Cyber Infrastructure for the Smart Electric Grid E-Book

Table of Contents

Cover

Title Page

Copyright

About the Authors

Acknowledgments

Acronyms

1 Introduction to the Smart Grid

1.1 Overview of the Electric Power Grid

1.2 What Can Go Wrong in Power Grid Operation

1.3 Learning from Past Events

1.4 Toward a Smarter Electric Grid

1.5 Summary

1.6 Problems

1.7 Questions

Further Reading

2 Sense, Communicate, Compute, and Control in a Secure Way

2.1 Sensing in Smart Grid

2.2 Communication Infrastructure in Smart Grid

2.3 Computational Infrastructure and Control Requirements in Smart Grid

2.4 Cybersecurity in Smart Grid

2.5 Summary

2.6 Problems

2.7 Questions

Further Reading

3 Smart Grid Operational Structure and Standards

3.1 Organization to Ensure System Reliability

3.2 Smart Grid Standards and Interoperability

3.3 Operational Structure in the Rest of the World

3.4 Summary

3.5 Problems

3.6 Questions

Further Reading

4 Communication Performance and Factors that Affect It

4.1 Introduction

4.2 Propagation Delay

4.3 Transmission Delay

4.4 Queuing Delay and Jitter

4.5 Processing Delay

4.6 Delay in Multi‐hop Networks

4.7 Data Loss and Corruption

4.8 Summary

4.9 Exercises

4.10 Questions

Further Reading

5 Layered Communication Model

5.1 Introduction

5.2 Physical Layer

5.3 Link Layer: Service Models

5.4 Network Layer: Addressing and Routing

5.5 Transport Layer: Datagram and Stream Protocols

5.6 Application Layer

5.7 Glue Protocols: ARP and DNS

5.8 Comparison Between OST and TCP/IP Models

5.9 Summary

5.10 Problems

5.11 Questions

Further Reading

6 Power System Application Layer Protocols

6.1 Introduction

6.2 SCADA Protocols

6.3 ICCP

6.4 C37.118

6.5 Smart Metering and Distributed Energy Resources

6.6 Time Synchronization

6.7 Summary

6.8 Problems

6.9 Questions

Further Reading

7 Utility IT Infrastructures for Control Center and Fault‐Tolerant Computing

7.1 Conventional Control Centers

7.2 Modern Control Centers

7.3 Future Control Centers

7.4 UML, XML, RDF, and CIM

7.5 Basics of Fault‐Tolerant Computing

7.6 Cloud Computing

7.7 Summary

7.8 Problems

7.9 Questions

Further Reading

8 Basic Security Concepts, Cryptographic Protocols, and Access Control

8.1 Introduction

8.2 Basic Cybersecurity Concepts and Threats to Power Systems

8.3 CIA Triad and Other Core Security Properties

8.4 Introduction to Encryption and Authentication

8.5 Cryptography in Power Systems

8.6 Access Control

8.7 Summary

8.8 Problems

8.9 Questions

Further Reading

9 Network Attacks and Protection

9.1 Attacks to Network Communications

9.2 Mitigation Mechanisms Against Network Attacks

9.3 Network Protection Through Firewalls

9.4 Intrusion Detection

9.5 Summary

9.6 Problems

9.7 Questions

Further Reading

10 Vulnerabilities and Risk Management

10.1 System Vulnerabilities

10.2 Security Mechanisms: Access Control and Malware Detection

10.3 Assurance and Evaluation

10.4 Compliance: Industrial Practice to Implement NERC CIP

10.5 Summary

10.6 Problems

10.7 Questions

Further Reading

11 Smart Grid Case Studies

11.1 Smart Grid Demonstration Projects

11.2 Smart Grid Metrics

11.3 Smart Grid Challenges: Attack Case Studies

11.4 Mitigation Using NIST Cybersecurity Framework

11.5 Summary

11.6 Problems

11.7 Questions

Further Reading

Index

End User License Agreement

List of Tables

Chapter 1

Table 1.1 List of well‐known blackouts around the world.

Chapter 6

Table 6.1 Application layer SCADA protocols.

Chapter 7

Table 7.1 Taxonomy of faults.

Table 7.2 Advantages of cloud computing over traditional on‐site computatio...

