A new tool for reliability studies of electrical

networks with stand-by redundancies: OPALE

E. Breton, M. Bouissou, J. Aupied
Research engineers, EDF R&D

Abstract: II. DIFFICULTIES DUE TO STAND-BY REDUDANCIES IN

During the last 30 years, EDF has acquired a thorough ELECTRICAL SYSTEMS
experience in modelling reliability and safety of nuclear power
plants. Relying on this experience, R&D division decided to A. Studied test Case
carry out reliability studies of electrical systems in order to To show the main difficulties due to the existence of a
optimise EDF’s electrical network asset management. stand-by redundancy on a simple case, we are going to study
But this type of system, usually with stand-by redundancies, the case of an electrical system made up of a normal train, and
is difficult to treat with classic reliability methods like fault- an emergency train powered by a diesel generator.
trees or reliability block diagrams. Network
This paper presents a tool called OPALE, based on innovative
methods developed by EDF R&D. A demonstration of OPALE is
done on a complex electrical network with stand-by
redundancies.
Index Terms: availability, BDMP, electrical network, OPALE,
reliability, Markov graph, stand-by redundancy, substation. Tr1
DiES

I. INTRODUCTION
CB1 CB2
C ALCULATION of the dependability (reliability and
availability) of a static network with active redundancies is
LVDB
possible with classic probabilistic methods, such as fault-trees
or reliability block diagrams. But it is much more difficult to Studied Point
determine the dependability of a network with stand-by FIGURE 1: STUDIED NETWORK
redundancies and dynamic reconfigurations. Unfortunately, in
The studied undesirable event is the loss of supply of the
the field of electrical networks, active redundancies are very
Low Voltage Distribution Board (LVDB) during a time greater
rare. Indeed, most of electrical failures have to be isolated with
than the time needed to start the Diesel Engine Source (DiES).
a circuit breaker, which can fail to open. To take into account
An automatic change-over permits to switch between the
stand-by redundancies, refusal of opening for circuit breakers,
normal train and the emergency train. The circuit breaker CB2 is
refusal of functioning for automation system and protection
initially open. A short circuit on the transformer or the network
relays, without using Monte-Carlo simulation and its huge
can be propagated on the LVDB only if there is a refusal of
needs in computing power, two methods were identified:
opening of the circuit breaker CB1. The reconfiguration
• Event trees,
procedure may fail because of one of the following events:
• Markov graphs
• Refusal of opening of CB1 (γ1)
These two methods, which present some disadvantages, are
• Refusal of starting of DiES (γd)
compared on a test-case representative of existing difficulties.
• Refusal of closing of CB2 ( γ2)
We use this example firstly, to show the limitations of event
During the time needed to repair the main train (Tr1 or
trees and secondly to introduce an innovative way of using
Network), DiES also can fail (λd, µ d).
Markov graphs, thanks to a new formalism called BDMP
(Boolean logic Driven Markov Process)®. Finally, we B. Difficulties with classic methods
demonstrate the tool OPALE, which automates fully the Static fault-trees or reliability block diagrams are powerful
construction of a BDMP and dependability calculations, from tools to resolve cases without reconfiguration, and without
the input of the physical layout of an electrical system. temporary phases due to these reconfigurations. They are like
a camera, only able to take a picture of a situation.
The main difficulty in a case with reconfiguration due to a
stand-by redundancy is to take into account failures of the
emergency line only during the time of unavailability of the Initiator Undesirable
Generic Events (GE)
normal line, and not during the entire mission time. To take into Event (IE) Events (UE)

account this aspect, we have to use a sequential method like RO CB1 RS DiES RC CB2 Fail DiES
the event tree method. Another difficulty is to take into γ1 UE1
account potential failures during the reconfiguration. These γd UE2
potential “on demand” failures are described by a probability γ. γ2 UE3
Event trees and Markov graphs methods allow to describe a
dynamic system with reconfigurations and take, not a picture, λ 1-e-λdτ UE4
but a movie of the system (sequential functioning). (1-γ 1 )
(1-γ d)
III. EVENT TREE SOLUTION (1-γ 2 )

