Letzte Aktualisierung am 20. Mai 2022.
This article was first published in: atw – International Journal for Nuclear Power (PDF-Version)
Deutsche Version: Europa auf dem Weg in die Katastrophe
Table of contents
- Executive Summary. 2
- Initial situation. 3
- Definition Blackout 3
- Far more than just a power failure. 3
- The European interconnected system in transition. 4
- Major disruptions as warning signals 4
- Risk assessment 4
- Increasing compensatory measures 5
- Permanent balance. 5
- Reduction of the system-critical spinning reserve. 5
- Turkey-Illusion. 6
- Lack of systemic implementation. 6
- All want to import 7
- Increasing centralisation. 8
- Lack of storage and buffers 8
- Power-to-X. 9
- Insufficient considerations 10
- Electricity market 10
- Decentralised functional units („energy cells“) 11
- Ageing infrastructures 12
- Resonance effects 12
- Extreme weather events 13
- Increasing power consumption. 13
- Reducing energy demand. 13
- Increasing blackout risk. 13
- Summary. 13
- A blackout and its consequences. 15
- Power shortage. 15
- Consequences and duration of a blackout 16
- Phase 1 – total power and infrastructure failure. 16
- Phase 2 – Telecommunications failure. 17
- Phase 3 – Restoration. 18
- What can be done?. 19
- Island-operable PV systems 19
- Organisational measures 19
- Summary. 20
- Background topic networking and complexity. 20
- Characteristics of complex systems 21
- Systemic risks 23
- Incorrect methods 23
- Business optimisation and efficiency increase. 24
- Critical infrastructure and strategic shocks 24
- Security solutions 24
- System design. 25
- Risk and security versus robustness and resilience. 25
- Summary. 26
- References. 27
- Author 28
The European electricity supply system is undergoing a fundamental transformation. Many steps are happening at the same time, but often not in a coordinated manner. However, a system is more than the sum of its individual parts. Therefore, this approach increases the risk of major disruptions, up to and including a Europe-wide failure. The consequence would not only be a large-scale power blackout, but this would lead to an inconceivable supply crisis for which neither people nor companies nor the state are prepared. This article highlights the comprehensive upheavals in the electricity supply system, the possible consequences of a blackout and basic precautionary measures.
- The Austrian Armed Forces and the Austrian Society for Crisis Preparedness (GfKV) expect a Europe-wide power, infrastructure and supply failure („blackout“) within the next five years.
- The developments in Germany, where around 20 GW of secured capacity (8 GW nuclear and 12 GW coal) are to be taken off the grid by the end of 2022, are decisive for this. Already in January 2021, after the first partial shutdown (~ 5 GW), power plants that were to be shut down had to be reactivated and partly put into hot standby mode to ensure system security.
- In Germany, the power plant phase-out removes large quantities of system-critical elements without providing adequate replacement elements. The rotating masses of the generators, the instantaneous reserve, are indispensable buffer elements („shock absorbers“) for system security.
- The German Federal Audit Office raised the following objections in March 2021: „The assumptions of the BMWi for the evaluation of the dimension of security of supply on the electricity market are partly unrealistic or outdated by current political and economic developments. In assessing the dimension of security of supply on the electricity market, the BMWi has not examined any scenario in which several foreseeable risks come together that could jeopardise security of supply.“
- Particularly serious are the lack of storage facilities, without which the increasing volatility in generation from the new renewables cannot be managed. Several time dimensions, from inherent (instantaneous reserve) to seasonal, must be taken into account. In Germany there is currently a storage capacity of about 40 GWh (Austria 3,300 GWh), with a simultaneous consumption of about 1,500 GWh per day!
- In the past decade, the previously available power plant overcapacities have been significantly reduced in most countries.
- In addition, the infrastructure reconstruction (grids, storage, resources) cannot keep up with the speed of the shutdowns or the new power plant locations and is delayed by many years.
- So far this has worked because Germany, like Austria, is integrated into the pan-European interconnected system (ENTSO-E). This means that system stability can be maintained. However, in for a penny, in for a pound, and everyone goes down together if something goes wrong.
- According to EU regulations, electricity trading is to be massively expanded by 2025. By 2025, at least 70 percent of the cross-border interconnection points must be made available for electricity trading, which is many times more than the current practice. The infrastructure was never designed for this. What leads to optimisation on a day-to-day basis simultaneously creates increasing vulnerability, as disruptions can spread much more quickly and over a wider area.
- The European interconnected system obeys simple physical laws. If these are ignored – which is currently happening in many areas – a system collapse with catastrophic consequences is imminent, as no one knows how long it could take until this system can be restarted. Not to mention the unimaginable cascading failures and lengthy restart times in many other areas. This threatens longer-term and severe supply interruptions and bottlenecks for which our just-in-time society is not prepared.
- A successful energy transition requires a systemic and coordinated system restructuring („energy cell system“) in the entire interconnected system. So far, however, individual interests, national solo efforts and wishful thinking have dominated the process, which is likely to lead to the greatest catastrophe in Europe since the Second World War!
Large-scale power failures, so-called blackouts, occur again and again in various regions of the world. Europe has so far been spared such an event, except for regional events such as the blackout in parts of Germany/Austria/Switzerland (1976), Italy (2003) or Turkey (2015). All other major blackouts such as Münsterland (2005) or Slovenia (2014) were not blackouts because there was no widespread system collapse.
Therefore, a definition of the term blackout is essential for the respective consideration, as there is no uniform definition and at the same time a very widespread use of the term. In the media, the term is used inflationarily for almost every power blackout. On closer examination, this often results in completely different events, which is usually not helpful for a well-founded discussion.
In this context, a blackout is understood to be a sudden, supra-regional and prolonged power, infrastructure and supply failure that covers large parts of Europe or at least several countries. Help from outside is not possible. Therefore, it is by no means just a power blackout. This would only be the trigger event for a catastrophe with serious consequences.
The European interconnected system is one of the largest and most reliable power supply systems in the world. Nevertheless, there are increasing indications that such an event could also occur in Europe. Even if the energy supply companies go to great lengths to prevent such an event, there is no one hundred percent certainty. This was already stated in 2015 by the European transmission system operators in the ENTSO-E report on the blackout in Turkey:
“A large electric power system is the most complex existing man-made machine. Although the common expectation of the public in the economically advanced countries is that the electric supply should never be interrupted, there is, unfortunately, no collapse-free power system.” [ENTSO-E (2015). S. 46.]
The final report on the last major disruption to date on 24 July 2021, which resulted in a grid disconnection between the Iberian Peninsula and the rest of the system, was also emphatic:
“The incident revealed that the limits of stable system operation can be reached, even if all security evaluations are executed correctly and timely. With the increase in distributed generation connected to the grid to achieve the de-carbonisation of the energy system, non-compliance with the technical requirements of the binding EU network codes may generate uncontrollable and unmanageable breaches of the security of the electricity system.”
Such „non-compliance“ also occurred in Poland on 17 May 2021, when the world’s largest coal-fired power plant with a power loss of 3.6 GW was disconnected from the European interconnected system. In the previous planning and safety architecture, however, only a simultaneous loss of 3 GW would have been permissible. Therefore, fortunate circumstances probably also contributed to the fact that no major European disruption occurred.
Therefore, it is not only the energy supply companies that need to prepare for such a possible event, but society as a whole. A Europe-wide power, infrastructure and supply failure („blackout“) would not only lead to a large-scale power failure, but also to a devastating and completely underestimated chain reaction in almost all critical infrastructures (CRITIS). The almost simultaneous loss of production and logistics across Europe would immediately interrupt the basic supply of vital goods and services to the population.
In many production areas, serious damage and lengthy restart times would also have to be reckoned with, as individual examples of regional power outages show time and again. What is relatively easy to compensate for in individual cases, leads de facto to an underestimated exponential escalation in the case of a large-scale outage [cf. CSH (2020)].
Due to the generally very high level of supply security in all areas of life, there has been neither corresponding experience nor adequate precautionary measures in Europe to reduce potential damage. This would have a particularly dramatic effect on the unprepared population, which in turn would have an impact on the availability of personnel and thus on the recovery time of logistics [cf. ACPP (2021)]. A vicious circle that would then be almost impossible to break.
Before the second part takes a closer look at the effects of a blackout and the possible precautionary measures, the first part shows why a blackout in Europe is a very real and underestimated danger.
The European electricity supply system of the Regional Group Central Europe (ENTSO-E/RG CE) comprises 27 countries and stretches from Portugal to eastern Turkey and from Sicily to Denmark. Since 16 March 2022, there has been emergency synchronisation with the Ukrainian and Moldovan electricity grids.
This represents a functional unit that only works as a whole. Disruptions in this system can in principle spread over a large area, even if corresponding safety mechanisms are implemented to prevent this. In addition, there is a network to neighbouring grid regions of the ENTSO-E (European Network of Transmission System Operators for Electricity), which comprises a total of 43 transmission system operators from 36 European countries.
On 8 January 2021 and 24 July 2021, two major disturbances occurred in the ENTSO-E/RG CE grid, in which the Central European grid was separated into two sub-grids. Compared to the most severe grid separation to date on 4 November 2006, these grid separations were very mild. At that time, 10 million households in Western Europe had to be disconnected from the grid within 19 seconds to prevent a Europe-wide collapse.
On 8 January 2021, „only“ large corporate customers in France and Italy were affected, who had generally contractually agreed to an emergency disconnection and were paid for it. In the second major disruption and grid disconnection on 24 July 2021, around 2 million customers on the Iberian Peninsula had to be disconnected from the electricity grid to prevent anything worse.
Thanks to the continuously improved precautionary and communication measures of the European transmission grid operators since 2006, the disruptions were eliminated and excellently controlled after about one hour in each case. Nevertheless, such a grid interconnection is not trivial and repeatedly leads to total failures in the simulation. In addition, there have been „only“ three other major disruptions with grid disconnection in the history of the interconnection so far: in 2003, blackout in Italy, in 2006, across Europe, and in 2015, blackout in Turkey.
Therefore, no one knows whether the planned safety mechanisms will also take effect in time and adequately in the event of the next incident. In the worst case, there could indeed be a Europe-wide blackout. There are a number of indications of this.
The two major disruptions in 2021 could be understood as a serious warning and „weak signals“ in the sense of „managing the unexpected“ [cf. Weick et al. (20102)]. Previous risk assessment methods and probability of occurrence calculations are not applicable or misleading due to the lack of evidence for High Impact Low Probability (HILP) events. HILP events – also often referred to as Black Swans [cf. Taleb (2012), Taleb (20135)] – require other approaches, such as the concept of antifragility [cf. Taleb (2013)] or the methods of risk ethics [cf. Mukerji et al. (2019)], which do not focus on probability but on the potential damage in order to derive the necessary requirements for action. However, such an approach is still lacking in many areas. Many precautionary measures concentrate on prevention and are often limited to the consequences in the power supply system, which is clearly too short-sighted [cf. ITA et al. (2022)].