Chapter 9

Table 9.1 Packet filtering rules – an example.

Chapter 10

Table 10.1 Goals and techniques of security testing.

List of Illustrations

Chapter 1

Figure 1.1 Major components of the power grid.

Figure 1.2 Interconnections in the North American Power Grid.

Figure 1.3 Structure of electricity flow from generating stations to the con...

Figure 1.4 Load curves for a typical day.

Figure 1.5 Voltage levels in the power grid.

Figure 1.6 Cyber‐physical system layers.

Chapter 2

Figure 2.1 Sensing, communication, computation, and control for the cyber‐ph...

Figure 2.2 Capturing data from different locations synchronously.

Figure 2.3 Phasor measurement unit architecture.

Figure 2.4 Sampling rate of waveforms for PMUs.

Figure 2.5 Original phasors and positive sequence components of phasors.

Figure 2.6 Phasor estimation using DFT.

Figure 2.7 PMU data packet.

Figure 2.8 PMU‐based applications for the future smart grid.

Figure 2.9 Communication, computation, and control for smart grid.

Figure 2.10 Functions of control center.

Figure 2.11 Various control center applications and their timelines.

Chapter 3

Figure 3.1 Role of balancing authority.

Figure 3.2 Balancing authorities in the United States.

Figure 3.3 Interaction between utilities, enforcement agencies, and user gro...

Chapter 4

Figure 4.1

for

in [0 …0.95].

Chapter 5

Figure 5.1 OSI layered network model.

Figure 5.2 TCP/IP network model.

Figure 5.3 Ethernet frame format.

Figure 5.4 Institutional network using Ethernet.

Figure 5.5 MPLS format.

Figure 5.6 Overview of a router.

Figure 5.7 IP datagram format.

Figure 5.8 IP addressing – subnets.

Figure 5.9 IP addressing – host part and subnet part.

Figure 5.10 Routing algorithms set up.

Figure 5.11 Packet duplication strategies.

Figure 5.12 Sockets and processes.

Figure 5.13 TCP/UDP segment format.

Figure 5.14 TCP segment structure.

Figure 5.15 Link layer addressing.

Chapter 6

Figure 6.1 A typical SCADA system architecture.

Figure 6.2 DNP3 network stack.

Figure 6.3 IEC 61850 network stack.

Figure 6.4 ICCP protocol between control centers.

Figure 6.5 IEEE C37.118 data format.

Figure 6.6 General smart metering architecture.

Chapter 7

Figure 7.1 Architecture of a conventional control center.

Figure 7.2 Architecture of a modern control center.

Figure 7.3 Architecture of future control centers.

Figure 7.4 UML class.

Figure 7.5 UML inheritance

Figure 7.6 UML association.

Figure 7.7 UML composition.

Figure 7.8 UML aggregation.

Figure 7.9 CIM for a breaker.

Figure 7.10 Cascading faults.

Chapter 8

Figure 8.1 Likelihoods and consequences of threats.

Figure 8.2 Energy consumption data impacts on consumer privacy.

Figure 8.3 Symmetric and asymmetric encryption.

Figure 8.4 Hash functions.

Figure 8.5 MAC algorithm.

Figure 8.6 Certificate generation.

Figure 8.7 DNP3 authentication techniques. (a) Challenge‐Response. (b) Aggre...

Figure 8.8 Access control overview.

Figure 8.9 Examples of RBAC roles.

Chapter 9

Figure 9.1 Reflection attack.

Figure 9.2 ARP spoofing attack.

Figure 9.3 Security enhancements in the TCP/IP stack.

Figure 9.4 TLS protocol stack.

Figure 9.5 Typical TLS handshake.

Figure 9.6 IPsec ESP modes of operation.

Figure 9.7 Firewall showing separation between the critical enterprise netwo...

Figure 9.8 Intrusion detection systems.

Figure 9.9 Attack detection cases.

Figure 9.10 Snort IDS.

Chapter 10

Figure 10.1 Bugs and vulnerabilities in software.

Figure 10.2 Run‐time memory of a process.

Figure 10.3 Buffer overflow – manipulation of ret value.

Figure 10.4 Hardware access control layers.

