Journal of the Korean Society of Safety, Vol. 31, No. 3, pp. 34-41, June 2016 Copyright@2016 by The Korean Society of Safety (pissn 1738-3803, eissn 2383-9953) All right reserved. http://dx.doi.org/10.14346/jkosos.2016.31.3.34 김두현 김성철 김의식 * 박영호 ** 충북대학교안전공학과 * 대한산업안전협회 ** 동양대학교 (2016. 3. 8. 접수 / 2016. 5. 17. 수정 / 2016. 6. 10. 채택 ) Risk Assessment of Energy Storage System using Event Tree Analysis Doo-Hyun Kim Sung-Chul Kim Eui-Sik Kim * Young-Ho Park ** Department of Safety Engineering, Chungbuk National University * Korea Industrial Safety Association ** Dongyang University (Received March 8, 2016 / Revised May 17, 2016 / Accepted June 10, 2016) Abstract : The purpose of this paper is to conduct ETA on six items of S: the whole system, battery, BMS, PCS, S and cable. To achieve that, S work flow and its components are categorized. Based on performance, human, environmental, management, and safety, this paper drew initiation events () and end states (). ETA is applied to the main functions of each item, and the end states that may occur in one initiation event are suggested. In addition, detailed classification was performed to induce various end states on the basis of the suggested initiation events ; loss of grid electricity of S, loss of battery electricity(dc) of battery, impairment of electric function of BMS, loss of grid electricity(ac) of PCS, loss of data of EMS, Mechanical damage of cable, event sequence analysis conducted on the basis of event trees. If the suggested s and s are applied on the basis of S event cases, it is expected to prevent the same kinds of accident and operate S safely. Key Words : event tree analysis, energy storage system, initiating events, end states 1. 서론 한국전력공사는정부가추진중인 창조경제시대의 ICT 기반전력시장 정책에호응하여세계최고수준의에너지저장시스템을구축하겠다고발표했다 1). 이에따라한국전력공사전력연구원은한국에너지기술평가원의지원을받아배터리및전력변환장치제작사와함께대용량전력저장시스템실증을통한운용기술개발을목표로 신재생에너지연계형MW급리튬이차전지시스템운용기술개발 연구과제를지난 2011 년부터수행하고있으며, 현재제주 154 kv조천변전소에 4 MW, 8 MW급의 S 와전력저장장치운영시스템 (PMS, Power Management System) 이설치되어시운전중에있다 2). 현재 S 는보급및실증단계로설치와효율에모든기술과연구가집중되어있다 3-5). S 의설치목적은바로안정적전력운영이다. 안정적전력운영을위하여 가장우선시되어야할것은체계적인안전관리이다. 이런체계적인안전관리를위해서는에너지저장시스템의위험요소를찾아사고전에이를방지, 유지및보수함으로써가능하다. 사전의위험요소를찾고위험요소들을평가하는다양한기법들이있는데, 이중가장쉽게접근가능한기법이바로고장수목분석 (ETA, Event Tree Analysis) 이다. 고장수목분석은재해사고의발생과정을재해요인들의연쇄로파악하여, 재해발생의초기사상혹은초기사상 (initiating event) 으로부터재해사고까지의연쇄적전개를표현할수있는위험성평가기법이다. 초기사상을바탕으로결과상황들을유도할수있어체계적인안전관리가가능하다. 따라서본연구에서는 S 에대하여전체시스템, Battery, BMS, PCS, EMS 및 Cable 의 6 개항목으로분류하였고성능적, 인적, 환경적, 관리적및안전을바탕으로한초기사상 (, Initiation events) 과결과상황들 Corresponding Author : Sung-Chul Kim, Tel : +82-43-267-2463, E-mail : ksc3650@naver.com Department of Safety Engineering, Chungbuk National University, 1, Chungdae-ro, Seowon-gu, Cheongju-si, Chungbuk 28644, Korea 34
