to such measurements if they fall
in the alarm region determined by online DSA.
5.2.5 Control
If an online DSA system determines that a specific contingency may lead the system to an insecure situation,
or a specific system condition does not have sufficient security margin for a foreseeable dispatch in the
system, remedial measures must be determined. Remedial measures can be either preventative or corrective
actions and could include such actions as capacitor switching, generator rescheduling, transformer tap setting
adjustment, or arming of SPSs such as generation rejection or load shedding.
These controls can either be invoked by the operator as recommended by the online DSA system or auto-
matically invoked by the system. In the latter case, the online DSA system can become an integral part of
SPSs. Savulescu (2014) contains an application example of such a closed-loop control scheme in operation
at BC Hydro.
5.2.6 Other Functions

A number of additional important requirements for an online DSA system include the following:
• Study Mode (And Other Operation Modes). An online DSA system may include various operation modes,
in order to meet different application objectives. This is further discussed in Section 5.3.
DOI: 10.1002/9781118755471.sgd090
• Failover Protection. High availability is often required for an online DSA system. An automatic failover
scheme would then be necessary. Such a scheme includes primary and backup servers, which send hand-
shaking signals constantly to check for the availability of the other server. If a failure is detected for a
server, necessary actions will be taken; for example, the backup may take over and become the primary
while sending a message indicating that the primary is down.
• Result Archive. The system should be able to periodically and selectively store cases studied and corre-
sponding output results for use in the study mode or for postmortem analyses. Selected critical results
(e.g., transfer limits) may also need to be saved in EMS data historian for display on EMS
• Alarm. As indicated earlier, for an online DSA system considered as a mission-critical application, alarm
with noticeable visual or audio effect may need to be issued when necessary. This needs to be coordinated
with the alarm protocol used in the control room so customization is often needed.
• System Security Functions. As a component of the real-time applications, it is important to meet system
security requirements such as those in NERC CIP (NERC, 2015).
• Analysis Tools. Analysis tools are required for the smooth operation and maintenance of an online DSA
system, for example, a system performance monitoring tool to monitor the operation of all hardware and
software modules, a tool for updating data when EMS database is updated, and so on.
5.3 Coordinated Applications of Online DSA

Online DSA was proposed as a simple, independent application that performs stability analysis using
real-time captured system data. This concept may not be able to meet the demand for the overall security
assessment of the system.
A more comprehensive approach involves a highly coordinated deployment of online DSA systems at
different levels of the operational modes.
5.3.1 Real-Time Systems

Real-time systems refer to those that must complete a computation cycle within specified period of time.
Such systems are often used for the following:
• To assess the general security status of the real-time system conditions (real-time DSA). In each com-
putation cycle, the analysis is performed with SCADA/SE model. Results are required typically at every
5–30 min. Real-time DSA forms the backbone of an enterprise online DSA solution.
• To provide short-term forecast on the system security (forecast DSA). In each computation cycle, the
analysis is performed with a forecast system operation condition (30 min to a few hours ahead of the
real time), which is superimposed to the current network model provided by SCADA/SE. Results are
usually required at the same cycle as the real-time DSA. The forecast DSA is important for systems
whose short-term operation cannot be reasonably well scheduled (e.g., owing to high penetration of wind
generation).
• To manage the security constraints in power market (market DSA). The analyses are performed with
market model and the computation speed must comply with the market settlement requirements (it might
even be possible that several DSA calls are made within one market settlement cycle). Common computa-
tional tasks include the determination of transfer limit nomograms, active/reactive reserve requirements,
and so on. Market DSA must be integrated with the market system and thus high customization is usually
required for such systems.
DOI: 10.1002/9781118755471.sgd090
Real-time systems are increasingly being considered as mission-critical applications. Hence, such sys-
tems are often deployed with dedicated hardware, advanced computational architecture (such as distributed
computations), and failover schemes to meet the computation speed and robustness requirements.
5.3.2 Off-line Systems

