Fault tree analysis of large-scale blackout accidents

. Fault tree analysis method is used to analyze the large-scale blackout accidents. Minimum cut sets and minimum path sets of large-scale blackout accidents are calculated, and the structural importance degree of the accidents is analyzed according to the minimum path sets. Direct factors that cause large-scale blackout accidents are determined. Effective measures are put forward to prevent large-scale blackouts, and the theoretical basis is put forward to prevent large-scale blackouts.


Introduction
Electric power security is directly related to people's life and property security and national property security. Electric power supply has a direct impact on industrial and agricultural production. Any accident may bring irreparable losses to society, especially large-scale blackouts. The harm and impact to society is even more incalculable. On August 14, 2003, a large-scale blackout occurred in the United Power Grid of Northeast, Midwest and Eastern Canada. The blackout lasted for 29 hours in eight states of the United States and two provinces of Canada. The load loss was 61800MW. The population affected by the blackouts was about 50 million [1] . On August 11, 2009, Chengdu Shuangliu International Airport, Sichuan, was blacked out for nearly five hours due to the failure of power supply facilities in substations [2] . During this period, 148 flights were delayed and nearly 10,000 passengers were stranded. On March 21, 2018, a chain reaction occurred at Brazilian (+800 kV) Xingu Converter Station due to technical defects, resulting in a large-scale blackout that affected the whole country and had a significant impact on 14 states in northern and northeastern Brazil [3] . These large-scale blackouts cause serious consequences to production and life, and even affect the safety of production and life. Nowadays, the electric power industry is an important energy basic industry in the national economy. The production and transmission of electric energy has a wide range of public and service characteristics. In today's society, the demand and dependence of production and life on electricity are getting higher and higher. Once a safety accident occurs in power production, it will inevitably lead to a significant impact on various related production and life activities, and the depth and breadth of this impact is showing a growing trend.
Shi Libao [4] expounded the mechanism of cascading blackouts in modern power systems. According to different modeling starting points, the research on cascading blackouts can be divided into two categories: one is based on power flow calculation and stability analysis, the other is based on power network topology. Liu Zifa [5] based on the basic theory of accident economic loss, put forward the classification method of social comprehensive loss of blackouts and the construction principle of loss evaluation index, and constructed the evaluation index system of social comprehensive loss of blackouts from the aspects of casualties, power supply departments and power users' economic loss and indirect economic loss of blackouts. Based on the analysis of the causes and development process of typical blackouts in mega-cities in history, Yang Haitao [6] pointed out the important factors endangering the security of mega-cities' power grids. Luo Jianbo [7] summarized the existing methods of natural disaster security and stability defense, and pointed out the direction of future research. This paper takes the large-scale blackout accidents as the research object. Based on the analysis of the causes of large area power failure, Fault tree analysis of the large-scale blackout accidents is carried out to determine various factors' structural importance degree, so as to provide theoretical basis for preventing and controlling power failure.

Natural factors
In order to make the power equipment operate normally under various environments, the power system is designed with the consideration of climate and environmental factors. However, for some rare weather and environment, the power equipment is still difficult to meet the reliable and normal operation. Long-distance power transmission of transmission lines makes them frequently affected by natural disasters. Extreme natural disasters can cause large-scale power system failures, which seriously affect the safe and stable operation of power systems. Natural disasters will cause the transmission lines to be shut down. In severe cases, large-scale transmission lines will be faulty, causing large power outages. In 2011, Japan suffered a major blackout caused by the tsunami, a blackout caused by lightning in Brazil in 2009, and a blackout caused by ice coating in southwestern China in 2008. With global warming and climate change, the frequency and intensity of natural disasters are increasing.

Human factors
In recent years, the level of intelligent informationization automation in the power industry has been improved. However, at present, there are many production links in power grid enterprises, and the types of equipment are complex. The role of people in the power system cannot be completely replaced. The accidents caused by the power grid can be found. It has a great impact on the reliability of the power system. For example, when the duty officer is tired for one day, the mind is relaxed, and the work is not strictly implemented in accordance with the rules and regulations, causing an accident. And people's accidents may occur in all aspects of power production. For example, in the process of design and development, equipment production, system operation and maintenance, human error may occur, especially when the grid fault occurs, the dispatcher's judgment and control are improper. It is possible to cause a small range of failures to evolve into large-scale blackouts.

