ARTICLE IN PRESS

Reliability Engineering and System Safety 94 (2009) 11161127

Contents lists available at ScienceDirect

Reliability Engineering and System Safety

journal homepage: www.elsevier.com/locate/ress

Application of the fault tree analysis for assessment of power

system reliability
epin, Borut Mavko
Andrija Volkanovski , Marko C
Reactor Engineering Division, Jozef Stefan Institute, Jamova 39, 1000 Ljubljana, Slovenia

a r t i c l e in f o

a b s t r a c t

Article history:
Received 14 November 2007
Received in revised form
22 August 2008
Accepted 15 January 2009
Available online 30 January 2009

A new method for power system reliability analysis using the fault tree analysis approach is developed.
The method is based on fault trees generated for each load point of the power system. The fault trees are
related to disruption of energy delivery from generators to the specic load points. Quantitative
evaluation of the fault trees, which represents a standpoint for assessment of reliability of power
delivery, enables identication of the most important elements in the power system. The algorithm of
the computer code, which facilitates the application of the method, has been applied to the IEEE test
system. The power system reliability was assessed and the main contributors to power system
reliability have been identied, both qualitatively and quantitatively.
Crown Copyright & 2009 Published by Elsevier Ltd. All rights reserved.

Keywords:
Fault tree
Safety
Reliability
Power system

1. Introduction
The power systems are usually large, complex and, in many
ways, nonlinear systems. They include subsystems and components such as generators, switching substations, power lines and
loads. Switching substations include buses, transformers, circuit
breakers and disconnect switches. The evaluation of the overall
system reliability is extremely complex as it is necessary to
include detailed modeling of both generation and transmission
facilities and their auxiliary elements. A failure of components or
subsystems can result in a failure of power delivery to specic
loads or in certain cases in a full blackout of the power system.
The purpose of this paper is to develop a new method for
power system reliability analysis, because several blackouts have
been reported recently [1,2]. The need for analysis of power
system reliability additionally emerges from the aspect of the
consequent terrorist threats on major infrastructures including
the power systems [3].

1.1. State of the art of power system reliability analysis

Most of the approaches for determination of power system
reliability use approximation or simplication of the problem in
order to degrade the problem on a solvable level. The quasitransient approach [4] and examination of cascading failure using
the linear programming [5] method were proposed assuming only
 Corresponding author.

E-mail address: andrija.volkanovski@ijs.si (A. Volkanovski).

single components failure and identication of only one critical

point in the system, excluding the probability of failure of
components. Evaluation of system reliability concerning only the
generation facilities and their adequacy to satisfy load using
heuristic methodology was proposed, but this methodology does
not include transmission in the analysis [6].
The minimal cut set and the frequency duration method are
used for the planning and design of industrial and commercial
electric power distribution systems and their reliability evaluation, but the whole methodology considers only lines and
transformers and is applicable only to small systems [79]. The
minimal cut-set method of evaluating load-point reliability
indices is proposed but it accounts for only topology of the
network [10]. Screening methodology for the identication and
ranking of infrastructure vulnerabilities, including a small power
system, due to terrorism based on a minimal cut-set approach and
event tree method was proposed [11,12], and also needing
conditional success rate estimation. A method for assessing and
improving the vulnerabilities of electric power transmission grids,
based on load-ow algorithm using direct current (DC) power
ow, is proposed but it accounts for only power grid reliability
[13]. An application of Monte Carlo network analysis for reliability
assessment of multiple infrastructures, including power system,
for terrorist actions [14] is proposed, but this method is
inadequate when infrastructures are analyzed individually. Application of the sum-of-disjoint products technique for evaluating
stochastic network reliability is proposed [15] with the simplication of the problem considering only one path between source
and sink nodes and assuming that each node is perfectly reliable.
A hybrid model that includes both power system dynamic

0951-8320/$ - see front matter Crown Copyright & 2009 Published by Elsevier Ltd. All rights reserved.
doi:10.1016/j.ress.2009.01.004

ARTICLE IN PRESS
A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

simulations and event trees for the protection was anticipated for
power system reliability estimation, accounting for only lines
protection failure [16].
Several variations of Monte Carlo simulation methods including cellular automata and system state transition sampling
approach were developed to probabilistically evaluate power
system long-term reliability [1723]. These methods do not
include all functional zones of the power system and some of
them face difculty with convergence. A method based on load
curtailment model is proposed to perform risk assessment of a
combinative system of transmission network and substation
congurations [24] and excluding generators failure from the
analysis.
A method for evaluating the terminal-pair reliability of the
network, based on an edge expansion tree and ordered binary
decision diagram, and a method for consideration of node failures
were developed [25,26].
The power system is usually divided into generation, transmission and distribution functional zones, which are analyzed
separately [27,28]. These functional zones can be combined to
form a series of hierarchical levels for conducting the system
reliability analysis. System reliability is usually predicted using
one or more indices that quantify the system reliability and that
are implemented using the criteria based on acceptable values of
these indices.
A methodology for the automated generation of fault trees for
electrical/electronic circuits from a representation of a schematic
diagram is developed [29]. The application of the fault tree
analysis approach for power system reliability analysis and
system design, development and modication is demonstrated
[30,31]. A recent probabilistic method for transmission grid
reliability evaluation uses event trees and fault trees and
combines them with power system dynamic simulations. The
substation protection and the trip operations after line faults are
modeled with the event trees. The power system reliability is
studied with a substation model, which includes possible
malfunctions of the protection and circuit breakers. Single faults
of lines, due to the protection failure, are accounted for in the
analysis [32,33].