Figure 10.5 Port scanning mechanism.

Figure 10.6 Network monitoring mechanism.

Figure 10.7 Network policy review.

Figure 10.8 Vulnerability scanning mechanism.

Figure 10.9 Continuous monitoring using the SCAP protocol.

Chapter 11

Figure 11.1 Conceptual model of the future smart grid.

Figure 11.2 LNK vulnerability – from infected removable drive to gaining ele...

Figure 11.3 Infected host communicating with command and control server to r...

Figure 11.4 Steps in the Ukraine cyber attack of 2018.

Figure 11.5 Defense‐in‐depth approach to mitigate cybersecurity concerns....

Guide

Cover

Table of Contents

Title Page

Copyright

About the Authors

Acknowledgments

Acronyms

Begin Reading

Index

End User License Agreement

Pages

iii

iv

xi

xiii

xv

xvi

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

35

36

37

38

39

40

41

42

43

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

110

111

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

Cyber Infrastructure for the Smart Electric Grid

This edition first published 2023© 2023 John Wiley & Sons Ltd

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.

The right of Anurag K. Srivastava, Venkatesh Venkataramanan, and Carl Hauser to be identified as the authors of this work has been asserted in accordance with law.

Registered Office(s)John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USAJohn Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK

Editorial OfficeThe Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK

For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.

Wiley also publishes its books in a variety of electronic formats and by print‐on‐demand. Some content that appears in standard print versions of this book may not be available in other formats.

Limit of Liability/Disclaimer of WarrantyIn view of ongoing research, equipment modifications, changes in governmental regulations, and the constant flow of information relating to the use of experimental reagents, equipment, and devices, the reader is urged to review and evaluate the information provided in the package insert or instructions for each chemical, piece of equipment, reagent, or device for, among other things, any changes in the instructions or indication of usage and for added warnings and precautions. While the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

Library of Congress Cataloging‐in‐Publication Data applied for

Hardback ISBN: 9781119460756

Cover Design: WileyCover Image: © metamorworks/Shutterstock

About the Authors

Anurag K. Srivastava, PhD, is the Raymond J. Lane Professor and Chairperson of the Lane Department of Computer Science and Electrical Engineering in the Benjamin M. Statler College of Engineering and Mineral Resources at West Virginia University. He is the director of the Smart Grid Resiliency and Analytics Lab (SGREAL) and an IEEE Fellow.

Venkatesh Venkataramanan, PhD, is a Researcher at the National Renewable Energy Laboratory, working on cyber‐physical systems. He was previously with Washington State University and Massachusetts Institute of Technology.

Carl Hauser, PhD, is emeritus faculty in Computer Science at Washington State University. He received his PhD from Cornell University. Following 20 years in industry at IBM Research and Xerox Research, he joined WSU where he conducted research on communications and cybersecurity for electric grid operations.

Acknowledgments

Authors are thankful to students who were brave enough to take the team‐taught course offered at the Washington State University. Students shaped up the course material development process over multiple offerings. Authors are also thankful to the US Department of Energy and the Power System Engineering Research Center (PSERC) for supporting the course development. We acknowledge the support from our colleagues including Dr. Adam Hahn, Prof. David Bakken, Dr. Min Sik Kim, and Prof. Anjan Bose.

Acronyms

ASTA

Arrivals See Time Averages

BHCA

Busy Hour Call Attempts

BR

Bandwidth Reservation

b.u.

bandwidth unit(s)

CAC

Call/Connection Admission Control

CBP

Call Blocking Probability(‐ies)

CCS

Centum Call Seconds

CDTM

Connection‐Dependent Threshold Model

CS

Complete Sharing

DiffServ

Differentiated Services

EMLM

Erlang Multirate Loss Model

erl

The Erlang unit of traffic‐load

FIFO

First in–First out

GB

global balance

GoS

Grade of Service

ICT

Information and Communication Technology

IntServ

Integrated Services

ITU‐T

International Telecommunication Unit – Standardization sector

IP

Internet Protocol

LIFO

Last in–First out

LHS

left hand side

LB

local balance

MMPP

Markov Modulated Poisson Process

MPLS

Multiple Protocol Labeling Switching

MRM

multi‐retry model

MTM

multi‐threshold model

PASTA

Poisson Arrivals See Time Averages

pdf

probability density function

PDF

probability distribution function

PFS

product form solution

QoS

quality of service

RED

random early detection

r.v.