Equipment factors
Low electrical performance of the device itself can also cause equipment failure. Due to protection misoperation, refusal and heavy load transfer, various types of fault interactions of the system, chain tripping of the relay protection device, and the like are caused. One of the main reasons is that the load or power generation capacity changes greatly in a short period of time, causing system frequency and voltage collapse. In practice, the load or power generation capacity will not fluctuate greatly in a short period of time, but if it is interfered or stimulated by external factors, the load or power generation capacity may fluctuate greatly in a short period of time. For example, if the seasonal temperature changes, the power consumption will rise or fall rapidly, and the power transmission will be interrupted due to the failure of the important transmission channel of the terminal power grid, and the system will be out of operation.

Management factors
The generation and development of accidents are often determined by internal and external factors. The internal and external causes are dialectical and unified, and they interact to promote the development of things. External factors are usually objective factors. If the management model is advanced and can better adapt to the challenges of various external factors, it may avoid unnecessary accidents; on the contrary, it will interact with external factors and become more and more serious, leading to the expansion of accidents. Therefore, in the prevention of large-scale power outages, it is very important to constantly improve the management system's shortcomings.

Establishment of fault tree
By consulting relevant data, analyze the influencing factors of coal dust explosion and establish an Fault tree for large-scale power outage accidents, as shown in the Fig1 and the event table is shown in Table 1.
The causes of large-scale blackouts have been analyzed before. The logical relationship between  S t a n d b y system failure X10 Misoperation of relay protection X11 Aging without timely inspection and maintenance X12 Artificial damage X13 Illegal operation X14 Illegally directing X15 Misoperation X16 Dispatching operation management failure X17 Overflow operation of power grid X18 Transformer overloaded operation X19 Information system paralysis X20 Monitoring and feedback system faults X21 D a i l y inspection was not found X22 Maintenance workers did not find out

Minimum cut set
Minimum cut sets represent the danger of the system, which is a possible way to trigger the top event. Therefore, the more the number of minimal cut sets, the more paths leading to the occurrence of top events, the less secure the system is. If the minimum cut set contains more basic events, the more difficult it is for the top event to occur. Finding all the minimum cut sets of the fault tree can grasp the various possibilities of accidents, determine the weak links of the system, and visually judge which way is the most dangerous, so as to put forward specific preventive measures for preventing accidents, and be conducive to the investigation of related accidents. According to the fault tree of large area blackout accidents, the structure function of the fault tree can be obtained by Boolean algebraic simplification method. T=M 1 +M 2 (1) =X 1 X 7 +X 1 X 8 +X 2 X 7 ……+X 9 X 16 X 18 X 19 X 21 X 22 28 minimum cut sets were found, {X 1 , X 7 }； {X 1 , X 8 }；{X 2 ,X 7 }；……{X 9 ,X 16 ,X 18 ,X 19 ,X 21 ,X 22 },which means there are 28 ways to cause large-scale blackouts.

Structural importance degree analysis
Structural importance degree refers to the degree of influence of each basic event on the occurrence of the top event, without considering the probability of the basic event itself, or assuming that the probability of each basic event is equal. According to the approximate formula of structural importance: k--minimum cut sets total in formula k j --the jth minimum cut set n j --the number of basic events in the jth minimal cut set It can be calculated that the order of structural importance is:I(X 8 )=I(X 7 )>I(X 22 )=I(X 21 )=I(X 9 )>I(X 20 )=I(X 19 )>I(X 6 ) =I(X 5 )=I(X 4 )=I(X 3 )=I(X 2 )=I(X 1 )>I(X 15 )=I(X 14 )=I(X 13 )=I (X 12 )=I(X 11 )=I(X 10 )>I(X 16 )>I(X 18 )=I(X 17 )

Analysis and countermeasures
Through the qualitative analysis of the large-scale blackout accident tree, 28 minimum cut sets and 12 minimum path sets are obtained. Therefore, there are 28 possibilities for large-scale blackout accidents, but it can be seen from the minimum path sets that large-scale blackouts can be avoided as long as any one of the path sets is adopted.
Based on the analysis of the structural importance of basic events and the difficulty of controlling basic events, the precautionary measures to avoid the occurrence of basic events should be taken into account. Therefore, from the point of view of controlling the occurrence of large-scale blackouts, we can take preventive measures from the point of view that the minimum path set contains fewer basic events, so as to facilitate the system to be economic, effective and safe.In Minimum path sets, natural disasters can not be avoided. In order to effectively prevent the occurrence of large-scale blackouts, we should first consider improving the level of natural disasters prevention, formulate relevant emergency plans; ensure the normal operation of equipment, strengthen the frequency and quality of equipment maintenance; improve the level of safety management, avoid human errors. In addition, the failure of standby system ranks first in the importance of comparative structure, so it is necessary to improve the reliability of standby system.