These are systems that run for specific tasks or run only when triggered by users. They usually require rich
and complex analysis features but do not have strict requirements for fast computation cycling time. These
systems are typically designed for the following:
• To analyze mid- to long-term system security (look-ahead DSA), such as TTC (total transfer capacity) cal-
culations for the next day, week, and so on. It is often allowed that such a task be completed in longer time
period (in terms of hours); however, because of the massive amount of computations involved (e.g., TTC
calculations for several transfers at every hour for the next week), advanced computational techniques
must be utilized.
• To perform studies for specified system conditions (study DSA). This has turned out to be one of the
most useful functions in an enterprise online DSA solution. A study DSA can further have two possible
operation modes:
– Study mode for historical scenarios: in this mode, the starting point is an archived case from real-time
DSA, and the user can implement the required modifications for the case and then perform studies.
The objective is usually to investigate an incident, a reported insecure case, the impact of new models
(such as an SPS), a case with bad data, or a what-if scenario to provide insight on system responses.
– Study mode for future scenarios: in this mode, the starting point is a future time for the study scope
specified by the user. The corresponding system model is then assembled with information extracted
from the EMS, such as load forecast, generation plan, outage scheduling, and possible manual changes
made by the user. The objective is to check the system security for the specified future time and study
condition, for example, for purpose of outage coordination.
• To provide training to operators (training DSA). This is a straightforward requirement as online DSA
becomes part of the advanced solutions in EMS. Integration of a training DSA option in dispatcher training
simulator (DTS) helps the operators understand the online DSA results and learn the actions necessary to
handle the security issues identified.
• To serve as a testing platform (testing DSA). This is necessary as a platform to test new models, new
software release, different computational configurations, system performance, and so on.
The performance requirements for non-real-time systems are not as demanding as real-time systems;
however, greater flexibilities are the key, in terms of modeling, system configuration, result processing,
and so on.
5.3.3 Coordination and Integration

The coordination and integration of different online DSA systems are critical in order to ensure they are
able to continuously operate smoothly for the intended functions. A few key issues are as follows:
• Model Sharing. This is probably one of the most important issues when several online DSA systems
operate under the same roof. It is almost certain that such systems will share some common models
(e.g., dynamic models and transfer definitions). Sharing of such models is an effective way of not only
DOI: 10.1002/9781118755471.sgd090
ensuring computational efficiency but also achieving result consistency. This requires that the data in
each DSA system can be flexibly defined, from a common share, from a private definition, or even a
combination of these two.
• Resource Sharing. Resources (e.g., computer servers) required by different online DSA systems may
be different as the computational burden and performance requirements may be quite different for each
system. It is therefore quite common that different resources are assigned to them. What is making this
more complicated is that the resource requirements for some systems may vary, so the resource assign-
ment may not be a one-time static task. For instance, if a large study is to be performed for a period of
time using a study DSA, more servers may need to be added to this system to help meet the performance
requirements. Fortunately, with the multiple-core computer servers and virtualization, seamless and scal-
able resource reassignment is possible. The DSA computation engine should, of course, be able to take
advantage of such dynamic resource assignment.
• System Synchronization. All operational DSA systems should have exactly the same version, with the
same patches if applicable. This is obviously necessary in order to ensure consistency of results. In addi-
tion to good and clear procedures to follow during the software installation, there should also be capability
built in the systems to self-validate this requirement.
• Configuration Synchronization. In case that a model or parameter of one online DSA system needs to
be shared by another system, a process is required to populate this to other systems. This is referred to
as a configuration synchronization process and is important to maintain online DSA systems. A typical
application scenario is when updating models (e.g., when adding a new power plant to the system model).
The model would be first added to the testing DSA where necessary testing is done to validate the model.
After that, the model can be pushed to all other online DSA systems using this synchronization process.
5.4 Applications and Benefits