Even if the author or the Austrian Armed Forces [cf. BMLV (2019, 2021, 2022)] assumes a blackout within the next five years, this statement cannot be scientifically proven, as there is no evidence for it. In risk communication, however, it is impossible to persuade anyone to take precautions if statements such as „very unlikely, low probability, etc.“ are made on the basis of historical experience [cf. the turkey illusion further below].
Therefore, it is ethically and morally justifiable to make such a clear announcement because, as will be shown in part two, there is an enormous potential for damage that could be significantly reduced with appropriate precautions. Therefore, everything that only contributes to a false sense of security should be refrained from in communication. The Corona pandemic and the war in Ukraine should have taught us this by now.
The fact is that the costs in the European interconnected system have been rising for years in order to maintain grid stability. The Austrian congestion management costs, i.e. the costs to avert a blackout, have exploded within a few years from 1.1 million euros in 2012 to 439 million euros in 2021. Instead of two interventions, more than 300 interventions were required in one year. Although these expenses decreased significantly due to the electricity market separation between Germany and Austria in October 2018, 2019 and 2020, they literally exploded again in 2021. The causes lie primarily in the lack of system adaptation to the greatly changed framework conditions, which is due, for example, to the inadequate power line infrastructure. On the other hand, the volatile electricity generation from photovoltaic and wind power plants requires more and more balancing measures, as the necessary buffers and storage systems are lacking.
A point that is neglected in many current considerations is that in the alternating current system the balance between generation and consumption must be permanently balanced, i.e. during 31.5 million seconds per year, with a relatively low tolerance limit. Otherwise the system collapses. In the considerations of the energy transition, however, only balances over the course of a year are often considered, but these are of secondary importance for the immediate system security.
Until now, this balancing act was relatively easy in the large-scale system with a few thousand controllable large power plants. The changing consumption could be well balanced. With the energy transition, however, the number of barely controllable generation plants is increasing significantly and at the same time the availability of controllable power plants is decreasing. Instead of a few thousand power plants, there are now millions of plants, which also significantly increases the complexity of the overall system.
An essential guarantor for the very high stability in the European interconnected system are the synchronous generators of the large power plants that produce the electricity. These rotating masses („instantaneous reserve“) represent an inherently available energy store that can buffer energy surpluses that occur at short notice and cushion load surges. They represent a kind of „shock absorber“. The synchronous generators also generate the frequency of the alternating current, which expresses whether there is a power shortage or a power surplus in the overall system. Control interventions can be made in a targeted manner via the frequency, independent of IT, and thus the overall system can be kept stable.
Due to the energy transition and the resulting forced extensive shutdown of conventional power plants, there is a strong reduction of these system-critical elements. Photovoltaic (PV) and wind power plants do not have this central system function per se. Wind power plants also have rotating elements, but often no direct copying because the electricity is fed in via inverters. Where it would be possible, this only works for a very short time. The continued operation of the generators requires extensive conversion measures, which is already happening in individual cases. Replacement solutions with large battery storage units and power electronics must first be implemented on a large scale. But even they will never be able to completely replace synchronous generators.
In addition, in recent years many resources such as power plants or battery storage systems have been optimised primarily to achieve a maximum return and therefore do not behave in a way that is beneficial to the system per se. There is the problem of looking at and optimising individual parts and also the lack of understanding of the system, which was promoted by the EU market liberalisation („unbundling“) – with the best of intentions – in order to break up the old monopoly positions of the large energy suppliers. A quick-and-dirty solution that focuses on the symptom and can be implemented quickly, while a fundamental solution tries to eliminate the cause of the problem. Quick-and-dirty solutions can usually be applied more quickly, but in the long term they make the actual problem worse, while fundamental solutions often bring significant disadvantages in the short term and only turn out to be beneficial in the long term [cf. Ossimitz (2006)]. This is a problem that runs through the entire energy transition.
But infrastructure projects in particular need long-term planning security. However, this hardly exists any more, since the political framework conditions change within a very short time, as the discussed gas phase-out and the extension of the lifetime of coal-fired power plants show. Every new intervention leads to delayed effects and less and less willingness to invest in infrastructure. In the worst case, the state will have to take over this task again in order to guarantee security of supply. The ostensible profits and efficiency gains of recent years will then be wiped out again in a very short time, and taxpayers will have to pay for them once more.
Many plants can no longer contribute to system stability. This inevitably increases the fragility and susceptibility to failure of the interconnected system. Technically, much more would be possible than is prescribed and implemented today. The reasons for this are complex: from a lack of overall systemic understanding to isolated economic considerations.
Germany sees itself as a great pioneer in the energy transition. However, a closer look reveals that numerous steps are not being implemented systemically, which also leads to the European interconnected grid becoming increasingly fragile. On the one hand, the focus was almost exclusively on the expansion of wind and solar power plants, which have very volatile generation characteristics that can be planned to a limited extent. However, plannability is crucial in a fragile system such as the European interconnected system. So far, the large-scale system has been able to cope with these interventions. Therefore, in many areas there is also the conviction that this will simply continue, which could turn out to be a big mistake. This fallacy is also called the turkey illusion [cf. Taleb (20135).
A turkey that is fed day after day by its owner assumes, based on its daily positive experiences (feeding and care), that the owner only means well with it. The turkey is missing the most essential information that this care only serves the purpose that it will be eaten in the end. On the day before Thanksgiving, when turkeys are traditionally slaughtered, it experiences a fatal surprise. This metaphor describes the frequent handling of events that are rare but have enormous impact, High Impact Low Probability (HILP) events, extreme events („X events“) or strategic shocks [see Casti (2012), Casti et al. (2017), Thurner (2020)]. We like to confuse the absence of evidence with the evidence of the absence of events [cf. Taleb (2013)].
As is so often the case, it is not the knowledge or the available technology that fails, but the concrete implementation. In a system restructuring, as is currently happening in the European interconnected system, this would have to take place at the same speed as the other measures. However, this is not the case in many areas.
The expansion of transmission lines is a massive problem in almost all countries and often meets with great resistance from citizens. For example, it was originally planned that the German north-south connections, in order to be able to transport wind power from northern Germany – if it is available – to the consumer zones in southern Germany, should be completed by the nuclear phase-out at the end of 2022. As things stand at present, the first main line („Suedlink“) is not expected to be completed until 2028 at the earliest. How this is supposed to work if the phase-out plan is adhered to at the same time remains a mystery. Either the lines are not necessary, or significant problems are to be expected.
In the next few months, conventional power plants will be shut down on a large scale – as they were last year – without an equivalent replacement being available. Some power plants will therefore be placed in the grid reserve so that they can be additionally ramped up in the event of a foreseeable long-term energy shortage. In the case of short-term events or disruptions, however, they could not be deployed quickly enough. Moreover, these costs are in turn „hidden“ in the grid charges and passed on to the customers.
Thus, by the end of 2022, a total of around 22 GW of nuclear and coal-fired power plant capacity with an annual electricity production capacity of around 128 TWh is to be taken off the grid and decommissioned. In addition, more and more power plant operators want to exit early because it is no longer profitable to operate them. However, this could still change due to rising electricity prices or developments such as the war in Ukraine.
At the beginning of January 2021, German and in January 2022 French coal-fired power plants had to go back online, which were actually selected for an early shutdown because demand coverage was at risk.
This is because the expansion of new generation plants is also usually severely delayed. For example, it has been pointed out for years that without new subsidies many German wind power plants cannot continue to be operated economically or that they will have to be dismantled due to the expiry of temporary operating licences. Upgrading („repowering“) is not expedient or possible at every location. The self-set targets by 2030 are thus hardly achievable.
Quite apart from the fact that it is not enough just to install wind power and PV systems. Behind this, the entire infrastructure must be adapted and expanded, which has hardly been addressed so far. Without rotating mass and quickly deployable replacement power plants, such as gas-fired power plants, the coal phase-out will not succeed. The German nuclear phase-out is de facto irreversible. Therefore, depending on how one looks at it, between 23 and 43 GW of capacity from gas-fired power plants would have to be added in Germany by 2030. That would be an enormous challenge in itself. However, Germany – like other countries – imports a lot of gas from Russia. The Russian war of aggression against Ukraine and the associated sanctions have created enormous uncertainty here. The plans to replace this gas in the short to medium term with supplies from other countries will probably remain wishful thinking, as the infrastructure and also the capacities for this are lacking, or the prices will not be affordable.
The announced expansion of nuclear power plants in France is also only an announcement for the time being. The average age of French nuclear reactors is 36 years. Therefore, with a current construction time of 10 to 15 years, it is not about expansion, but only about the replacement of old plants, which already have to be taken off the grid more and more frequently for safety reasons, such as in the winter of 2022. The previous exporter had to import massively itself.
If the currently fixed German coal and nuclear phase-out is maintained until the end of 2022, it is foreseeable that critical time windows will arise in the coming months where area shutdowns can no longer be ruled out in Europe to protect the entire system, especially if the gas crisis continues or even worsens. In France, there were already corresponding preparations and announcements for the winter of 2021/22, which did not have to be activated thanks to the very mild winter.
There are always significant divergences in electricity production from renewable sources, even though the weather forecast models are becoming better and better. These imbalances must then be compensated for at short notice by other power plants within the framework of what are termed redispatch measures. These replacement measures are usually quite expensive and are paid for by the customers through the grid fees. For this, however, power plants that can be called up quickly, such as pumped-storage or gas-fired power plants, are needed.
As early as March 2021, the German Federal Court of Audit warned of a possible shortfall in Germany [see Bundesrechnungshof (2021)].
In many areas and also among decision-makers, there is often a lack of the most basic knowledge, such as according to which physical laws the power supply system functions or what consequences increasing complexity has on the controllability of systems. Often it is only about individual aspects and hardly about systemic interrelationships. Therefore, the consequences of decisions are often not realised or simply ignored.
Therefore, there is often a lack of indispensable system adaptation, starting with the lack of storage and buffers, new decentralised structures and ending with the lack of transport lines for supra-regional exchange. In addition, electricity no longer has to be distributed in one-way traffic, but consumers are also increasingly becoming producers, so-called prosumers. This repeatedly results in large load flows in the opposite direction, for which the system, the lines and the protective devices were not originally designed. This increases the fragility of the system and drives up the electricity costs due to the necessary adjustment measures. This alone would not be a problem if every actor did not by definition pay attention to self-optimisation. Above all, this concerns business optimisation. Here, once again, our either-or thinking proves to be an obstacle. With both/and thinking, the contradictions would be much easier to resolve and manage. Functional units consisting of volatile generation plants, storage facilities and units that can be regulated quickly would contribute to system security and be more economically optimal to operate and provide added value for society.
The fact that each member country of the interconnected system is more or less pursuing its own energy transition with different objectives and directions is also not conducive to system security. It is also irrelevant whether it will still work out 99.99 percent of the time. The power supply system knows no tolerance; the balance must be ensured 100 percent of the time. Otherwise there will be a system collapse.