2.1. Fault tree analysis

The report entitled Reactor Safety Study: an assessment of
accident risk in US Commercial Nuclear Power Plants
(NPPs)WASH 1400 [34] was an important attempt to provide
a detailed assessment of the risks associated with the utilization
of commercial nuclear power plants. A systematic probabilistic
methodology for assessment of reliability and safety of complex
systems was developed and applied. In most countries, the
method is referred to as probabilistic safety assessment (PSA).
The event tree and the fault tree are two basic methods used in
probabilistic safety assessment [35].
The fault tree is a tool to identify and assess the combinations
of the undesired events in the context of system operation and its
environment that can lead to the undesired state of the system
[3537]. It is recognized worldwide as an important tool for
evaluating safety and reliability in system design, development
and operation [35,3844]. The undesired state of the system is
represented by a top event. The fault tree is based on Boolean
algebraic and probabilistic basis that relates probability calculations to Boolean logic functions. The fault tree analysis is used for
assessment of reliability indices in the power system with
inclusion of the major components of the system. The logical
gates integrate the primary events to the top event, which
corresponds to the undesired state of the system. The primary
events are the events that are not further developed, e.g. the basic
events (BE) and the house events. The basic events are the
ultimate parts of the fault tree, which represent the undesired
events, e.g. the component or system failures.
The classic fault tree is mathematically represented by a set of
Boolean equations. The qualitative fault tree analysis (in the
process of Boolean reduction of a set of equations) identies the
minimal cut sets, which are combinations of the smallest number
of basic events, which, if occur simultaneously, lead to the top
event.
The quantitative fault tree analysis represents a calculation of
the top event probability, equal to the failure probability of the
corresponding load. The calculation of the top event probability:
Q GD

n
X

QMCSi 

2. Method description

NL
X
i1

Q GDi

Ki
1  Q PS
K

(1)

where RPS is power system reliability; QPS, power system

unreliability; QGDi, failure probability of power delivery to ith
load (top event probability of the respective fault tree); NL,
number of loads in system; Ki, capacity of ith load; K, total
capacity of the system; Ki/K, weighting factor for ith load, where
K

NL
X

Ki

(2)

i1

The fault tree analysis is performed separately for each of the

loads in the power system, and the power system reliability, given
by Eq. (1), is calculated. Calculation of the power ows within the
power system is considered, in addition.

QMCSi\MCSj

QMCSi\MCSj \MCSk  . . . 1n1 Q

iojok

RPS 1 

X
ioj

i1

The failure probability of power delivery to ith load (QGDi) is

calculated through the top event probability of the respective fault
tree, and the values of weighted failure probabilities of power
delivery to loads are considered to get the overall measure of the
power system reliability:

1117

n
\

MCSi

(3)

i1

can be simplied and approximated (using rare event approximation) as

Q GD

n
X

QMCSi

(4)

i1

where QGD is top event probability of the fault tree, corresponding

to probability of disruption of energy delivery to the corresponding load.
Probability of each minimal cut set is calculated using the
relation of simultaneous occurrence of independent events:
Q MCSi

m
Y

Q Bj

(5)

j1

where QMCSi is probability of minimal cut set i; m, number of basic

events in minimal cut set i; QBj, probability of the basic event Bj
describing failure of the component (i.e. failure probability of
component Bj).
The fault tree analysis results include importance measures
risk achievement worth (RAW) and risk reduction worth (RRW) in
addition to the top event probability [39,43]. Risk achievement
worth identies components that should be maintained well in

ARTICLE IN PRESS
1118

A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

order that the reliability of the system is not reduced signicantly.

Risk reduction worth identies components that are probably
redundant, because their reliability signicantly increases system
reliability(i.e. risk is reduced):
RAW k

Q GD Q k 1
Q GD

(6)

RRW k

Q GD
Q GD Q k 0

(7)

where RAWk is risk achievement worth for component k; RRWk,

risk reduction worth for component k; QGD(Qk 1), top event
probability when failure probability of component k is set to 1;
QGD(Qk 0), top event probability when failure probability of
component k is set to 0; QGD, top event probability.
2.2. New importance measures
New risk importance measures are developed to evaluate the
power system [44]. The network importance risk measures,
namely network risk achievement worth (NRAW) and network
risk reduction worth (NRRW), are dened using the denition of
the importance measures from a single fault tree given in Eqs. (6)
and (7) and the power system unreliability expression given in Eq.
(1). As the term network is a descriptive term for the power
system in this paper, NRAW and NRRW can be expressed as power
system risk achievement worth and power system risk reduction
worth:
NL
P
Q GDi Q k 1K i
Q
Q

1
NRAW k PS k
i1 NL
Q PS
P
Q GDi K i
i1
NL
P

i1

Q GDi Q k K i RAW kGDi

NL
P

(8)
Q GDi K i

where NRAWk is power system risk achievement worth of

component k; QPS, power system unreliability; QPS(Qk 1), power
system unreliability when unreliability of component k is set to 1;
QGDi(Qk 1), failure probability of power delivery to ith load when
unreliability of component k is set to 1; NL, number of loads in the
system; QGDi(Qk), failure probability of power delivery to ith load;
RAWkGdi, value of RAW for component k corresponding to load i;
and Ki, capacity of ith load.
NRRWk is dened as
NL
P

Q PS
NL
NRRW k
Q PS Q k 0 P

Q GDi K i

i1

Q GDi Q k 0K i

i1
NL
P

Q GDi K i
i1
NL
P
Q GDi Q k K i
RRW kGDi
i1

for single components, substituting QPS and QGDi in Eqs. (8) and (9)
with
QPS(Qg 1)power system unreliability when unreliability of
components in group g is set to 1.
QGDi(Qg 1)failure probability of power delivery to ith load
when unreliability of components in group g is set to 1.
QPS(Qg 0)power system unreliability when unreliability of
components in group g is set to 0.
QGDi(Qg 0)failure probability of power delivery to ith load
when unreliability of components in group g is set to 0.
Component groups may contain components (elements) of the
same type, components corresponding to specic substation or/
and any other combination.

