Resilient Scheduling of Control Software Updates in Radial Power Distribution Systems

TL;DR

The paper tackles safe, real-time rollout of control software updates in radial power distribution networks under worst-case update failures. It replaces linearized DistFlow with nonlinear DistFlow to derive accurate worst-case voltage and current relations, and introduces fixed-point bounds to obtain tractable voltage and current limits. By reformulating the rollout as a vector bin-packing problem and solving it with a best-fit-decreasing greedy algorithm, the approach achieves scalable, real-time scheduling on networks with up to 10,476 buses, while maintaining safety margins. The results demonstrate that this method outperforms linearized models in maintaining safety, with substantial computational efficiency and potential applicability to broader contingency assessment and robust OPF tasks.

Abstract

In response to newly found security vulnerabilities, or as part of a moving target defense, a fast and safe control software update scheme for networked control systems is highly desirable. We here develop such a scheme for intelligent electronic devices (IEDs) in power distribution systems, which is a solution to the so-called software update rollout problem. This problem seeks to minimize the makespan of the software rollout, while guaranteeing safety in voltage and current at all buses and lines despite possible worst-case update failure where malfunctioning IEDs may inject harmful amounts of power into the system. Based on the nonlinear DistFlow equations, we derive linear relations relating software update decisions to the worst-case voltages and currents, leading to a decision model both tractable and more accurate than previous models based on the popular linearized DistFlow equations. Under reasonable protection assumptions, the rollout problem can be formulated as a vector bin packing problem and instances can be built and solved using scalable computations. Using realistic benchmarks including one with 10,476 buses, we demonstrate that the proposed method can generate safe and effective rollout schedules in real-time.

Figures (8)

• Figure 1: A segment of distribution system with the relevant quantities
• Figure 2: Quality demonstration of universal voltage and current bounds with CIGRE LV network. Solid blue lines are $\hat{\nu}^L$ obtained by Algorithm \ref{['alg:fixed_point']}. Dotted blue lines are $\nu(\tilde{p},\tilde{q})$, upper bounds of $\hat{\nu}^L$. Solid orange lines are $\hat{\ell}^U$ obtained by Algorithm \ref{['alg:fixed_point']}. Dotted orange lines are $\ell(\tilde{p},\tilde{q})$, lower bounds of $\hat{\ell}^U$. Left: typical load with forward power flows. The average relative error in voltage is $0.17 \%$ and the relative error in current is $1.1 \%$. Right: zero net active power load with significant reverse power flows. The average relative error in voltage is $1.4 \%$ and the relative error in current is $15 \%$.
• Figure 3: Results of CIGRE heavy load scenario case study concerning \ref{['opt:bin_packing']}. Left: Gantt diagram. Right: voltage and current margins.
• Figure 4: Results of CIGRE heavy load scenario case study concerning \ref{['opt:bin_packing_LDF']}. Left: Gantt diagram. Right: voltage and current margins.
• Figure 5: Voltage and current profiles showing safety limit violations of the rollout schedule due to \ref{['opt:bin_packing_LDF']}. Left: voltage profile of time slot 1. Right: current profile of time slot 2. In both subfigures, ACPF denotes the voltage and current profiles obtained from AC power flow simulation using Matpower zimmerman2010matpower with some power injections $(p,q) \in \mathcal{S}(\mathcal{I})$ for $\mathcal{I}$ conforming to the time slot. In the left, LinDistFlow denotes the minimum voltage due to linearized DistFlow equation (i.e., $(\hat{\nu}^{\text{nom}} + W^{\text{vub}} {\bf 1}_{\mathcal{I}})^{1/2}$), which suggests false limit satisfaction.

Theorems & Definitions (5)

• Proposition 1
• Lemma 1
• proof
• Lemma 2
• proof