random variable(s)

RLA

reduced load approximation

RHS

right‐hand side

SIRO

service in random order

SRM

single‐retry model

STM

single‐threshold model

TH

Threshold(s)

TCP

Transport Control Protocol

UDP

User Datagram Protocol

1Introduction to the Smart Grid

The power grid has been evolving from a physical system to a “cyber‐physical” system to sense, communicate, compute, and control with enhanced digitalization. The cyber‐physical smart grid includes components from the physical power system, digital devices, and the associated communication infrastructure. To realize the vision of the smart grid, massive amounts of data need to be transferred from the field devices to the control devices or to the control centers. As more optimal algorithms are deployed for best possible control at a faster time scale, the communication infrastructure becomes critical to provide the required inputs. At the same time, increased number of “smart” devices in the grid also increase the attack surface for potential cyber attacks. It is necessary to study the power system's exposure to risks and vulnerabilities in the associated cyber system.

1.1 Overview of the Electric Power Grid

The electric power grid can be defined as the entire apparatus of wires and machines that connects the sources of electricity with the customers. A power grid is generally divided into four major components as shown in Figure 1.1:

Generation

Transmission

Distribution

Loads

Electricity was first generated, sold, and distributed locally in 1870s via direct current (DC) circuits over very small distances. As the demand for electricity became more widespread, the cost of construction and distribution of local generation and DC circuits to carry the power over long distances became prohibitively expensive. Hence, alternating current (AC) generation, transmission, and distribution became the standard that is used to this day. However, the infrastructure of the power grid is getting older – the average age of a transformer is greater than 50 years old and has already exceeded its expected lifetime. The electric grid faces several problems, including a problem with the oncoming retirement of at least 5% of the workforce and one of the lowest R&D expenditure as compared to other critical infrastructures.

Figure 1.1 Major components of the power grid.

Source: Energy Information Administration (EIA), public domain.

The situation is getting better, however, with increasing interest in national security and acknowledgment of the critical role that the power grid plays in the overall quality of life. In a full circle, localized generation using distributed energy resources (DERs) is making a comeback, with a combination of both AC and DC systems. Today's generation systems are a combination of different types of sources – including fossil fuels, natural gas, renewable resources, and nuclear energy. These generation systems are often located in remote areas for ease of doing business and for environmental reasons.

The power that is generated at the generating stations is brought to the consumers by a complex network of transmission lines. The North American power grid comprises of four major interconnections as shown in Figure 1.2:

Western interconnection

Eastern interconnection

Quebec interconnection

Electricity Reliability Council of Texas

(

ERCOT

) interconnection

Figure 1.2 Interconnections in the North American Power Grid.

Source: North American Energy Reliability Corporation (NERC), public domain.

These interconnections are zones in which the electric utilities are electrically tied together, indicating that the areas are synchronized to the same frequency and power can flow freely in that area. The interconnections operate nearly independently of each other except for some high‐voltage direct current (HVDC) interconnections between them. DC converter substations enable the synchronized transfer of power across interconnections regardless of the operating frequency as DC power is non‐phase dependent.

The flow of electricity is instantaneous, indicating that the power that is being consumed is also being simultaneously generated. Commercially viable mechanisms for storing electricity for longer duration do not exist currently; hence, the power plants and the grid are constantly operating. The structure of the flow of electricity is illustrated in Figure 1.3, which shows the critical nature of the transmission system in bringing electricity from the generating plants to the customer's use.

Figure 1.3 Structure of electricity flow from generating stations to the consumer.

Power demand constantly fluctuates throughout the day depending on consumer behavior. There are various factors that create this changing behavior, including population density, work schedules, weather, and other activities. In addition, special activities that involve a large number of people also have to be considered, such as big sporting events or an impending weather event over a large area. Figure 1.4 shows a typical daily “load” curve as it is referred to, which shows how the electric load varies across a day depending on the activities throughout the day. The peak demand occurs in the early evening when people return from work and are engaged in family activities or dinner preparation. The power demand rises and falls throughout the day depending on other activities, such as a peak when people are getting ready for work or troughs when they are sleeping. These load curves are constantly monitored and predicted by the utilities and operators to plan for the operation of the grid, and they are updated at regular intervals to account for changes in behavior, such as the COVID‐19 pandemic.