A. Method λ = λNet + λTr1 e -λdτ OK

To use the event tree method, it is necessary to know all the
initial events liable to occur and their frequencies. FIGURE 2: EVENT TREE
Afterwards, for each initial event, the complete procedure of
emergency must be described to build an event tree. A good The probability of failure of the mission is :
knowledge of the system is required. So, the event tree can P (C un ) = ∑ P ( Sqi ) = 1 − ∑ P ( S ai )
model the sequential safety actions with their possible failures,

( )( )( ) (e )
i i

P (C un ) = 1 − 1 − γ × 1 − γ × 1 − γ ×
i.e. “on demand” and “in operation” failures. − λd τ
Moreover, the duration of operation of standby 1 d 2
components is to be defined. Generally, it is equal to the With τ : mean repair time of the normal train, estimated by
unavailability time of the normal train, which can be calculated
λ λ
λ τ λ τ
with a classical model (fault-tree for instance). the formula: τ = Tr1
+ Net
.
λ Tr1
+
Net
Tr1
λ Tr 1
+
Net
Net

The quantification of all the failure sequences of the Consequently, the equivalent failure rate for this part of the
emergency train is done by:
system is :
 
P (C un ) = P  U S qi  λ
= P(C un ) ×
eq
+ (λ Tr 1 λ ) Net
 i  To determine the equivalent failure rate of the entire system,
Since the sequences are mutually exclusive, the probability we have to add the failure rates of LVDB and CB1. So, the
is: equivalent failure rate for the complete system is :
P (C un ) = ∑ P ( Sqi ) = 1 − ∑ P ( S ai )
i i
λ Syst
= λ eq + λ LVDB + λ CB1
With: In § VI. D. a numerical application is done and compared
• P(Cun ) = Probability to have an unacceptable with results obtained with the tool OPALE.

