Journal of Power and Energy Engineering, 2014, 2, 525-531
Published Online April 2014 in SciRes. http://www.scirp.org/journal/jpee
http://dx.doi.org/10.4236/jpee.2014.24071
How to cite this paper: Jaeger, J., Liang, X.-P., Krebs, R. and Bopp, T. (2014) Automated Protection Performance Assessment
and Enhancement. Journal of Power and Energy Engineering, 2, 525-531. http://dx.doi.org/10.4236/jpee. 2014.24071
Automated Protection Performance
Assessment and Enhancement
J. Jaeger1, X.- P. Liang2, R. Krebs3, T. Bopp3
1FAU University, Erlangen, Germany
2Siemens Ltd., Erlangen, Beijing, China
3Siemens AG Germany, Erlangen, Germany
Email: rainer.krebs@siemens.com
Received October 2013
Abstract
New strategies and methods for assessing the security of protection systems to reduce the risk of
unnecessary disturbances and blackouts are the main topic of the present paper. The system be-
havior of a protection system and network is analyzed and assessed as a whole. Hence, the estab-
lished algorithms are capable to handle complex network structures with regard to an intelligent
data management as well as data validation. Protection security assessment comprised two dif-
ferent aspects: on the one hand the behavior regarding dependability and security in terms of
speed and sensitivity, on the other hand the behavior regarding the response on dynamic network
phenomena as voltage stability and transient stability. A new automated method for assessing the
dependability and security of protection systems is shown. The short-circuit simulation tool is
used to provide a simulation system including network and protection devices as a whole. The
handling of the large amount of resulting data is done by an intelligent visualization method like a
“fingerprintanalysis. Further on the paper is focused on the protection response on dynamic
network phenomena and presents innovative strategies for this investigation aspect. The struc-
ture of simulation environment will be described. Results of a case study show the application of
this method on a real network. The system tool which is concluding these two aspects of protec-
tion assessment is called SIGUARD® PSA.
Keywords
Protection Security Assessment; Dependability; Security; Protection Coordination; Generic
Protection Models; Dynamic Protection Simulation
1. Introduction
Protection security assessment of power grids is getting an important task in the course of a decarbonized power
generation and a competitive energy business. The analysis of past blackouts shows that protection relays are
involved in a high percentage rate of all major disturbances. Thus the prevention of blackouts has to deal with
network and protection aspects as a common issue [1-3].
On the one hand an important issue for protection security is a regular review of the protection tripping be-
J. Jaeger et al.
526
haviour regarding selectivity, speed and sensitivity. On the other hand, the response of the protection system on
dynamic network phenomena is influencing the network security particularly. Thus both aspects should be con-
sidered performing a full protection security assessment system. The Protection Security Assessment System
SIGUARD ®-PSA is covering both items as shown in Figure 1. The part of short-circuit (SC) fault simulation is
handling networks as a whole. By simulation of routinely sequences of faults and contingencies bottlenecks of
the protection systems can be revealed practically. Based on the identification of bottlenecks, adapted settings
can be derived, improving the protection behaviour and network security. This automated method is based on
the simulation engine as PSS®SINCAL [4] and also applicable under ongoing changing network conditions.
The second part is represented by the investigation of the dynamic protection behaviour, which is also one
focus of this paper. The network and the protection system will be handled as a whole as well. It is requiring an
applicable modelling of the protection relays to manage the big amount of input data and relay type versions.
The protection models are preferably restricted to the dynamic functionality to be investigated. A further prereq-
uisite is a powerful simulation engine as PSS®NETOMAC [5] which complies with the simulation requirements
to a great extent.
Both parts of SIGUARD®-PSA are complementing each other and can lead to an important enhancement of
the protection and network security of today’s and future power grids.
2. Investigation of Sc-Fault Simulation
The presented method is analyzing networks as a whole [6-8]. By simulation of routinely sequences of fault and
contingency scenarios bottlenecks due to dependability and security of the protection system can be revealed.