Fig. 1. The simplified S diagram showing the components and sub-components considered in the analysis. (, End states) 을도출하였다. 이를바탕으로 S 에서발생할수있는결과상황들을제시하였다. 최종적으로 ETA 에초기사상과결과상황들을적용하고이를통하여 S 의위험성평가를실시하였다. 2. S 의작동흐름도및구성부품분류 ETA 를위해서는 S 의작동흐름도를필요로한다. 본연구에서는국내에서유일하게 S 에대한실증이완료된조천변전소를타겟으로선정하였다. 조천변전소의경우, S 의 1SET 은 1 MW h 배터리 2 개 ( 병렬, 2 시간 ), 1 MW PCS Panel 2 개, EMS 1 개 (PMS 는이하 EMS 로통일함 ) 로구성된다. 그러나이렇게되면병렬조합과직렬조합으로구성되어있기때문에부품의중복성을초래한다. 중복성을방지하기위해서는안전을목적으로추가설치된부품 ( 병렬 ) 을제거해야한다. 따라서 S 의 1SET 은 1 MW h 배터리 1 개, 1 MW PCS Panel 1 개, EMS 1 개 (PMS 는이하 EMS 로통일함 ) 로구성하였다. Fig. 1 은 ETA 를수행하기위해구성품과서브구성품으로구별하여 S 를설계하였고 S 를 3 블록으로구성하였다. 구성된 3 블록은 BMS(Battery 포함 ), PCS, EMS 로나타내었다. 실제 S 의설계는훨씬더복잡하고많은구성품으로이루어져있다. 그러나 S 와관련하여특정구성품요소의고장에대한정량적정보나통계및기술지는메이커의노하우로인하여공개를꺼려한다. 이를극복하기위하여신재생관련 BNL (Brookhaven National Laboratory, USA) 7-8) 에서제시한데이터, SCI 논문, UL 의신재생관련다양한기술지, 국내관련자료등을바탕으로하여최종 S 의구성품을분류하였다. 3. S 의초기사상및결과상황들 S 에대한초기사상과결과상황들은 BNL, UL-1973, 전문가활용에서제시한기준을바탕으로하였다. 초기사상과결과상황들은전체시스템, Li-ion battery, BMS, PCS, EMS 및 Cable 로총 6 개의항목에대하여도출하였다. 3.1 전체시스템 초기사상은내부초기사상 8 개, 외부 11 개로총 19 개구성되어있으며, 환경적요소및휴먼에러도첨부하였다. 결과상황들은전력생산부분 5 개, 안전부분 12 개로총 17 개로구성하였다. Table 1 은초기사상, Table 2 는결과상황들을나타내었다. Table 1. List of initiating events() for S Internal Loss of grid electricity (AC) _INT_LOSSGRD Grid electricity transient fluctuations (voltage and frequency) _INT_GRDFLCT Overvoltage _INT_OVERVLT Loss of electrical connection (DC) _INT_LOSSDC Structural damage to rack _INT_DMGRACK Mechanical damage _INT_MEDAM _INT_LEAK _INT_FIRE External _EXT_FLOOD _EXT_ERTQUAKE Animals(mainly cables, module junction box, ventilation holes) _EXT_ANIMAL _EXT_LIGHTN _EXT_SABOTG _EXT_ADVACT (considered for battery, inverter) _EXT_EXPLSN _EXT_FIRE actions, ground-works affecting cables, structural _EXT_MECHSHCK damages to all electric components) _EXT_HUMID _EXT_HUMAN 한국안전학회지, 제 31 권제 3 호, 2016 년 35
김두현 김성철 김의식 박영호 Table 2. List of end states() for S Production-oriented Normal operation P_NO Complete success P_NP_F Failure Reduced power to grid P_RP Partial failure Loss of performance/efficiency P_LPE Failure Improper power to grid (for voltage, current, frequency level) P_IP Failure Safety-oriented S_NP_S Overheating S_OH Failure Overcurrent S_OC Failure Open S_OPEN Failure Fire S_FIR Failure Part fire S_P_FIR Failure Arcs(Overvoltage) S_ARC Failure S_EXP Failure Structural damages S_SD Failure Reverse current flow S_RCF Failure Corrosion S_COR Failure Electric safety issues S_I Failure 3.2 Li-ion Battery Battery 는 UL-1973 9) 에서제시한기준을참조하였다. 