This section provides three case studies to demonstrate the proposed novel state description as well as the interdependency between the states of PS and ICT domains in CPES. After outlining the CPES architecture considered, the ICT states of two grid services, namely State Estimation (SE) and OLTC control are analysed individually in the first two case studies. These grid services are chosen to represent a High-level service and a RA respectively, which are the previously identified bridging aspects. The third case study analyses the ICT states of SE-based OLTC control to investigate the states of interdependent grid services sharing the same ICT infrastructure. In all three cases, the resulting impact of ICT state degradation on the interconnected PS is also investigated.
Figure 4 shows the considered CPES with the two grid services. A typical implementation of grid services consists of a set of Operational Technology (OT) devices, such as Remote terminal Units (RTU) and IEDs, placed in the PS to measure required parameters. In addition to sensing, the OT devices located at the DERs also include control capabilities. A server, located in the control room, provides the computational resources required for running various processing algorithms, such as SE. In this context, the control room represents the system operator. Field measurements are transmitted to the control room using a communication network with devices such as routers, links and network switches. The communication network could either be wired or wireless and has a delay associated with it. However, in Fig. 4 the components of the communication network components are abstracted and depicted as a link with a total latency. Each component of the ICT system has a certain functionality like measuring (e.g., OT devices), data transmission (e.g., router and links) and processing (e.g., server), which is associated with certain processing times. The server processes these measurements and provides suitable SE results. The transformer tap changing is done using an ICT-based OLTC controller. This controller can receive both local as well as remote measurements. Local measurements are received via direct link to the OT device, whereas remote measurements are received via the communication network. The OLTC controller can alternatively also operate based on the results of SE service, which it receives from the control room.
Both services have several ICT requirements for their normal operation. Failures in any of the ICT components may violate these requirements, thereby affecting the performance of the services. The aforementioned requirements in terms of availability, latency and accuracy are quantified for the specific implementation of the underlying ICT system. As a result, these conditions depend on the performance of components within the ICT system. In this paper, the impact of component failures on these conditions is considered, i.e., failures in the existing ICT system and their impact on services is investigated. The states of grid services are derived based on their performance.
Case study 1: analysis of a high-level service - state estimation
SE is one of the most important ICT-enabled services, which performs real-time monitoring of PS (Abur and Exposito 2004). It involves estimating the state variables of PS, namely voltage magnitude and phase angles, from the measurements gathered from the OT devices (e.g., RTU, IED) at any given time. Typical field measurements include active and reactive power flows, current magnitude, voltage magnitude and active and reactive power injections. Additionally, the status of circuit breakers and switches are used to determine the current system topology. SE helps the system operators to identify the current operational state of the PS in accordance with the ESSC. Redundant measurements can be used to reduce the impact of measurement and telemetry errors, leading to a more accurate estimation. As shown earlier, SE is a high-level service and a failure of SE service causes the PS state to degrade to Emergency State.
In order to model the performance of SE service, the requirements for the service to perform normally are to be investigated. This can be determined using two aspects, namely, solvability and accuracy. Consider a PS with n state variables and m measurements, with m≥n. From (Lukomski and Wilkosz 2008), the typical condition for the solvability of SE can be identified as ρ(H)>=n, where ρ(H) is the rank of the measurement Jacobian matrix H that relates the measurements m with the state variables n. Let Ms={Ms1,...,Msn} denote the set of field measurements received at the control room. It is evident that the accuracy of SE results is influenced by the accuracy of Ms, assuming that the SE algorithm runs ideally. The accuracy of Ms, which is determined using its standard deviation σ, must satisfy \(\sigma _{M_{sn}} < \sigma _{max_{Mn}}\), where \(\sigma _{max_{Mn}}\) represents the maximum allowed deviation of measurements set by the SE. Moreover, since SE is performed dynamically, there exists a time constraint as well. A typical SE provides an estimation for a specific time period. To do so, data from the field must be available and processed in the control room within this time period. This is referred to as latency l and may vary depending on the implementation. Typical latency requirements for SE can be found in Kansal and Bose (2012); Kuzlu et al. (2014). In this paper, the median value of the latency is used since if the median latency (η(l)) is lower than the permitted latency, then it implies that majority of the measurements satisfy the latency requirements of the SE service, i.e., η(l)<llimits. The solvability condition can be violated due to either unavailability of field measurements (e.g., due to OT device failure) or excessive latency in communication network (e.g., due to congestion). The SE service may also have a set of pseudo measurements Mp={Mp1,...,Mpn} available at the control room. Each element in Mp is related to the corresponding element in Ms. Pseudo measurements are typically derived using the knowledge of historical measurements available in the control room. If a certain measurement is not received in the control room within time interval l, corresponding pseudo measurements may be used. Since the ICT systems aims to provide normal operation of grid services, the state of the ICT system can be determined based on the performance of SE service. These states are described as follows:
Normal State -SE is said to be in Normal State if both solvability and accuracy conditions are satisfied, i.e., ρ(H)≥n from available OT devices, η(l)<llimit from the communication network and \(\sigma _{M_{sn}} < \sigma _{max_{Mn}}, \forall M_{s}\). Note that, Mp is not used in Normal State. In this state, the system operator can use this service to perform real-time monitoring and estimation of the required state variables.