Based on the identification of bottlenecks, adapted settings can be derived, improving the protection behavior in
particular under ongoing changing network conditions. The principle structure of the automatic system is shown
in Figure 2. The system includes a data storage system to provide all necessary information. It contents the grid
model data, a system for the management of simulation and an evaluation tool with a qualification and an as-
sessment center. Moreover the evaluation tool controls the methods for analyzing the tripping behavior and the
interactions of trippings on the grid.
2.1. Data Storage
The holistic approach of the presented method demands an extraordinary effort of calculation and storage of all
result data getting from these calculations. Therefore, a well-designed data handling structure and storage sys-
tem is essential. The data storage system is implemented on a MySQL-database running on a database server. At
the beginning of the procedure the power grid model will be copied to the database. All other systems get their
required information from the database and feed their results back to that after calculation. By the use of an ent-
ity-relationship-model, the data storage system enables associations and filtering by key terms between all sce-
narios, simulated faults, results and the selection of data under consideration of various scenarios. This is an
important basis for an intelligent analysis of a big amount of data and indispensable for this method.
2.2. Simulation Tool
The simulation tool starts with the initialization of the power grid model to be assessed. In the first step, all in-
stalled protection devices are analyzed, categorized and linked to their associated electric equipment. From these
Figure 1. Principle structure of SIGUARD®PSA.
J. Jaeger et al.
527
Figure 2. Principle structure of SC-fault simulation and as-
sessment.
results protection zones and requirements due to dependability and security may be defined. After initialization
and storage of the results, the scenario builder generates a broad diversification of grid states with different load
flow situations. For each defined scenario and for each protection zone the SC fault simulation program calcu-
lates different kind of short circuits and different amounts of fault resistances. The location of the SC-faults is
moving from calculation to calculation through the whole network in steps of i.e. 1% - 5% of the line length.
The settings for step size, resistances, scenarios, etc. either may be on standard values or may be limited or spe-
cialized by user’s selection over graphical user interfaces. The use of an automatic control of the applied simula-
tion tool allows various simulations of different networks and fault scenarios without making any time-con-
suming manual changes in the simulation model. The simulation tool calculates the reaction of all considered
protection devices during all simulated SC-faults. After simulation, those reactions are stored into the database
and are linked according to their fault type, to the resistance and to the related scenario of the power grid.
2.3. Evaluation Tool
A general evaluation method of protection system behavior is given by following terms:
Reliability—The probability that a protection system will operate with the required performance. This para-
meter includes the aspects dependability and security.
DependabilityThe probability that a protection system will trip circuit breakers when it is required.
SecurityThe probability that a protection system will not trip circuit breaker when it is not required to do so.
The use of the database with entity-relationship-model as storage system enables automatic evaluation of all
calculated results in many different ways. This paper shows two main approaches to evaluate the protection sys-
tem: Fault Pattern Analysis and Economic Impact Assessment.
The fault pattern analysis is generating finger-print charts that display the behavior of the protection system in
the case of faults occurring in one scenario with defined power flow, fault type and fault resistance as described
in [5]. The technical reason for maloperations can be worked out. This information is dedicated for protection
engineers.
To display the economic effect of those malfunctions and to assess the need for improvement, there is a
second automated evaluation mode-the economic impact assessment. This method uses the centralized database
recordings of faults and the related protection system response. Every fault that has to be tripped causes a loss of
load especially in distribution networks. Violating dependability or security of protection devices will lead to
J. Jaeger et al.
528
additional losses. The differences between unavoidable losses and those additional losses can be calculated.
Figure 3(a)) shows additional losses for an exemplary distribution network displaying 19 protection zones on
the x-Axis.
Especially the protection devices that protect zone no. 4 and no. 14 cause the biggest amount of additional
load losses through all of the simulated faults and scenarios.
Assuming the importance of every load in the network is known, the economic impact can also be evaluated
monetary as shown in Figure 3(b)). This diagram shows additional peak costs at different zones, which are
caused by different importance of individual loads in the protection zones. For example, critical consumers like
hospitals or industrial plants represent a higher importance level as housing areas. This evaluation method sup-
ports the decision for a system enhancement and suggests strategies due to a protection equipment exchange
under monetary aspects.