Due to the simultaneous German nuclear and coal phase-out, the reliably available power plant capacity is rapidly decreasing. This problem could be significantly exacerbated by the gas situation. For example, the German Federal Audit Office warned as early as March 2020 that there would be a shortfall in the coming years [see Bundesrechnungshof (2021)]. The German government therefore wants to import more from neighbouring countries in the future, should shortages occur. However, most of Germany’s neighbouring countries are also reducing their power plant capacities and also frequently import electricity from Germany when the available power plant capacity becomes scarce.
France, the previous main exporter, is also coming under increasing pressure. In January or early April 2022, there were fewer reactors online than ever before at this time. Fortunately, the winter of 2022 was very mild, so there was no escalation and no possible power shortage.
Again and again we hear that the wind is always blowing somewhere in Europe and that all we have to do is expand the line infrastructure accordingly. However, this claim cannot be substantiated. At the same time, an increase in extreme weather conditions is to be expected due to the climate crisis: both more wind, as in January/February 2022, and supraregional windless periods and significantly less wind power production than usual, as in 2021 [cf. APCC (2014)].
Therefore, with the steadily decreasing and reliably available power plant capacity, the risk of major disturbances or power shortages increases [cf. Paulitz (2020)]. The fragility of the system increases.
The transport infrastructure is lacking for a large-scale exchange of services. Therefore, the existing infrastructure is increasingly utilised and the physical limits are exhausted. In the worst case, missing reserves can no longer absorb disruptions. This problem will also be exacerbated in the coming months by an EU requirement that at least 70 percent of the technically available capacity must be made available to cross-border electricity trade via border interconnection points by 2025. What leads to improved exchange and lower prices in everyday life can lead to large-scale disruptions, even a blackout, in the event of stress – as on 8 January 2021. If a system has hardly any substructures [cf. Vester (20118)] and is utilised more and more frequently, fragility and susceptibility to disruptions increase [cf. Taleb 2013; Dueck (2015)].
The desire of politicians and electricity traders for a „European copper plate“ is understandable, but lacks any reality and ignores physical framework conditions and laws. This was noted by the German Federal Court of Auditors in its report on the „Implementation of the energy transition with regard to security of supply“ in March 2021 [Bundesrechnungshof (2021)]:
„The bottlenecks in the electricity grid are not expected to be eliminated by 2025. (..) The Federal Court of Audit maintains that key assumptions on which the current assessment of security of supply in the electricity market is based are unrealistic or outdated.“
„Moreover, the assumptions of the BMWi on the security of electricity supply are partly too optimistic and partly implausible. For example, the BMWi has not examined any scenario in which several foreseeable factors come together that could jeopardise security of supply.“
„However, the expert opinion used by the BMWi does not contain a scenario that combines various foreseeable risks to security of supply, e.g. that grid expansion is delayed and cross-border transmission capacity is restricted at the same time. The BMWi has also not examined any corresponding scenarios.“
„The BMWi has rejected a consideration of scenarios in which several foreseeable risks occur simultaneously. Such a „stacking“ of risks would not make sense according to the current state of the technical discussion on monitoring security of supply in the electricity market.“
A central challenge is that so far and for the foreseeable future, the necessary storage and buffer systems are lacking to be able to balance the volatile generation from renewable sources at any time and to replace conventional power plants. This problem is not limited to the instantaneous reserve already described, but also affects all other time ranges, from inherent, to second, minute, hourly, daily, weekly and even seasonal storage.
In Europe, a so-called „dark lull“ occurs time and again, i.e. a period of up to two weeks when there is hardly any wind, nor does the sun shine. Such periods must also be managed, even if they occur only rarely. This would require an almost complete shade infrastructure. Alternatively – if society could agree on it – planned area shutdowns through power shortage management would also be conceivable [cf. Paulitz (2020)]. However, these would cause just as much damage, at least until it had been established. Something that hardly anyone will seriously address at present, as it could „unsettle the public“. However, burying one’s head in the sand has never worked. Quite the opposite, as the flood disaster in the German Ahr valley in the summer of 2021 also showed. The warnings came far too late and cost many people their lives. Not to mention the immense damage, at least part of which could have been prevented by early warning and evacuation.
But there are also always individual days when there is hardly any production from renewable energies (RE). So far, these gaps could be filled by the still existing conventional power plants.
While in Austria there is at least theoretically around 3,300 GWh and in Switzerland around 8,800 GWh of (pumped) storage capacity available, in the whole of Germany there is only around 40 GWh, even though 300 GWh of the Austrian capacity belongs to German companies. There are also no significant expansion plans or opportunities in Germany. Possible projects also often fall victim to citizen resistance.
With its current storage capacities, Germany could not even cover 1 hour of its own electricity consumption (between 60 and 80 GW). Not to mention the fact that only about 11 GW of bottleneck capacity from (pumped) storage power plants is available, i.e. can be called up at the same time. In Europe as a whole, about 103 GW of pure storage capacity is available, of which 47 GW is pumped storage capacity.
Electromobility or home storage are also often brought into play as solutions. These can make a contribution. However, the dimensions are often underestimated. If the wind blows optimally today in the Austrian province of Burgenland, where a lot of wind power is produced, about 18 GWh of surplus power is produced on one day. This cannot be consumed in Burgenland, which has about 300,000 inhabitants and no large consumers worth mentioning, and must therefore be consumed elsewhere, stored temporarily or turned off. If one wanted to temporarily store this amount of energy in average Tesla S vehicle storage (75 kWh), one would need about 240,000 Tesla S that could be fully charged in one day from an unloaded state. If the wind stops blowing the next day, as happens more often, about 80,000 Tesla S would be needed just to supply Burgenland, but they would then have to be fully discharged. If you were to use home storage for this, you would need about 7.5 times the amount. Purely arithmetically – because in reality, such storage units may never be fully discharged.
The energy transition so far has ignored the fact that conventional power plants have integrated storage in their primary energy (nuclear fuel rods, gas, coal, oil). In the future, there will be rising consumption that is increasingly difficult to forecast and, at the same time, volatile electricity generation. Two things that can hardly be reconciled without a corresponding adjustment of the system.
For seasonal storage, „Power-to-X“ is seen as a great hope, especially the use of hydrogen. In principle, this sounds very tempting, since the gas grid already provides an infrastructure that can be used for this purpose. Unfortunately, people like to hide the fact that there are still considerable challenges to be overcome. This begins with the necessary infrastructure adaptation measures (tightness of pipes), the construction of correspondingly powerful electrolysers, and ends with the missing, but absolutely necessary and constantly available surplus energy to be able to produce hydrogen at all at justifiable costs. At the same time, large conversion losses are associated with the storage and then conversion to electricity. In addition, hydrogen will be needed on a large scale in many industrial processes in order to reduce CO₂ emissions.
The announcement of a large wave of financial support has triggered a gold rush of promising announcements. It is to be expected that one or the other „gold nugget“ will be found. However, it is not to be expected that a major breakthrough and widespread implementation will be possible in the short term. Rapidly implementable solutions are needed in the near future, however, and not in 10 or 20 years.
On the other hand, little is said about the potential „side effects“, such as those of the water vapour that would be released on a large scale during reconversion to electricity. In the same way, the side effects of the planned methanisation must be taken into account. Here the effects are already known: Methane is significantly more harmful to the climate than CO₂. This issue also affects biogas plants. Hence, again and again the systemic principle: Only those who know and understand the whole also understand the details, and not vice versa.
Generally speaking, there is no form of energy without side effects. Many resources are also needed for wind and PV plants, which is unfortunately usually presented in a very distorted way. The individual plant is small and manageable. If the concrete power balance were considered over a year, things would look quite different.
Due to an incorrect approach, apples are often compared with oranges, or average values are used that are hardly relevant for system security. For example, 123 GW of installed wind and PV capacity in Germany with a simultaneous consumption of 60 to 80 GW sounds like a lot. But if you know that so far an actual output of more than 60 GW has only been generated on a few days a year, things look very different. Things get even bleaker if you take out individual outliers like the one on 16 November 2021. On this day, just 0.23 GW was produced by wind and PV plants at the minimum. Calculated over the whole day, just 0.05 TWh was generated by wind and solar power, with a consumption of 1.46 TWh. For such days alone – even if they only occur sporadically – an almost one-hundred-percent shadow infrastructure would have to be kept in place or large-scale shutdowns would have to be carried out to prevent a system collapse.
The comparison of the costs of a kilowatt hour (kWh) from nuclear, gas, coal, PV or wind power plants is also generally misleading. Here, the essential factor of a reliable supply over a defined number of hours per year is simply disregarded. Therefore, there is no usable and serious comparative value, even if this is what people like to convey. This is because the necessary additional measures, such as storage, would also have to be taken into account in order to establish comparability. However, the environmental costs caused by fossil power plants are not taken into account either.
For system security, only the fixed calculable contribution counts in order to be able to ensure the permanently necessary balance. In other words, not statistically calculated over the year, but plannable, reliable and constant. This requires much more than just one generation plant. What is missing here is an honest and transparent presentation on both sides. Facts look different.
A wind turbine in itself seems to be very low in resources and there are no costs for primary energy. However, if the quantities of steel and concrete required for the base, including the associated CO₂ emissions, and the necessary number of turbines to be able to generate a comparable amount of energy to conventional power plants are added together and the necessary storage resources and storage costs are also added, the presentation looks completely different. In addition, wind power plants are often built far away from consumer centres, which also requires an additional line infrastructure, which is also often ignored. Only those who know and understand the whole also understand the details and not vice versa.
Therefore, we need an honest and objective discussion here. The same applies to the consideration of the total costs of fossil or nuclear plants, which are also usually swept under the carpet. If we want to create a broadly accepted and functioning energy supply with the energy transition, then we need the corresponding transparency. False promises – such as „the energy transition is no more expensive than a scoop of ice cream“ – only harm this goal.
One of the biggest hurdles is our „either-or“ frame of thinking. To deal with complexity, however, a „both/and“ framework of thinking is needed. For example, in that CO₂ emissions can be significantly reduced with generation plants from renewable energies and that, at the same time, other system elements are also necessary in order to be able to continue to guarantee the very high level of supply security to which we have been accustomed up to now.
As if these were not enough challenges, electricity trading is also a critical player. The liberalisation of the electricity market more than 20 years ago has brought many benefits, but there are also downsides that are often ignored. In June 2019, for example, German electricity traders brought the system to the brink of collapse after they exploited a regulatory loophole. Despite warnings and the prospect of high penalties, loopholes continue to be exploited.
For example, there were 141 frequency anomalies in 2020, 175 in 2021 and over 55 in the first two months of the current year, which can be attributed to operationally optimised power plant scheduling. In these deviations, half to two thirds of the reserve that is kept for unplanned power plant outages is repeatedly misused for balancing measures. It is known how this abuse could be stopped, but the necessary regulation has not been implemented to date. If there are additional power plant outages, which is more likely with the timetable change, this could trigger a domino effect.
In addition, electricity prices in Europe have risen significantly since autumn 2021. While the average price for a megawatt hour (MWh) of electricity on the electricity exchange was around 35 euros in Germany in 2015-2020, this rose to 94 euros in 2021 and was even around 155 euros per MWh in the first two months of 2022. In Germany, a high volatile share of renewables even leads to extremely high variances within one day, but also during several days. Prices in the first two months of 2022 have thus varied between 0 and 400 euros, with up to 250 euros spread within one day. This not only has an enormous impact on system stability and on customers‘ electricity bills, but also tempts them to speculate, as high returns can be associated with it.