Measures to prevent large-scale blackout accidents
According to the analysis results, in order to prevent large-scale blackouts accident from happening, we must improve the ability of preventing natural disasters, strengthen safety management and improve the reliability of equipment and lines.

Preventing natural disasters
Natural environment is the main cause of power grid security problems. Electric power enterprises must take good precautions against natural disasters. Therefore, in order to prevent natural disasters, power grid enterprises should invest more capital in installing lightning rods, grounding devices and so on, and regularly inspect transport lines and equipment to prevent grid safety accidents caused by external reasons. At the same time, enterprises also need to work hard in equipment management, purchase high-tech testing tools, improve the effectiveness of testing. Once the safety problems of power grid transport equipment are found, they should make timely maintenance to ensure the level of power grid safety management.

Improving the level of safety management
Power grid security is the primary concern of power supply enterprises, which is closely related to national property and the safety of the people. Nowadays, the scale of power supply is expanding, the power supply is increasing, and the distance is getting farther. Safety management involves a lot of work, and the management is complex and difficult. In view of this phenomenon, power grid enterprises must formulate a sound management system, strictly strengthen security precautions, and improve the safety awareness of managers, so as to ensure the sustainable development of power enterprises.
Each power supply company shall establish and improve a long-term mechanism for the investigation and management of potential safety hazards in power grid production on the basis of relevant national laws, regulations and standards. At the same time, the power supply companies need to build a risk management and control system for safe production of urban power grid. Therefore, the company can realize the whole process management mechanism of potential hazards investigation, effective management and continuous improvement of power grid safety production, and improve the treatment rate of potential hazards and defects. The company can formulate a perfect emergency plan for all kinds of incidents and ensure the quality of emergency plan implementation.
Safety management consciousness is the basis of safe operation of power grid and the premise of ensuring the sustainable supply of power. It plays an important role in the whole power industry. While the scale of power grid is expanding continuously, power grid enterprises must insist on strict management, strengthen the education and training of relevant personnel, change their inherent ideas and thoroughly disseminate safety education ideas。Power grid enterprises should strengthen safety prevention and control, and ensure the smooth operation of the power grid.

Improving the reliability of equipment and circuits
With the increase of urban power load, the construction of 110-220 kV power grid needs to be accelerated. Electric power companies need to increase the load rate of system capacity, strengthen the rolling revision of long-term and medium-term planning and the implementation of annual plans. At the same time, power companies should strengthen the construction of load center power supply, vigorously improve the power supply capacity of medium-voltage and low-voltage distribution network, increase the distribution of 220 kV and 110 kV substations in the central area and nearby counties, improve the overload equipment and other weak links, and improve the power grid structure. In order to speed up the transformation and upgrading of old power grid equipment, the company should strengthen monitoring and maintenance management, predict possible accidents, and strengthen preventive measures for old lines and other equipment. Power supply companies should carefully comb and analyze the risks and main hidden dangers of urban power grid in fighting against natural disasters, and take targeted preventive measures, arrange and deploy special funds to improve the anti-risk ability of urban power grid against various safety accidents.

Conclusion
As a part of the safety production of power enterprises, the prevention of large-scale blackouts should take reasonable measures to avoid the occurrence of accidents. Through the fault tree analysis of large-scale blackouts in power networks, it can be seen that many dangerous and harmful factors work together to cause accidents. According to the minimum cut Set, there are 28 ways to cause large-scale blackouts in power grids, which illustrates the diversity and complexity of the forms of large-scale blackouts in power grids, and the possibility and danger of large-scale blackouts in power grids. According to the minimum path set, the structural importance of each basic event is calculated. It can be seen that the influence of each basic event on the top event is different. Therefore, when formulating preventive measures, we can arrange them according to the structural importance of each basic event, and combine with objective reality from small to general election.