초기사상은내부초기사상 12개, 외부 11개로총 23개구성되어있으며, 결과상황들은전력생산부분 3개, 안전부분 12개로총 15개로구성하였다. Table 3은초기사상, Table 4는결과상황들을나타내었다. Table 3. List of initiating events() for battery Internal Short Degraded output Out of specification No output Cracked/Fractured Intermittent operation Loss of battery electricity (DC) Overvoltage Loss of electrical connection (DC) External Animals(mainly cables, module junction box, ventilation holes) _INT_SHORT_BAT _INT_DO_BAT _INT_OS_BAT _INT_NO_BAT _INT_CR_BAT _INT_IO_BAT _INT_LOSSDC_BAT _INT_OVERVLT_BAT _INT_LOSSDC_BAT _INT_LEAK_BAT _INT_FIRE_BAT _INT_HEAT_BAT _EXT_FLOOD_BAT _EXT_ERTQUAKE_BAT _EXT_ANIMAL_BAT _EXT_LIGHTN_BAT _EXT_SABOTG_BAT _EXT_ADVACT_BAT _EXT_EXPLSN_BAT _EXT_FIRE_BAT actions, ground-works affecting cables, _EXT_MECHSHCK_BAT structural damages to all electric components) _EXT_HUMID_BAT _EXT_HUMAN_BAT Table 4. List of end states () for battery Production-oriented Normal operation P_NO_BAT Complete success P_NP_F_BAT Failure Loss of performance/efficiency P_LPE_BAT Failure Safety-oriented S_NP_S_BAT Unsafe operation S_UNSAFE_BAT Failure Overheating S_OH_BAT Failure Overcurrent S_OC_BAT Failure Open S_OPEN_BAT Failure Fire S_FIR_BAT Failure Arcs(Overvoltage) S_ARC_BAT Failure S_EXP_BAT Failure Structural damages S_SD_BAT Failure Reverse current flow S_RCF_BAT Failure Corrosion S_COR_BAT Failure Electric safety issues S_I_BAT Failure 3.3 BMS 분석 BMS에대하여기술지및전문가자문을통하여구분하였다. 초기사상은내부초기사상 19개, 외부 11개로총 30개구성되어있으며, 결과상황들은전력생산부분 3 개, 안전부분 12개로총 15개로구성하였다. Table 5는초기사상, Table 6은결과상황들을나타내었다. Table 5. List of initiating events() for BMS Internal Short Loss of electric function Impairment of electric function Loss of configuration Brackets detachment Open Poor contact/intermittent Function Failure Bond failure Microcrack Open without stimuli Does not open Loss of battery electricity (DC) Overvoltage Loss of electrical connection (DC) _INT_SHORT_BMS _INT_LOSSEF_BMS _INT_IMEF_BMS _INT_LOC_BMS _INT_BD_BMS _INT_OPEN_BMS _INT_PC_BMS _INT_FF_BMS _INT_BF_BMS _INT_MICRO_BMS _INT_OWS_BMS _INT_DNO_BMS _INT_LOSSDC_BMS _INT_OVERVLT_BMS _INT_LOSSDC_BMS 36 Journal of the KOSOS, Vol. 31, No. 3, 2016
Mechanical damage _INT_MEDAM_BMS _INT_LEAK_BMS _INT_FIRE_BMS _INT_HEAT_BMS External _EXT_FLOOD_BMS _EXT_ERTQUAKE_BMS Animals(mainly cables, module junction box, _EXT_ANIMAL_BMS ventilation holes) _EXT_LIGHTN_BMS _EXT_SABOTG_BMS _EXT_ADVACT_BMS _EXT_EXPLSN_BMS _EXT_FIRE_BMS actions, ground-works affecting cables, _EXT_MECHSHCK_BMS structural damages to all electric components) _EXT_HUMID_BMS _EXT_HUMAN_BMS Table 6. List of end states () for BMS Production-oriented Normal operation P_NO_BMS Complete success P_NP_F_BMS Failure Loss of performance/efficiency P_LPE_BMS Failure Safety-oriented S_NP_S_BMS Unsafe operation S_UNSAFE_BMS Failure Overheating S_OH_BMS Failure Overcurrent S_OC_BMS Failure Open S_OPEN_BMS Failure Fire S_FIR_BMS Failure Arcs S_ARC_BMS Failure S_EXP_BMS Failure Structural damages S_SD_BMS Failure Reverse current flow S_RCF_BMS Failure Corrosion S_COR_BMS Failure Electric safety issues S_I_BMS Failure 3.4 PCS 분석 PCS는 BNL에서제시한기준을바탕으로하였다. 