Tremendous accomplishments have been made in recent years toward the development and implementation
of DSA technologies, particularly in its online applications (Wang and Morison, 2006; Savulescu, 2014).
The latest generation of sophisticated, highly automated and reliable software tools has, combined with the
seemingly endless improvements in computer hardware, led to the implementation of online DSA systems
at many sites worldwide. This section discusses some of these applications and the benefits reported.
In North America, the majority of independent system operators (ISO) have adopted online DSA technolo-
gies, including Electric Reliability Council of Texas (ERCOT) (Chen et al., 2015), PJM (Tong and Wang,
2006; Wang, Tong, and Li, 2012), California ISO (Rahman et al., 2013), Mid-Continent ISO (MISO), ISO
New England, Independent Electricity System Operation (IESO) in Ontario, and Alberta Electric System
Operator (AESO) (Wang, Howell, and Morison, 2008a; Wang et al., 2008b).
In addition, moving to this technology are large utilities such as BC Hydro (Atanackovic et al., 2013)
and Southern Company Services (Viikinsalo et al., 2006). In other continents, this trend continues, with
applications found in the United Kingdom (Moore et al., 2013), Ireland (Dudurych et al., 2012), Brazil
(Neto et al., 2010), China (Morison et al., 2004), Korea (Choi et al., 2014), and New Zealand (Nair et al.,
2013), just to name a few.
These online DSA systems are often implemented with different objectives in many application areas,
such as
• monitor system security,
• determine stability limits,
• recommend remedial control actions,
• manage renewable resources,
DOI: 10.1002/9781118755471.sgd090
• determine/verify SPSs,
• mitigate congestion in a power market,
• determine active and reactive power reserves,
• complement PMU applications,
• serve as data sources for DTS,
• help in scheduling equipment maintenance,
• calibrate and validate power system models,
• prepare models for system studies,
• perform system restoration,
• perform postmortem analysis of incidents.
5.4.1 Application Examples

Two examples are briefly described here to illustrate the application of the online DSA technologies.
The first one is developed for the management of renewable generation. Renewable resources, such as
wind and solar, have become increasingly popular as a form of clean energy. Although advantageous to the
environment, systems with high penetration of such generation may be difficult to operate due to a number
of unique characteristics:
• Renewables are often located in unpopulated remote region requiring long transmission.
• Outputs may be unpredictable (e.g., owing to sudden drop of wind speed).
• New generation technologies are adopted, which may be nonsynchronous, even nonrotary.
• Usually limited voltage and frequency regulation capabilities are available.
• The operation of these units may be very sensitive to certain system conditions, such as low voltages.
These can raise the concerns from system operators on the highest amount of such generation that can
be allowed at any given time without compromising system security. The solution to these concerns is
to perform very quick assessment of system conditions in order to determine the optimal (or maximum)
dispatch of this type of generation. Online DSA is able to perform such analysis with the turnout speed in
the order of minutes. Wind security assessment tool (WSAT) is such an application. It is implemented and
operational at Irish national grid company (EirGrid) (Dudurych et al., 2012). WSAT addresses high wind
generation penetration concerns by ensuring satisfactory system performances for power transfers between
wind and conventional generation for the base, N-1, and credible N-n system conditions for criteria including
thermal loading, steady-state voltage levels, voltage stability, transient stability, and frequency deviations.
It operates in two modes, a real-time mode and a forecast mode. For any given time, WSAT can tell system
operators the real-time and forecast wind limits. This information gives the operators clear guidance on the
security margin available.
The second example concerns the assurance of secure operation of a large interconnected power system
with high amount of power transfers between major generation sites and load centers. Security violations in
such a system may lead to partial or total blackouts, as happened in the Brazilian power system. An online
DSA system named Organon was developed and installed at the Brazilian national electric system operator
ONS (Neto et al., 2010) with the objective of preventing such security violations from happening. Organon
runs in real-time mode to monitor the real-time system performance, as well as in planning mode for tasks
such as outage scheduling. Organon includes six analysis functions:
• Operating point stead-state contingency analysis (basecase analysis for steady-state security criteria)
• Operating point dynamic contingency analysis (basecase analysis for dynamic security criteria)
DOI: 10.1002/9781118755471.sgd090
• Import–export steady-state transfer limit between two-generation areas (one-dimensional transfer anal-
ysis for steady-state security criteria)
• Import–export dynamic transfer limit between two-generation areas (one-dimensional transfer analysis
for dynamic security criteria)
• Steady-state security region computation (two-dimensional transfer analysis for steady-state security
criteria)
• Dynamic security region computation (two-dimensional transfer analysis for dynamic security criteria).
When security violations are identified, Organon can continue determining appropriate preventive and
corrective actions to mitigate such violations. These may include generation redispatches, MVAR resource
switching, and load shedding.
It was reported that, based on the operational experience, Organon has shown to be very effective for
security monitoring of the Brazilian power system. It was concluded that Organon is able to identify and
quantify real-time operational constraints and accordingly determine preventive and corrective control
actions. These benefits are even more important for forced outage conditions, which in general are not
sufficiently analyzed in operational planning studies.
5.4.2 Benefits
Measureable benefits have been reported for online DSA. These can be summarized in three categories:
• Reliability Benefits. Australian Energy Market Operator (AEMO) observed unstable contingencies iden-
tified by its online DSA system, which were not covered in the off-line planning studies (CIGRE, 2007).
Obviously, such contingencies were potential risks to system operation. Online DSA would be able to
give operators opportunities to take precautionary actions against such risks, thereby improving system
reliability.
• Environmental Benefits. The WSAT example described above shows clearly the capability of online DSA
in helping to ensure the secure operation of systems with high level of renewable generation. This often
implies the reduced demand for conventional fossil fueled or nuclear generation. In other applications,
online DSA has been used to determine the minimum level of active power reserve to meet security criteria
(Prince-Pike et al., 2012). Such applications return significantly environmental benefits.
• Economic Benefits. Congestion management in power market operation can incur high costs if power
transfers across transmission corridors must be curtailed due to security constraints. Online DSA tech-
nology can usually help raise the transfer limits, owing to the more accurate computation models used.
This can translate into significant savings. For example, ERCOT estimated that the expected congestion
management saving due to use of online DSA technology was as high as US$27 million annually in 2011
(Doggett, 2012).
Related Articles
Online Monitoring of Dynamics with PMU Data;
Cascading Failures in Power Systems;
Remedial Action Schemes and Defense Systems;
Modern Energy Management Systems: Real-Time Management of the Interconnected Electricity
Grid;
Dynamic-State Estimation;
DOI: 10.1002/9781118755471.sgd090
Grid Codes in Power Systems with Significant Renewable-Based Generation;