2.3. Approximate DC load-ow model and line overload test

The approximate direct current power ow model is obtained
from the alternating current model of power system if taken to be
approximated, voltages in all buses are equal to the nominal,
differences of angles of voltages are very small and neglecting the
losses in power system. The DC power ow model gives a linear
relationship between the power owing through the lines and the
power input at the nodes. The DC power ow equations can be
written as
F AP

(10)

where F is a vector whose components are the active power ows

through the lines; P, vector whose components are power of
generators in the substations; A, constant matrix with elements
calculated from the impedance of the lines and load in substations
(dimensions of A are Nl  Ng, where Nl is the number of lines and
Ng the number of substations directly connected to a generator or
generators in a system).
Using the calculated active power ows from Eq. (10) and the
approximate methodology [45], reactive power ows and voltages
in the buses are calculated for normal regime and for the single
line failure state (when each of the lines in the system fails). The
calculated ows and voltages are stored and used for the overload
checking procedure.
The procedure for overload checking contains the following
steps:
1. Compare ows through the lines, which constitute tested ow
path, with continuous load rating of those lines, when lines
that are not included in the ow path fail (single line failure).
2. If the overloaded line is found in step 1, then discard that ow
path and check the next ow path.
3. Check if there are violated voltages (outside the predetermined
nominal range) in the buses constituting ow path when lines
that are not included in the ow path fail.
4. If ow path passes the overload and voltage tests, accept it for
the fault tree construction.
5. Go to step 1, until all ow paths are checked.

(9)

where NRRWk is power system risk reduction worth of component

k; QPS(Qk 0), power system unreliability when unreliability of
component k is set to 0; QGDi(Qk 0), failure probability of power
delivery to ith load when unreliability of component k is set to 0;
RRWkGdi, value of RRW for component k corresponding to load i.
The system importance measures NRAW and NRRW for
components groups are dened similarly as importance measures

In step 1, the maximum (absolute value) of the reactive power

ow thought to line together with active power ow is considered
in the evaluation. The single peak load model is used in the
analysis accounting for the size of the loads during peak
consumption.
Continuous load rating of the lines is updated with the
ambient temperature using the correction factor dened as
r
80  T amb
kcorr
(11)
40

ARTICLE IN PRESS
A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

where kcorr is correction factor for continuous load rating and Tamb
is ambient temperature.
Many power systems are built or have been designed with a
relatively strong transmission network. When analysis is done to
those systems, several modications are made in order [20] to
weaken the system for conducting the transmission reliability
studies. Those modications are mostly connected with the
disconnection of multiple lines in the power system. With the
disconnection of lines, the overall structure and power ows
within the system are changed, not corresponding to ows in a
real system. In the proposed method, power ows in normal and
single line failure regime are accounted for together with voltages
in the substations. Only selected energy paths are accounted for in
the fault tree construction, discarding those that are overloaded as
a result of limitations of transfer capacity of lines or violated
voltages in substations. Discarded ow paths, depending on
power ows, have direct implication on the reliability of power
delivery and on overall power system reliability (a smaller
number of ow paths results in a smaller number of alternative
power delivery paths and higher failure probability). Reducing the
number of ow paths reduces the number of gates in a fault tree
and the overall size of the fault tree, decreasing the calculation
times.

2.4. Procedure
Switching substations are important elements of power
systems. A generator and/or a load can be connected to the
switching substation. Switching substations are connected with
power lines, through which the power is transferred from
generators and other switching substations to loads. The main

1119

task of the analysis is to identify the possible paths of interruption

of power supply to the load, to evaluate the probability of that
interruption and to recognize the main components that contribute to the interruption of supply.
In order to start with the fault tree analysis, the corresponding
fault tree should be built rst for each switching substation,
which is connected to a load. The principle of continuum of
energy delivery is taken in account during the analysis. The fault
tree structure corresponds to the conguration of the system and
includes all possible ow paths of disruption of the power supply
from generators to loads. The power transfer limitations and
common cause failures (CCF) of power lines are included in the
model together with power ows and capacity of generators and
loads in the power system. Common cause failures are failures of
multiple equipment items occurring from a single cause that is
common to all of them [46]. The failure of the multiple lines due
to the severe weather conditions or earthquakes in a specied
region can be additionally modeled adding supplementary CCF
groups for each initiator.
Switching substations used in the model correspond to
substations in real power systems, which normally include several
components including circuit breakers, protective relays, cut-out
switches, disconnect switches, lightning arresters, fuses, transformers and other communication and protection equipment.
The rst step in the proposed method is the building of fault
trees for each substation in the power system and the calculation
of corresponding top event probabilities. Example of a switching
substation, consisting of load, two buses, four generators and
three lines (up) together with a corresponding simplied model
representation of the substation (down), is given in Fig. 1.
In the simplied substation representation, given in the
bottom of Fig. 1, bus BUS01 failure will result in interruption of

Fig. 1. Example substation and simplied model of the substation.

ARTICLE IN PRESS
1120

A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

Fig. 2. Fault tree for simplied substation representation.

energy delivery from generators and lines to load, disruption of

power delivery from generators to lines and disruption of energy
exchange between power lines, representing substation failure
mode in the developed method. Disruption of energy delivery
paths through elements of the substation is accounted for during
the construction of the fault tree. Fig. 2 shows a part of the fault
tree of the substation. Normal states of the circuit breakers and
disconnect switches (normally open or normally closed) are
assumed and modeled in the fault tree using two failure
probabilities, for active and passive failures, for each of the
elements (fails to close, fails to remain closed). Building of the
fault trees and calculation of top event probability and corresponding importance measures are done using commercial software [47].
The presented reliability assessment of the substation does not
include protection and control systems. The inclusion of these
systems can improve the models, but it can additionally increase
the complexity of the overall procedure [48].
The next step in developing the corresponding fault trees is
identication of all the possible energy delivery ow paths from
the adjacency matrix of the corresponding power system. The six
substations system, which is shown in Fig. 3, is presented as an
example for description of the methodology.
The system consists of six substations, ve generators in
substations 13 and 6 and two loads in substations 1 and 4. There
are multiple generators (two in substation three) and multiple
lines (marked Li1 and Li2 in Fig. 3) between substations 1 and 2 in
the example system. The lines for which common cause failures
are accounted for are marked in Fig. 3: CCF of lines due to the

