Florin Capitanescu
Many major transmission power grids’ blackouts occurred worldwide, including grids with modern infrastructure, since the infamous one affecting parts of North America in 1965. Blackouts have had devastating social impacts (deaths, chaos, and severe discomfort due to disruption in sectors dependent on electricity, such as heat, transport, water, and communication) and economic impacts (exorbitant costs stemming from, e.g., the loss of production and equipment damage). The postmortem analysis of blackouts reveals root causes and enhances the understanding of grid operation, triggering organizational and technical improvements. Blackouts will continue to happen, at least because the complex grid neither was planned nor can be operated to cope with massive natural disasters damaging several grid components. However, despite previous experiences, there have been recurrent but avoidable blackouts due to the lack of fulfilling or inefficient handling of N-1 security, which degenerated into cascading outages.
The world is transitioning to sustainable electricity grids, powered by variable renewable generation. This digitalization-enabled energy transition is producing major transformations in the grid, notably a massive penetration of distributed energy resources (DERs) (e.g., renewable generation) interfaced with the grid through power electronics. This transformation radically changes the known grid dynamics, generates new forms of instability, and requires rethinking grid operation, control, and markets. In this context, new threats and atypical vulnerabilities of grids, not yet experienced by operators, may materialize. Accordingly, the lessons learned from past blackouts serve little during the energy transition. To reliably succeed in the energy transition, one needs better anticipation and cautiousness than seen so far.
The transmission power grid is a vital and complex infrastructure that underpins our society; therefore, it needs to operate securely but also at a reasonable cost. Security, or operational reliability, is the power grid’s ability to withstand disturbances, e.g., contingencies (unexpected failures of system components), with an uninterrupted electricity supply. Ensuring security is a difficult task for operators due to the following reasons:
A power grid cannot operate 100% securely, i.e., be fully secured with respect to any possible contingencies and potential blackouts; such an attempt is cost-prohibitive if at all physically feasible, while establishing this percentage of security is still a difficult open question. Accordingly, the grid is operated in practice at a tradeoff between the operation cost and desired security level. This tradeoff is set by the so-called N-1 security criterion, which states that a grid with N available components must be able to withstand at any time the failure of any single component (e.g., a power line or a generator) (see Figure 1). Withstanding contingencies include operator-initiated rule- or software-based corrective actions (e.g., grid topology control, generators, and redispatch) and automatic closed-loop controls. The ongoing grid digitalization fosters corrective actions to the detriment of more costly preventive actions (decided before real time) but increases decision-making complexity.
A blackout is an unplanned complete interruption of power in a certain area that lasts for an indeterminate period. Many blackouts with catastrophic societal and economic effects (e.g., hospitals, railways, airports, traffic, water supply, and wastewater treatment) occurred all over the world in the last five decades. The average estimated societal cost of blackouts (e.g., economic losses from lost output and damage) is huge, e.g., hundreds of deaths and US${\$}$130 billion for the Texas blackout in 2021, dozens of deaths and US${\$}$6 billion for the U.S. blackout in 2003, and US${\$}$1.2 billion for the Italy blackout in 2003.
Two classes of root causes of blackouts can be distinguished.
The blackouts in the first category are due to the operators not satisfying, as required, the N-1 security criterion, including subsequent contingency handling that may not be efficient or timely. The security was not met either deliberately (including human error to factor in last-minute changes in the system) or due to large forecast errors and grid model and inaccuracy in decision-making tools as compared to the real world. Should N-1 security have been met, the blackout would have been avoided. This situation is worrying as it is a recurrent pattern in most blackouts, and we have not yet learned enough from it. In addition, as will be argued later, the operation variability with a large share of renewable generation requires adopting a probabilistic assessment and management of security.