초기사상은내부초기사상 18개, 외부 12개로총 30개구성되어있으며, 결과상황들은전력생산부분 4개, 안전부분 13개로총 17개로구성하였다. Table 7은초기사상, Table 8은결과상황들을나타내었다. Table 7. List of initiating events() for PCS Internal Short Open Parameter change Breaker _INT_SHORT_PCS _INT_OPEN_PCS _INT_PCB_PCS Open without stimuli _INT_OWS_PCS Does not open _INT_DNO_PCS Fails to transfer _INT_FTT_PCS Degraded output _INT_DO_PCS Function Failure _INT_FF_PCS Out of specification _INT_OS_PCS Intermittent _INT_INTER_PCS Drift _INT_DRIFT_PCS Loss of grid electricity (AC) _INT_LOSSGRD_PCS Grid electricity transient fluctuations (voltage _INT_GRDFLCT_PCS and frequency) Overvoltage _INT_OVERVLT_PCS Loss of electrical connection (AC) _INT_LOSSAC_PCS Mechanical damage _INT_MEDAM_PCS _INT_FIRE_PCS _INT_HEAT_PCS External _EXT_FLOOD_PCS _EXT_ERTQUAKE_PCS Animals(mainly cables, module junction box, _EXT_ANIMAL_PCS ventilation holes) _EXT_LIGHTN_PCS _EXT_SABOTG_PCS _EXT_ADVACT_PCS _EXT_EXPLSN_PCS _EXT_FIRE_PCS actions, ground-works affecting cables, _EXT_MECHSHCK_PCS structural damages to all electrc components) _EXT_HUMID_PCS _EXT_HUMAN_PCS Operator failure _EXT_OF_PCS Table 8. List of end states () for PCS Production-oriented Normal operation P_NO_PCS Complete success P_NP_F_PCS Failure Reduced power to grid P_RP_PCS Partial failure Loss of performance/efficiency P_LPE_PCS Failure Safety-oriented S_NP_S_PCS Unsafe operation S_UNSAFE_PCS Failure Overheating S_OH_PCS Failure Overcurrent S_OC_PCS Failure fire S_LF_PCS Failure Open S_OPEN_PCS Failure Fire S_FIR_PCS Failure Arcs S_ARC_PCS Failure S_EXP_PCS Failure Structural damages S_SD_PCS Failure Reverse current flow S_RCF_PCS Failure Corrosion S_COR_PCS Failure Electric safety issues S_I_PCS Failure 한국안전학회지, 제 31 권제 3 호, 2016 년 37
김두현 김성철 김의식 박영호 3.5 EMS 분석 EMS는전문가활용및미국의 NPRD 10) 에서제시한기준을바탕으로하였다. 초기사상은내부초기사상 17개, 외부 11개로총 28개구성하였다결과상황들은 15개로구성하였다. Table 9는초기사상, Table 10은결과상황들을나타내었다. Table 9. List of initiating events() for EMS Internal Degradation of Processor _INT_DP_EMS Loss of Processor _INT_LP_EMS Loss of data _INT_LD_EMS Loss of SRAM _INT_LS_EMS No signals _INT_NS_EMS Degradation of graphcard _INT_DG_EMS Loss of graphcard _INT_LG_EMS Input high and low signals _INT_IHLS_EMS Degradation of DRAM controller _INT_DDC_EMS Loss of DRAM controller _INT_LDC_EMS Loss of DRAM _INT_LOD_EMS Loss of RAID controller _INT_RC_EMS Fails to transfer data _INT_FTD_EMS Loss of Hardiest _INT_LH_EMS _INT_LEAK_EMS _INT_FIRE_EMS _INT_HEAT_EMS External _EXT_FLOOD_EMS _EXT_ERTQUAKE_EMS Animals(mainly cables, module junction box, ventilation holes) _EXT_ANIMAL_EMS _EXT_LIGHTN_EMS _EXT_SABOTG_EMS _EXT_ADVACT_EMS _EXT_EXPLSN_EMS _EXT_FIRE_EMS actions, ground-works affecting cables, _EXT_MECHSHCK_EMS structural damages to all electric components) _EXT_HUMID_EMS _EXT_HUMAN_EMS Table 10. List of end states () for EMS S_NP_S_EMS S_NP_F_EMS Failure Function failure S_FF_F_EMS Failure Not saved(data) S_NS_F_EMS Failure fire S_LF_EMS Failure Unsafe operation S_UNSAFE_EMS Failure Overheating S_OH_EMS Failure Overcurrent S_OC_EMS Failure Open S_OPEN_EMS Failure Fire S_FIR_EMS Failure Arcs S_ARC_EMS Failure S_EXP_EMS Failure Structural damages S_SD_EMS Failure Corrosion S_COR_EMS Failure Electric safety issues S_I_EMS Failure 3.6 Cable 분석 Cable은 BNL에서제시한기준을바탕으로하였다. 초기사상은내부초기사상 10개, 외부 9개로총 19개구성하였다결과상황들은 11개로구성하였다. Table 11 은초기사상, Table 12는결과상황들을나타내었다. Table 11. List of initiating events() for Cable Internal Short _INT_SHORT_CAB Open _INT_OPEN_CAB Excessive wear _INT_EW_CAB Improper output _INT_IO_CAB Broken _INT_BRO_CAB Intermittent _INT_INTER_CAB Loose _INT_LOO_CAB Mechanical damage _INT_MEDAM_CAB _INT_LEAK_CAB _INT_HEAT_CAB External _EXT_FLOOD_CAB _EXT_ERTQUAKE_CAB Animals(mainly cables, module junction box, _EXT_ANIMAL_CAB ventilation holes) _EXT_LIGHTN_CAB _EXT_EXPLSN_CAB _EXT_FIRE_CAB actions, ground-works affecting cables, _EXT_MECHSHCK_CAB structural damages to all electric components) _EXT_HUMID_CAB _EXT_HUMAN_CAB Table 12. List of end states () for Cable S_NP_S_CAB S_NP_F_CAB Failure Unsafe operation S_UNSAFE_CAB Failure Overheating S_OH_CAB Failure Open S_OPEN_CAB Failure Fire S_FIR_CAB Failure Arcs S_ARC_CAB Failure S_EXP_CAB Failure Structural damages S_SD_CAB Failure Corrosion S_COR_CAB Failure Electric safety issues S_I_CAB Failure 38 Journal of the KOSOS, Vol. 31, No. 3, 2016
4. ETA 분석 전체시스템, Li-ion battery, BMS, PCS, EMS 및 Cable 로총 6 개의 ETA 를실시하였다. Fig. 2 는전체시스템에대한평가로 S 의목적이안정 적인전기공급이기때문에 는 Loss of grid electricity 로하였다. 고장영향에대해서는 Inverter control, disconnect, breaker, operator intervention 으로하였고각각의사건에대하여성공과실패여부에따른 를결정하였다. Fig. 3 은 Battery 는축방전이완전해야하며내 외부 Fig. 2. Loss of grid electricity of S. Fig. 3. Loss of battery electricity(dc) of battery. Fig. 4. Impairment of electric function of BMS. 한국안전학회지, 제 31 권제 3 호, 2016 년 39
