The Energy Collective Group

This group brings together the best thinkers on energy and climate. Join us for smart, insightful posts and conversations about where the energy industry is and where it is going.

9,988 Members

Post

DNV GL on Risks of Renewables: "We Need New Tests and Standards to Prevent Major Failures"

The largest man-made system on earth (photo DNV GL)

The largest man-made system on earth. (Photo: DNV GL)

The transition to renewable energy is accompanied by the widespread use of power electronics, such as inverters, which require a whole new way of testing smart equipment, says Theo Bosma, Program Director Power Systems & Electrification at DNV GL, one of the largest technical consultancies in the world. According to Bosma, the new power electronics are not adequately tested at the moment. “New technologies such as solar, wind, batteries and smart grids are driven by software. But as a sector we are still testing individual components instead of the brains of these systems.” He warns that “if we don’t change our methods and standards, this will cause major problems in the future, including blackouts”. DNV GL calls on the electricity sector to jointly develop new industry standards based on “hardware-in-the-loop” techniques.

With the electric power system increasingly being taken over by software-driven “power electronics”, Theo Bosma, who leads a team of  20 researchers in labs in Singapore, Bristol, Copenhagen, Oslo and Arnhem, has a practical example showing how things can go seriously awry. In the business this is known as “the German 50.2 Hz problem”.

What happened was that in the southern part of Germany solar panels would all shut down when the frequency exceeded 50.2 Hz (this happens when the sun starts shining and all panels together produce too much electricity), and would all start producing again once the frequency went back to 50 Hz, after which they would all shut down again. This yo-yo effect was the result of many inverters reacting simultaneously to signals from the system. “Individually they all did what they had to do”, says Bosma, “but in combination the result was not what was expected or wanted.”

“You can’t tell by looking at the components what they are going to do. You need to test their brains”

Another example Bosma encountered in which “smart” components showed unexpected reactions was in the case of a medium-voltage transformer which contained power electronics keeping the voltage at a constant level. “This worked so well that a similar transformer a few kilometres away was put in place. But then the two started hunting each other. If one reduced the voltage, the other started increasing it, because there was no communication or coordination.”

What these examples show, says Bosma, is that the way electric power equipment is tested is not adequate anymore. “We only test to comply with the standard, not whether something is fit-for-purpose. We used to have only passive components in the system. You could simply test how they behaved and then install them. But new power electronic equipment is entering the system,  which is software-driven, such as inverters in wind turbines and solar panels. You can’t tell how they will react in the system if you test them in the old way, individually. You have to test how they behave within the system.”

Bosma says inspections used to be simply a matter of “opening the cabinet and looking at the components”. But nowadays “you might as well close the cabinet again, because you can’t tell by looking at the components what they are going to do. You need to test their brains. The software that controls them.”

Hardware-in-the-loop

Among researchers, including those at DNV GL, a company that has long been involved in developing quality control tests and standards, there has been a growing awareness that a fundamental change is needed in testing practices in the electricity sector. In fact, researchers have already developed new techniques enabling the testing of components at a systemic level. This is called hardware-in-the-loop testing.

What it amounts to, says Bosma, is that you simulate in the lab the real-life environment in which the components will be functioning. “In this way you are able to test the behaviour of the software. If you don’t do this, you will get what we call rogue software entering the system. This can have serious consequences down the line.”

White Paper: Power Cybernetics 

For more information on the need for hardware-in-the-loop testing, see this White Paper: Power Cybernetics – the future of Validation, published by DNV GL earlier this year. This discusses the implications of the introduction of power electronics for the testing and certification of electricity components. 

Cybernetics comes from a Greek word meaning “the art of steering” and can be described as the science of automatic control systems. It applies especially to systems that incorporate feedback loops, to trigger  system changes. The Norwegian company Marine Cybernetics, a subsidiary of DNV GL, is specialised in hardware-in-the-loop testing in the maritime sector.

Such hardware-in-the-loop testing makes use of supercomputers which operate at the tremendous speeds that are required to be able to calculate the behaviour of smart systems. DNV GL has one, as do several other labs in the world. But hardware-in-the-loop testing is far from standard industry practice at the moment, says Bosma. “It has been developed at the academic level. What we at DNV GL would like to see is that this becomes the new normal in testing. If the industry remains stuck in old-fashioned component testing, we see great risks.” What kind of risks? “Anything you can imagine that may go wrong.”

IEC community

The most important way of ensuring that future testing will be up to speed, says Bosma, is to change the international standards that components must comply with. In the electricity sector the most important norms are the IEC standards of the International Electrotechnical Commission. Contrary to what one might think, these standards are not imposed by governments or regulators, but developed by the industry itself through this international platform, in which different stakeholders from just about all countries in the world are represented.

So is the IEC community not sufficiently aware of the issue? For example, aren’t system operators, who are responsible for the smooth functioning of the electricity network, not paying enough attention to the risks caused by the spread of power electronics?

“If the industry remains stuck in old-fashioned component testing, we see great risks”

“People are becoming more aware of the risks”, says Bosma. “But as an industry this should be higher on the agenda . Some manufacturers are starting to use hardware-in-the-loop testing, for example those who are developing high-voltage direct current (HVDC) networks. They are so big you can’t afford to take chances there. But it’s not enough.”