consequence (undesirable event), C. Conclusion on event tree method

• P ( Sqi ) = Probability of a failure sequence,
• P ( Sai ) = Probability of a success sequence.
B. Test case
Initiating events:
• Fail(ure) of Network or Transformer
• SC on CB1 (SC = short-circuit)
• SC on LVDB
SC on CB1 and LVDB are critical failures: there is not any
emergency solution to these failures, so there are no event
trees to build for these initiating events. The event tree of Fig.
2 describes the sequences that can occur after a failure of the
network or of the transformer:
The event tree method allows to resolve this simple case of
stand-by redundancy, in spite of the fact that one has to find
"manually" all initiators and sequences of success and failure
(and one event tree by inititating event must be built). It can be
a problem for the reproducibility of the study.
Moreover, this method is not suitable to do unavailability
calculations and is inapplicable in the case of cascade of
stand-by redundancies.
Another way to solve all these modelling problems (and
many others) is Markov models. But, Markov modeling is
usually severely limited because the number of states to
consider is an exponential function of the number of
components in the system.
Consequently, a new formalism called Boolean logic Driven
Markov Processes (BDMP) [1], [2] was developed, which
enables the analyst to combine concepts inherited from fault
trees and Markov models. This very effective formalism has
allowed R&D’s dependability specialists to carry out easily the
reliability and availability study of electrical networks including
stand-by redundancies and reconfiguration procedures, for
EDF [3] and its customers [4].
IV. A SHORT PRESENTATION OF THE BDMP FORMALISM
A. General
The general idea of BDMP, as suggested by their name, is
to associate a Markov process (which represents the behavior
of a component or a subsystem) to each leaf of a fault-tree.
This fault-tree is the structure function of the system.
What is really new with BDMP is that:
• the basic Markov processes have two "modes",
corresponding to the fact that the
components/subsystems that they model are
required or are in standby (of course, they can also
have only one mode, and the meaning of the
modes may be different in some cases),
• at any time, the choice of the mode of one of the
Markov processes (unless it is independent)
depends on the value of a Boolean function of
other processes.
An extreme case is when the processes are independent.
This corresponds to a fault -tree, the leaves of which are
associated to independent Markov processes.
A BDMP (F, r, T, (Pi)) is made of: a multi-top coherent fault-
tree F, a main top event r of F, a set of triggers T, a set of
"triggered Markov processes" Pi associated to the basic
events (i.e. the leaves) of F, the definition of two categories of
states for the processes P i.
A trigger is represented graphically with a dotted line. The
first element of a trigger is called its origin, and the second
element is called its target. Two triggers must not have the
same target. This means that it is sometimes necessary to
create an additional gate (like G1 in Fig. 3) whose only function
is to define the origin of a trigger. Fig. 3 is an example of
graphical representation of all the notions of BDMP. In this
example, we have a fault-tree with two tops: r (the main one)
and G1. The basic events are f1, f2, f3, and f4: they can belong
to one of the two standard triggered Markov processes
defined below. There is only one trigger, from G1 to G2.
r
G1 G2
f1 f2 f3 f4
FIGURE 3: A SIMPLE BDMP
Definition of a "triggered Markov process" (we have such
a process Pi associated to each basic event i of the fault-tree):
Pi is the following set of elements:
{Z i
0
( t ), Z 1i (t ), f 0i→1 , f 1i→ 0 }
{Z i
0 1
i
}
( t ), Z (t ) are two homogeneous Markov processes
with discrete state spaces. For k ∈ {0,1} , the state space of
i
Z ki (t ) is Ak .
For each Aki we will need to refer to a part Fki of the state
space Aki . In general, Fki will correspond to failure states of
the component or subsystem modeled by the process Pi .
f 0i→1 and f 1i→0 are two probability transfer functions
defined as follows:
for any x ∈ A0i , f 0i→1 ( x ) is a probability distribution on
A1i , such that if x ∈ F0i , then Pr( f 0i→1 ( x) ∈ F1i ) = 1
for any x ∈ A1i , f 1i→0 ( x ) is a probability distribution on
A0i , such that if x ∈ F1i , then Pr( f 1i→ 0 ( x ) ∈ F0i ) = 1
Such a process is said to be "triggered" because it switches
instantaneously from one of its modes to the other, via the
relevant transfer function, according to the state of some
externally defined Boolean variable, called "process selector".
The process selectors are defined by means of triggers. The
function of a trigger is to modify the mode of the processes
associated to the leaves in the sub-tree under its target when
the event which is the origin of the trigger changes from
FALSE to TRUE (or conversely). The exact definition of the
semantics of a BDMP (in particular when there are several
triggers) is too complex to be explained in the present paper,
but it can be found in [2].
We give hereafter the two standard processes, which are
most often used in BDMP.
B. The warm standby repairable leaf
This process is used to model a component that can fail
both when it is in standby and when it works (this mode
corresponds to a process selector equal to 1), but with
different failure rates. This component can be repaired
whatever its mode. When λs = 0 , the model represents in fact
a cold standby repairable component.
λs λ
S µ F W µ F
Process 0 Process 1
The transfer functions simply state that when the value of
the process selector changes, the component goes from state
Standby to Working (or vice-versa) or remains in Failure state
with probability 1.
f 0→1 (S ) = {Pr(W ) = 1, Pr( F ) = 0} ,
f 0→1 ( F ) = {Pr( F ) = 1, Pr(W ) = 0}
f 1→0 (W ) = {Pr(S ) = 1, Pr( F ) = 0} ,
f 1→0 ( F ) = {Pr( F ) = 1, Pr( S) = 0}
 To carry out dependability studies with KB3, a knowledge
C. The on-demand repairable failure leaf
base adapted to the problems involved in the studies to be
This model is used to represent an “on-demand” failure that carried out is needed. Such a knowledge base must contain a
can happen (with probability γ) when the process selector generic description of the different kinds of components that
changes from state 0 to state 1. might be encountered in the studies (description of possible
component failure modes and of their consequences on the
W µ F W µ F system). This single generic description is independent of the
Process 0 Process 1 topology of a given system and can therefore be used for all
{
f 0→1 (W ) = Pr(W ) = 1 − γ , Pr(F ) = γ , } system studies involving the problems dealt with.
BDMP constitute a very powerful modeling tool, but being
f 0→1 ( F ) = { Pr( F ) = 1, Pr(W ) = 0} capable of building them requires a minimum of training. As
f1→0 (W ) = { Pr(W ) = 1, Pr( F ) = 0} , they look very much like fault-trees, it seems natural to use the
f 1→ 0 ( F ) = {Pr(F ) = 1,Pr(W ) = 0}
KB3 ability to generate fault-trees from other graphic
representations (such as P&I diagrams of systems) to build
them automatically. This is how the OPALE tool works.
D. Application to our example B. The OPALE tool
Here is a simple BDMP that models precisely our system. With deregulation of the electrical market in France, the
The leaves with "S!" are of the type described in §IV. C. Commercial Branch of EDF decided to propose new customer
and the other ones are of the type described in § IV. B. (with a services in order to establish customer loyalty:
null standby failure rate). • Design of internal network
• Comparison of different improvements at the time
EI_1
of renewal of private or public network
• Identification of weak points of the network.
These new offers include dependability studies . To
OR
facilitate the development of these new offers, R&D division
OU_2
! !
has decided to develop a tool, to allow electricians non-expert
AND in dependability modelling to do reliability studies. This new
F_CB1 F_LVDBoard tool, called OPALE, automates the evaluation of the reliability
ET_1
and the availability of electrical networks. It is based on an
OR OR automatic transformation of the single line diagram of the
network into a dynamic BDMP model optimised in order to
OU_3 OU_1
moderate the combinatorial explosion of the model processing.
! ! ! ! It allows very large gains in the productivity of the study of
such systems and enables people who are not dependability
F_Transf F_Network F_CB2 F_DEng
specialists to do them.
S ! S ! S !
VI. EXAMPLE : TEST CASE RESOLVED WITH OPALE
RO_CB1 RS_DEng RC_CB2
A. Input of the physical layout
FIGURE 4: BDMP MODELING OUR TEST CASE
As required by the Commercial Branch, the user of OPALE
can input the physical network into the software (see Fig. 6).
V. AUTOMATION OF BDMP CONSTRUCTION