김두현 김성철 김의식 박영호 Fig. 5. Loss of grid electricity(ac) of PCS. Fig. 6. Loss of data of EMS. Fig. 7. Mechanical damage of cable. 적인영향으로인하여축전이잘되지않을경우가발생한다. 이로인하여안정적전기공급에문제를일으킨다. 따라서 는 Loss of battery electricity(dc) 로하였다. 고장영향에대해서는 Degrade output, Intermittent operation, No output 으로하였고각각의사건에대하여성공과실패여부에따른 를결정하였다. Fig. 4 는 BMS 의주요기능인통신부분의고장을바탕으로 에대하여전기적기능장애 (Impairment of electric function) 를기반으로하였다. 전기적기능장애가발생하였을때 NFB/Disconnect, Operator intervention 등의 Failure Events 에대하여발생가능한화재, 아크및폭발등의 를결정하였다. 40 Journal of the KOSOS, Vol. 31, No. 3, 2016
Fig. 5 는 PCS 는 S 에서가장중요한역할을하고있다. DC 전원에대하여 AC 로변환하며필터를통하여 Grid 에안전한전원을공급하고이러한 PCS 는 DC 부분과 AC 부분으로구분할수있다. 는 Loss of grid electricity 로하였다. 고장영향에대해서는 DC 부분은 FE1 의성공과실패여부, AC 부분은 FE2 와 FE3 에서의성공과실패여부를결정하였다. 최종 의경우는 No power, Unsafe operation, Fire, 상태등으로하였다. Fig. 6 은 EMS 는 S 의상태를모니터링하는것이주목적이며, 또한시간별데이터를저장보존하는것또한중요한임무이다. 는 Loss of data 로하였다. 고장영향에대해서는 FE1, FE2, FE3 과 FE4 로하여성공과실패여부를결정하였다. 최종 의경우는 No power, Unsafe operation, Fire 등으로하였다. Fig. 7 은 Cable 은장치의연결뿐만아니라전원공급, 설비안전 ( 접지선 ) 을맡고있다. Cable 에대하여다양한고장모드가있지만본연구에서의 는 Mechanical damage 로하였다. 고장영향에대해서는 FE1, FE2 와 FE3 로하여성공과실패여부를결정하였다. 최종 의경우는, Arcs 등으로하였다. 5. 결론 본연구에서는 S 에대하여전체시스템, Battery, BMS, PCS, EMS 및 Cable 로 6 개항목으로분류하였고, 성능적, 인적, 환경적, 관리적, 안전을바탕으로한초기사상과결과상황들을도출하였고, 6 개항목에대한주요고장에대한 ETA 기법을적용하였다. 본연구에서얻은결론은다음과같다. 1) 전체시스템 ( 19 개, 17 개 ), Battery( 23 개, 15 개 ), BMS( 30 개, 15 개 ), PCS( 30 개, 17 개 ), EMS( 28 개, 15 개 ), Cable( 19 개, 11 개 ) 에대하여각각에대하여초기사상과결과상황들을제시하였다. 2) 6 개항목의주요고장에대하여각각의 ETA 를실시하였고, 하나의초기사상에서발생가능한결과상황들을제시하였다. 또한본연구에서제시한발생가능한초기사상을바탕으로다양한결과상황들을유도할수있다. 3) 추후에 S 에서발생한사례를바탕으로본연구에서제시한초기사상과결과상황들을분석하여동종재해방지및 S 의안정적운영이가능할것으로본다. 감사의글 : 이논문은한국전력공사의재원으로기초전력연구원의 2014 년선정기초연구개발과제의지원을받아수행된것임. ( 과제번호 : R14XA02-25) References 1) Korea, Electric Power Corporation, KEPCO, Challenge of Power Industry Paradigm using Energy Storage System, 2013. 2) Electric World, KEPRI of KEPCO, Development and Demonstration Status of Energy Storage System, Vol.63, No.10, pp.26-29, 2014. 3) Electric Energy Storage System Technology Trends 2012, Korean Smart Grid Association, p.29-39, 2012.09. 4) Current state of S, Korea Development Bank, pp.84-89, 2014. 5) A Guide Book for Reliability Prediction, MOASOFT pp.12-34, 2002. 6) H. -K. Lim, System Safety Engineering, Hansol Academy, pp.133-137, 2012. 7) A. Colli, An FMEA Analysis for Photovoltaic Systems : Assessing Different System Configurations to Support Reliability Studies - Introduction to PRA Analysis for PV Systems.In : Proceedings of Society for Risk Analysis Annual Meeting, San Francisco, CA, 2012. 8) Brookhaven National Laboratory, Information-based Reliability Weighting for Failure Mode Prioritization in Photovoltaic (PV) Module Design, 2014. 9) NEW SCNCE SUSTAINABLE ENERGY, UL-1973, Lithium-ion batteries, 2013. 10) Reliability Analysis Center, Non-electronic Parts Reliability Data, 2011. 한국안전학회지, 제 31 권제 3 호, 2016 년 41