"The Year 2000 Threat To the Electrical Grid", by Dr. Klaus Ragaller, ABB Year 2000 Task Force

greenspun.com : LUSENET : Electric Utilities and Y2K : One Thread

The ABB Group (Asea Brown Boveri), is a global technology Group serving customers in electric power generation, power transmission and power distribution; automation; oil, gas and petrochemicals; industrial products and contracting; and financial services. They have branches and contact addresses in so many different countries I didn't bother to count them all.

What I did discover on their site is what (in my opinion, at least) is one of the most balanced and comprehensive articles about Y2K and electric power grids that I've yet encountered, written in terms most anyone can understand. This was published in the ABB Review in January of this year, so some of you may already have seen it; I hadn't.

There is good news; electrical generation is robust, many systems either are not digital, or do not depend on dates to function, or will not impede the flow of electricity if isolated from other dependent systems.

There is bad news; specific Y2K risks, those things which can trigger cascading events, and potential crisis scenarios are addressed. ABB does not assume all Y2K work will be done in time, or that all work will be error free, nor does it assume that potential simultaneous failures in less critical systems cannot cause plant trips. (A common sense position in my view.) System studies based on simulations and ABB's field experience are put forth, along with recommendations for those contingencies which need to be in place "in order to ensure a very robust and reliable electricity supply system".

This article is too long to post here in its entirety, and it has so much good information I don't want to pick out just bits and pieces of it to post. I believe it will be worth any reader's time to access the link and read the entire piece carefully. Read it a couple of times, there's a lot in it!

Go to:

http://www2.abb.ch/GLOBAL/CHIBM/CHIBM007.NSF/Y2K/F1

-- Anonymous, May 15, 1999

Answers

Thanks for the information, Bonnie. For some reason the address you used did not work for me.

My experience with ABB has been to test about a dozen or so protective relays and their associated software communication programs. In all cases but one software program, the units passed all of our Y2k tests, as per ABB. The one program (only used to communicate with the relay, not in the relay itself) that wouldn't allow entry of "00" for the date was upgraded by ABB and works fine. ABB equipment is widely used, and is in probably every major US and Canadian utility.

Since they are global, I assume that the statement about not finishing work in time applies to other countries, no?

-- Anonymous, May 15, 1999


Dan: I hope that you can read the whole document, but it is formated a little strange. Lotus Domino was used to format the page. Here is a interested section that seems to frame the case for potential Y2K problems.

Specific Y2K risks and potential crisis scenarios

From what has been said, it is possible to derive some 'typical' Year 2000 risks. These range from malfunctioning of certain devices - most likely peripherals - in a power plant to the incorrect display of information from the power plant control system. If not remedied, such malfunctioning has the potential to cause tripping of the plant. This will not necessarily happen immediately after the millennium roll-over; the effects can show up later, since some of the errors have a delayed effect. Also, the independent real-time clocks in some of the black boxes may exhibit a considerable drift. In many cases, enough time is available to respond to this problem providing its source is properly understood and the correct course of action can be decided upon.

The main risk in the network control centers is a loss of system overview, eg due to an excessive number of alarms or wrong alarm sequences. Another risk is the loss of communication to one of the substations, making it impossible to operate certain breakers by remote control. While this once again has no direct consequences, in combination with other events it could lead to the system state becoming critical.

A hypothetical crisis scenario, eg requiring intervention by the operators, could be as follows: as a result of increased demand for power from a certain area due to a local plant tripping, the power flowing over an important feeder line rises to a critical level, ie it approaches levels where thermal overload relays would trip the line. Under normal service conditions the operators would order a plant in the area of high demand to increase power generation or alternatively activate a parallel line to reduce the load on the critical line. If the available information does not allow this response, the overloaded line could trip.

Such an event, namely the loss of a critical system component, can trigger cascading effects in the system. The history of brownouts and blackouts shows the root cause in most cases to be a combination of incidents that leads to a cascaded sequence of events. An actual case illustrates this: in July 1996 the electric service to about 2 million customers of the WSCC system in the western United States was interrupted [4]. The event triggering this was a short circuit on a HV power line caused by a tree growing into the line. At nearly the same time another line failed for totally different reasons. From this point on, there was a cascading series of events. In addition to the specific reasons that triggered the situation, the overall status of the system at the particular moment was another important reason for the severity of the outage: near-record hydropower generation in the Pacific Northwest, high power transfers on the transmission lines between the Pacific Northwest and California, power transfers through Idaho to Utah, high levels of coal-fired power transmission from Wyoming to Utah, and record demand for power in Idaho and Utah. In addition, the system status was affected by a combination of unfavourable conditions. This actual example shows how important it is for system-wide aspects to be taken into account in the Y2K preparation of the electrical grid.

The specific Year 2000 risk for electrical systems, namely that which makes it different from normal emergencies, is the risk of multiple coincidence failures: ie, whatever happens in the different system components will happen at the same time or within a limited period of time, and the events can occur in different geographical areas. 'Normal' system failures are restricted to a certain area. The utilities are able to deal with local events of this kind, since they have crews on standby which can be sent out at short notice to fix problems. However, not enough emergency crews are normally available to handle several such occurrences at the same time in different areas.

The biggest risk therefore comes from cascading system events which develop from multiple sources, as described in the hypothetical example above.

The enormous reliability and robustness of electrical systems are due to their rugged design, interconnections between different system parts which allow a critical area to receive support from the rest of the grid, and the ability of network control centers to correct trends leading to less stable system load distribution at an early stage, before safety margins have to be reduced.

Since the Year 2000 effects will occur simultaneously, it is not absolutely clear to what extent these advantages can be relied upon and to the extent a large, robust system offers a real benefit, especially if there is also a risk of some of the network control centers not working properly.

ABB is a global $30-billion engineering and technology company serving customers in electrical power generation, transmission and distribution; automation; oil, gas and petrochemicals; industrial products and contracting; and financial services. ABB employs 200,000 people in over 100 countries.



-- Anonymous, May 15, 1999


Bonnie,

Excellent reference. ABB is the old Brown-Bovari, headquartered in Switzerland and is the largest heavy engineering-construction company conglomerate in the world. It has a fine reputation and there are probably 100 branches in the US, where it has bought up many of the fine smaller companies.

They have built much of the infrastructure of the world and as builders they have less reason to be biased with an ax to grind. Their work is already done and they will be necessary in the future to fix the problems, therefore, I feel they have less bias than other sources of information.

I was unaware of this article. Thanks very much.

-- Anonymous, May 16, 1999


Good find, Bonnie! While the article might be a bit technical for some folks, it certainly gets a place in the required reading file, especially considering the source.

For those of you not aware, ABB is one of *the* biggies in supplying electric industry equipment and components. Some hidden issues are very clear. One that struck me is something that I became aware of while working with one electric company a year or so back: interfaces. The article talks specifically about communications protocols between DCS systems and end operating devices. I'll give you a quick example. This particular company housed one of their DCS systems on an older platform (DEC VAX) and older revision of the operating system for the platform (VMS 5.5-1). When they upgraded VMS to a Y2k ready version, they discovered (much to their dismay) that the communications protocols that were written for the VMS 5.5-1 O/S didn't operate in updated VMS version.

Dependencies. Dependencies. Dependencies.

-- Anonymous, May 16, 1999


Moderation questions? read the FAQ