Supraregional electricity trading, as pushed by the EU and to be significantly expanded by 2025, also contributed significantly to the major disruption on 8 January 2021. On this day, an overload occurred in a busbar coupling at the Ernestinovo substation (Croatia) at 14:04, which then duly shut down for self-protection. This led to an overload of 14 items of equipment in south-eastern Europe, causing the European interconnected grid to split in two. The result was a massive frequency increase to 50.60 Hertz in south-eastern Europe and a frequency collapse to 49.74 Hertz in north-western Europe caused by the power imbalance that occurred. In the south-east there was a power surplus of 6.3 GW, which was simultaneously missing in the north-west.
The very steep frequency drop or rise indicates that there was already too little instantaneous reserve that would have had to cushion such a serious power change. On the other hand, there was a high electricity import of about 6.3 GWh in Spain and France at that time, which indicates that the supraregional electricity trade led to the overload.
The busbar coupling in the Ernestinovo substation had also not been classified as system-relevant until then and was therefore not included in the ongoing safety calculations. This raises the question of how many more such unobserved breaking points there could be. There are many model assumptions without concrete measured values, because that has sufficed up to now. Due to the challenges described, however, monitoring would have to be expanded significantly. Particularly at the distribution grid level, there are many white spots, and at the same time, the greatest upheavals are taking place there.
Many new installations are being added to the distribution grids: millions of micro power plants, e-charging stations, heat pumps or air conditioning systems as large consumers, for which the infrastructure was never designed. Countless new players who want to participate in the electricity market must also be integrated and networked. System complexity is increasing and increasing.
The particular problem here is that an increasingly complex system cannot be controlled with the previously successful central structure and logic. Instead, what is needed is an „orchestration“ of this multitude of components and actors so that they automatically participate in ensuring security of supply.
A centralised approach, as is currently often pushed with „smart grid“ considerations, increases the central vulnerability of the system and should be avoided if at all possible.
However, this requires a restructuring into robust energy cells, as the increasing complexity will not be manageable in any other way. Complex systems cannot be controlled centrally; they rather require decentralised autonomous units where demand, storage and generation are balanced as locally or regionally as possible [cf. Vester (20118)]. Currently, problems are often postponed on a large scale, often according to the motto: „Out of sight, out of mind“.
In the energy cell system, cross-system synergies (electricity, heat, mobility) must also be used. It is therefore about a holistic energy supply in cellular structures, which first requires a comprehensive rethinking. So far, this is only visible in rudimentary form.
Such an approach does not contradict the existing large-scale system, which will continue to be needed because large industrial companies or cities cannot be supplied in any other way for some time. However, with these decentralised structures and functional units, the robustness of the overall system can be increased bottom-up and during operation, without interruptions.
Cellular structures are not as efficient as the previous large-scale system, but this is only true until there is a major disruption in the form of a blackout. Then, in one fell swoop, all previous efficiency gains would be wiped out and unimaginable societal damage would be caused. Resilience and robustness are at odds with our purely business-motivated efficiency thinking, which means that we are happy to dispense with the redundancies and reserves that are essential for survival.
The cellular structure can be derived from evolution, where all living things are organised in cellular structures. This has obviously proved its worth. What is being celebrated as the decentralised energy transition is currently anything but decentralised. The entire energy transition so far only works because of the existing centralised system with the necessary storage and buffers. The propagated „smart grid“ and flexibility measures also depend on comprehensive centralised IT networking and thus on increasing complexity. In addition to the danger of cyber attacks, this results in other side effects that have hardly been taken into account, as will also be discussed in more detail in chapter 25.
The increasing digitalisation of the power supply system also increases the interdependencies: without power, no IT. Without IT infrastructure, no power supply. Experts fear that even today a possible grid reconstruction could fail because more and more protective devices are being automated and there are hardly any non-digital fallback levels.
In addition, more and more digital applications are emerging on the electricity and flexibility market. What creates added value in everyday life could quickly turn into the opposite, as demonstrated, for example, by the serious cyber attack on the largest oil pipeline in the USA in May 2021 or on the tank logistics company in Germany in February 2022. At the time of writing, it is still unclear what impact the failure of around 6,000 satellite modems will have on the associated German wind turbines. So far, we seem to have got off lightly.
There does not always have to be an intention to cause damage. An out-of-control cyber-attack – as seems to be the case with the satellite modems – or even just a serious malfunction, can also quickly lead to problems in the physical world, primarily in a system with such a fragile balance. See also the 2013 I&C disruption in Austria.
In addition, there is now an increasing shortage of skilled workers not only in the IT sector, but also in the classical electrical engineering sector. This makes the operation, maintenance and conversion of plants increasingly difficult.
But here, too, an energy cell system could provide a remedy, since smaller units and structures are easier to control and convert. A lot of IT support will also be needed in the cells, but in a different form and requirement than in a centralised system. Cells are also more fault-tolerant than centralised structures, where much more far-reaching consequences can be expected immediately.
Another aspect of increasing fragility comes from an infrastructure that is coming to the end of its life and use („Ageing Infrastructures“). The majority of power plants and infrastructure are 40 to 50 years old, some even older. This means that far-reaching innovations would have to be introduced in the next few years. However, this does not pay off under the current purely economic considerations and the uncertain framework conditions. Investments are therefore postponed, which increases the susceptibility to failure. If investments are only made when it pays off, it is already too late.
In Germany alone there are said to be more than 1,150 large transformers, of which probably more than 500 are already over 60 years old and have actually reached the end of their life cycle. Irreversible ageing processes take place in transformers, which is probably accelerated by the increasingly demanding operation. These would therefore have to be replaced in the foreseeable future.
However, the German production capacity is only 2 to 4 units per year. In addition, many additional and new plants will be needed as a result of the system conversion and a rapid upscaling of production capacity cannot simply be achieved overnight.
The liberalised electricity market has led to the reduction of reserves and redundancies in many areas. What may be acceptable in other areas of infrastructure could end badly in the case of the vital electricity infrastructure.
Another phenomenon that has hardly been considered so far is possible resonance effects between the inverter and the electronic components, which lead to hardly known disturbances in the distribution grid. These effects are hardly recognised with the methods and individual component observations used to date. At the same time, the incidents are constantly increasing and will rise significantly with further expansion.
If previous observations are confirmed that electronic components and insulation of lines age more quickly as a result, this could lead to considerable disruptions in the infrastructure sector. Experts point out that the inverters installed today must be replaced by a new generation as quickly as possible in order to limit the damage. But who should do that when everything is still working anyway?
With the advancing climate crisis, it is also to be expected that extreme weather events will increase in the coming years in Europe as well, as they have already done in Australia, California or Texas [see APCC (2014)]. This can be accompanied by severe infrastructure damage and failures, as was observed regionally in the German Ahr valley in 2021.
Extreme drought, on the other hand, causes enormous problems for conventional power plants, which have to draw cooling water from bodies of water. At the same time, the efficiency of hydropower plants is reduced by falling water levels. In the other extreme case, floods or heavy rainfall events lead to problems in power generation, such as in June 2020, where a heavy rainfall event caused the largest Polish coal-fired power plant and, in parallel, other generation plants to fail, resulting in a critical supply gap.
Pumped storage power plants can also reach their limits due to a delayed snowmelt, as in spring 2021.
Energy cells would not be spared from such events either. However, the risk of large-scale outages could be significantly reduced. Cells do not per se have a higher security of supply or robustness. They do, however, help to reduce the potential damage, which is becoming increasingly important due to the problems outlined above. Borderless structure creates extreme dependencies and vulnerabilities.
The intended decarbonisation of many sectors (mobility, heating, industry, etc.) will make it necessary to replace fossil fuels with electricity. For example, digitalisation, e-mobility, heat pumps and air conditioning systems will lead to a foreseeable further increase in electricity demand. In addition, these applications have very high peak loads, for which the previous infrastructure, especially the distribution grids, was not designed. Therefore, massive reinforcements and adjustments would have to be made. This will only be possible to a limited extent in the foreseeable future. Therefore, considerable problems are emerging at the distribution grid level if too many feeders (PV) or loads overload the grid at the same time.
In order to be able to really drive forward the energy transition and at the same time not further endanger the existing systems, it will not be possible without a fundamental reduction in energy demand. Everything that does not have to be needed, produced and stored contributes most quickly to achieving the goals. There is still great potential here before the often feared loss of comfort occurs. Here, too, a more conscious approach and thinking beyond system boundaries is needed in order to make the best possible use of the synergy potentials. In nature, decentralisation, fault-friendliness/tolerance and diversity have emerged as essential success concepts for (super)viable complex systems, in addition to the reduction of energy and resource requirements [see Vester (20118)].
With this comprehensive, though still long inconclusive, systemic view, it is hoped that we have succeeded in conveying that an increasing blackout risk is obvious and should therefore not be ignored. At the same time, it is worth repeating that HILP events are not about calculating the probability of occurrence, but rather about the potential damage that can be caused by such an event. This is now considered in more detail in the second part.
This non-exhaustive list of current developments addresses a number of problems that could endanger the security of supply in the European interconnected system. In general, it is not the knowledge or the necessary technology that is lacking, but the systemic implementation. In most cases, one-sided and short-sighted considerations lead to the problems and the potential long-term negative effects are readily ignored. The ever-increasing business and market-oriented focus leads to an ever-increasing self-optimisation with a lack of a view of the whole. For example, fewer and fewer plants can contribute to system stability because this is no longer specified and demanded accordingly. A system is more than the sum of its parts, which is criminally disregarded. This inevitably increases the fragility and susceptibility to failure of the interconnected system.
In the event of a Europe-wide major disruption in the form of a blackout, a massive power imbalance in the European interconnected system would lead to a large-scale shutdown of resources such as power plants. This serves as self-protection against physical damage to the plants. In principle, there are extensive safety mechanisms to prevent such an event. However, there is no such thing as one hundred percent safety, anywhere.
Many safety concepts are adapted to the old energy world, which can hardly keep up with the increasing complexity and the developments described. This applies in particular to the massive power plant shutdowns in Germany, which means that even in the event of a grid separation („system split“), as on 8 January or 24 July 2021, uncontrollable system states can occur if, for example, there is too little rotating mass in a sub-segment to be able to cushion the load jumps that occur [cf. section on instantaneous reserve above].
The assessment of whether something like this is really possible is disputed among experts. Until the 2006 system split, it was completely unthinkable. A pandemic that would turn our lives upside down within a few days was also inconceivable until March 2020, as was a conventional war in the middle of Europe. Therefore, the turkey illusion is worth remembering here.
The real danger therefore does not come from the power blackout, but from the resulting and longer-lasting supply interruptions in all areas of life, which could bring our current (unprepared) society to the brink of collapse within a few days. This is also because, due to the large-scale event, help from elsewhere is hardly to be expected, as everyone is affected themselves and hardly any free resources will be available.
Even a large-scale power blackout lasting only a few hours – across several states – would already have the potential to trigger the most severe consequential damage in production and logistics, since neither the population nor the companies nor the state are prepared for such an event, as was already noted in 2010 in the study by the German Office of Technology Assessment „Gefährdung und Verletzbarkeit moderner Gesellschaften – am Beispiel eines großräumigen und langandauernden Ausfalls der Stromversorgung“ (Hazard and vulnerability of modern societies – using the example of a large-scale and long-lasting power blackout).:
„Due to the almost complete penetration of the living and working environment with electrically operated devices, the consequences of a long-lasting and widespread power blackout would add up to a damage situation of special quality. All critical infrastructures would be affected, and a collapse of society as a whole could hardly be prevented. Despite this potential danger and catastrophe, society’s awareness of the risks is only rudimentary. [Petermann et all. (2010). p. 4.]
„The impact analyses have shown that after only a few days in the affected area, it is no longer possible to ensure the nationwide supply of the population with (vital) goods and services in line with their needs.“ [Petermann et all. (2010). p. 15.]
Social vulnerability has increased considerably in the past 10 years due to increasing interdependencies (keyword: digitalisation). The level of preparedness has tended to decrease, especially in organisations, companies, but also in the state, as fallback levels, reserves and stocks were often saved as „dead capital“ for business management reasons. Only then did a possible blackout become a real and underestimated threat to society.
What is considered more likely in expert circles is a power shortage. This means that a massive shortfall in coverage becomes apparent days beforehand. To prevent a blackout, electricity shortage management must be carried out in the form of preventive disconnections of consumers („brownout“). In the best case, this will only affect large consumers who have contractually agreed to do so and will also receive compensation for this. If this is not sufficient, rolling area shutdowns could also become necessary, such as those that had to be carried out in Kosovo or Turkey in the winter of 2021/22. In the past years, there were also corresponding preparations in Belgium or France, which, however, did not have to be triggered so far. In Switzerland, too, many companies were warned of possible rationing in the winter of 2021/22.
However, many European companies and infrastructure operators have not yet been prepared for such a situation. Therefore, similar to an actual blackout, rolling area shutdowns can also be expected to cause considerable damage and disruptions in other infrastructure sectors and thus in logistics as a whole. The complex interactions and interdependencies are often underestimated, as was already warned in the context of the Swiss security association exercise in 2014:
„It is not the power blackout, but the prolonged power shortage that emerges as the greatest challenge in the SVU 14 scenario. A total failure of certain critical infrastructures is very likely, because less electricity often does not mean that less works, but that nothing works at all. Information and communication technologies (ICT) control important systems (transport, telephony, warehousing, payment transactions, etc.). Today, nothing works without ICT, but ICT does not work without electricity. In this situation, diesel or other fuels are indispensable as a substitute for local electricity production.
Maintaining the basic supply of consumer goods for the population quickly becomes centralised and very difficult to achieve. Moreover, since the usual communication channels are very limited, a prolonged power shortage is not to be underestimated, but a Herculean task for all involved.“
A prolonged power shortage could also occur as a result of a blackout, if power plants or infrastructures are damaged and sufficient generation and/or transport capacities are no longer available for a longer period of time. In Switzerland, such a scenario has been considered the most probable and at the same time the most serious risk for Switzerland since 2012.
A major European disruption across several countries would immediately lead to a large-scale failure of most critical infrastructures (CRITIS) [cf. Pertermann et al. (2010)]. This would start with the telecommunications sector (mobile radio, fixed network, internet), which, together with electricity, would mean that the two most important lifelines of our modern society would fail. This would mean that virtually all services would be cut off or only available to a very limited extent: the financial system (ATMs, cash registers, money and payment transactions), traffic (traffic lights, tunnels, trains, petrol stations) and thus the entire supply logistics (food, medicines, goods of all kinds), up to and including regional water supply and sewage disposal failures. Not to mention the thousands of people who could be trapped in lifts, railways or, in winter, on ski lifts. Not fully mobile residents of high-rise buildings would no longer be able to reach or leave their flats.
A widespread failure of telecommunications infrastructures, for example due to a cyber-attack, could lead to similarly far-reaching effects. An aggravated pandemic, where significantly more people fall ill at the same time, would also foreseeably lead to massive supply bottlenecks and failures. Our highly optimised and efficiency-enhanced just-in-time logistics have hardly any reserves or fallback levels to compensate for the expected far-reaching infrastructure or personnel failures.
The fragility of logistics chains [cf. CSH (2020)] could be observed in 2021 with numerous examples. In the event of a blackout, where large parts of Europe come to a standstill at the same time, the effects would be many times more serious. Therefore, a global shock effect and lengthy restart times should also be expected.
A blackout can be divided into three essential phases, which is often underestimated:
In Austria, a power blackout lasting about 24 hours is expected. Parts of the regional power supply can probably be restored much earlier. In other parts, it may take longer. Metropolitan areas are to be restored with priority.
Austria has a great advantage over many other countries due to its large pumped-storage power plants that can be black-started and regulated. This would make it possible to restore the grid much more quickly than in many other countries.
At the European level, it is estimated that it will take about a week for the power supply to be restored to a stable level everywhere. The different estimates of whether it could take only hours, days or perhaps even weeks therefore diverge considerably.
In any case, the actual duration depends largely on the triggering event and the size of the failed area. If sufficient voltage can be brought in from neighbouring, non-failed power supply units, a restoration can also succeed much more quickly. If infrastructure was damaged during the failure or even sabotaged beforehand, it can also take considerably longer. If there is no longer sufficient power plant capacity available during the restart, power shortage management may also become necessary. So there are very many factors of uncertainty.
However, many other infrastructures can and should only be put back into operation when the power supply is sufficiently stable and reliable. Otherwise, voltage and frequency fluctuations can cause further damage to plants and infrastructure. Therefore, it is advisable to wait as long as possible before restarting infrastructures and production facilities until it has been clearly communicated that the European interconnected system is functioning in a sufficiently stable manner again and that there is no threat of another immediate outage. This is also because there is extensive experience with simulator-supported network reconstruction training, according to which complete failures occur time and again when partial networks are interconnected. Quite apart from the fact that many uncertainties are to be expected during a real network reconstruction.
In various and critical areas, emergency power generators are kept on hand for a power failure. But here, too, it is often apparent that the performance and reliability are frequently overestimated, as was shown, for example, by the 31-hour power blackout in Berlin-Köpenick in February 2019, where the emergency power generator of the DRK clinic failed after 7 hours of emergency power operation. As a result, 23 intensive care patients had to be evacuated. This would not be possible in the event of a blackout.
A common problem is the fuel quality of emergency power equipment, as a German study showed in 2014. At that time, around 60 % of the fuel examined was broken or defective. Only 6 % was faultless.
Generally speaking, an emergency power system should be tested regularly over a longer period of time in order to be able to assume that it will function smoothly when needed. . There are too many potential sources of error.
Most preparations also focus almost exclusively on this phase of the power blackout, which clearly falls short. Phase 2, until the telecommunication supply with fixed network, mobile phone and internet is largely stable again after the power blackout, is completely underestimated. Expected serious hardware failures and malfunctions, as well as massive overloads during the restart, mean that a recovery time of at least several days is to be expected.
The longer the power failure lasts, the more severe the damage, especially in backbone systems, is to be expected. In those regions where the power blackout lasts longer than 72 hours, it is difficult to calculate when these facilities will be restarted, as most of the emergency power supply will have failed by then. Then, major damage to network components, switches, even server hard disks, etc. is to be expected. The main problem is caused by electrolytic capacitors drying out. For the most part, this is not noticeable during operation. However, if the power fails, the component is destroyed when it is switched on again, and important links in the chain fail. This can quickly lead to a problem with spare parts, and due to the lack of communication possibilities and the high demand for simultaneity, an external replacement at short notice will hardly be possible. Such failures and malfunctions can also occur in any company infrastructure, especially if it is never switched off. If this were done regularly, these defective parts would be noticed regularly and could be replaced in time. In many complex systems, however, switching off is no longer possible. Therefore, the expected problems accumulate here and may then strike at the same time. A fatal development.
Without telecommunication supply, neither production and logistics chains nor fuel logistics nor the supply of food or medicine to the population will function. Health care (hospitals, general practitioners, pharmacies, nursing, etc.) will also function only to a very limited extent, if at all. Hospitals do have an emergency power supply. However, this can often only supply the most important areas. On the other hand, there is a very high dependence on external supply and disposal services, which means that medical care will soon only be possible to a very limited extent. The availability of personnel can have a particularly critical effect [cf. Petermann et all. (2010)].
At the same time, the study „Nutritional Precautions in Austria“ [cf. Kleb et al. (2015)] as well as comparable studies in Germany came to the conclusion that by the fourth day of a blackout-related supply interruption at the latest, around one third of the population is no longer able to provide for itself sufficiently. After seven days, this could already affect about two thirds or about six million people in Austria.
This does not even take into account tourists or commuters who will definitely be dependent on external help. There are neither governmental nor other provisions that could absorb such a severe event. The aid workers and their families are also directly affected by the consequences. Only this reckless initial situation leads to a real catastrophe.
Although there have always been recommendations that the population should keep a personal emergency stockpile, this practice was discontinued in large parts of Central Europe at the latest after the end of the Cold War more than 30 years ago. That is the curse of the very high security of supply in all areas of life, whether it is electricity, water or food and health: there is always something there and if there was a problem, someone was quickly on hand to help. This will not work in the case of a blackout.
Therefore, precautionary recommendations such as „Guter Rat – Notvorrat“ in Switzerland , the recommendations of the German Federal Office of Civil Protection and Disaster Assistance (BBK) or the Austrian Civil Protection Association are more topical than ever. They rarely reach the general population. The Austrian Society for Crisis Preparedness (GfKV) is therefore trying to help with the initiative „Join in! Austria is getting fit for crises!“ initiative to make the topic more socially acceptable again and to bring it out of the niche corner.
The basic problem lies in the insufficient risk and safety communication to convey the need to the population. And not only when a crisis has already occurred, but already well before. Otherwise, it is easy to overreact, such as before the first lockdown in 2020 with the excessive purchase of toilet paper or potassium iodide tablets in March 2022. Society lacks a general crisis fitness to be able to deal with extraordinary events. This has not been necessary for many decades.
However, the corona pandemic and the upheavals following the war in Ukraine have fundamentally changed that. The war in Ukraine in particular has probably triggered a series of subsequent crises, especially in the logistics chains and food supply, which will probably occupy us for years to come and demand a great deal from the population. This makes it all the more important to prepare for these turbulent times and to take at least minimal precautionary measures.