Many system operators still believe that N-1 testing is sufficient, says Bosma. “As DNV GL we have always been a forward looking company. We see that this is not just about individual components anymore. We tell system operators that this is software. This is about the entire system, not about individual components.”

New procedures

The transition to a decarbonised electricity system increases the need for systemic testing, Bosma points out. “Solar and wind energy systems are both full of power electronics. So are battery systems and electric vehicles. In the future, both generation and use of electricity will be dominated by power electronics. If we want this transition to be successful, we need new standards and testing techniques.”

Bosma is convinced that it is possible to have an electricity system dominated by variable renewable sources, such as solar and wind power. “If you ask me, will we be able to integrate these sources, my answer is yes. Technically it can be done. You can reinforce and expand networks. Make demand more flexible. Implement storage. But the system will become much more complex. That’s why we are calling on the industry to jointly develop new testing procedures and standards based on hardware in the loop techniques.”

Energy Post's picture

Thank Energy for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Discussions

Thorkil Soee's picture
Thorkil Soee on December 4, 2016

Yes it can be done.
Who shall pay?
Usually the guilty shall pay for the damage.
However, I will bet that the subsidized sun and wind will shy away from their responsibilities.

Darius Bentvels's picture
Darius Bentvels on December 5, 2016

As the post state, wind & solar management is computerized nowadays.
So it’s very cheap: Just adapt the program code.

E.g.
In Hawaii they got a stability problem when all solar inverters took their panels off/on at same moment because all inverters had same thresholds implemented.
A software update (adding random variations to the thresholds) uploaded by the producer of the inverters, solved the issue.

Helmut Frik's picture
Helmut Frik on December 5, 2016

Same was done with the 50,2Hz problem, which was not introduced by wind and solar manufactuurers, but enforced on them by the utilities.
(Wind and solar was forced to switch off by the ugrid operators at 50,2 Hz, until utilities found out that this was a stupid idea, then wind and solar were forced to behave differently at over-frequency. Fortunaltely this could usually be solved by software updates. But costs had to be carried by the one causing the problem, so the grid operators.

Engineer- Poet's picture
Engineer- Poet on December 5, 2016

Here we see that the so-called “21st century grid” demanded by Greens to accommodate all their unreliable power will run on software which is inherently beyond any human ability to comprehensively understand or even thoroughly test for reliability.  The most dangerous problems won’t be software bugs, but errors and omissions in the specifications and hacked systems.

Face it, we need a “dumb grid” with understood and stable characteristics.  Perhaps we can make the “smart” components behave “dumb”, like the iron transformers and big synchronous rotating machines which have worked so well for the last century and more, but that’s not what I think is coming.  Everything from computers down to LED light bulbs are more likely to have a constant power draw when on, which creates a negative-resistance characteristic.  This is inherently destabilizing.

If somebody finds a way to hack 20 GW worth of EV chargers to blink them on and off in sync like Germany’s solar inverters, say “hello blackout, goodbye civilization!”

Helmut Frik's picture
Helmut Frik on December 5, 2016

Which is thae same as if someone hacks into the scada systems of 15 nuclear power stations and swithes them on and off from the grid in the same frequency.
Which is why it is reasonable toplace all relevant software in (EP)ROM, and require physical access to change any programming of Inverters etc. (which is the case in germany).
Getting physical access to two hand fulof nuclear power stations is much more easy than getting access to millions of small systems.

Bob Meinetz's picture
Bob Meinetz on December 5, 2016

Helmut, your comments reveal an unfamiliarity with not only energy but data systems.

In 2015, 480 million “small systems” were hacked. Zero nuclear systems were hacked.

http://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attac...

The ratio of small system hacks to nuclear hacks is so large it’s undefined.

Helmut Frik's picture
Helmut Frik on December 5, 2016

Yes the relation of your knowlede of IT systems to the necessary knowledge is so large that it is undefined.
It does not matter how many desktop computers, Server, Laptop or smartphones have been hacked. We talk about Inverters. I find as many hacked inverters where safety relevant features have been manipulated as I find hacked nuclear pwoer stations. but there have been the hacked Scada Systems / SPS coptrols of the Uranium enrichment systems in Iran, as a example for you how someone would hack such systems.
The topic itself is relevant. but the way the uranium enrichment sytems were infected would work for a hand full of nuclear power systems but not for millions of inverters which are installed over the country.
Which does not mean that you could allow any nonsens in the topic of security with inverters. bringing them all online and allowing updates of security critical functions online, or switching them on or off online would be a bad idea, as well as it would be a bad idea to do this with a nuclear power station.

Darius Bentvels's picture
Darius Bentvels on December 6, 2016

EP,
Whlle electricity supply reliability in USA is still below any decent standard, you seem to prefer to go back to older times with even worse reliability?
That won’t help.

Follow Germany and Denmark, who realized superior reliability (~best in the world) with their distributed generation methods (mainly wind & PV-solar)!

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »