Efficient restoration of the electric grid from significant disruptions – both natural and manmade – that lead to the grid entering a failed state is essential to maintaining resilience under a wide range of threats. Restoration follows a set of black start plans, allowing operators to select among these plans to meet the constraints imposed on the system by the disruption. Restoration objectives aim to restore power to a maximum number of customers in the shortest time. Current state-of-the-art for restoration modeling breaks the problem into multiple parts, assuming a known network state and full observability and control by grid operators. These assumptions are not guaranteed under some threats. This paper focuses on a novel integration of modeling and analysis capabilities to aid operators during restoration activities. A power flow-informed restoration framework, comprised of a restoration mixed-integer program informed by power flow models to identify restoration alternatives, interacts with a dynamic representation of the grid through a cognitive model of operator decision-making, to identify and prove an optimal restoration path. Application of this integrated approach is illustrated on exemplar systems. Validation of the restoration is performed for one of these exemplars using commercial solvers, and comparison is made between the steps and time involved in the commercial solver, and that required by the restoration optimization in and of itself, and by the operator model in acting on the restoration optimization output. Publications and proposals developed under this work, along with a path forward for additional expansion of the work, and summary of what was achieved, are also documented.
Complex networks of information processing systems, or information supply chains, present challenges for performance analysis. We establish a mathematical setting, in which a process within an information supply chain can be analyzed in terms of the functionality of the system's components. Principles of this methodology are rigorously defended and induce a model for determining the reliability for the various products in these networks. Our model does not limit us from having cycles in the network, as long as the cycles do not contain negation. It is shown that our approach to reliability resolves the nonuniqueness caused by cycles in a probabilistic Boolean network. An iterative algorithm is given to find the reliability values of the model, using a process that can be fully automated. This automated method of discerning reliability is beneficial for systems managers. As a systems manager considers systems modification, such as the replacement of owned and maintained hardware systems with cloud computing resources, the need for comparative analysis of system reliability is paramount. The model is extended to handle conditional knowledge about the network, allowing one to make predictions of weaknesses in the system. Finally, to illustrate the model's flexibility over different forms, it is demonstrated on a system of components and subcomponents.
This document summarizes the findings of a review of published literature regarding the potential impacts of electromagnetic pulse (EMP) and geomagnetic disturbance (GMD) phenomena on oil and gas pipeline systems. The impacts of telluric currents on pipelines and their associated cathodic protection systems has been well studied. The existing literature describes implications for corrosion protection system design and monitoring to mitigate these impacts. Effects of an EMP on pipelines is not a thoroughly explored subject. Most directly related articles only present theoretical models and approaches rather than specific analyses and in-field testing. Literature on SCADA components and EMP is similarly sparse and the existing articles show a variety of impacts to control system components that range from upset and damage to no effect. The limited research and the range of observed impacts for the research that has been published suggests the need for additional work on GMD and EMP and natural gas SCADA components.
Electric power is crucial to the function of other infrastructures, as well as to the stability of the economy and the social order. Disruption of commercial electric power service, even for brief periods of time, can create significant consequences to the function of other sectors, and make living in some environments untenable. This analysis, conducted in 2017 for the United States Department of Energy (DOE) as part of the Grid Modernization Laboratory Consortium (GMLC) Initiative, focuses on describing the function of each of the other infrastructure sectors and subsectors, with an eye towards those elements of these sectors that depend on primary electric power service through the commercial electric power grid. It leverages the experience of Sandia analysts in analyzing historical disruptive events, and from the development of capabilities designed to identify the physical, logical, and geographic connectivity between infrastructures. The analysis goes on to identify alternatives for the provision of primary electric power service, and the redundancy of said alternatives, to provide a picture of the sector’s ability to withstand an extended disruption.