Even if the telecommunication supply works again, the crisis will not be over for a long time. The following phase 3 will last weeks, months and sometimes even years, depending on the sector affected. For example, in industrialised agriculture, where it is expected that millions of animals could die within hours in Europe. Longer-lasting supply bottlenecks are therefore very likely, since a loss in production, which can affect vegetable production just as much, cannot simply be compensated for many millions of people. Added to this are the multi-layered, transnational dependencies in supply logistics. Packaging materials, for example, could be a particular bottleneck. If these are not available, for example because of serious production stoppages, products can no longer be packaged and put into circulation as usual. In our highly optimised just-in-time logistics, there are a multitude of possibilities why the whole chain can break down. The Austrian Com-plexity Science Hub (CSH) Vienna, for example, warned of this at the beginning of the corona pandemic. A collapse of entire industries is possible if individual links in the chain fail [see CSH (2020)]. The Ukraine war could also lead to serious disruptions in the food supply, as the CSH also warns in a study [see CSH (2022)].
In general, the consequences and restart times after a large-scale and abrupt loss of power supply are massively underestimated. Many preparations are only concerned with immediate precautions for the power blackout, which often results in the acquisition or expansion of an emergency power supply. Phase 1, i.e. the time of the power failure, is still the most manageable. Much more serious and catastrophic will be the significantly longer phases of restart (phases 2 and 3) in the other infrastructure sectors and in the resynchronisation of supply logistics, which is completely underestimated in this dimension because we lack the experience.
This affects society as a whole. Because even in not so critical areas or in general working life, a restart will only be possible when the basic supply is secured again. The very high level of supply security in all areas of life, especially in Central Europe, therefore becomes a boomerang: the necessary self-provisioning and fall-back levels are lacking. Far too many people and organisations simply rely blindly on constant availability: a turkey illusion.
An inconceivable catastrophe is looming, which could end in the greatest disaster since the Second World War, as the Office of Technology Assessment at the German Bundestag already noted in 2010:
„At the end of the first week at the latest, a catastrophe would be expected, i.e. the health damage or death of very many people as well as a problem situation that could no longer be managed with locally or regionally available resources and personnel capacities.“ [Petermann (2010). S. 10.]
In the short term, only preparation for the event seems possible, which is also true in general: prevention, protection and security are important, but not enough. A „both/and“ way of thinking is needed: We should be just as capable of dealing with and managing unexpected events [cf. Weik (20102)]. This concerns all levels. For example, preventing cyber-attacks is enormously important, yet a recovery plan is indispensable, even if it is always hoped that it will never be needed. But hope alone is too little. This is just as true when it comes to blackouts. We are currently operating the largest infrastructure transformation of all time on the open heart and without a safety net. This could turn out to be a fatal mistake.
The most important step starts at home: to be able to supply oneself and one’s family self-sufficiently for at least 14 days by means of stockpiling. This means at least two litres of water per person per day for at least several days (phases 1 and 2). After the power blackout, it is possible to cook again, but not to buy food. Therefore, food such as noodles, rice and canned food is needed for 14 days. The same applies to important medicines, infant or pet care. Torches, a battery-operated radio, rubbish bags and other important supplies that one might need then. Just what you would take on a two-week camping holiday.
This basic provision is elementary so that we can ramp up production and logistics as quickly as possible. Because if people can no longer provide for themselves, they won’t be able to get to work to ramp up production and systems again. Therefore, broad self-provisioning among the population (= personnel) is an essential prerequisite for us to be able to cope with such a scenario. This also applies in particular to those organisations and companies that have to maintain emergency operations in such a case, i.e. also the energy industry. On the other hand, no one can help millions of people if they are affected at the same time.
What many PV owners do not know is that their PV system does not supply electricity during a power failure, as most systems are grid-connected. Only island-operated PV systems, i.e. supplemented with grid disconnection, hybrid inverter and storage, can maintain an emergency supply at home even during a grid failure. This would allow lighting, heating and cooling appliances (supplies!) to continue to operate. The scenario can thus be significantly mitigated. These systems represent the smallest energy cell (cf. section Decentralised functional units („energy cells“) above).
In social terms, it would be even more effective and efficient to establish regional energy cells as soon as possible, where at least a basic emergency supply of water, sewage, heat or health services could be maintained even during a grid failure. However, the necessary awareness and framework conditions are lacking for this [see Decentralised functional units above].
The necessary organisational measures can also be based on the personal precautionary measures. The first step is to raise the awareness of your own staff in order to initiate your own precautions. Secondly, comprehensive considerations are necessary as to how the necessary communication can be ensured in the event of a blackout. Often only through offline plans, i.e. prepared arrangements that must be available in the minds of the staff. Key personnel must know what to do if no one can be reached and how relief and supply will work if an emergency operation must continue.
Alerting, as is usually the case, will not work as a rule, since the telecommunication systems will largely fail within a few minutes of the power failure. Personal circumstances, such as the distance to the workplace or other obligations, such as persons in need of care, functions in community crisis teams or emergency organisations, must be taken into account when considering the availability of staff. Furthermore, it must be ascertained how long the available resources, such as fuel for emergency power facilities or food, will last for an emergency operation, since it is hardly likely that supplies will be available from outside if appropriate preparations have not been made. This then extends to restart plans, where it is necessary to consider what conditions are required in order to be able to return to orderly operation at all.
A large-scale power blackout is unimaginable for many people because such an event has never happened before. At the same time, there is no such thing as one hundred percent certainty, especially not when such fundamental and often non-systemic changes take place during operation, as described in the first section. A modern society should therefore also be able to answer the question of what if. Up to now, many decision-makers and the population have relied on the principle of hope. This is important in order not to fall into fatalism. But if it is the only thing that can be held against a possible event, then it will not be enough.
The reasons are very complex. On the one hand, we lack the necessary error culture to deal with problems openly and transparently. On the other hand, the political debate around the necessary energy transition is often ideological and conducted with blinkers and little technical understanding. There is often a lack of contradiction from the technical side. Regardless of whether this is due to organisational dependencies or, for example, because one does not want to be labelled an „eternalist“.
Similar phenomena can also be observed in crisis prevention. The lack of preparedness is usually only admitted behind closed doors. This means that there are often large gaps between the official presentation and the actual reality. Although similar actions are taken everywhere, there is still often the assumption that things must be better in other areas and that all the necessary preparations have certainly been made there. Thus, many unfoundedly rely on others. A large part of the population makes the unrealistic assumption that they will be taken care of by the state in such a case.
A possible or even very realistic blackout would therefore turn our highly technology- and electricity-dependent society upside down within a very short time. While in the corona pandemic there was still a certain lead time and all infrastructure services could be maintained and thus things could still be organised at short notice, a blackout would bring us to a complete standstill from one moment to the next. Total chaos can only be mitigated by appropriate individual and organisational preparation.
For this, often only manageable efforts are required: personal precautions for at least 14 days and corresponding organisational schedules that also function largely without technical means of communication. This can already avert a great deal of damage. However, knowledge alone is not enough. We also have to do it.
The author provides the most comprehensive collection of knowledge on the subject of blackouts and blackout prevention in the German-speaking world at www.saurugg.net. Here you will find numerous additional aids and guidelines for individual and organisational precautions, which are constantly being expanded.
Digitalisation does not stop at energy and thus power supply, even though many resources are still operated on the basis of simple analogue and physical principles. At the same time, safe grid operation would no longer be possible for years without ongoing safety calculations and simulation with the help of powerful IT systems. The Austrian transmission system operator Austrian Power Grid (APG) alone carries out around 300 simulations every day in order to be able to identify and counteract possible critical bottlenecks in good time. In addition, there are supra-regional computer centres where extensive security calculations are continuously carried out by Regional Security Coordinators (RSCs). In addition, the increasingly complex electricity market would not be possible without comprehensive networking and digitalisation.
Digitalisation enables a more efficient and optimised use of operating resources, which contributes to the conservation of resources, but also tempts to push the operating resources further and further to their limits. In the past, high safety margins were calculated and built in order to be able to cover the expected future demands for as long as possible. Under today’s tight economic conditions, this is often no longer possible. In addition, previously built-up reserves have been used for a long time, so that the room for manoeuvre is becoming increasingly smaller.
In any case, digitalisation opens up new fields of action, especially when it comes to billing and optimisation, such as the envisaged use of blockchains in the area of energy communities. Virtual power plants and flexibility markets can also be created with the help of digitalisation. There are almost no limits to the ideas. Only the future will show whether they also contribute to system security and stability. First of all, scepticism is in order, even if a both/and approach is called for. Not only the possible opportunities, but also the expected risks and downsides should be considered in time. Since the possible opportunities are usually presented extensively, this chapter will take a closer look at the potential downsides of digitalisation in order to be able to learn from them and adapt in time.
Technical networking not only leads to the well-known advantages, but also to developments with which we are often less familiar. For example, increased feedback possibilities in networked systems increase complexity and dynamics. Complex systems have a number of properties that we are hardly familiar with in this form from our previous technical solutions [see Ossimitz (2006), Dörner (2010), Vester (2011), Thurner (2020)].
For example, there are non-linear cause-effect relationships, which makes risk assessment increasingly difficult due to the lack of causal chains. We are used to our previous analogue systems („machines“) being calculable and thus controllable. Even though individual machines can have thousands of components and function completely opaquely for most people, they always follow the same logic. They are therefore complicated: they can be disassembled into their individual parts, analysed and reassembled. If everything has been done correctly, they then function as before. This is not the case with complex systems: if they are disassembled into individual parts, their original function cannot be restored because the separation irreversibly destroys connections [cf. Lotter (2020)].
Living organisms are an example of this, even if medicine can achieve a lot today. However, the original state cannot be restored. As a general rule, systems are complicated if a manual can be written for them and instructions can be replicated. Complex systems, on the other hand, are „black boxes“ where the exact processes are not fully understood or cannot be replicated. Mixed forms also occur, which in turn can lead to misinterpretation. Software can follow a complicated procedure, but lead to a completely unexpected result due to a user interaction that was not foreseen or anticipated. This is exactly what creates enormous challenges in the use of „artificial intelligence“, when it is no longer just simple machine learning, as the results are no longer traceable, which is also referred to as „emergence“.
The combination of different things can result in completely new possibilities. This can also lead to new vulnerabilities, such as those exploited in cyber attacks. In principle, one cannot deduce the properties of the new from the individual properties and vice versa. Oxygen and hydrogen, for example, are flammable gases. In the combination of H2O or water, however, an exactly opposite effect occurs. Therefore, even with increasing networking or the use of „artificial intelligence“, unpredictable effects and results are to be expected. In the positive case, new products or solutions arise, as can be observed in nanotechnology, for example. New microstructures change the previously known material properties. This can lead to completely new applications, but in the worst case it can also give rise to a new „asbestos“. This was considered a miracle cure until the harmful side effects were also noticed. Already too late. Even today, remediation has to be carried out at enormous expense. It is doubtful whether this will also be possible with nanoparticles. Therefore, an early impact assessment is all the more important today. At the same time, however, this is becoming more and more difficult, if not impossible, in increasingly networked systems.
This also increases ambivalence, i.e. contradictoriness and ambiguity, which we often find difficult to deal with because we are shaped by a linear, simple cause-and-effect way of thinking. This also affects many engineers. But in other areas, too, there is a lack of generalists who have an overview of the entire system and, above all, can detect interrelationships [cf. Lotter (2020)]. We know this from everyday life, where many structures are still organised according to time-honoured logics: „silo thinking“, departments, institutes, disciplines, etc. This fragmentation of contexts creates duplications and increasingly more problems in the world of work as well. Or, conversely, through networked thinking in contexts, companies can become more productive and effective and reduce internal resistance. However, this requires a new framework of thinking, which is, however, hardly being educated. Our education system is still focused on the old industrial working world and hardly meets the requirements of the network society [cf. Saurugg (2012)].
In complex systems, there are often time-delayed effects. This can lead to completely unexpected results, as happened, for example, with the Super-GAU in Chernobyl [cf. Dörner (2010)]. Even in the case of power plant closures, the effect does not usually occur immediately. Things accumulate largely unnoticed and seemingly out of nowhere a phase transition occurs, where in the worst case a system begins to collapse [cf. Bardi (2017), Servigne at all. (2020), Thurner (2020)].
The Corona pandemic or the war in Ukraine have triggered serious disruptions in our increasingly complex world and economy, the consequences of which are far from foreseeable and which will still cause fierce turbulence [cf. Meadows (2010)]. The first effects can be observed particularly in the global supply chains, where more and more whip effects, i.e. oscillations and thus dysfunctions, can be observed.
Small causes can lead to enormous effects, which is also known as the „butterfly effect“. See, for example, the corona pandemic, where a virus turned the entire world upside down within a few weeks. The failure of a control computer in an auxiliary plant of a large production facility led to a cascade effect that ended in a plant shutdown lasting several days. The original damage of around 2,000 euros resulted in consequential damage of 50 million euros. Not an isolated case. Even short power outages are increasingly leading to losses in the 2 to 3-digit millions in production because people were not prepared for them or things went differently than expected. This is seldom discussed openly, as it could mean admitting to failures. These potential damages thus accumulate in secret because others cannot learn from them. In the event of a large-scale power failure („blackout“), a „conflagration“ is therefore to be expected, where many severe and simultaneous damages are to be expected, which is likely to lead to massive difficulties in restarting. These consequential effects are often underestimated in blackout considerations. A so-called safety or vulnerability paradox: the safer something seems, the more vulnerable it is to major disruptions, since over time the action competences required to cope with disruptions also diminish. A famous example is the RMS Titanic („Titanic phenomenon“). According to this, the captain Edward John Smith of the maiden voyage is still said to have said: „I cannot imagine any situation that could cause this one ship to sink. I consider it impossible that this ship could be seriously damaged. Modern shipbuilding is already too advanced for that.“
Foresters in American national parks, for example, had other experiences. For a while, every small fire was immediately extinguished and prevented. This led to more and more dead (flammable) material accumulating. If a fire now occurred, it would quickly expand into a large fire that could no longer be controlled. Small clean-ups therefore strengthen systems and reduce fragility. If this is prevented, the time of occurrence is only delayed and the potential effects accumulate. These observations are not unique to nature [see Taleb (2013)].
Effects of decisions are often irreversible. A power plant that is shut down and dismantled is lost forever. Mothballed power plants can only be maintained and reactivated at great expense. This applies to just as many digitalisation measures. Once a system decision has been made, it is hardly possible to change or reverse it with reasonable effort. This applies to product suppliers, for example. For this reason, a certain degree of openness („interoperability“) towards other solutions should always be taken into account when purchasing, so as not to become unilaterally dependent. Existing old or legacy systems or „grown structures“ often prevent a changeover or further development.
Due to the interconnections and the possible feedbacks, there are also exponential developments, which further drive the dynamics. The Corona pandemic has made us more familiar with exponential developments. However, the real dimension is still underestimated. The following legend serves to substantiate this: The inventor of chess had one wish. He wished for the following superficially very modest reward from his king: for the first square of the chessboard one grain, for the second two grains, for the third four grains and for each further square twice as many as on the previous square. However, this wish could not be fulfilled. 2^64 corresponds to about 18 trillion grains of wheat, or about 100 billion truckloads of grain, which could not be covered by all the world’s harvests since the beginning of grain cultivation. The legend vividly expresses the limitations of our linear thinking.
Positive and negative feedbacks play an important role. Positive feedbacks have a self-reinforcing effect (more leads to more). Although they are important for a start or for slowing down, they are harmful in the long run. Negative feedback, on the other hand, has a stabilising effect (more leads to less). Both types are indispensable for the self-control of systems (regulation) [cf. Vester (2011), Meadows (2010)]. In digitalisation, for example, positive feedback leads to network effects: „The winner takes it all“. This means that successful solutions/companies become bigger and more powerful and others hardly have a chance. Unless there is a disruptive new solution that replaces the old.
The network effect, also known as the Matthew effect, prevents diversity, which is indispensable in ecosystems. Monocultures are created, which in turn become more susceptible to disruption. Our economic system and the growth paradigm we follow lead to very short-term and short-sighted planning and action in many areas. Key figures and bonuses for short-term success have a particularly negative effect. These tempt to massively limit the horizon of observation and to make as much as possible measurable and standardisable. In the process, systemic aspects are often overlooked or neglected because they cannot be expressed in figures [cf. Dueck (2015)]. In politics, too, there is a tendency towards actionism. Instead of tackling problems at their roots, symptoms are treated. Such approaches seem promising in the short term because they can usually be applied quickly, but they aggravate the actual problem in the long term, while fundamental solutions often bring disadvantages in the short term and only turn out to be beneficial in the long term, which is referred to as „quick and dirty solutions“ [cf. Ossimitz (2006)].
Human action is always guided by evolutionary patterns: For example, we tend to accept short-term success rather than long-term added value. In psychology, the term „reward deferral“ is used for this. Here, an immediate (effortless) reward is foregone in favour of a greater reward in the future, which, however, can only be obtained either by waiting or by prior effort. This phenomenon can be observed in many areas, for example also among political decision-makers. What made evolutionary sense is now often a long-term disadvantage.
It is also quite central that the collapse of complex systems is not a fault but a system design feature. [cf. Bardi (2017)]. Nature uses this feature for further development („evolution“). In economic theory, this is called „creative destruction“ [Schumpeter (2012). The new can often only develop after the old has been destroyed. A procedure that would be irresponsible for our most important lifeline, the electricity supply. However, if we look at the current developments in the European interconnected system, we could easily conclude that this is exactly what is happening.
The increasing interconnectedness favours systemic risks that we have hardly been able to deal with so far.
Systemic risks have key recognition features [cf. Renn (2014)]:
- There is a high degree of interconnectedness and many interdependencies with other systems.
- Disturbances can spread almost unhindered within the system and across (system) boundaries (transboundary effects).
- Feedback leads to random and non-linear cause-effect chains and small causes can produce large effects („butterfly effect“, stochastic cause-effect chains, tipping points).
- Triggers and effects are systematically underestimated.
Thus, systemic risks often contradict the intuitive understanding of plausible action contexts. This can be observed particularly drastically in the ongoing climate crisis, where the problem has been known for at least 50 years [cf. Meadows (1973)]. The 2007 financial crisis can also be traced back to a systemic failure [cf. Renn (2014), Taleb (2012)]. Therefore, there is generally a security or vulnerability paradox with systemic risks.
Systemic risks lead to High Impact Low Probability (HILP) events, which are also referred to as „black swans“ [cf. Taleb (2012), Taleb (20135)], extreme events („X events“) [cf. Casti (2012), Casti et al. (2017)] or strategic shocks. This is where our previously successful risk assessment methods fail, as they focus on past events („evidence“). Therefore, new ways of thinking and approaches are needed here [cf. Taleb (2013), Erben et al. (2016), Weik (20102)].
Previous safety and risk assessments have focused on known and already experienced scenarios and hypotheses. Matching probability and residual risk calculations tend to ignore and neglect events that are rare but have extreme effects. The potential interactions are usually underestimated.
Particularly explosive are the developments in the area of critical infrastructure (CRITIS), on which our community is completely dependent. Through ever more elaborate and opaque technical solutions and through increasing interconnectedness, we are creating ever greater vulnerabilities without being aware of it. At the same time, simple surfaces or a simple network connection suggest simplicity.
Another pitfall is that in recent decades, our Central European society has experienced very stable and constant conditions. Therefore, there is a lack of awareness that the entire history of mankind and even today the majority of the world was and is characterised by variability and cyclical developments. We have reduced important safety nets almost everywhere in recent years, making us more vulnerable to major disruptions.
Whether this concerns the financial sector, energy and commodity supply, the European power system, a pandemic or even the possible effects of the climate crisis, there are a multitude of potential events that make our society vulnerable. In view of the possible consequences and the society-changing effects, probabilities are irrelevant [cf. Mukerji et all. (2020)].
The consequences are all the more serious the rarer an event occurs, and the more difficult it is to make an analytical assessment. The decisive factor is not that someone has „predicted“ an event, but that this „prediction“ was associated with consequences. Therefore, it is necessary to analyse systems and their fragility and not individual events or individual elements of a system [see Taleb (2013)]. This is a procedure that is still largely uncommon.
While many problems in cyber and IT security remain unsolved or are constantly being overtaken by new ones, technical networking is advancing inexorably. The main drivers are business considerations and the pressure to increase efficiency. It is easily overlooked that there is a contradiction between increasing efficiency and system security. Operational optimisations and efficiency increases make perfect sense as long as they do not become an end in themselves or a mere means of generating returns.
In many areas, however, we have already reached that point: More and more frequently, redundancies and reserves important for system security are being saved, as these represent „dead capital“ in business management terms. Even the technical staff is being cut back. Fewer and fewer have more and more to do. The susceptibility to errors and thus the vulnerability increase in systems that are used to more than 80 percent of their capacity [cf. Dueck (2015)]. When the negative consequences become visible, it is usually already too late. Irreversible or cost-intensive damage is the result.
These developments can be observed almost everywhere, including in the area of critical infrastructures. At the same time, increasing networking, for example keywords such as „digitalisation“, „smart metering“, „smart grid“, „Industry 4.0“ or „Internet of Things“, is leading to more and more previously separate domains being connected with each other and thus becoming mutually dependent.
Without electricity and telecommunications infrastructure, almost nothing works today, often not even the water supply. A major European disruption in the power supply system („blackout“) would lead to a societal collapse within a few days, as a study by the German Bundestag concludes [cf. Petermann (2010) and chapter 39].
We are socially completely vulnerable without being aware of it. Necessary emergency and crisis plans are hardly in place. Disruptions are largely ruled out or are considered unimaginable in many areas. This was also true for a pandemic or war in Europe.
The increasing challenges posed by the growing IT networking in the infrastructure sector are to be met with corresponding security solutions. The question of why solutions that have only been successful to a limited extent in the IT environment should work better in the area of critical infrastructure with „more or less the same“ often remains unanswered.
In addition, in the area of control and automation of infrastructures, completely different life cycles can be observed than in the classic IT world. These are significantly longer. The infrastructure would therefore have to be permanently renewed in the future, which creates additional vulnerabilities [see Grüter (2013)]. Infrastructure systems cannot simply be restarted after an update. They often have to function and be available without interruption for years. This is where completely different worlds and philosophies collide. For it is not only about the IT infrastructure or software, but about the underlying systems that are controlled with it.
