Risk-based probabilistic System Security Assessment: Swissgrid's Approach from Operational Planning to real-time System Operation

Operational planning to real-time operation to support a more robust, risk-informed decisionmaking.

The method combines three modelling dimensions: (1) uncertainty in nodal active/reactive injections and consumptions, (2) probability of contingencies, and (3) cascading-based impact assessment of probable contingencies. Nodal injections/consumptions scenarios are generated with Copula-based statistical functions that preserve each variable’s empirical marginal distribution while explicitly capturing the dependency structure between variables. Steady-state contingency probabilities are estimated from six years of failure and maintenance data via a three-state Markov-chain model. The estimation is tailored by contingency group and integrates relevant asset characteristics; for instance, line-contingency failure rates are normalized by line length and differentiated by their regional locations. Impacts of contingencies are evaluated for all samples and a given planned outage combination through a Monte-Carlo analysis, with fast Paris Session 2026

August 23 to 28

Palais des Congrès, Paris, France and slow cascade events simulated when contingencies cause system-level violations.

Consequences are quantified via a weighted sum of severity scores estimated from current violations, voltage violations, voltage angle deviations between buses of contingency elements, load/generation disconnection also known as demand not supplied (DNS), and non-convergent power flow.

Overall system risk arising from all simulated scenarios and all considered contingencies under cascading simulation is computed and visualized in a risk plane with iso-risk curves and mapped to a traffic-light risk level classification. A dashboard supports root-cause analysis of system risk helping specialists to find the necessary remedial actions to mitigate it, when unacceptable risk levels are identified. It enables risk investigation at multiple levels of granularity, from system level to national/international exchange patterns, down to individual components levels, allowing the main drivers of risk to be identified efficiently.

The tool is validated on a realistic outage planning case within Swissgrid, the Swiss TSO, in which the dNSA, based on a single forecast scenario, did not reveal congestion that later materialized in real time, ultimately forcing the cancellation of planned outages. In contrast, the proposed probabilistic risk assessment (PRA) model would have flagged the outage situation as insecure ahead of time, demonstrating that “one-scenario” planning can miss critical but plausible operating conditions. Once the insecure risk level has been detected, two root-cause analyses are performed to explain the main drivers of risk. Firstly, an outage sensitivity analysis has indicated which planned outage demands contribute most to the total risk and are therefore the best candidates to be rescheduled. Secondly, an international exchange-flow sensitivity analysis has shown that the risk of a scenario can be dependent on international cross-border flow, suggesting targeted preventive actions such as limiting international power exchanges to avoid such realizations.