Fig. 3. An example system consisting of six substations.

common tower and CCF1 for lines that are assumed to be on a

common right-of way for part of their length.
The adjacency matrix A of a simple graph is a matrix with rows
and columns labeled by graph vertices, with a 1 or 0 in position
(vi, vj) according to whether graph vertices vi and vj are adjacent
or not. Using the adjacency matrix A, all possible ow paths
between generation (source) and consumer (load) substations are
identied, using developed recursive procedure for the formation
of rooted trees of the graph of the system. The energy ow paths
between the load and other substations in the system are
identied using the rooted tree. A rooted tree is a tree in which
a labeled node is singled out. The rooted tree for substation 1 is
given in Fig. 4. Dashed lines identify the energy ow paths
between substations 3 and 6 and substation 1.

ARTICLE IN PRESS
A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

Fig. 4. Rooted tree for substation 1 with energy ow paths to substations 3 and 6
for example system.

The identied ow paths of energy delivery between substations are tested for consistency, namely:
1. Only a part of the ow path ending with substation, which is
directly connected to generators with total installed capacity
equal or larger than load, is taken further for the overload test.
2. If there is an overloaded line in the ow path obtained from the
previous test, then that ow path is discarded.
Test of overloaded lines or violated voltages in a ow path is
described in Section 2.3.
In these consistency tests, it is assumed that energy is
delivered to the load only from substations, where the total
installed capacity of generators is equal to or larger than the load.
This assumption does not correspond to real power systems
where each generator has a share of energy delivered to each load
in the power system. However, taking into account the fact that all
possible combinations of ow paths of all substations with
generators and loads are included in the model, it is postulated
that the model will correspond to the state of a real power system.
Example of a consistency test, for load 1 with tree shown in Fig.
4, is given in Fig. 5. Let the total installed capacity of the generator
in substation 2 be smaller than the load in substation 1, lines 24
are overloaded for the specic ow path corresponding to energy
delivery from substations 3 to 1 and voltage in bus 5 is higher
than nominal in case of the failure of lines 13. In that case, only
ow paths marked with dark solid lines in Fig. 5 will be accepted
for the fault tree construction. All other ow paths will be
discarded due to the lack of generator (black dashed lines,
substation 4), smaller generation than load (green lines, substation 2), violated voltage (blue line from substation 6) or overload
of the line (red dashed line between substations 2 and 4 shows
overloaded line; red line between substations 2 and 3 is discarded
too).
Flow paths, which were accepted in a previous test of
consistency, are used in the next step for fault tree construction.
The fault tree for each substation, which is connected to a load, is
created using the modular fault tree, shown in Fig. 6, with the
structure and the failure probabilities inserted depending on the
elements modeled. Basic events marked in red squares are

1121

Fig. 5. Discarded and accepted ow paths for test system.

optional, depending if there are CCF between lines or if there

are multiple generators in the substation. The procedure of
building fault tree includes the following steps:

1. Add OR gate (top gate named 50,000) corresponding to failure

of power delivery to that substation.
2. If the previously added gate is top gate, exclude the line
failures gate, else add OR gate for those failures (named
600,000 or above) and corresponding basic events for line
failures and CCF of lines (named with numbers starting from
200,000 and 650,000).
3. Add OR gate corresponding to substation failure (named with
numbers starting from 700,000).
4. Add OR gates corresponding to substation failure (named with
numbers starting from 800,000) and corresponding basic
events (named with numbers starting from 100,000).
5. Add AND gate corresponding to failure to deliver energy to
specic substation (named 900,000 or above).
6. Add OR gates corresponding to generators failure in that
substation (750,000 and above) or no energy from other
substations connected to that substation (500,001 and above).
7. Go to step 1 until all energy ow paths are accounted for.

Fig. 7 shows the top section of the fault tree constructed for load
1 in substation 1 in Fig. 3. The maintenance activities of the
components in the power system can be implemented by
excluding the components planned for maintenance from input
data.
The evaluation of the network reliability is an NP-hard
problem [15] requiring processor power and memory allocation.
Two major elements identify the necessary calculation time. First
is the size of the fault trees built for each of the loads in the
system. Fault trees size depend on the number of substations
(correlated to size of adjacency matrix), loads (number of
generated fault trees), lines in the power system (related to
number of possible energy ow paths) and size of the loads and
generators and their disposition in the system (number of
accepted ow paths accounting for power transfer capabilities of
the lines and substation voltages). Second is the efciency of the
used fault tree analysis module and the used cut-off values in the

ARTICLE IN PRESS
1122

A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

Fig. 6. Modular fault tree used for fault tree construction.

Fig. 7. Part of the fault tree built for load 1 in substation 1.

ARTICLE IN PRESS
A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

calculations and this element is most time demanding and

limiting in the method.
During the construction of the fault tree model for each of the
substations in the system, the following important issues are
considered:

 Logical looping was avoided by careful consideration of ow

paths.

 All ends of ow paths are considered in order not to doublecount contributions modeled previously in the tree.
The verication of a proper fault tree modeling was done
through the examination of minimal cut sets of small test systems
in sense:

 If all minimal cut sets are really minimal.

 If all expected minimal cut sets appear in their respective
listing.