Figure 1.4 Load curves for a typical day.

Source: US Department of Energy, Office of Electricity Delivery and Energy Reliability.

The power distribution system is the last leg of the power delivery from the substations to the consumer. The three components of the power grid are usually defined by the voltage levels at which they operate at. Generation happens at generating stations at low voltages, following which the power is immediately transformed to much higher voltages on site. Generation plants send the power where they are stepped up till 20,000 V, following which they are fed to the transmission grid where they can be stepped up as high as 765,000 V, commonly written and referred to as 765 kV. The power is stepped up to these very high values to reduce losses in transmission, which are directly proportional to the current and inversely proportional to the voltage. The distribution system substation is considered to be at the 13.2 kV level (or could be higher), following which the voltage is stepped down to be sent to the consumers. This structure is illustrated in Figure 1.5.

Figure 1.5 Voltage levels in the power grid.

Energy control centers have traditionally been the decision centers for the electric generation and transmission centers. There are enabled by the wide area measurements fed to the control centers by the SCADA (Supervisory Control And Data Acquisition) and other measurement systems. The control center operator(s) is a key part of the overall operation of the grid with various responsibilities including but not limited to the following:

Monitor and react to key system performance indices such as voltage, frequency, power quality, and other metrics (such as reliability metrics).

Respond to emergencies and alerts – the control system operator has to handle the alerts from various algorithms and applications running at the control center. In addition, they also deal with emergencies such as trees hitting transmission lines or fires because of malfunctioning equipment.

Ensure system reliability by scheduling maintenance on equipment in anticipation of failures.

Respond to larger customer requests such as industries or other infrastructures. This could be a larger consumer who is testing their on‐site back‐up generation or infrastructural loads such as the transit system.

Coordinate with other stakeholders such as generation companies, transmission operators, utilities, and maintenance crews among others to ensure seamless operation.

Ensure that system operation is compliant with system regulations put in place by authorities such as FERC and NERC at all times.

In short, the control system is responsible for ensuring that electricity is being generated, transmitted, and distributed to the consumers in a safe and reliable manner. It coordinates all system operations with the other stakeholders by monitoring the performance and reacting to problems, ensuring that its operation is compliant with regulations at every instance.

1.1.1 Power Grid Operation

The power system is operated with support from a set of power “applications,” which are monitor and control algorithms embedded into software tools based on the laws of physics. These algorithms allow the operator to understand the condition of the power grid at that moment and enable the operator to take decisions that can control the grid as desired. There are several power system applications that are critical to its operation, with several more being developed based on the new technologies that are being deployed in the grid. It is important to understand the key fundamental applications, as this will allow deeper understanding of the newer applications in the smart grid. Examples of these applications include the following:

Power flow

State estimation

Optimal power flow and economic dispatch

Continuation power flow

Automatic generation control

(

AGC

)

Stability analysis

Power flow is the algorithm that determines the complex voltage at every node in a network, given the generator power injections and voltage set points, load‐active and reactive power demands, and network impedances. The solution of the power flow is based on Kirchhoff's laws. There are multiple solution techniques for solving the power flow, of which the most common ones are (i) the Newton–Raphson technique, (ii) the Gauss–Seidel technique, and (iii) the fast decoupled load flow (FDLF). There are also techniques exclusive to distribution systems that take into account the radiality of the networks, which include techniques such as the forward backward sweep technique.