3. The Dynamic Protection Simulation
Dynamic protection simulation of a power grid is a time domain simulation considering effects like power
swings and voltage instabilities. These dynamic occurrences are likely responsible for the cascading tripping and
following major disturbances. A steady-state simulation cannot describe such dynamic effects and is only re-
flecting the situations pre- and post-fault but not the behaviors during transient fault scenarios. Therefore the
identification of critical dynamic situations must be done with a dynamic protection simulation. The dynamic
protection simulation comprises the dynamic network and protection behavior.
(a)
(b)
Figure 3. Example: Unnecessary loss of load due to malfunctions.
J. Jaeger et al.
529
Protection devices can change the network topology during the simulation in case of a trip signal. Then the
protected device (e.g. line, generator etc.) will be removed from the network after a trip. The parameters of the
protection devices must be calculated at every time step to realize such functionality. Thus there is a need of
protection device models which include the possibility to be simulated in time domain and interact with the
network.
The models shall be integrated into large up to nationwide power grids for the simulation to identify the grid
parts which reveal poor dynamic protection behavior and are prone to major disturbances. For this reason the
use of generic protection models is an essential part for the assessment of dynamic protection behaviors of pow-
er grids. These generic models include the important functions of the different protection devices to describe
dynamic protection behaviors. Particularly the right functionality of the timer element is of high importance to
realize time domain protection simulation. In this way large networks with many different protection types can
be handled properly.
The switching of network circuit-breaker via the protection models makes it possible to simulate cascading
tripping and report the timeline of the whole cascade of events. Every tripping causes a new physical situation
for the network. Hence new critical network situations can arise and other protection devices could mal-trip
consequently.
3.1. Methods of Simulation-Structure and Environment
The above mentioned dynamic protection models were developed on the basis of a dynamic simulation program
PSS®NETOMAC. The generic models are realized as controllers in the environment of this simulation system.
The controllers can react on the behavior of the system variables by changing the topology.
The user is creating the settings for the protection devices via a graphical user interface (GUI). The settings
are created based on the network data and the adjusted settings of the user. After performing of settings, the
protection devices will be included in the environment of the simulation system. Also dynamic devices like
switched shunts and HVDC connections can be included. The critical system parameters and actions of control-
lers, especially of the protection models, will be reported and visualized appropriately. It is intended to make re-
lation between the results of the SC-fault simulation and the dynamic protection simulation assessment getting a
comprehensive protection assessment under interacting steady state and dynamic aspect.
3.2. Case Study
The dynamic protection simulation was tested using a transmission grid of 527 lines, 416 busses and 119 gene-
rators. The grid supplies a load power of approximately 19 GW and transmission lines with voltage levels be-
tween 69 kV and 500 kV are installed. The generators are equipped with AVRs and governors. This network is
schematically shown in Figure 4.
The network is characterized by remote generation areas and load areas in the north and south respectively
which are connected through weak inter-ties. Especially the southern grid is very prone for stability problems.
The northern and southern grids are tied by two 230 kV and 115 kV transmission lines. The contingency is
also shown in Figure 4. It is a 3-phase fault at 10% of the 230 kV transmission line L_00256 which will be
tripped correctly by the distance protection on this line. The response of the system on this contingency is a sta-
ble power swing of the generators between the south and north/center part.
Distance protection devices for all transmission lines are modeled for this network. Hence 1054 distance pro-
tection devices are simulated. All 119 generators are equipped with the simplified and generic protection func-
tions over-current, under- and overvoltage, under- and over-excitation and under -and over-frequency. These
functions perform the backup protection of the network. In summation 1273 controllers are calculated for mod-
eling the protection devices.
The simulation result shows that the lines L_00255, L_00188 and L_00187 tripped in addition to line L-
000256 and but unnecessarily. With regard to Figure 4 the southern grid part is isolated from the north/center part.
As a consequence of this cascade tripping all generators in the southern grid part were shut down because of
under frequency. In the south, an unbalance of generation and consumption occurs. The load power is greater
than the generated power of the existing generators in this area. Therefore the generators decelerate and their
frequency will slow down. The first unselective mal-trip happens at the transmission line L_00255 after the se-
lective trips of the two distance protection devices of line L_00256. Figure 5(a)) shows the trajectory in the
J. Jaeger et al.
530
Figure 4. Test network for case studies-weak inter-tie of southern grid part.
