Trees or terrorism, complex grids pose huge challenges
London, August 13, 2013
By John Kemp
Ten years ago, at 15:05 US Eastern Time on August 14, 2003, an overhead power line came into contact with an overgrown tree near Cleveland, Ohio. What happened next is a frightening case study of how vulnerable modern economies are to even a small disruption in vital and highly interconnected systems.
Little more than an hour later, a cascading power failure had blacked out most of the Northeast US and neighbouring parts of Canada -- leaving 50 million people without power, some for up to four days.
By 16:13 Eastern Time, parts of Ohio, Michigan, Pennsylvania, New York, Vermont, Massachusetts, Connecticut, New Jersey and the Canadian province of Ontario had been sent back in time more than 100 years to a pre-electrical age.
"How did we become so vulnerable?" Amory and Hunter Lovins asked in a report entitled "Brittle Power: Energy Strategy for National Security," for the US government.
The Lovinses could have been writing after the 2003 blackout. In fact, the report had been written more than two decades earlier, in 1982, for the Federal Emergency Management Agency, which even then was concerned about emerging threats to the nation's critical infrastructure.
Amory and Hunter Lovins worried " a few people could probably blackout most of the country." They cited the risk of terrorism, sabotage or a hydrogen bomb, in what would come to be seen as an eerily prescient warning about the risks to critical infrastructure after the attacks on the World Trade Center on September 11, 2001.
Terrorism was quickly ruled out as a cause of the August 2003 blackout. But the Lovinses had prophetically identified the weakness in North America's electricity network.
"America's energy vulnerability is an unintended side effect of the nature and organisation of highly centralised technologies. Complex energy devices were built and linked together one by one without considering how vulnerable a system this was creating," they wrote.
"Americans' most basic functions depend ... on a continuous supply of electricity," the co-authors explained. "Without it, subways and elevators stall, factories and offices grind to a halt, electric locks jam, intercoms and televisions stand mute, and we huddle without light, heat or ventilation. A brief faltering of our energy pulse can reveal ... the hidden brittleness of our interdependent, urbanised society."
The blackout concentrated minds in the electricity industry and on Capitol Hill. In the 10 years since August 2003, the North American power industry has invested billions of dollars upgrading computer systems, training control room staff, and cutting down vegetation along power lines.
Reliability standards which were once voluntary have become mandatory. New synchrophasors are being rolled that will provide updates about the state of the grid several times a second, giving control room staff more situational awareness.
Lessons have been learned. The precise failures which led to the 2003 blackout are unlikely ever to be repeated.
But every blackout results from a unique cocktail of causes. In a complex systems, it is not possible to reduce the risk of catastrophic failure to zero.
The 2003 blackout was not the first. There had been earlier mass blackouts in 1965 (affecting 30 million people in the Northeast), 1977 (9 million people in New York), 1982 (5 million people on the West Coast), 1996 (two big blackouts on the West Coast) and 1998 (152,000 people in Minnesota and neighbouring states).
It will not be the last. In 2011, a blackout cut power to 2.7 million people across southern California and Arizona. In 2012, the two biggest blackouts in history rolled across India's power grid, cutting power to states containing half of the country's 1.2 billion people.
While some aspects of reliability have improved enormously, other vulnerabilities are increasing.
The risk of cyber-attacks by terrorist groups or hostile states has increased. The power of cyber-operations has been demonstrated with Stuxnet attack on Iran's nuclear programme.
Integrating more unpredictable sources of power like wind and solar into the electricity network is also increasing the reliability challenges for grid coordinators.
The trend towards linking up local and regional networks into super-grids, connecting entire countries or continents in China, India, Europe and Latin America, is increasing the very interconnectedness that lay at the heart of the 2003 power blackout.
Despite all the precautions, it could and will happen again.
In its final report on the causes of the blackout, the US-Canada Power System Outage Task Force identified poor vegetation management, computer failures, inadequate training and lack of real-time situational awareness of grid conditions as the main factors behind the disaster.
First Energy was harshly criticised, but the task force identified institutional failures across the industry, particularly in setting and enforcing reliability standards, and coordinating across the grid. No fewer than 46 recommendations were made to prevent the blackout recurring.
Although the 2003 blackout was not caused by a cyber-attack, NERC has stepped up efforts to strengthen the grid from malicious activity caused by hackers, terrorists and foreign powers, through its Critical Infrastructure Protection Committee.
Despite all this work, could massive blackouts happen again? Yes. The subsequent mass blackouts in California-Arizona and India point to the continuing risk.
The risk of cascading failure is inherent in complex interconnected systems, as the Lovinses realised. It can be reduced via careful systems analysis and contingency planning, but will never be reduced to zero. - Reuters
* John Kemp is a Reuters market analyst. The views expressed are his own