Limited State -Disturbances such as failures in OT devices or congestion in communication networks may cause both the solvability and accuracy conditions to be violated. In the case that ρ(H)<n or \(\sigma _{M_{sn}} > \sigma _{max_{Mn}}\), suitable Mp may be used, if available, to fulfil these conditions. Since Mp are derived based on historical data, they are less accurate in representing the current status of the PS when compared to Ms. Therefore, the SE service is said to be in Limited State when Mp are used. However, it has to be ensured that \(\sigma _{M_{pn}} < \sigma _{max_{Mn}}\). In this state, the performance of SE is lower compared to that of the Normal State, i.e., the system operator can determine the current state of the system but with decreased accuracy of the estimated variables. Suitable actions must then be taken to restore the SE service to the Normal State.
Failed State -If ρ(H)<n and Mp=∅, then the SE is said to be in the Failed state. This is because the estimation algorithm is no longer solvable with available Ms. Additionally, if the accuracy of Ms received by SE falls below a certain predefined limit set by the system operator, the service is said to have failed. This can also happen when there is a lack of sufficient accuracy Mp. Such situations can be caused due to multiple failures in the ICT system, which can in turn decrease the accuracy of data received at the control room. Failures in the control room server can also result in the failure of SE service. This can however, be mitigated by the presence of redundant (or backup) servers. In this state, the SE loses its monitoring and estimation capabilities and hence, the PS moves to Emergency State (according to ESSC).
The conditions for ICT state classification for SE service are summarised in Fig. 5, which can be viewed in the place of the dotted box of Fig. 3. Using the states of SE service, which indicates its performance, the operator has better information regarding the operation of CPES as a whole i.e., both PS and ICT system. For example, when the PS is in Normal State and ICT-enabled SE service is in Limited state, the operator can know that there is an increased risk ICT disturbances causing SE service to fail; thereby pushing the PS into Emergency State (according to ESSC). The CPES operator can then be prepared to handle impending disturbances by possibly dropping the PS to Alert state, while being aware that the accuracy of SE results has decreased, indicated by the service being in Limited state.
Case study 2: analysis of a remedial action - OLTC control
This section investigates the ICT states of OLTC control, which is a remedial action. Transformers with OLTC decouple grids with different voltage levels. By varying the tap-position, the voltage of the entire secondary side can be adjusted and kept within the permissible limits, thereby serving as a remedial action for voltage problems in the secondary side. Contrary to conventional MV-LV transformers with fixed ratios, OLTC-equipped devices can vary their tap position during operation to dynamically adjust their ratio and thus provide better control capabilities (FNN 2016). As mentioned earlier, the OLTC controller in Fig. 4 operates by combining a local voltage measurement (e.g., directly at LV side of the transformer) and a remote measurement from voltage-wise the most critical node of the grid (e.g., voltage at the farthest bus from the transformer) (Kamps et al. 2018). Since the voltage profile of traditional unidirectional LV-feeders grids strictly decrease from transformer to the end of the feeder, the voltage profile of the whole can be sufficiently described using only these two measurements. In this case study, the state of the ICT system is determined by the performance of the OLTC control grid service.
Normal State -The OLTC service is said to be in Normal state when the controller receives both local and remote measurements accurately and in-time; and is able to suitably change the transformer taps. This implies that availability, accuracy and latency requirements are satisfied.