The NetFlow Dynamics (NFD) model was developed for estimating the availability of a commodity supplied by a national- or regional-scale infrastructure following unexpected disruption of one or more of its components. The large scope of the disruptions of interest produce changes in availability lasting days to weeks. Consequently, the model does not resolve daily variations in system state and does not include the long-term processes that cause infrastructures to evolve as assets are added and removed according to owners ’planning decisions. NFD simulates fluid flow, including petroleum and other incompressible fluids, as well as natural gas and other compressible fluids, through pipeline networks characterized by limits on transmission capacity and storage. It was designed to enable efficient exploration of possible transmission system responses to large-scale disruptions lasting for days or longer. The model formulation reflects constraints on transmission and storage capacity imposed by the physical system assets. Those capacity limits are input parameters and are not derived from more basic system properties such as pipeline diameters and compressor power. A system’s response to a large disruption is controlled by operational decisions as well as damage to physical assets. The NFD model formulation allows users to efficiently consider alternative scenarios about the way remaining capacity might be used so that the analysis result appropriately reflects uncertainties about operator response.
Distributed Energy Resources (DER) are being added to the nation's electric grid, and as penetration of these resources increases, they have the potential to displace or offset large-scale, capital-intensive, centralized generation. Integration of DER into operation of the traditional electric grid requires automated operational control and communication of DER elements, from system measurement to control hardware and software, in conjunction with a utility's existing automated and human-directed control of other portions of the system. Implementation of DER technologies suggests a number of gaps from both a security and a policy perspective. This page intentionally left blank.
The transformation of the distribution grid from a centralized to decentralized architecture, with bi-directional power and data flows, is made possible by a surge in network intelligence and grid automation. While changes are largely beneficial, the interface between grid operator and automated technologies is not well understood, nor are the benefits and risks of automation. Quantifying and understanding the latter is an important facet of grid resilience that needs to be fully investigated. The work described in this document represents the first empirical study aimed at identifying and mitigating the vulnerabilities posed by automation for a grid that for the foreseeable future will remain a human-in-the-loop critical infrastructure. Our scenario-based methodology enabled us to conduct a series of experimental studies to identify causal relationships between grid-operator performance and automated technologies and to collect measurements of human performance as a function of automation. Our findings, though preliminary, suggest there are predictive patterns in the interplay between human operators and automation, patterns that can inform the rollout of distribution automation and the hiring and training of operators, and contribute in multiple and significant ways to the field of grid resilience.
Research into modeling of the quantification and prioritization of resources used in the recovery of lifeline critical infrastructure following disruptive incidents, such as hurricanes and earthquakes, has shown several factors to be important. Among these are population density and infrastructure density, event effects on infrastructure, and existence of an emergency response plan. The social sciences literature has a long history of correlating the population density and infrastructure density at a national scale, at a country-to-country level, mainly focused on transportation networks. This effort examines whether these correlations can be repeated at smaller geographic scales, for a variety of infrastructure types, so as to be able to use population data as a proxy for infrastructure data where infrastructure data is either incomplete or insufficiently granular. Using the best data available, this effort shows that strong correlations between infrastructure density for multiple types of infrastructure (e.g. miles of roads, hospital beds, miles of electric power transmission lines, and number of petroleum terminals) and population density do exist at known geographic boundaries (e.g. counties, service area boundaries) with exceptions that are explainable within the social sciences literature. The correlations identified provide a useful basis for ongoing research into the larger resource utilization problem.
This report provides the results of a scoping study evaluating the potential risk reduction value of a hypothetical, earthquake early-warning system. The study was based on an analysis of the actions that could be taken to reduce risks to population and infrastructures, how much time would be required to take each action and the potential consequences of false alarms given the nature of the action. The results of the scoping analysis indicate that risks could be reduced through improving existing event notification systems and individual responses to the notification; and production and utilization of more detailed risk maps for local planning. Detailed maps and training programs, based on existing knowledge of geologic conditions and processes, would reduce uncertainty in the consequence portion of the risk analysis. Uncertainties in the timing, magnitude and location of earthquakes and the potential impacts of false alarms will present major challenges to the value of an early-warning system.