Professional Documents
Culture Documents
4: Failure modes, effects analysis and detection methods for the test system
Failure Effect(s)
Equipment Function Failure Mode(s) Failure Cause(s) Detection method
Local Effect(s) System Effects(s)
Loss of electrical Short circuits; decrease of power
efficiency Moisture, Humidity Short circuits Visual inspection
quality
Fracture of the Infrared thermographic
copper bar scanning
Break of the No energy supply from the faulty bus; Infrared thermographic
Loss of structural support insulators Bus bar break; no
possible unstable conditions in the scanning
Collect electric integrity electrical connection
power system
energy from the Human sabotage Physical surveillance
incoming feeders Cracking of Infrared thermographic
Bus bar connection welds scanning
and distribute
them to the Possible unstable conditions in the Infrared thermographic
outgoing feeders Loss of electrical Degradation of the power system; decrease of power
continuity Arc flash scanning (not the best
physical structure quality solution)
Power relays
Short circuits Short circuits; decrease of power
36
breakdown
Oil contamination Oil analysis
Oil moisture Oil analysis
Decrease of power quality; wrong
Distortion, Power relays
loosening or output power; short circuits in power
Internal short circuits; detection, signal
Short circuits transformer damage network; power network operation
displacement of analysis, capacitance
the windings outside of optimal operating
change
conditions
Human sabotage Serious damage in the Physical surveillance
Transformer Internal short circuit substation; personnel Possible downstream network Signal analysis
explosion injuries or death disconnection; no energy supply Infrared thermographic
Overheating
scanning
Cooling pipes Overheating; degraded Infrared thermographic
Cooling system obstruction operation of the Possible downstream network scanning
failure transformer; possible disconnection; no energy supply Infrared thermographic
Damaged fans
transformer explosion scanning
Failure Effect(s)
Equipment Function Failure Mode(s) Failure Cause(s) Detection method
Local Effect(s) System Effects(s)
Poor
communication
between HMI and Impossibility to monitor Real-time monitoring
other cyber No system monitoring; corrective
and/or control the grid
components and/or preventive manual commands
in real-time via manual
Operational failure Human error are not properly executed, or can’t –
operation; wrong
even be impossible to execute
control commands Software malfunctions
Poor software detection; inability to
Primary tool by design execute manual
actions
which operators
HMI HMI disconnection
coordinate and
from the
control the grid communication No system monitoring; corrective
Remote network; impossibility and/or preventive manual commands Loss of power; HMI
Power outage disconnection of to monitor and/or
power are not properly executed, or can’t blackout
control the grid in even be impossible to execute
real-time by manual
operation
40
Lower storage
capacity or Large amount of data
Data overload is lost; defective EMS applications are compromised SV has low data
unexpected large storage capacity
amount of data to storage of data
Computing storage
system platform Overheating and Temperature
used for various high humidity monitoring
network
communication Hard drive crash SV blackout
SCADA system failure; IT
applications / Impossibility to access
Hardware crash Hardware sabotage malfunction; EMS applications fail or Physical surveillance
SV computer system’s information
Physical disaster are compromised
program or
(such as fire,
device that earthquake, Weather monitoring
provides lightning or
functionality for flooding)
other programs
Software Impossibility to access IT malfunction; EMS applications fail
or devices Data errors malfunction Unexpected behaviour
system’s information or are compromised
Remote Impossibility to access SCADA system failure; EMS
Power outage disconnection of Loss of power
power system’s information applications fail or are compromised
Failure Effect(s)
Equipment Function Failure Mode(s) Failure Cause(s) Detection method
Local Effect(s) System Effects(s)
Firewall block; attempt
Denial of service to pass the firewall;
attack (DoS) suspicious system
behaviour
Loss of data integrity; EMS applications run under fallacious Firewall block; attempt
SV (cont.) Security failure Hacking for deleted or corrupted information; inadvertent operations in to pass the firewall;
sensitive data the power system; loss of integrity suspicious system
information
behaviour
Firewall block; attempt
Malicious software to pass the firewall;
infection suspicious system
behaviour
EMS applications run under lack of
Communication Defective or even no information (non-optimal asset Inability to get EB
Error Poor signal with SV transmission of data management); inadvertent operations reading
in the power system
Record of abrupt drop
in power supply;
42
’Catastrophic’ Degradation of
surrounding smart EMS applications run under lack of
failure (burning, Temperature
Temperature stress meter components; information (non-optimal asset
melting or monitoring
personnel injuries or management)
explosion) death
Failure Effect(s)
Equipment Function Failure Mode(s) Failure Cause(s) Detection method
Local Effect(s) System Effects(s)
Hacking for
personnel sensitive Attempt to pass the
information or faulty Energy management applications are SM security system;
EB (cont.) Security failure Loss of data integrity
information based on fallacious information existence of corrupted
injection data
(cyberattack)
Interface device
unavailable to redirect
responsible for the important data for
collecting data the system operation; Broadcast of
from the electrical Network/Cyber large volume of data
storm excessive amount of
IED equipment and saturating the network data detection
capacity; major
receiving and
consumption of
applying a control processor computation
command from resources
the operator No power component
I/O port damage EMS applications fail or are Loss of data
Monitoring failure status monitoring compromised (non-optimal asset
Significant Error in monitoring management); SCADA system failure Incongruous or
measurement error power components corrupted data
Inability to apply
Inability to control Operational test
control commands EMS applications fail or are
Control failure power system
Software error compromised; SCADA system failure
(Defective data operation Operational test
processing)
IED disconnection from EMS applications fail or are
Remote cyber and power
Power outage network; inability to compromised; loss of control in the Loss of power
disconnection of downstream network area; SCADA
power communicate with
control center unit. system failure
Failure Effect(s)
Equipment Function Failure Mode(s) Failure Cause(s) Detection method
Local Effect(s) System Effects(s)
Firewall block; attempt
Hacking for
to pass the firewall;
personnel sensitive
existence of corrupted
information EMS applications run under fallacious data
IED (cont.) Security failure Loss of integrity information; loss of integrity; SCADA
system failure Firewall block; attempt
Faulty information
to pass the firewall;
injection
existence of corrupted
(cyberattack)
data
Excessive traffic/ Delays in data Deterioration of communication Deterioration in
Cross talk congestion of communication; network performance; EMS communication
Physical (overload)
packets corrupted signal applications are compromised network performance
component
responsible for Manufacturing EMS applications are compromised Electrical test and
Network link assuring a imperfection Delays in data quality assessment
Network link (non-optimal asset management);
- Ethernet message is sent communication; no
44
In order to obtain the final FMEA table with obtained RPN for each failure mode, failure rates of power
and cyber equipment must be distributed accordingly to each failure mode defined in section 4.2.
In the literature, it was verified the lack of this kind of data for power and cyber equipment. Even data
found in EDP Distribuição, a company with interests in the field, was inconclusive. In this dissertation,
to work around this problem, equipment’s failure rates defined in Tables 4.1 and 4.3 are subjectively
discriminated into failure modes’ rates.
A failure rate distribution is proposed in Tables 4.5 and 4.6 for power and cyber equipment, respec-
tively.
Table 4.5: Proposed failure rates for power equipment’s failure modes
Equipment Failure mode Failure distribution [%] Failure rate [f/yr] OCC
45