The blackouts in the second category occurred as the power grid was not designed or operated to withstand implausible beforehand N-k (k > 1) contingencies, i.e., the failure of two or more grid components (see Figure 1). In the best case, the operators could plan actions to mitigate but not fully avoid the impact of such blackouts. However, extreme events are no longer deemed implausible or singular because worsening climate change has resulted in recurrent extreme events (e.g., natural disasters) and blackouts over the past decades in various and unexpected places worldwide. This situation has spurred a growing interest of both researchers and utilities to further explore N-k (k > 1) security but also thoroughly address grid restoration. The combined consideration of N-k (k > 1) security and grid restoration has recently been named resilience. Resilience is defined as the power grid’s ability to mitigate and recover after extreme damaging events (natural disasters) of low probability and high impact. In other words, in operation, “resilience = N-k (k > 1) security + grid restoration.” While N-k (k > 1) security has received substantial research attention in the context of blackouts, with various cascading outage simulators being developed for its assessment, transmission grid restoration has been underaddressed, as testified by the research literature.
This deficit constitutes a game changer in setting an adequate level of grid security. Note that even today, when operation risk is deemed high, e.g., under adverse weather (a forecasted storm) or stressed operating conditions, operators assess and may maintain security beyond N-1 failures as their ultimate goal is to keep the lights on.
Figure 2 illustrates the relationship between security and resilience via the likelihood and impact of events. Note that they differ in terms of event probability but overlap to some extent in terms of impact. Specifically, poorly managed ordinary events (N-1 contingencies) may also lead to high-impact blackouts, as will be justified later.
The arduous work of experts released detailed documents analyzing each blackout, including the chronology of events, lessons learned, and mitigation measures. The main specificities of some notable blackouts are briefly highlighted for each class of root cause.
The first major blackout, affecting 25 million people and lasting 13 h, took place in the northeast United States in 1965. It was triggered by a defective protection relay that tripped, at peak load, a healthy transmission line, leading immediately to fast overload cascade line outages and blackouts. This blackout is the richest in lessons and subsequent innovations. Specifically, Dr. Tom Dy-Liacco pioneered the concept, deployed soon after, of a modern power grid control center, based on the supervisory control and data acquisition and energy management system, a framework for computer-aided security assessment and control using system states (normal, alert, emergency, in extreme circumstances, and restorative). It also determined the deployment of underfrequency load shedding.
The blackout in the northwest United States on 2 July 1996, was provoked by the faulty trip of a power line, which led to fast voltage depression causing generation and 11 GW of load disconnection. This event primarily highlights the importance of fast reactive power compensation and raises awareness about voltage instability. Accordingly, fast-switching capacitor banks and undervoltage load-shedding control were installed. Furthermore, the event raises awareness about hidden failures (e.g., protection relays that erroneously trip a healthy and more critical line and the failure of a breaker to disconnect a faulty line), the major cause of disturbances in the United States and a subject that has received substantial research interest.
The intricate Italian blackout in 2003, affecting 56 million people for up to 16 h, happened at night, so at a low load, while Italy was massively importing power (around 7 GW), mostly from Switzerland and France. The initiating event was a line trip, due to a flashover caused by a tree, in Switzerland, which overloaded two lines in Switzerland. These lines tripped after an unsuccessful attempt by the Swiss operator to reduce the overload, including tardy communication and coordination with the Italian operator aimed to reduce the power import. Consequently, the largest chunk of power import (4 GW) was flowing instantaneously from France. This action overloaded the interconnection lines between France and Italy, also ensuing in very low voltages at Italian substations. The interconnection lines tripped in a matter of seconds, isolating Italy with a large power deficit from the rest of the European system. Consequently, generators in Italy lost synchronism and tripped, ensuing in a complete blackout. This blackout teaches us about the following situations:
This blackout also highlighted the high complexity and sometimes counterintuitiveness of power flows in the operation of big meshed interconnected grids.
The root cause of the European blackout in 2006, which occurred outside peak load and affected 10 million people, was a human error consisting of the deliberate disconnection of a power line without reassessing grid security online. This error left the grid in an N-1 insecure situation, triggering cascading overload line tripping. This event led to the European transmission grid splitting into three independent subsystems, for a period of 2 h, and automatic load shedding to keep the power balance in each subsystem. The N-1 security criterion was again not fulfilled, and the impact of this disconnection on the security of the network was not properly, if at all, assessed.