Industry Practice and Operational Experience of Key Transmission Applications of Smart Grid Tech-
nologies.
References
Ajjarapu, V. and Christy, C. (1992) The continuation power flow: a tool for steady state voltage stability analysis. IEEE Transactions
on Power Systems, 7 (1), 416–423.
Anderson, P.M. and Bose, A. (1983) A probabilistic approach to power system stability analysis. IEEE Transactions on Power Appa-
ratus and Systems, PAS-102 (8), 2430–2439.
Anderson, P.M. and Fouad, A.A. (2002) Power System Control and Stability, 2nd edn, Wiley-IEEE Press, Piscataway, NJ, USA.
Arrillaga, J., Liu, Y.H., and Watson, N.R. (2007) Flexible Power Transmission: The HVDC Options, John Wiley & Sons, Ltd,
Chichester.
Atanackovic, D., Yao, M., Vinnakota, R., et al. (2013) Modeling of Cascading Events of Power Systems for Dynamic Security Assess-
ment (DSA). IEEE PES General Meeting, Vancouver, Canada.
Chen, J., Mortensen, T., Thompson, C., et al. (2015) ERCOT Experience in Using Online Stability Analysis in Real-Time Operations.
IEEE PES General Meeting, Denver, USA.
Chiang, H.D., Tong, J., and Tada, Y. (2010) On-line Transient Stability Screening of 14,000-Bus Models Using TEPCO-BCU: Evalu-
ations and Methods. IEEE PES General Meeting, Minneapolis, MN.
Choi, Y., Shin, Y., Wang, L., and Lee, B. (2014) Development of On-line Dynamic Security Assessment System for Energy Management
System in Korean Power Grid. ICEE 2014, Jeju, Korea.
Chow, J. (2013) in Power System Coherency and Model Reduction (ed. J. Chow), Springer, New York.
CIGRE (2007) CIGRE Technical Brochure on Review of On-line Dynamic Security Assessment Tools and Techniques. CIGRE Working
Group 4.6.01.
CIGRE Technical Brochure No. 111 (1996) Analysis and Control of Power System Oscillations. CIGRE Task Force 38.01.07.
Doggett T. (2012) Presentation to the Texas Renewable Energy Industries Association, http://www.ercot.com/content/news/
presentations/2012/Doggett_TREIA_4-9-12.pdf (accessed 12 November 2015).
Dommel, H.W. and Sato, N. (1972) Fast transient stability solutions. IEEE Transactions on Power Apparatus and Systems, 91,
1643–1650.
Dudurych, I.M., Rogers, A., Aherne, R., et al. (2012) Safety in numbers. IEEE Power & Energy Magazine, 10 (2), 62–70.
EPRI (2013) Specification of the Second Generation Generic Models for Wind Turbine Generators, Electric Power Research Institute,
Palo Alto, CA, USA.
EPRI (2015) Recommended Settings for Voltage and Frequency Ride-Through of Distributed Energy Resources, EPRI, Palo Alto, CA.
Fang, Y.J. and Xue, Y.S. (2000), An On-line Pre-decision Based Transient Stability Control System for the Ertan Power System.
Powercon 2000, Perth, Australia.
FERC and NERC (2012) Arizona-Southern California Outages on September 8, 2011: Causes and Recommendations.
Fouad, A.A. (Chairman. IEEE PES Working Group on DSA) (1988) Dynamic security assessment practices in North America. IEEE
Transactions on Power Systems, 3 (3), 1310–1321.
Fouad, A.A. and Vittal, V. (1992) Power System Transient Stability Analysis Using the Transient Energy Function Method,
Prentice-Hall, Upper Saddle River, NJ.
Gao, B., Morison, G.K., and Kundur, P. (1992) Voltage stability evaluation using modal analysis. IEEE Transactions on Power Systems,
7 (4), 1529–1542.
Hauer, J.F. (1991) Application of Prony analysis to the determination of model content and equivalent models for measured power
systems response. IEEE Transactions on Power Systems, 6, 1062–1068.
IEEE Special Publication (1999) Techniques for Power System Stability Limit Search. IEEE Catalog Number 99TP138.
IEEE/CIGRE (2004) Joint task force on stability terms and definitions, definition and classification of power system stability. IEEE
Transactions on Power Systems, 19 (2), 1387–1401.
Kosterev, D.N. and Davies, D. (2010) System Model Validation Studies in WECC. IEEE PES General Meeting, Detroit, USA.
Kundur, P. (1994) Power System Stability and Control, McGraw-Hill, New York.
Moore, J., Laojavachakul, S., Zhao, G., et al. (2013) Real-Time Operational Stability Analysis including Fault Clearing Scenarios.