1123

3. Results
The new method is tested on the IEEE One Area RTS-96
(IEEEInstitute of Electrical and Electronics Engineers,
RTSReliability Test System), consisting of 24 substations17
substations that are directly connected to loads and 7 substations
that are directly connected to generators32 generators and 38
power lines [49]. For 14 lines, the common cause failures are
considered. The IEEE reliability test system is specially designed to
be used for different static and dynamic analyses and to compare
the results obtained by different methods. Diagram of the IEEE
One Area RTS-96 is given in Fig. 8.
The available data for component reliability are used in the
analysis [49,50]. Each substation is approximated with substation
failure basic event calculated by the procedure given in Section
2.4. The extended single line diagram of IEEE One Area RTS-96
Substation System [49], including station congurations, was
used for substations reliability assessment. Failures of the
disconnect switches at the end of the power lines, circuit breakers
and transformers in the lines were included in the calculation of

Fig. 8. IEEE one area RTS-96.

ARTICLE IN PRESS
1124

A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

Table 1
Failure data for selected elements of the IEEE test system.
Component name

Substation one failure

Substation two failure
Substation three failure
Substation eleven failure
Line between substations 1 and 2
Line between substations 1 and 3
Line between substations 1 and 5
Beta factor for lines 89
Beta factor for lines 1722
Circuit breaker (active failure: fails to close)
Circuit breaker (passive failure: fails to remain closed)
Disconnect switch (active failure: fails to close)
Disconnect switch (passive failure: fails to remain closed)
Generator size 12 MW
Generator size 20 MW
Generator size 50 MW
Generator size 76 MW
Generator size 100 MW
Generator size 155 MW
Generator size 197 MW
Generator size 350 MW
Generator size 400 MW
Bus section 138 kV
Bus section 230 kV

Component failure probability

Subsystem failure
probability

Beta factor for common

cause failures

3.57E8
3.57E8
2.33E9
3.00E9
4.39E4
5.83E4
3.77E4
2.00E1
3.00E1
8.14E05
6.16E06
4.09E06
6.16E07
2.00E02
1.00E01
1.00E02
2.00E02
4.00E02
4.00E02
5.00E02
8.00E02
1.20E01
5.44E05
4.43E05

failure probabilities of the lines. Only the length of the common

structure or the common path of power lines is given in IEEE data;
therefore, the estimated values are considered for the Beta factor
for CCF of lines. Table 1 shows the component reliability data for
selected elements of the test system as used in the analysis.
Ambient temperature Tamb 40 1C is considered in the analysis.
The following results are obtained for the test system:

 fault tree model and top event probability for each of the
selected loads,

 system unreliability,
 power system risk achievement worth for all elements of the
system,

 power system risk reduction worth for all elements of the

system and

 importance measures for components and selected groups of

components in the system.
The selected quantitative results are presented in the following
tables.
Results in Table 2 include failure probability of the power
delivery to respective loads in the power system, corresponding
weighting factor for each load and nal weighted failure
probability for each load separately. The total system failure
probability is evaluated as 5.41E04. The total capacity of the
system is 2850 MW. The results in Table 2 show that the loads
with the highest top event probability are loads in substations 15,
18, 13 and 20, mainly due to the size of the loads and failure
probabilities of those substations. The obtained results were
compared with the results obtained for bus indices for IEEE RTS
shown in Table 3 taken from Table 3.16 of the corresponding Ref.
[50]. Comparison of the obtained results show that same
substations have the highest failure probabilities in the rst four
positions of both tables. The energy index of unreliability in Table
3.17 of the corresponding Ref. [50] was estimated to be 5.84E3.
This value is of an order of magnitude higher than the system
unreliability measure obtained from the proposed method, but it

Table 2
Calculated top event probabilities of IEEE RTS.
Load
substation

Failure
probability of
power delivery
to respective
load

Weight

FT top event
prob.weight

Capacity
(MW)

15
18
13
20
7
10
9
14
19
3
6
8
4
5
2
1
16

2.31E03
2.30E03
1.39E04
4.47E05
4.11E05
9.96E06
9.96E06
3.71E06
3.55E06
2.56E06
7.29E07
6.56E07
1.88E07
1.51E07
3.59E08
3.57E08
1.99E08

1.10E01
1.16E01
9.20E02
4.44E02
4.34E02
6.77E02
6.08E02
6.74E02
6.28E02
6.25E02
4.72E02
5.94E02
2.57E02
2.47E02
3.37E02
3.75E02
3.47E02

2.54E04
2.66E04
1.28E05
1.99E06
1.79E06
6.74E07
6.05E07
2.50E07
2.23E07
1.60E07
3.44E08
3.90E08
4.83E09
3.71E09
1.21E09
1.34E09
6.91E10

317
333
265
128
125
195
175
194
181
180
136
171
74
71
97
108
100

should be noted that both measures have been obtained by

different approaches and they correspond to different power
system elements (the power deliver capability in the rst and the
energy in the second case).
The importance measures NRRW and NRAW for selected
components in the power system are given in Table 4. Results
show that components with the highest value of NRRW importance measure are generators situated in substations 18, 21 and 23
and this result is expected accounting for that those units are the
largest generating units in the power system. The high value of
NRRW implies that the reliability of the respective components is
worth increasing in order that the system reliability is signicantly increased. The identied power plants are candidates for
design change, e.g. installation of redundant components in the

ARTICLE IN PRESS
A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

Table 3
The results for the IEEE RTS from Ref. [50].

Table 5
Power ows through lines in IEEE RTS.

Load

Failure probability

18
13
15
20
2
16
3
5
1
6
4
8
7
19
14
9
10

8.34E02
7.13E02
5.65E02
4.62E02
4.10E02
2.60E02
2.26E02
2.24E02
2.24E02
2.24E02
2.24E02
1.60E02
1.59E02
1.17E02
9.56E03
3.17E03
3.17E03

Table 4
Importance measures for selected components of IEEE RTS.
Component identication

NRRW

NRAW

G2
G2
G2
G2
G2

1.04E+02
1.04E+02
1.98E+00
1.33E+00
1.33E+00

8.26E+00
8.26E+00
6.70E+00
6.94E+00
6.94E+00

1.00E+00
1.00E+00
1.00E+00
1.00E+00
1.00E+00

2.20E+02
2.05E+02
1.07E+01
1.31E+00
1.29E+00

118-1
121-1
123-3
123-1
123-2

B1-118
B1-115
L1-107 108
L1-116 119
L2-120 123

1125

corresponding substations where those generators are connected.