The largest blackout to date in terms of the number of people affected (more than 620 million) took place in 2012 in the inadequately reliable power system of India, in a context where the country already had issues with generation shortage to meet demand. The blackout occurred similarly twice, in two consecutive days, at peak demand. The trip of an overloaded line caused a chain reaction of several line outages within seconds, resulting in a blackout. On the first day, it took 15 h to restore 80% of service. The next day, the system failed again for the same reason, and the restoration process ultimately succeeded.
In 2015, Turkey experienced the fastest blackout to date, with the entire power grid collapsing in a few seconds after the initiating failure, leaving 70 million people in the dark for several hours. This blackout was again caused by human error; despite four important lines being in outage for maintenance, the grid operated N-1 insecurely.
Recently, a low-impact blackout occurred when the European grid split on 8 January 2021, due to a fault in Croatia, followed by a cascading overload outage of more than 10 power lines. All these outages occurred in fewer than 43 s, triggering the curtailment of a 1.7-GW load. Given the large number of disconnected lines, the system’s automated protection reacted rather well, saving the system from worse consequences.
Last but not least, sometimes blackouts occur while the transmission grid is already weakened by multiple scheduled line outages (e.g., Turkey and India). Although this is to a good extent business as usual (but it needs enhanced scheduling accounting for the renewable generation effect on power flows), it should be accurately considered in security calculations.
It is hard to quantify how resilient a grid is and set an adequate level of resilience as these depend on a huge set of potential sequences of low-probability contingencies assumed to happen. The meshed grid structure ensures redundancy and, together with intricate control loops, naturally allows the grid to withstand the loss of some combinations of two or more components.
The blackouts of grids operating rightfully with limited resilience were produced by multiple correlated trips of components under the following conditions:
Three prominent examples of the former cause are addressed next.
The Southern Brazil blackout in 1999 was the largest power outage to that date, affecting more than 80 million people. It was caused by a lightning strike on an electricity substation, causing most of the power lines connected to the substation to disconnect simultaneously. Accordingly, many generators automatically shut down in the absence of transmission lines available to ship their power to load. The main lesson of this blackout is to pay attention to the remedial actions to faults impacting an entire substation, where several lines can be connected, or a busbar of it.
The blackout of parts of North America and Canada in 2003, which affected 50 million people and interrupted 60 GW of load, initially had a slow development. After the first generator trip, for approximately 1 h, a few normally loaded lines tripped unexpectedly due to tree contact provoked by untrimmed vegetation. Then, fast cascade outages occurred, resulting in collapse. The operators could have had time to take remedial actions, but they lacked situation awareness of unfolding operating conditions as the state estimator and real-time security assessment were not functional. This blackout emphasizes, among other things, the importance of the adequate visualization of emergency conditions, underpinning remedial actions in the control center, and prompted research in this direction.
The U.K. blackout in 2019, affecting more than 1 million customers, was initiated by a line disconnection due to a lightning strike. During the transient period, a few wind farms, interfaced with the grid through power electronics, did not ride through fault and tripped suddenly, leaving the grid with a power production deficit. In addition, three small gas power plants, responsible for restoring the power balance deficit, tripped due to an erroneous overspeed signal. The lesson drawn is how sensitive to unusual operating conditions and how little understood is renewable generation, controlled by power electronics, as compared to conventional synchronous generators. This blackout highlights the difficulty of trading off grid codes (legal contracts of mandatory simplicity) and the technical requirements of renewable generation to ride through multiple successive voltage drops.
Some key blackouts caused by natural disasters, which damaged multiple grid components and affected smaller regions and a number of people for a long time, are the following.
Hurricane Sandy left around 10 million people without power in the United States in 2012 for up to two weeks. Flooding and downed trees damaged vulnerable areas, cutting their power supply.
The Australian blackout in 2016 occurred during a very rare heavy storm, during which two lines tripped due to fault. The grid experienced unusual electric transients during which many power electronics-controlled wind farms did not respond according to the grid code, either tripping or reducing substantially their power production. These events overloaded a key interconnector and caused its subsequent trip, splitting the grid and resulting in a blackout. Two wind farm owners were fined around US$1.2 million for their negative role in the blackout. As in the U.K. blackout in 2019, the capacity of wind power generation to ride through unusual transients is in question.