Limited State -In case of certain ICT failures, the remote voltage measurement may be unavailable or excessively delayed. The OLTC controller now acts solely based on the local voltage measurement. Compared to the Normal State, the OLTC controller in this state lacks knowledge of the grid’s overall voltage profile. Tap changing may therefore cause voltage problems in other parts of the grid, especially at the nodes furthest away from the transformer as described in Palaniappan et al. (2019). This represents the Limited State of OLTC control remedial action.
Failed State -Events such as outages in the OLTC controller, local sensor failure or failures in the local direct connection (depicted with green bold arrows in Fig. 4) may prevent the automatic adjustment of transformer taps. In this case, OLTC control cannot contribute to remedying voltage problems in the LV grid. This represents the Failed state of OLTC control service, where the remedial action is no longer available. Depending on the implemented fall-back solution, the transformer tap may automatically reset to the mid position or remain on the last tap position as shown in Kamps et al. (2018).
The conditions for ICT state classification of OLTC control are summarised in Fig. 6, which can be viewed in the place of the dotted box of Fig. 3. Using the states of OLTC control service, the operator can be made aware of potential ICT contingencies that could cause this RA to fail. In the case where the OLTC service is required to remedy an impending contingency, the service being in Failed state would cause the PS (or ESSC) to drop from Normal to Alert State. This is due to the fact that if the contingency occurs, the system operator cannot mitigate its impact and remedy the system (since OLTC control is the only RA considered in this case study).
Case study 3: analysis of SE-based OLTC - interdependant grid services
This case study considers a high-level service (SE) along with a remedial action (OLTC control). It investigates the implications of interdependency between the ICT-enabled grid services and shows how state degradation of one service affects the other. The resulting impact on the states of PS (ESSC) is also investigated.
Case study 2 shows an exemplary stand-alone OLTC controller. However, the increasing penetration of DERs leads to more complex voltage profiles, i.e., they can no longer be assumed to be strictly decreasing from the transformer. This implies that OLTC control requires measurements from several nodes across the grids in order to efficiently remedy voltage-violations in the grid. In this case study, the OLTC control operates based on the results of SE service, which it receives from the control room via communication network (refer Fig.4). This replaces the remote measurement of case study 2 and gives the OLTC controller a system-wide perspective as shown in Salih and Chen (2016). The OLTC service is said to be in Normal state when it receives accurate and timely estimates from the control room based on the SE service. In case of a SE failure or a communication failure between the controller and control room, the OLTC service uses the same falls-back mechanism as shown in case study 2, i.e., operation based on local measurement. This is referred to as the Limited state of the OLTC service. The Limited and the Failed states of OLTC service are similar to that of case study 2 and are shown in Fig. 6.
Figure 7 shows the impact of grid service state degradation on each other as well as on the states of PS (ESSC). The black arrows denote direct state transitions that have already been described in the previous two case studies. Note that, for the sake of brevity, not all possible transitions are shown in Fig. 7. The direct transitions between PS states (e.g., Normal to Alert or Alert to Emergency) are also not shown here and are assumed to be implicit. For instance, when the OLTC control is in Failed state, the PS drops to the Alert state. In this situation, the occurrence of a PS contingency can potentially lead to OL violations as the RA (i.e., OLTC control) is in Failed state. This would ultimately result in the PS dropping to the Emergency state. The blue arrows, on the other hand, represent examples of conditional state transitions that need to be added to the ESSC in order to obtain a state description for the CPES as a whole. They indicate transitions that occur when certain other conditions are satisfied. Two such exemplary conditional state transitions are shown in Fig. 7 and are described below.
Conditional State Transition 1: In this scenario, the consequence of the SE being in Limited state is that voltage estimates with decreased accuracy are sent to the OLTC controller. Even though the Limited state of SE does not affect the state of the PS, it can cause the OLTC service to drop to Limited state. The OLTC can then either use these insufficiently accurate SE results or rely on the local measurement only. This is important because it may lead to cascading failures as demonstrated by Conditional State Transition 2.
Conditional State Transition 2:The OLTC control based on insufficiently accurate SE results or on local measurement may lead to potentially incorrect tap-changing decisions. Since the OLTC control is the only available RA in this case study, a faulty tap-change can therefore lead to a voltage-violation in case of a contingency; thereby causing the PS to drop to Emergency state. This state transition demonstrates the possible impact of an RA operating incorrectly on the interconnected PS.
In the presence of multiple grid services, this case study highlights the need to consider their interdependency as it can lead to additional means of state degradation in both PS and ICT systems.