The identied components with the highest NRAW in Table 4 are
as follows: substations 18 and 15, line between switching
substations 7 and 8, line between substations 16 and 19 and
CCF of the lines between substations 20 and 23. Components with
the highest value of NRAW should be maintained well, in order
that the reliability of the system is not reduced signicantly, so
the maintenance priority should be high for those components.
The high value of NRAW for substations 18 and 15 is expected
accounting for the size of the loads connected in those substations. The failure of line between substations 7 and 8 will disrupt
power delivery from the generator and to the load situated in
substation 7, resulting in a high value of NRAW. The high values of
NRAW for the line between substations 16 and 19 and CCF of the
lines between substations 20 and 23 are obtained because failure
of those lines will disrupt power delivery from generators situated
in substations 19 and 20 to the power system and interrupt power
transfer between substations 16 and 23.
The calculated power ows through lines in the power system
using DC power ow method for the normal operation are given in
Table 5. The minus sign indicates the reverse ow between two
substations. The highest power ows are between lines 1416 and
1617. Comparison of the most important power lines in the
system given in Table 4 and the power ows given in Table 5
shows that the most important power lines are not always those
that have the highest power ows during normal regime of work.
The importance measures for selected components of
substation 15, identied to have the highest failure probability

Line

Power ow
(MW) start

Power ow
(MVAr)
start

Power ow
(MW) end

Power ow
(MVAr)
end

Lines 1416
Lines 1617
Lines 1323
Lines 1223
Lines 324
Lines 1524
Lines 1521
Lines 1521
Line 1718
Lines 1012
Lines 2122
Lines 1114
Lines 1619
Lines 1722
Lines 1011
Lines 912
Lines 78
Lines 1516
Lines 911
Lines 610
Lines 1113
Lines 2023
Lines 2023
Lines 15
Lines 1821
Lines 1821
Line 26
Lines 89
Lines 1213
Lines 24
Lines 39
Lines 49
Lines 1920
Lines 1920
Lines 810
Lines 13
Lines 12
Lines 510

343.3
322.2
250.6
243.9
236.7
233.2
214.9
214.9
181
166.2
158.9
149.3
143.5
141.1
140.7
122.2
115
109.6
96.7
84.4
83.1
82.7
82.7
64.8
57
57
51.6
39.2
38.5
37.9
37.8
36.1
18.8
18.8
16.8
15.3
14.5
6.2

38
19.2
31.6
21.9
35.5
28.6
41.9
41.9
51.4
57.2
24.6
63.8
68.1
10.1
66.3
20.1
26.5
70.1
10.5
73
36.4
58.3
58.3
1.2
8.9
8.9
28.4
12.9
21.5
31.3
27.3
16.9
53
53
27.2
40.8
40
13.4

343.3
322.2
250.6
243.9
236.7
233.2
214.9
214.9
181
166.2
158.9
149.3
143.5
141.1
140.7
122.2
115
109.6
96.7
84.4
83.1
82.7
82.7
64.8
57
57
51.6
39.2
38.5
37.9
37.8
36.1
18.8
18.8
16.8
15.3
14.5
6.2

25.3
43.1
9
19.8
10.6
10.2
57.7
57.7
53.9
30.2
21.6
62.5
68.4
11.5
45.9
34
18.2
69
18.9
210.1
30
55.7
55.7
0.4
14
14
28.4
15
11.5
31
26.1
18.4
45.1
45.1
24.3
43.4
13.2
10.9

Table 6
Importance measures for selected components of substation 15.
Component ID

Failure probability

RRW

RAW

DS15024
DS15023
BUS15A1
BUS15B2
BUS15A2
CB15010
CB15011

5.00E04
5.00E04
1.67E05
1.67E05
1.67E05
6.60E03
6.60E03

1.43E+00
1.43E+00
1.00E+00
1.00E+00
1.00E+00
1.12E+00
1.12E+00

6.01E+02
6.01E+02
5.27E+01
2.61E+01
2.52E+01
1.72E+01
1.72E+01

in Table 2, are given in Table 6. The results show that two

disconnect switches DS15023 and DS15024 are the most important components with the highest values of RRW and RAW.

3.1. Additional application of the results

The data for causes of major blackouts in USA in the period
19941997 [51] clearly indicate that the equipment failures and
the weather conditions are the main initiators of blackouts.
Quantication of reliability of the power system is important
owing to the social, economical and safety implications of the
overall population. On August 14, 2003, a widespread loss of the