The state of Texas, which is not connected electrically with the rest of the U.S. grid, experienced during two weeks in February 2021 a highly unexpected massive shortage of power production (e.g., around 13 GW at the peak, the demand being the highest ever recorded) due to a severe winter storm causing extremely low temperatures and the freezing of some generating equipment. Rolling blackouts were implemented by operators to equitably share the available power; still, 5 million people were not supplied for several days. Several hundred people died, and the cost of the blackout was estimated at US$155 billion. Two main lessons were learned. First, one needs to redesign the electricity market to avoid the huge profit (in billions of U.S. dollars as the wholesale market price was almost 20 times larger than normal) of some energy firms as well as the bankruptcy of other firms. Second, one needs to profoundly rethink and enhance grid resilience. “Winterizing” the power sector in Texas remains a big challenge.
Finally, the recurrent natural disasters occurring in many places over the world, e.g., Chile (earthquakes), the United States (hurricanes and tornados), and Greece (wildfires), clearly indicate the need for a systematic approach.
To summarize, the contingencies causing blackouts are generally correlated and conditioned, and therefore, of nonnegligible joint probability, as in the case of hidden failures in protections. Very rarely, a blackout is caused by uncorrelated contingencies of negligible joint probability. For example, such a blackout occurred in Sweden and Denmark in 2003, where the trip of a large nuclear power unit was followed, 5 min later in a far remote location, by a trip of a double busbar and disconnection of four lines.
It is first necessary to elucidate the confusion that exists in the community regarding the overlap and differences between security and resilience. Everybody agrees that power grids must become more resilient, but different people have distinct definitions and interpretations of what resilience means. The source of confusion stems from a straight translation of the original definition of resilience from the dictionary into the power grid realm, without considering grid specifics and existing concepts. Accordingly, resilience can be directly translated into power grids as the ability to quickly adjust to contingencies and recover normal operation after them. However, this definition is too generic since, by design, the power grid must already be “resilient” and secure without the need to recover, in this sense, for N-1 events. Furthermore, the power grid is even “resilient” and secure to the vast majority of N-2 or more dangerous contingencies, although it was not planned to achieve such robustness.
The power grid realm agrees to limit the dictionary definition of resilience only to extreme events, with high impact and low probability. Hence, according to the definition provided at the beginning of this article, resilience is concerned only with extreme N-k (k > 1) events, generally leading to lasting damaged infrastructure and subsequent grid restoration process. These are the key differences as compared to security, which focuses generally on N-1 events such that the grid provides nominal services without a noticeable impact on its users.
Figure 3 illustrates conceptually the following three phases of an event consisting of the trip of three lines:
In operation, phases I and II are common in security and resilience. Furthermore, at the planning stage, all phases are common in reliability and resilience.
Table 1 summarizes the common and distinct aspects of security and resilience according to several criteria. A variety of elaborate indicators have been proposed to characterize, from a resilience viewpoint, the grid performance during a certain trajectory (see Figure 3). However, the only one that really matters and can be used to steer the operators’ decisions is the expected unserved energy (trapezoid area), i.e., exactly as in reliability calculation.
Table 1. Differences and commonalities between security and resilience.
Blackouts have stimulated debate and initiated concrete measures to enhance grids’ reliability and resilience, in planning, as well as security and resilience, in operation. Sometimes blackouts pinpoint weak areas or assets in the grid that need to be reinforced. The main measures to enhance reliability, security, and resilience are of a diverse nature (administrative, organizational, and technical), such as the following:
Reinforcing the grid to enhance security is not necessarily an effective means as economics will naturally tend to push the grid to operate near its limits. Based on previous experience, satisfying operation principles (e.g., N-1 security) is the first step in preventing blackouts.