The Newton–Raphson method of solving the power flow requires the formation of a gradient matrix called the Jacobian. The Jacobian matrix is formed by eliminating the slack bus (which is the reference bus from which the voltage angles are determined) and the voltage buses from the bus data. The Jacobian matrix is actually a combination of four different matrices: The real power () and reactive power () are differentiated with respect to voltage () and angle (). The updated voltage and angles are found out by multiplying the inverse of the Jacobian with the changes in and . The above process is iterated until the difference in the mismatch vectors ( and ) for successive iterations are small enough than the tolerance value. In this case, the tolerance value is set at 0.01. This indicates that the power flow solution is accurate up to 0.01 pu, which is the accepted tolerance condition. The fast decoupled power flow technique is similar to the Newton–Raphson method, except that the Jacobian remains constant. This is achieved through two assumptions:

The resistance

= 0

Difference in angle

= 0

Together, these two assumptions indicate that J11 and J22 (the diagonal elements of the Jacobian) become constant and is equal to the imaginary part of the Y Bus. Hence, for the FDLF method, the Jacobian remains constant throughout the iterating process. Like the Newton–Raphson method, the FDLF method also looks at the mismatch vector to find out when to stop iterating. Because of the assumptions made in the solution, the FDLF method takes more iterations to converge but is faster to compute as the Jacobian remains unchanged.

Continuation power flow is used to determine the stability of the system. In the continuation power flow, the power flow is solved continuously by changing the load conditions for each time. This is not possible in the usual power flow as the Jacobian becomes singular after some time. To solve this problem, a predictor–corrector technique is used.

State estimation is used to find the condition of the system. The usual measurements used are voltage (), real (), and reactive () powers and line flows () from both ends of the line. The combined matrix of all these measurements is referred to as the “” matrix. Some errors are usually assumed to be present in these measurements, from equipment malfunctions or loss of data in communication. State estimation can be performed through various techniques, but the most popular method is the weighted least squares (WLS) technique, which allows weighing of measurements to account for inaccurate measurements. Another important part of state estimation is the detection of bad data in the measurements, and the most common method for this is the chi‐squared statistical test. This test looks at the probability of a value lying outside a given range for the degree of freedom and the accuracy.

These power system applications together enable the operator to have situational awareness on the state of the grid and enable them to take control actions to mitigate any problems. In the context of the smart grid, it is important to note that the timeline for the power system applications are becoming shorter because of the increasing application requirements.

1.2 What Can Go Wrong in Power Grid Operation

The power grid infrastructure is vast, spread across a wide geographical area, and consists of various components. Considering the scale of the power grid, it is exposed to various threats and has several vulnerabilities. While the power grid is designed with multiple redundancies to operate through various contingencies, it can still suffer from failures. These failures are often a result of power grid elements not performing as expected or because of external disturbances. Failures can occur in individual components such as generators, transmission lines, and measuring and monitoring equipment or may happen across multiple components. In general, when these failures occur at the transmission level, they are termed as “faults.” There can be a variety of faults in the grid caused by external or internal sources:

Lightning

Wind and snow

Deterioration of materials (insulation, conductors, etc.)

Trees

Motor vehicle accidents (such as people driving into electric poles)

Human errors (mistakes in interpreting situations and wrong control actions)

Cyber attacks

Animals (mainly squirrels)

Faults are dangerous situations as they are largely uncontrolled and can lead to dangerous situations such as arc flashes. These can be fatal to people and cause expensive damage to equipment, which often takes a long time to repair. Hence, the power grid has various levels of “protection” built into it as a first line of defense. These protective systems try to isolate the faults from the rest of the power grid to (i) stop the flow of energy to the affected area and (ii) prevent the fault from cascading to other parts of the grid. Protection equipment are mainly either (i) fuses or (ii) circuit breakers.

Fuses are used mostly in distribution circuits. They are capable of both detecting and isolating faults, but with less flexibility. They are specially designed and rated wires that melt when the current passing through them is higher than a specified tolerance. However, fuses are very simple to install and are inexpensive, but a problem with fuses is that they need to be replaced in case they are “activated,” as they simply melt to break the electrical connection. For this reason, fuses are more prevalent in the distribution circuits where outages affect a smaller number of people.