IEEE PES General Meeting, Vancouver, Canada.
Morison, K., Wang, L., Kundur, P., et al. (2004) Critical Requirements for Successful On-line Security Assessment. IEEE Power
Systems Conference & Exposition, New York, New York.
Nair, N.K.C., Naik, P., Chakrabarti, B, and Goodwin, D. (2013) Managing Transmission System Operation in New Zealand with High
Renewable Penetration. IEEE PES General Meeting, Vancouver, Canada.
DOI: 10.1002/9781118755471.sgd090
NERC (2015) Reliability Standards for the Bulk Electric Systems of North America, www.nerc.com (accessed 2 November 2015).
Neto, C.A.S., Quadros, M.A., Santos, M.G., and Jardim, J. (2010) Brazilian System Operator Online Security Assessment System.
IEEE PES General Meeting, Minneapolis, USA.
Pai, M.A. (1989) Energy Function Analysis for Power System Stability, Kluwer Academic publishers, Boston.
Pavella, M., Ernst, D., and Ruiz-Vega, D. (2000) Transient Stability of Power Systems – A Unified Approach to Assessment and Control,
Kluwer Academic Publishers, Boston.
Pourbeik, P. (2010) Approaches to Validation of Power System Models for System Planning Studies. IEEE PES General Meeting,
Minneapolis, MN.
Pourbeik, P., Sullivan, D., Boström, A., et al. (2010) Developing Generic Static Var System Models – A WECC Task Force Effort.
Proceedings of 2010 IEEE PES Transmission and Distribution Conference and Exposition, New Orleans, LA.
Prince-Pike, A., Wilson, D., Ilieva, I., et al. (2012) Maintaining New Zealand’s Electrical Reserve Management Tool. IPEC 2012,
Ho Chi Minh City, Vietnam.
Rahman, K.A., Subakti, D., Wu, J., et al. (2013) Online Transient Stability Analysis for System Operation at CAISO. IEEE PES General
Meeting, Vancouver, Canada.
Rogers, G. (2000) Power System Oscillations, Kluwer Academic publishers, Boston.
Sauer, P.W. and Pai, M.A. (1998) Power System Dynamics and Stability, Prentice-Hall, Upper Saddle River, NJ.
Savulescu, S. (2014) in Real-Time Stability in Power Systems: Techniques for Early Detection of the Risk of Blackout, 2nd edn
(ed. S. Savulescu), Springer, New York.
Taylor, C.W. (1994) Power System Voltage Stability, McGraw-Hill, New York.
Tong, J. and Wang, L. (2006) Design of a DSA Tool for Real Time System Operations. Powercon 2006, Chongqing, China.
US-Canada Power System Outage Task Force (2004) Final Report on the August 14, 2003 Blackout in the United States and Canada:
Causes and Recommendations.
Viikinsalo, J., Martin, A., Morison, K., et al. (2006) Transient Security Assessment in Real-Time at Southern Company. IEEE Power
Systems Conference & Exposition, Atlanta, GA.
Wang, L. (2012) Techniques for High Performance Analysis of Transient Stability. IEEE PES General Meeting, San Diego, USA.
Wang, L. and Morison, K. (2006) Implementation of online security assessment. IEEE Power and Energy Magazine, 4, 47–59.
Wang, L., Howell, F., and Morison, K. (2008a) A Framework for Special Protection System Modeling for Dynamic Security Assessment
of Power Systems. Powercon Conference, New Delhi, India.
Wang, L., Howell, F., Moshref, A., et al. (2008b) A Real-Time Voltage Security Assessment System (VSAS) at Alberta Electric System
Operator. CIGRÉ Canada Conference on Power Systems, Winnipeg, Canada.
Wang, L., Tong, J., and Li, H. (2012) An Application Example for On-line DSA Systems. Powercon 2012, Auckland, New Zealand.
WECC (2006) Generating Unit Model Validation Policy, www.wecc.biz (accessed 2 November 2015).
WECC (2015) WECC Dynamic Composite Load Model (CMPLDW) Specification, Western Electricity Coordinating Council, Salt
Lake City, UT, USA.
Xue, Y., Van Custem, T., and Ribbens-Pavella, M. (1989) Extended equal area criterion justifications, generalizations, applications.
IEEE Transactions on Power Systems, 4 (1), 44–52.
Xue, J., Yin, Z., Wu, B., and Peng, J. (2009) Design of PV Array Model Based on EMTDC/PSCAD. Proceedings of Power and Energy
Engineering Conference, Wuhan, China, pp. 1–5.
DOI: 10.1002/9781118755471.sgd090