Sufficient evidence exists from recent blackouts that assessing and improving grid resilience deserves careful consideration. Providing resilience becomes of utmost importance during extreme conditions, and considering power grid restoration for such events should not be ignored anymore. Incentives to utilities to increase resilience are rising worldwide. Therefore, it is time that resilience considerations are integrated into power grid planning and operation, but it is not fully clear yet how. For instance, preemptively reinforcing the power grid against extreme events is generally impractical at the planning stage because such events have a very low probability, although they may have a high impact. Indeed, costly network investments to cope with highly unlikely events are hard to justify. In operation, however, some natural disasters (floods and storms) can be predicted with sufficient accuracy. If their probability becomes plausible and their impact is high, their associated risk (measured by the product of their probability and impact) becomes high and should not be neglected by the operator. The grid should be strengthened, e.g., with corrective actions and closed-loop controls, to face such credible extreme events.
The natural way of handling extreme events, whose probability becomes credible at some time in operation, jointly with ordinary N-1 events is by operating the grid in a risk-based manner, i.e., controlling the overall grid risk to remain below some threshold. Operators are firmly contemplating migrating the way of decision making from the current rigid deterministic N-1 security criterion to an adaptive risk-based one. However, suitable risk metrics, including unserved energy during the grid restoration phase, that embrace the same umbrella contingencies pertaining to both N-1 security and resilience are to be found.
The world is transitioning from fossil fuels to low-carbon and renewable energy supply. The main technological transformations during this energy transition, some shown in Figure 4, are as follows:
These transformations are weakening the security and resilience of the transmission grid through the following actions:
Fortunately, besides typical grid flexibility (e.g., substation reconfiguration, line switching, and power transformers), some of the previously mentioned threats (especially DERs) are also part of the solution to combat the deterioration of security and resilience via the following (see Figure 4):
Clearly, a wide front of research and development and radical changes is awaiting progress to succeed in the energy transition. Power grid modernization and upgraded decision-support tools for operators do not seem to keep up with the fast transformations imposed by this transition. Digitalization should receive special attention as the grid infrastructure (e.g., the control center) faces more frequent cyberattacks. Indeed, dangerous cyberattacks have been experienced in vital parts of the electricity infrastructure, e.g., in Ukraine in 2015, resulting in power outages for roughly 230,000 consumers, or the Stuxnet malware attack that hit an Iranian power plant in 2010. In this context, the catastrophic scenario produced by long-lasting cyberattacks described in the book Blackout by Marc Elsberg in 2012 might not remain pure fiction.
One should not wait for a new blackout to happen to improve security and resilience as this can be fatal to society. The anticipation of blackouts and coping with new threats to power grids are the key to accomplishing the energy transition.
The huge penetration of power electronics, controlling the behavior of millions of DERs and RESs, is fundamentally changing the dynamics of power grids. Furthermore, accurate dynamic models of increasingly active distribution grids, which affect stability, are to be found and included in dynamic simulations of the transmission grid. This trend prompted in 2021 a revisit and extension of power grid stability, also including two new forms of instability, that is, resonance and converter driven, which are exclusively due to the poor interactions of converter control loops. It also necessitates research and engineering efforts to ensure the interoperability of various DERs, RESs, and HVDC links, proposed by different vendors.
Most notably, a high share of RESs dramatically reduces the power grid’s inertia, provided hitherto by rotating masses of synchronous generators that are being phased out. Although it has not caused yet any blackouts, the low inertia challenge is receiving a lot of research attention. Possible, yet high-cost, solutions include synchronous condensers, the deloaded operation of RES generation, and big battery storage systems. Further innovation is needed to come up with cheaper solutions. The author envisions the huge cost of electricity, to be supported by the state and consumers, as the major technical barrier in reaching 100% renewable supply power grids.
Another key issue with variable RESs is that they cannot provide the same quality of reactive power services (needed to create variable electric and magnetic fields allowing electricity transmission from production sites to consumers) as conventional synchronous generators. This situation creates a reserves shortage for both reactive power production and absorption in the transmission grid, compromising its security through the inability to control voltages and maintain their stability. This shortage is owing to the following reasons:
These reasons urge rapidly rethinking and planning additional sources of reactive power (e.g., synchronous condensers and static synchronous compensators), especially close to big load centers, further increasing the overall cost of electricity.
