The power generation and distribution system, for short "the grid." is an interesting system in a number of ways. One of these is that, within fairly narrow limits, the supply must equal the demand. There is a small amount of slack but little storage. Supply decisions are made by utilities in 500 KWH increments while demand decisions are made by individuals 150 W at time.
Obviously such a system benefits from scale. At least within limits, the more sources and uses in the system, the easier it is to achieve the necessary balance. In order to achieve the scale, all providers and users,p within a geographic region embracing many large and small states, are connected in a market network. Any supply, a generator, can be directed to any user. Suppliers with excess capacity offer it for sale to all other suppliers in the grid. Each supplier may buy from any other, and will do so, as long as that suppliers offer is lower than his own marginal cost of generation.
This market is highly automated and very efficient. Not only does it provide a low average cost for all customers but it also provides reliability. A utility that has a component, for example, a generator, failure, can use supply from any of its peers. However, in the short run, the loss of supply may create an imbalance between supply and demand. Other components may be momentarily overloaded. Since a sustained overload might ultimately cause a component to fail in a destructive manner, components are designed to either shed load, e.g., from damage. Within limits the system can absorb multiple simultaneous component failures, and re-balance, while maintaining, service to most users.
However, this design means that the grid is vulnerable to
"cascading failures," in which the failure of one component may cause the protective shutdown of other components. While the resilience of the
system is continually improving, there will always be an upper bound to the
number of simultaneous component failures that the system can tolerate. When that threshold is crossed, apparently
about once a generation, the system is designed to shut down in an orderly and
non-destructive manner. These successful
shutdowns enable the system to resume normal service in hours to tens of
hours. Such successful shutdowns will
continue to be described by politicians and the media as
"failures." The designers and
operators of the network will continue to think of them as successful "power grid
Notice that once the system has shut down, it must be restarted in a systematic way such that supply and demand are both added back to the system in such a way as to sustain the necessary balance between supply and demand. Said another way, we cannot simply turn everything back on at once. This is complicated by the fact that many using components draw significantly more power at start-up than they do while up and running. It is easy to imagine that restarting all the air-conditioners and refrigerators in a neighborhood at the same time, takes dramatically more power than sustaining them as they cycle on and off in normal operation. While most components will restart automatically, some may require manual operation. The more extensive the outage, the longer the re-start will take.
Within limits we can increase the reliability of the grid by adding redundant capacity and automatic controls. Redundancy increases cost and drives down revenue per component. Therefore, there is an economic limit to the amount of redundancy we will add. As we add redundancy, we must add more automatic controls; redundant components and controls increase the complexity of the system. At some point that increased complexity begins to cause more failures than it prevents. A mean time to failure of infinity implies infinite cost; long before we reach that point, somewhere about a mean time to shut down of the entire grid of about twenty years, we will stop.
Notice that even these massive shut downs are less disruptive than such natural disasters as ice storms where many homes may be without power or heat for days to weeks.