(a)
(b)
Figure 5. Trajectory in the R-X-plane of Distance Protection of L_00255.
J. Jaeger et al.
531
R-X-impedance plane of the distance protection devices at line L_0255.
The trajectory of the impedance vector is crossing the zone 3 and the timer of zone 3 elapses before the tra-
jectory could leave the zone. Four time events T1, T2, T3 and T4 are marked in Figure 5 to describe the time-
line. At T1 the fault appears at line L_00256, T2 is the time after the selective trip in zone 1 of the protection
device located at the southern station. T3 is the moment after the trip in zone 2 of the other distance protection
of line L_00256. The last time T4 describes the mal-trip in zone 3 of the distance protection of line L_00255.
This trip provokes that the swing center moves into the 115 kV voltage level. Now the trajectory is crossing the
tripping zones of the distance protection devices of the lines L_00188 and L_00187 and both lines trip. Hence
the north/center grid is separated from the south grid. One possible countermeasure against this cascading fault
and the consequent major disturbance is shown in Figure 5(b). The introduction of blinders may avoid the un-
necessary tripping of L_00255 and the cascading fault is not taking its course.
4. Conclusions
New innovative strategies of protection security assessment are proposed. It could be shown that the protection
security can be improved using the SIGUARD®-PSA system. This can be applied to nationwide transmission
systems as well as space limited distribution systems. Different aspects can be checked using only one simula-
tion setup.
The proposed simulation method is able to identify critical contingencies with regard to short-circuit current
simulation as well as the dynamic protection behaviour. Many different influences on the dynamic protection
behaviour are given by the network and the protection system itself. The evaluation gives rather reliable results
based on real network data. The case study shows that it is important for the assessment of the dynamic behav-
iour to consider protection devices simultaneously because stable situations can be changed into unstable prob-
lems by protection responses. Major disturbances or blackouts are often activated by such problems and could
be identified and prevented by such a simulation. The analysis of these problems can also help to derive new
practical protection functions in order to avoid unnecessary power supply interruptions anticipatorily. This is
properly supporting the protection security assessment in today’s and future power grids.
References
[1] Krebs, R., Lerch, E., Ruhle, O., Gal, S., Lazar, F. and Paunesco, D. (2008) Vision 2020: Blackout Prevention by Com-
bined Protection and Network Security Assessment. IEEE PES Conference on Conversion and Delivery of Electrical
Energy in the 21st Century.
[2] Ordacgi, M. and Solero, R.B. (2006) Minimizing Risks of Cascade Tripping, A Systematic Analysis of Component
Protection. Cigre Conference, Paris, Report B5-202.
[3] Yamashita, K., Joo, S.-K. , Li, J., Zhang, P. and Liu, C h.-Ch. (2008) Analysis, Control, and Economic Impact Assess-
ment of Major Blackout Events. ETPEP European Transactions on Electrical Power, 18, 854-871.
http://dx.doi.org/10.1002/etep.304
[4] PSS®SINCAL.
http://www.energy.siemens.com/hq/en/services/power-transmission-distribution/power-technologies-international/soft
ware-solutions/
[5] PSS®NETOMAC.
http://www.energy.siemens.com/hq/en/services/power-transmission-distribution/power-technologies-international/soft
ware-solutions/
[6] Keil, T., Jaeger, J., Söllner, N., Bopp, T. and Krebs, R. (2008) Software Assisted Development of Protection Coordina-
tion Concepts in Nationwide Power Systems. 9th IEEE International Conference on Developments in Power System
Protection. http://dx.doi.org/10.1049/cp:20080105
[7] Jaeger, J., Keil, T., Dienstbier, A., Lund, P. and Krebs, R. (2009) Network Security Assessment an Important Task in
Distribution Systems with Dispersed Generation. P roceedings of CIRED 20th International Conference on Electricity
Distribution, Prague.
[8] Jaeger, J. and Krebs, R. (2010) Automated Protection Security Assessment of Today’s and Future Power Grids. IEEE
PES General Meeting.