Further changes in RES-rich grids pertain to protection philosophy as, unlike synchronous generators, RESs cannot provide a large fault current. The blackouts in Australia (2016) and the United Kingdom (2019) testify that, as compared to conventional generators, RES behavior is not yet well understood and is more sensitive to unusual operating conditions; hence, RESs may unexpectedly disconnect, depriving the grid of valuable production and reserves, possibly leading to a blackout. Some uncertainty lies ahead, and blackouts can occur in such circumstances.
Further, since energy consumption should be met at any time, improved grid resilience and generation adequacy will be needed at high shares (up to 100%) of inverter-based RESs due to the “Dunkelflaute effect” that translates into simultaneously low production of wind and solar generators as experienced sometimes, especially during February in Europe. Preliminary studies report that, in Europe, the mean frequency of Dunkelflaute is reduced from roughly 3 to 9% at the country level to approximately 3.5% at the regional level provided that the power transmission limits of the interconnected grids increase. How to cover the deficit of energy during this effect, besides energy storage, is a tough citizen-driven political matter pertaining to the optimal electricity supply mix during the energy transition.
Despite these major threats to grid operation security and resilience, achieving a 100% renewable electricity supply (including dispatchable hydropower and energy storage) is highly challenging but technically feasible on a case-by-case basis. However, the energy transition cost will not be affordable, at least in Europe, unless low-carbon and dispatchable nuclear power is for some time and to some extent part of the energy mix.
Current decision-making tools to enhance security in day ahead or real time, such as the security-constrained optimal power flow, are largely deficient in properly modeling the prevailing grid operation phenomena during the energy transition. Accurate tools to enhance resilience are in their infancy, and they should integrate and significantly extend modules of tools for security. To ensure the security and resilience of grids during the energy transition, the decision-support tools for operators in all time frames need substantial advances in the problems addressed, which should model the following:
The problems, including the previously mentioned features, that need to be solved for computing optimal actions to improve security and resilience are huge in size and highly computationally challenging. Solving them will require powerful high-performance computers, if not the next generation of quantum computers. Figure 5 illustrates (in red) the three main sources of computation complexity.
Tools for part of the security problem, focusing on steady-state (thermal and voltage) constraints, were addressed recently in two Advanced Research Projects Agency–Energy Grid Optimization competitions organized by the U.S. Department of Energy. The tools proposed for these competitions demonstrate scalability to very large grids. However, they do not incorporate any other dimensions of complexity from those shown in Figure 5, except contingencies. This demonstrates clearly that decision-support tools are currently severely lagging behind the speed as the energy transition evolves.
Algorithms embedded in these tools inherently require decomposing the optimization and control problems as well as relying on fast and reasonable quality approximations. Further, hybrid algorithms between machine learning, for solution estimation, and rigorous classical optimization methods are emerging. In particular, physics-informed machine learning is deemed by some researchers as a promising option to deal with the increasing complexity. Still, the validation of machine learning techniques should depart from the straightforward “learning by heart” of easy-to-estimate solutions and be proved when really needed, i.e., under sudden and various realistic changes in operating conditions.
Methods to enhance resilience should further address an issue of nigh-impossible solution; scenarios modeled are generally extreme (e.g., low voltages and abnormal frequency), which questions the validity of power grid models and simulation accuracy outcome. Accordingly, the sequence of events (cascading disconnections and restoration process) gets increasingly uncertain, and the outcome of events exhibits high variability.
The lessons learned after each past blackout have allowed power grids to better face contingencies. However, the key lesson, namely meeting the N-1 security operation requirement, has not been systematically or efficiently enforced and remains the cause of many high-impact blackouts. Thus, the evidence collected in this work contradicts some articles on resilience, which claim that only the lack of adequate grid resilience to extreme weather can cause (high-impact) blackouts.