ARTICLE IN PRESS
1126

A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

US electrical power grid (blackout) resulted in the loss of offsite

power (LOOP) initiating event (IE) at nine US commercial NPPs.
In a power system that consists of at least one NPP, reliability
of the power system inuences the safety of the NPP. The NRC
initiated a comprehensive program to review grid stability and
offsite power issues as they relate to the safety of NPPs [52,53].
The presented methods for assessment of power system
reliability can be used as an alternative approach for estimation
of the frequency of the loss of offsite power and station blackout
(SBO) initiating events in NPP PSA, thus resulting in an overall
improvement of PSA analysis of the plants. The loss of offsite
power initiating event occurs when all power to the plant from
external sources (the grid or a dedicated transmission line from
another onsite plant) is lost. The station blackout event is induced
by a loss of offsite power event followed by the failure of all onsite
diesel generators (DG) to start and run.
Taking into account that SBO and LOOP are major contributors
to CDF [54], the changes of LOOP IE frequency can result in
substantial changes of the results. For example, after initiating
events SBO and LOOP, their corresponding scenarios contribute,
respectively, 32.1% and 11.5% to the core damage frequency (CDF)
of specic NPP [54]. A LOOP initiating event frequency of 5.17E2
events/year is assumed. The LOOP results from three possible
causes, namely plant centred causes (PCL), grid causes (GD) and
weather related causes. If shares of 58%, 35% and 7% are assumed
for each of them correspondingly, then the value of 1.81E02
events/year is obtained for the GD LOOP. If the GD LOOP initiating
event frequency is changed based on power system evaluations,
the core damage frequency may change signicantly.
If the GD LOOP initiating event frequency is changed to
1.55E04 events/year, the value of LOOP is changed to 3.36E2
events/year. If the linear relation between CDF contribution and IE
frequency is assumed, the calculated contributions of SBO and
LOOP to CDF of the same NPP are 20.9% and 7.48%, respectively,
with change of core damage frequency being around 10%.
The presented method can be applied for reliability analysis of
other critical infrastructures such as trafc, communication and
gas networks. The identication and protection of the critical
components of a given networks can directly reduce the
consequences of terrorist attacks.

4. Conclusions
A new method for assessment of power system reliability is
developed. The method integrates the fault tree analysis and the
power ow model. The results are qualitative and quantitative
and they depend on the failure probabilities of components and
on the power ows in the power system. The results identify the
reliability measures connected to particular loads and the
reliability measures connected to the power system as a whole:
the probability of failed power delivery to selected loads, the
importance measures of components corresponding to selected
loads and the importance measures of components corresponding
to the whole power system.
An important feature of the method is that system deciencies
can be readily identied, using newly dened importance
measures. Both quantitative and qualitative results help in
focusing attention on those sections of a power system that
contribute the most to the unreliability of power delivery to
specic loads. Application of the method on IEEE area test system
is demonstrated. The method can be adapted for reliability
analysis of other critical infrastructures, which have similar
topology as the power system.
Future work may include integration of evaluation of substations into the power system evaluation, procedure for calculation

of common cause failures and a more efcient algorithm for

identication and analysis of minimal cut sets, which is capable to
consider even larger models.

Acknowledgement
This research was supported by the Slovenian Research Agency
(contract no. 1000-05-310016).
References
[1] Jeffrey S, Restrepo C, Zimmerman R. Risk-management and risk-analysisbased decision tools for attacks on electric power. Risk Analysis
2007;27(3):54770.
[2] Bruce F, Wollenberg B. From blackout to blackout 1965 to 2003: how far have
we come with reliability? IEEE Power and Energy Magazine, 2004;(January/
February):868.
[3] Rose A, Oladosu G, Liao S. Business interruption impacts of a terrorist attack
on the electric power system of Los Angeles: customer resilience to a total
blackout. Risk Analysis 2007;27(3):51331.
[4] Koonce AM, Apostolakis GE, Cook BK. Bulk power grid risk analysis: ranking
infrastructure elements according to their risk signicance, ESD-WP-2006-19,
Engineering Systems Division. Cambridge, MA: MIT Press; 2006.
[5] Carreras BA, Lynch VE, Dobson I, Newman DE. Critical points and transitions
in an electric power transmission model for cascading failure blackouts.
Chaos 2002;12(4):98594.
ausevski A, C
epin M. Genetic algorithm
[6] Volkanovski A, Mavko B, Bosevski T, C
optimisation of the maintenance scheduling of generating units in a power
system. Reliability Engineering and System Safety 2008;93(6):77989.
[7] IEEE Gold Book, IEEE Recommended practice for the design of reliable
industrial and commercial power system. ANSI/IEEE Std 493-2007, 2007.
[8] Save P. Substation reliabilitypractical application and system approach.
IEEE Transactions on Power Systems 1995;10(1):3806.
[9] Awosope COA, Akinbulire TO. A computer program for generating powersystem load-point minimal paths. IEEE Transactions on Reliability
1991;40(3):3028.
[10] Awosope COA, Akinbulire TO. A computer program for generating powersystem load-point minimal paths. IEEE Transactions on Reliability 1991;
40(3):3028.
[11] Apostolakis GE, Lemon DM. Screening methodology for the identication and
ranking of infrastructure vulnerabilities due to terrorism. Risk Analysis
2005;25(2):36176.
[12] Garrick BJ, Hall JE, Kilger M, McDonald JC, OToole T, Probst PS, et al.
Confronting the risk of terrorism: making the right decisions. Reliability
Engineering and System Safety 2004;86:12976.
[13] Bier VM, Gratz ER, Haphuriwat NJ, Magua W, Wierzbicki KR. Methodology for
identifying near-optimal interdiction strategies for a power transmission
system. Reliability Engineering and System Safety 2007;92(9):115561.
[14] Patterson SA, Apostolakis GE. Identication of critical locations across
multiple infrastructures for terrorist actions. Reliability Engineering and
System Safety 2007;92(9):1183203.
[15] Wei-Chang Y. An improved sum-of-disjoint-products technique for the
symbolic network reliability analysis with known minimal paths. Reliability
Engineering and System Safety 2007;92(2):2608.
[16] Miki T, Okitsu D, Kushida M, Ogino T. Development of a hybrid type
assessment method for power system dynamic reliability. In: IEEE international conference on systems, man and cybernetics, IEEE SMC 99 conference
proceedings, vol. 1, 1999. p. 96873.
[17] Zio E, Podollini L, Zille V. A combination of Monte Carlo simulation and
cellular automata for computing the availability of complex network systems.
Reliability Engineering and System Safety 2006;91:18190.
[18] Yishan L. Short-term and long-term reliability studies in deregulated power
system. Doctoral dissertation, Texas A&M University, 2005. p. 155+4.
[19] Ran M. Deterministic/probabilistic evaluation in composite system planning.
Master thesis, University of Saskatchewan, Saskatoon, 2003. p. 124+35.
[20] Yifeng L. Bulk system reliability evaluation in a deregulated power industry.
Master thesis, University of Saskatchewan, Saskatoon, 2003. p. 142+45.
[21] Rajesh UN. Incorporating substation and switching station related outages in
composite system reliability evaluation. Master thesis, University of
Saskatchewan, Saskatoon, 2003. p. 91+25.
[22] Hua C. Generating system reliability optimization. Doctoral dissertation,
University of Saskatchewan, Saskatoon, 2000. p. 160.
[23] Billinton R, Wangdee W. Delivery point reliability indices of a bulk electric
system using sequential Monte Carlo simulation. IEEE Transactions on Power
Delivery 2006;21(1):34552.
[24] Wenyuan L, Jiping L. Risk evaluation of combinative transmission network
and substation congurations and its application in substation planning. IEEE
Transactions on Power Systems 2005;20(2):114450.
[25] Fu-Min Yeh, Sy-Yen Kuo. OBDD-based network reliability calculation.
Electronics Letters 1997;33(9):75960.