A. The KB3 modelling tool

In order to improve the quality, rapidity, and accessibility of
dependability studies, EDF R&D developed the KB3 program1.
KB3 automatically builds reliability models of the structural
type (fault trees or systems of Boolean equations) or
behavioural type (Markov graphs, Monte Carlo simulation
models, etc.) for studying a system on the basis of a graphic
description of the system layout, a description of system
missions, and a generic knowledge base.

1
A demonstration version of KB3 and of a BDMP tool can be
downloaded at http://rdsoft.edf.fr FIGURE 5: INTERFACE FOR DEPENDABILITY PARAMETERS
 problem with the reconfiguration procedure.
The protection system of the network can also be described
in OPALE in order to take into account its failures , like refusal
of working for the protection, inadvertent opening of a circuit
breaker, problem with the automation, …
C. Presentation of the results
OPALE is able to give two types of results:
• General results (equivalent failure rate,
unavailability, MTTF, …),
• Detailed sequences leading to the undesirable
event and their contribution in unreliability and
unavailability.
D. Comparison of the results with the event tree method
Hereafter are results obtained both with the event tree
method and OPALE.
Lambda Repair Time
SC Network 2.00E-07 1
SC Transf 1.00E-07 24
SC CB1 et 2 1.00E-10 4
SC LVDB 1.00E-10 8
SC Deng 1.37E-06 4
SC = Short Circuit
Gamma Repair Time
Refusal of Opening CB 1 or 2 2.70E-04 4
Refusal of Starting DiES 3.40E-03 4
Refusal of Closing CB 2 2.70E-04 4
FIGURE 8: D EPENDABILITY PARAMETERS
1) General results

FIGURE 6: T HE OPALE TOOLGRAPHICAL U SER INTERFACE Results of event

Results of Opale Difference
tree method
The user of OPALE also has to input dependability
parameters, using the "object editor" of KB3, shown in Fig. 5. Equivalent Lambda System 1,385E -09 1,385E -09
One or several undesirable events can be defined via the MTTF 8,24E+04 ans 8,24E+04 ans 0,00%
use of "testers" of voltage, represented like bulbs. Rsyst(t) = P (No Failure during 1
9,999879E-01 9,999879E-01
year)
B. Specification of stand-by redundancies
FIGURE 9: GENERAL RESULTS
The next step is to specify functioning of the stand-by
2) Detailed sequences obtained with the event tree method
redundancies. To do this, we have to use a special formalism
as described hereafter:
Seq. Name Fail Rate

1 Network_CC or Transf_CC 1,01972E -09

Ref. Start. DiES
2 CB1_CC 1,00E-10
3 LV_Dist_Board_CC 1,00E-10
Network_CC or Transf_CC
4 8,10000E -11
Ref. Op CB1
Network_CC or Transf_CC
5 8,07028E -11
Ref. Clos. CB2
Network_CC or Transf_CC
6 3,54821E -12
SC DiES