Smart Grid Handbook Dynamic Security Assessment

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Smart Grid Handbook Dynamic Security Assessment

Uploaded by

Copyright:

Available Formats

Dynamic Security Assessment

Lei Wang1 , Xi Lin1 , Fred Howell1 , and Kip Morison2

Figure 1 Operation states of a power system

2. Building a set of system models necessary for the assessment.

• highly interconnected systems, or on the contrary, highly independent microgrids,

1. Contingencies. These are the disturbances that may occur in a system.

2.2 System Performance

1. Determine appropriate models to be included for the specific study.

3.1 Power System Network

• Exciter/automatic voltage regulator (AVR) model

3.4 Advanced Transmission Technologies

System bus Low-side bus Load bus

Figure 2 Composite load model

3.5 Protective Devices

3.6 Model Validation

• Checking the consistency of models through simulation-based methods

4.1 Power Flow Analysis

4.2 P–V Analysis

Voltage stability margin

Figure 3 P–V analysis

4.3 Time-Domain Simulations

• Positive sequence root-mean-square (RMS) phasor values (where applicable).

4.4 Eigenvalue Analysis

4.5 Direct Methods

4.6 Other Methods

• V–Q analysis for voltage stability assessment (Taylor, 1994).

4.7 Control and Enhancements

Figure 4 Two-dimensional transfer limit monogram

5.2 Online DSA

Reporting and visualization:

Other functions: Controls:

Figure 5 Main components of an online DSA system

• types of security to be analyzed and the criteria to be applied,

5.2.4 Reporting and Visualization

5.2.6 Other Functions

5.3 Coordinated Applications of Online DSA

5.3.1 Real-Time Systems

5.3.2 Off-line Systems

5.3.3 Coordination and Integration

5.4 Applications and Benefits

5.4.1 Application Examples

Grid Codes in Power Systems with Significant Renewable-Based Generation;

You might also like