ARTICLE IN PRESS
A. Volkanovski et al. / Reliability Engineering and System Safety 94 (2009) 11161127

[26] Netes VA, Filin BP. Consideration of node failures in network-reliability

calculation. IEEE Transactions on Reliability 1996;45(1):1278.
[27] Allan RN, Billinton R. Reliability evaluation of power systems. Berlin:
Springer; 1996.
[28] Allan RN, Billinton R. Probabilistic assessment of power systems. Proceedings
of the IEEE 2000;88(2):14062.
[29] Vries RC. An automated methodology for generating a fault tree. IEEE
Transactions on Reliability 1990;39(1):7686.
[30] Galyean WJ, Fowler RD, Close JA, Donley ME. Case study: reliability of the
INELsite power system. IEEE Transactions on Reliability 1989;38(3):
27984.
[31] Hessian RT, Salter BB, Goodwin EF. Fault-tree analysis for system design,
development, modication, and verication. IEEE Transactions on Reliability
1990;39(1):8791.
[32] Haarla L. A method for analysing the reliability of a transmission grid.
Reliability Engineering and System Safety 2008;93(2):27787.
[33] Pottonen L. A method for the probabilistic security analysis of transmission
grids. Doctoral dissertation, Helsinki University of Technology, 2005. p. 119+88.
[34] Rasmussen N, et al. Reactor safety study. WASH-1400, US NRC, Washington,
1975.
[35] Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications, ASME RA-S-2002, 2002.
[36] Roberts NH, Vesely WE, Haasl DF, Goldberg FF. Fault tree handbook., NUREG0492, US NRC, Washington, 1981.
[37] Vesely WE, Dugan J, Fragola J, Minarick J, Railsback J. Fault tree handbook
with aerospace applications. National Aeronautics and Space Administration,
NASA; 2002.
epin M, Mavko B. A dynamic fault tree. Reliability Engineering and System
[38] C
Safety 2002;75(1):8391.
epin M. Method for assessing reliability of a network considering probabilistic
[39] C
safety assessment. In: Proceedings of the international conference on nuclear
energy for New Europe 2005, Bled, Slovenia, September 58, 2005.
epin M. Development of new method for assessing reliability of a network.
[40] C
In: PSAM 8: proceedings of the eighth international conference on
probabilistic safety assessment and management. New Orleans: ASME;
2006. p. 45/18.

1127

epin M, Mavko B. Probabilistic safety assessment improves surveillance

[41] C
requirements in technical specications. Reliability Engineering and Systems
Safety 1997;56(1):6977.
epin M. Optimization of safety equipment outages improves safety.
[42] C
Reliability Engineering and System Safety 2002;77(1):7180.
epin M. Analysis of truncation limit in probabilistic safety assessment.
[43] C
Reliability Engineering and System Safety 2005;87(3):395403.
epin M, Mavko B. Power system reliability analysis using
[44] Volkanovski A, C
fault trees. In: Proceedings, International conference on nuclear energy for
New Europe, Portoroz, 2006. p. 704.110.
[45] Ackovski R. Methods for planning of development of power systems using
Monte Carlo simulation. Doctoral dissertation, Electrotechnical FacultySkopje, Macedonia, 1989. p. 138+18.
[46] Breeding RJ, Leahy TJ, Young J, Cramond WR. Probabilistic risk assessment
course documentationvol. 1: PRA fundamentals. NUREG/CR-4350/1, US
NRC, Washington, 1985.
[47] RiskSpectrums PSA Professional, 19982003 RELCON AB.
[48] Xu X, Lam BP, Austria RR, Ma Z, Zhu Z, Zhu R, et al. Assessing the impact of
substation-related outages on the network reliability, PowerCon 2002. In:
International conference on power system technology, Proceedings, vol. 2,
2002. p. 8448.
[49] A report prepared by the Reliability Test System Task Force of the Application
of Probability Methods Subcommittee. The IEEE reliability test system1996.
IEEE Transactions on Power Systems 1999;14(3):101020.
[50] Allan RN, Billinton R. Reliability assessment of large electric power systems.
Boston: Kluwer; 1988.
[51] Carreras BA, Newman DE, Dobson I, Poole AB. Initial evidence for selforganized criticality in electric power system blackouts. In: Proceedings of
the 33rd annual Hawaii international conference on system sciences, 2000.
[52] Reevaluation of Station Blackout Risk at Nuclear Power Plants. NUREG/CR
6890. US NRC, Washington, 2005.
[53] Evaluation of Loss of Offsite Power Events at Nuclear Power Plants:
19801996. NUREG/CR 5496, US NRC, Washington, 1997.
epin M, Prosen R. Update of human reliability analysis for nuclear power
[54] C
plant. In: Proceedings, International conference on nuclear energy for New
Europe, Portoroz, 2006. p. 706.18.