FIGURE 10: DETAILED RESULTS WITH THE EVENT TREE METHOD

FIGURE 7: SPECIFICATION OF THE STAND- BY REDUNDANCY

This red arrow indicates that all the second part of the
network has to be put into operation only if the first part of the
network is down. Failures on DiES are only taken into account
if the network or the transformer is down AND if there is no
 3) Detailed sequences obtained with OPALE VII. EXAMPLES OF COMPLEX ELECTRICAL SYSTEMS STUDIED
WITH THIS NEW TOOL
Lambda
Proba Contrib in Cumulate
Seq. Name Rate Type of the
Asympt Rel. d Contrib A. Electrical network of a steel manufacturer site:
sequence
1 [Network_CC] 2,00E-07 EXP 2,26E-03 49,07% 49,07% 6,80E-10 ARCELOR, Sollac
[Bon Fct. : CB1_RO, 1,00E+00 INS
This complex electrical private network of a steel
Bon Fct. : CB2_RF, 1,00E+00 INS
Ref. Fct. : manufacturer site with protection system and stand-by
3,40E-03 INS
Diesel_Eng_DS] redundancies was studied in article [4].
2 [Transf_CC] 1,00E-07 EXP 1,13E-03 24,54% 73,61% 3,40E-10 ~ L1 ~ L2
[Bon Fct. : CB1_RO, 1,00E+00 INS 225 kV
B1
Bon Fct. : CB2_RF, 1,00E+00 INS
B2
Ref. Fct. :
3,40E-03 INS
Diesel_Eng_DS]
3 [CB1_CC] 1,00E-10 EXP 3,33E-04 7,22% 80,83% 1,00E-10
B1 63 kV
4 [LV_Dist_Board_CC] 1,00E-10 EXP 3,33E-04 7,22% 88,05% 1,00E-10 B2
B3
5 [Network_CC] 2,00E-07 EXP 1,79E-04 3,88% 91,93% 5,38E-11
4TA
[Ref. Fct. : CB1_RO, 2,70E-04 INS 1TA ~ 2TA
Bon Fct. : CB2_RF, 1,00E+00 INS ~ ~
Bon Fct. : Diesel_Eng_DS] 9,97E-01 INS ~ AEG 20 kV
3TA
6 [Network_CC] 2,00E-07 EXP 1,79E-04 3,88% 95,82% 5,38E-11
[Bon Fct. : CB1_RO, 1,00E+00 INS Emergency
substation
Ref. Fct. : CB2_RF, 2,70E-04 INS
Bon Fct. : Diesel_Eng_DS] 9,97E-01 INS
7 [Transf_CC] 1,00E-07 EXP 8,96E-05 1,94% 97,76% 2,69E-11
[Ref. Fct. : CB1_RO, 2,70E-04 INS
Bon Fct. : CB2_RF, 1,00E+00 INS
Bon Fct. : Diesel_Eng_DS] 9,97E-01 INS
FIGURE 14: STEEL MANUFACTURER SITE
8 [Transf_CC] 1,00E-07 EXP 8,96E-05 1,94% 99,70% 2,69E-11
[Bon Fct. : CB1_RO, 1,00E+00 INS
Ref. Fct. : CB2_RF, 2,70E-04 INS
B. "d" substation : French distribution substation
Bon Fct. : Diesel_Eng_DS] 9,97E-01 INS This complex electrical substation with protection system
9 [Transf_CC] 1,00E-07 EXP 1,09E-05 0,24% 99,94% 3,27E-12
and stand -by redundancies was studied in article [3].
[Bon Fct. : CB1_RO, 1,00E+00 INS LIGNE 2
LIGNE 1
Bon Fct. : CB2_RF, 1,00E+00 INS
Bon Fct. : Diesel_Eng_DS] 9,97E-01 INS Parafoudre PaL1 PaL2
TCM2
[Diesel_Eng_CC] 1,37E-06 EXP Transformateur
Combine de mesure TCM1 Protection de Distance
10 [Network_CC] 2,00E-07 EXP 9,09E-07 0,02% 99,96% 2,73E-13 + Protection de Secours
SMALT2 + Protection contre défauts résistants
[Bon Fct. : CB1_RO, 1,00E+00 INS Protection de Distance Sectionneur avec SMALT1
mise à la terre
Bon Fct. : CB2_RF, 1,00E+00 INS + Protection de Secours
+ Protection contre DJL2
Bon Fct. : Diesel_Eng_DS] 9,97E-01 INS défauts résistants Disjoncteur de ligne DJL1
SAL2
[Diesel_Eng_CC] 1,37E-06 EXP Sectionneur d'aiguillage ligne SAL1
Sectionneur de Sectionnement
TT1 Fermé en fonctionnement normal
FIGURE 11: DETAILED RESULTS WITH OPALE Transformateur TT2
de tension
SS
4) Conclusion Sectionneur d'aiguillage transfo SAT1 SAT2

General results are the same with OPALE and the event tree Disjoncteur de transfo DJT1 DJT2
PDI
method. About the detailed results, OPALE is able to give all Parafoudre PaT1 PaT2
PDT
the detailed sequences classified by contribution to the global PDI
Transfo de puissance Tr1
ATLT ATLT
Tr2
PDT Automate de permutation de Transformateur
unreliability. It is also possible to obtain results in
unavailability. This precision gives the possibility to detect
TCFM TCFM
more easily weak points of the network. MASSE
HTA
MASSE
HTA
Another important point is the automation of the modelling TSA TSA

EPAMI
of the network. With OPALE, the complex and error prone TC
EPAMI
TC

construction of an event tree is replaced by the simple input of TT TT

MASSE MASSE
TT TT
Disjoncteur ouvert
the physical description of the system to be studied. EPAMI
en fonctionnement normal

Therefore, it allows very large gains in the productivity of

the study of such systems and enables people who are not
TC_dep1 TC_dep2 TC_dep3 TC_dep4 TC_dep1 TC_dep2 TC_dep3 TC_dep4 TC_dep1 TC_dep2 TC_dep3 TC_dep4 TC_dep1 TC_dep2 TC_dep3 TC_dep4
dependability specialists to do them.

Demi-RAME 1A Demi-RAME 1B Demi- RAME 2A Demi-RAME 2B

FIGURE 13: FRENCH DISTRIBUTION SUBSTATION


C. Others references
EDF R&D performed different types of studies, in several
countries:
• ESKOM (South Africa): HV substation studies.
• Internet hostel (F): Internal electrical network.
• Offshore wind farm (F): Joining with the French
grid.
• London City Airport (UK): Study of the electrical
supply.
• Studies of internal electrical networks for
different customers (Printing works, Agro-
alimentary, Micro-electronics).
VIII. REFERENCES
[1] P. Carer, J. Bellvis, M. Bouissou, J. Domergue, J. Pestourie, "A new
method for reliability assessment of electrical power supplies with
stand-by redundanc ies", PMAPS 2002, Naples, September 02.
IX. BIOGRAPHIES
Edouard BRETON is a research engineer of EDF R&D. He received a
degree from the “Centre d’Etudes Supérieures Industrielles” engineering
school, Paris. He has performed several studies in the field of HV, MV,
LV electrical network or system (industrial private network, EDF
network, …). At EDF R&D, he works on development of different
dependability software and is the technical back office for the
commercial branch of EDF about dependability studies.
Marc BOUISSOU is a senior engineer of EDF R&D, with a long
experience in the reliability engineering field. He also holds an
appointment at CNRS (University of Marne la Vallée) as an associate
research director. He has led the development of highly innovative
tools, to support the activities of reliability engineering, and PSAs for
nuclear power plants. He has published more than 60 technical papers,
and gives RAMS lectures in several universities. He received a degree of
the "Ecole Nationale Supérieure des Mines de Paris" engineering school
in 1980.

[2] M. Bouissou, J.L. Bon, "A new formalism that combines

advantages of fault-trees and Markov models: Boolean logic
Driven Markov Processes" Reliability Engineering and System
Safety, Volume 82, Issue 2, November 2003, Pages 149-163

[3] J. Pestourie, G. Malarange, E. Breton, S. Muffat, M. Bouissou,

"Etude de la sûreté de fonctionnement d’un poste source EDF
(90/20 kV) avec le logiciel OPALE", Lambda Mu 14, Bourges,
Octobre 2004

[4] J. Pestourie, P. Carer, P. Pamphile, D. Caza ban, "Reliability and

availability evaluation of cokeworks electrical network in a steel
manufacturer site", PMAPS 2004, September, 2004