The world is transitioning to sustainable energy grids and the electrification of some energy sectors, which is producing major transformations in increasingly hybrid ac-dc power grids, especially a massive adoption at all voltage levels of variable RES generation, interfaced with the grid through inverters. Grid monitoring and control modernization via various technologies, including prevalent HVDC links, are following alarmingly at a slower pace, weakening grid security. This energy transition is fundamentally shifting the known grid dynamics, creating new forms of instability, and requiring rethinking grid operation, control, and markets. In particular, it is of high interest to identify the critical turning point of RES share in the sustainable electricity mix, also encompassing conventional synchronous generator-based hydro and low-carbon nuclear power, which will lead to a radical change in the approaches to control frequency and voltages. In the prevailing context, new threats (e.g., cyberattacks, low inertia, and reactive power reserves scarcity) and atypical vulnerabilities (e.g., cyberphysical, counterintuitive, and unpredictable power flows) of power grids, unknown to operators, may materialize.
We are discovering the behavior of changing power grids and can use little of the lessons learned from previous blackouts in this new environment. In particular, the fragility of DERs to unusual operating conditions already conveyed two warnings, which materialized in the blackouts in Australia and the United Kingdom. It is risky to ride a blackout unprepared through the energy transition. To succeed, one needs superior blackout anticipation than hitherto available. Still, blackouts will continue to happen, at least because the increasingly complex grid with millions of small-size DERs, some uncontrollable, neither was planned nor can be operated to cope with massive natural disasters. In this respect, grid reliability, security, and resilience are increasingly vital due to the electrification of key energy sectors, increased occurrence of natural disasters, and unveiled new threats. However, the decision-support tools to evaluate and enhance security necessitate substantial enhancements in the relevance of problems addressed and high-performance computers, if not the next generation of ultrapowerful quantum computers, for their solution.
The methodologies and tools pertaining to grid resilience are under development. They face significantly more solution computational challenges than for security but could wisely benefit from modules present in tools for tackling security. Enhancing resilience to natural disasters (especially the restoration phase) is cross-disciplinary and depends on diverse factors (e.g., crews mitigating the disaster outside the power grid realm). However, the incapacity to fight against and tame nature drastically limits the capacity to enhance resilience. To properly address the entire spectrum of threats, embracing it under the same framework of security and resilience, probabilistic risk-based decision making in grid operation must be urgently adopted.
The author acknowledges the funding from FNR Luxembourg in the frame of research projects ML4SCOPF, ECHO, and TESTIFY.
D. N. Kosterev, C. W. Taylor, and W. A. Mittelstadt, “Model validation for the August 10, 1996 WSCC system outage,” IEEE Trans. Power Syst., vol. 14, no. 3, pp. 967–979, Aug. 1999, doi: 10.1109/59.780909.
G. Andersson et al., “Causes of the 2003 major grid blackouts in North America and Europe, and recommended means to improve system dynamic performance,” IEEE Trans. Power Syst., vol. 20, no. 4, pp. 1922–1928, Nov. 2005, doi: 10.1109/TPWRS.2005.857942.
A. Berizzi, “The Italian 2003 blackout,” in Proc. IEEE Power Eng. Soc. General Meeting, 2004, vol. 2, pp. 1673–1679, doi: 10.1109/PES.2004.1373159.
N. Hatziargyriou et al., “Definition and classification of power system stability–revisited & extended,” IEEE Trans. Power Syst., vol. 36, no. 4, pp. 3271–3281, Jul. 2021, doi: 10.1109/TPWRS.2020.3041774.
F. Capitanescu, “Evaluating reactive power reserves scarcity during the energy transition toward 100% renewable supply,” Elect. Power Syst. Res., vol. 190, Jan. 2021, Art. no. 106672, doi: 10.1016/j.epsr.2020.106672.
M. I. Alizadeh, M. Usman, and F. Capitanescu, “Envisioning security control in renewable dominated power systems through stochastic multi-period AC security constrained optimal power flow,” Int. J. Elect. Power Energy Syst., vol. 139, Jul. 2022, Art. no. 107992, doi: 10.1016/j.ijepes.2022.107992.
Florin Capitanescu is with the Luxembourg Institute of Science and Technology, L-4362 Esch-sur-Alzette, Luxembourg.
Digital Object Identifier 10.1109/MPE.2023.3247053
Date of current version: 19 April 2023
1540-7977/23©2023IEEE