Circuit breakers and switches come in different types, but a major difference from fuses is that they are re‐usable and can sometimes be operated remotely. Circuit breakers operate in tandem with a relay, which performs the sensing and monitoring functions. The relay is responsible for detecting the presence of a fault by monitoring the current and other factors and send a “trip” signal to the circuit breaker, which then breaks the electrical connection by “opening” the circuit. Relays are often programmed or “set” by a variety of complex mechanisms for detecting a wide variety of faults. These are referred to as relay protection “schemes,” whose examples include distance protection scheme, undervoltage or overvoltage protection, and generator protection. Circuit breakers can be mechanical or solid‐state devices. They are also deployed at the low‐voltage level, most commonly in breaker panels in houses. However, these low‐voltage devices are different from the high‐voltage devices, although both work by isolating the fault from the rest of the circuit when it detects a fault. In the smart grid, smart circuit breakers are becoming more ubiquitous, especially at places where the circuit breakers are often tripped. Smart circuit breakers enable the operator to operate it from the control center remotely, thus significantly reducing the time it takes to energize a circuit after a fault, as compared to sending out a maintenance truck to turn it on again.

1.3 Learning from Past Events

The power grid infrastructure is unique from other critical resources such as water in that the power grid cannot “store” electricity anywhere in the system in bulk. Although batteries are capable of storing electricity, they cannot hold it for a long duration, and the process of storing and retrieving electricity from batteries inherently comes with losses. Moreover, having large‐scale batteries is still an expensive proposition for the electric grid. This lack of storage suggests that when failures occur in the power grid, there is very limited time to respond to such failures. Electricity being utilized by the consumer is being generated at every instant, and there cannot be a pause in the generation process. When a fault occurs in the grid, the rest of the generating resources need to increase their production immediately to ensure that the shortfall is covered. Because the generators are usually huge rotating machines that generate AC power, they provide the grid with an inherent inertia that takes care of the shortages for a few cycles. In the meantime, because the grid works synchronously at the same frequency, other generators that are connected try to spin faster when a loss of a generator leads to a drop in the frequency. However, when the shortage is not mitigated quickly either through automated responses or through operator control actions, the generators fall out of synchronism, leading to a loss of electricity transmission and consumers being disconnected from the grid. This situation is called as a “blackout.” Table 1.1 shows a list of well‐known blackouts that have resulted in a large number of people being deprived of power. Blackouts lead to life‐threatening situations with tremendous economic consequences.

Table 1.1 List of well‐known blackouts around the world.

Location

Date (MM/DD/YY)

Scale (MW or population)

Blackout time

US – Northeast

10–11/9/65

20,000 MW, 30 M

13 minutes

New York

7/13/77

6,000 MW, 9 M

1 hour

France

1978

29,000 MW

26 minutes

Japan

1987

8,200 MW

20 minutes

US – West

07/02/96

11,700 MW

36 seconds

US – West

8/10/96

30,500 MW

>6 minutes

Brazil

3/11/99

25,000 MW

30 seconds

US – NE

8/14/03

62,000 MW, 50 M

>2 hour

London

8/28/03

724 MW, 476 K

8 seconds

Denmark and Sweden

9/23/03

6,500 MW, 4 M

7 minutes

Italy

9/28/03

27,700 MW, 57 M

27 minutes

India

7/30/12

48,000 MW, 600 M

>6 hours

Brazil

03/21/18

18,000 MW, 10 M

>4 hours

Ukraine

12/23/15

73 MW, 230 K

6 hours

US – Texas

2/2021

15,000–20,000 MW

hours–days (rolling)

Blackouts often prove to be watershed moments in grid operations. For example, the 1965 blackout in the NE United States leads to the development of the modern control centers, with wide area measurements and better situational awareness and control. Similarly, the 2003 blackout is also a significant event in the operation of the power grid, especially in the United States. The August 2003 blackout is one of the largest in the history and shut down 263 power plants (531 units) in the United States and Canada. It left over 50 million people without power at various times and affected eight states in the United States (Michigan, Ohio, Pennsylvania, New York, Vermont, Massachusetts, Connecticut, and New Jersey) and the province of Ontario in Canada. Approximately 62,000 MW of load was lost, and power was restored as early as 2 hours into the blackout, while other people were left without power for up to 14 days. A simplified sequence of events is described as follows:

1 : 30 – Loss of East Lake generator because of over excitation

2 : 02 – Loss of Stuart–Atlanta transmission line because of tree contact

2 : 02 – Midwestern ISO's system model becomes inaccurate, not reflecting the changes in the field

2 : 14–3 : 08 – Software bug in FirstEnergy's control center, leading to continuous alarms for over an hour that went unnoticed