The numerous successful attacks against the security industry should also be a warning. People, and especially criminals, are very creative: If it becomes apparent that the effort could be worthwhile, correspondingly high levels of resources are deployed. Today’s attackers have a very professional „corporate structure“ and infrastructure to tackle this very professionally. Countless examples testify to this.
Awareness of the threats from the cyber domain has increased significantly in recent years due to ever more extensive and more serious attacks. Nevertheless, these represent only a part of the actual threats to our infrastructures. Disruptions in networked systems can be triggered by many events. Software errors, natural events, human error, but also seemingly exotic events such as solar storms can lead to far-reaching consequences. It is therefore by no means only about attacks, as is usually discussed superficially.
As a society, we are massively vulnerable due to our dependence on critical infrastructure. This was also the case in the past. What is new is that the range of disruptions and the speed of propagation in networked systems have increased exponentially. This was first observed in 2007 with the bursting of the American real estate bubble. Hardly anyone had the subsequent global shock waves in the financial and economic system on their radar, let alone thought them possible [cf. Renn (2014)]. Have we learned enough? Probably not. It would therefore be naïve to brush these facts aside. After all, most companies, and especially our logistics chains, depend to a large extent on the availability of these infrastructures. And thus the entire society.
In nature, all living things are complex systems with a very long history of development and success. Reason enough to learn from it. In a few words, a viable system design and evolutionary further development can be defined by the following key points:
- Reduction of energy and resource requirements as well as simplicity to reduce dependencies.
- Decentralised control or regulation, i.e. no vulnerable central control.
- Increased fault-friendliness and fault tolerance as well as diversity in order to be better able to deal with changing framework conditions.
Nature does not prevent interaction between beings. However, a cellular structure limits the range and ensures and improves survivability in case of disturbances. This model should also be brought back into focus in our technical and societal structures.
In this way, dependencies can be significantly reduced and the resilience and necessary adaptation („resilience“) of systems can be significantly increased. No error should be able to have a negative impact on the entire system.
Cellular structures and control loops, such as those already used in automation technology, are in demand. Many current concepts, such as the massive increase in centralised networking (keyword: smart ), contradict this approach and lead to incalculable vulnerability.
It is therefore necessary to take a new look at the issue of „security“. While our previous safety and risk assessments call for caution, the robustness approach calls for strength. In order to be able to assess the reliability of a system, a risk assessment is only of limited help, as it is based on defined and known individual scenarios or breaks risks down into individual parts and analyses them („complicated“). Systemic risks and interdependencies are often neglected. However, determining whether a system is fundamentally fragile or robust suggests a general resilience to disruptions of any kind. For while risks and security are hypothetical, the fragility and robustness of a system are measurable.
As complexity increases, so does the variability of the system’s behaviour. Therefore, it is necessary for a system, but also for society itself, to be able to deal with as many unknown situations and disturbances as possible. This requires complementary approaches, because resilience does not only mean resilience, but also adaptability and the ability to learn from disturbances in time. In the best case, even before potential damage occurs. Unfortunately, however, the evolutionary pattern of „learning from harm“ still often prevails, which is no longer a suitable method in today’s highly interconnected and interdependent world. Quite the opposite.
Resilience requires the ability to let go of the tried and tested when the framework conditions have changed, in order to free up resources for the new again. However, we tend towards the opposite: more and more regulations and safeguards, which will foreseeably go wrong. This can be seen, for example, in the increasing flood of regulations. There are hardly any resources left for the actual work or room for manoeuvre to try out new things. Therefore, a collapse often occurs when a system cannot renew itself from within [cf. Casti (2012)].
With increasing networking and digitalisation, ever greater complex systems and systemic risks are emerging with side effects that are often little noticed. With our hitherto successful linear thinking, we therefore run the risk of being surprised by the side effects of complexity and reacting incorrectly.
The increasing complexity gap between the wishful thinking from politics and the market on the one hand and the physical technical reality on the other hand must be viewed particularly critically. If such complexity gaps are not consciously reduced, system collapse will result [cf. Casti (2012)]. Such a tendency can clearly be observed at present.
While the market strives for ever larger units and cross-regional exchange and trade, energy policy is by definition a national matter where many countries go in different directions. However, a system is more than the sum of its parts, which is unfortunately often overlooked. In addition, in times of crisis such as we are currently experiencing, politicians tend to engage in dangerous and often only short-sighted actionism („quick and dirty solutions“). Due to a lack of preparation and precaution, there is often also a lack of secondary and long-term impact assessments. A dangerous combination.
As the Corona crisis has shown, a reduced national focus quickly sets in during overarching and socially threatening crises and solidarity begins to crumble. It is therefore all the more important to create appropriate fall-back levels in order to be able to ensure at least a rudimentary national (emergency) supply even during major crises. This applies to both food supply and energy supply, which in turn would require decentralised functional units („energy cells“).
How ill-prepared we are here has not only been shown by the Corona crisis but is also demonstrated by the current hectic efforts to draw up crisis plans for a possible gas shortage or food crisis. Much too late.
Knowledge of the potential downsides therefore enables timely adaptation and further development in dealing with these phenomena. If they are ignored, serious damage is imminent. It is therefore time to put into practice existing ideas and plans or to reactivate old concepts and adapt them to the new framework conditions in order to become crisis-proof as a society as quickly as possible.
Numerous authors served as the basis for this comprehensive systemic approach: https://www.saurugg.net/ueber-mich/literaturliste
- ACPP (Austrian Corona Panel Project). 2021. Krisenvorsorge: Die österreichische Bevölkerung setzt auf den Staat, weniger auf Eigenvorsorge. https://viecer.univie.ac.at/corona-blog/corona-blog-beitraege/blog114/. Zugriff am 20.04.2022.
- APCC (Austrian Panel on Climate Change). 2014. Österreichischer Sachstandsbericht Klimawandel 2014. https://austriaca.at/APCC_AAR2014.pdf. Zugriff am 20.04.2022.
- BMLV (Bundesministerium für Landesverteidigung). 2019. Sicher. Und morgen? Sicherheitspolitische Jahresvorschau 2020. BMLV (Wien). https://www.bundesheer.at/wissen-forschung/publikationen/publikation.php?id=991. Zugriff am 20.04.2022.
- BMLV (Bundesministerium für Landesverteidigung). 2021. Sicher. Und morgen? Sicherheitspolitische Jahresvorschau 2021. BMLV (Wien). https://www.bundesheer.at/wissen-forschung/publikationen/publikation.php?id=1074. Zugriff am 20.04.2022.
- BMLV (Bundesministerium für Landesverteidigung). 2022. Sicher. Und morgen? Sicherheitspolitische Jahresvorschau 2022. BMLV (Wien). https://www.bundesheer.at/wissen-forschung/publikationen/publikation.php?id=1118. Zugriff am 20.04.2022.
- Bundesrechnungshof. 2021. Umsetzung der Energiewende im Hinblick auf die Versorgungssicherheit und Bezahlbarkeit bei Elektrizität. Bundesrechnungshof (Bonn).
- Casti, John. 2012. Der plötzliche Kollaps von allem: Wie extreme Ereignisse unsere Zukunft zerstören können. Piper Verlag GmbH (München).
- Casti, John und Jones, Roger D. und Pennock, Michael J. 2017. Confronting Complexity – X-Events, Resilience, and Human Progress. The X-Press
- CSH (Complexity Science Hub Vienna). 2020. CSH Policy Brief: Wie robust sind die österreichischen Lieferketten?. https://www.csh.ac.at/wp-content/uploads/2020/06/CSH-Policy-Brief-Lieferkette-final.pdf. Zugriff am 20.04.2022.
- CSH (Complexity Science Hub Vienna). 2022. CSH Policy Brief: How the war in Ukraine might affect global food supply. https://www.csh.ac.at/wp-content/uploads/2022/03/CSH-Policy-Brief-2-2022-How-the-war-in-Ukraine-might-affect-global-food-supply.pdf. Zugriff am 20.04.2022.
- Dueck, Gunter. 2015. Schwarmdumm: So blöd sind wir nur gemeinsam. Campus Verlag (Frankfurt am Main).
- ENTSO-E. 2015. Report on Blackout in Turkey on 31st March 2015. https://www.entsoe.eu/Documents/SOC%20documents/Regional_Groups_Continental_Europe/20150921_Black_Out_Report_v10_w.pdf. S 46. Zugriff am 20.04.2022.
- Erben, Roland/Romeike, Frank. 20163. Allein auf stürmischer See: Risikomanagement für Einsteiger. Wiley (Leipzig).
- Grüter, Thomas. 2013. Offline!: Das unvermeidliche Ende des Internets und der Untergang der Informationsgesellschaft. Springer-Verlag (Heidelberg).
- ITA (Institut für Technikfolgen-Abschätzung der Österreichischen Akademie der Wissenschaften). 2017. Digitaler Stillstand: Die Verletzlichkeit der digital vernetzten Gesellschaft – Kritische Infrastrukturen und Systemperspektiven. ITA (Wien). ISSN: 1819-1320.
- ITA (Institut für Technikfolgen-Abschätzung der Österreichischen Akademie der Wissenschaften) und AIT (Austrian Institute of Technology Innovation Systems Department). 2022. Sichere Stromversorgung und Blackout-Vorsorge in Österreich. Entwicklungen, Risiken und mögliche Schutzmaßnahmen. Österreichisches Parlament (Wien).
- Kleb, Ulrike und Katz, Nicholas und Schinagl, Clemens und Angermann, Anna. 2015. Risiko‐ und Krisenmanagement für die Ernährungsvorsorge in Österreich (EV‐A). https://www.joanneum.at/fileadmin/user_upload/imported/uploads/tx_publicationlibrary/Risiko-_und_Krisenmanagement_fuer_die_Ernaehrungsvorsorge__EV-A_.pdf. Zugriff am 20.04.2022.
- Lotter, Wolf. 2020. Zusammenhänge: Wie wir lernen, die Welt wieder zu verstehen. Edition Körber (E-Book).
- Meadows, Donella H. 2010. Die Grenzen des Denkens – Wie wir sie mit System erkennen und überwinden können. oekom verlag (München).
- Meadows, Dennis. 1973. Die Grenzen des Wachstums: Bericht des Club of Rome zur Lage der Menschheit. Rowohlt Taschenbuch Verlag (Hamburg).
- Mukerji, Nikil und Mannino Adriano. 2020. COVID-19: Was in der Krise zählt. Über Philosophie in Echtzeit. Reclam (Ditzingen).
- Ossimitz, Günther und Lapp, Christian. 2006. Systeme: Denken und Handeln; Das Metanoia-Prinzip: Eine Einführung in systemisches Denken und Handeln. Franzbecker (Berlin).
- Paulitz, Henrik. 2020. Strom-Mangelwirtschaft: Warum eine Korrektur der Energiewende nötig ist. Akademie Bergstraße (Seeheim-Jugenheim).
- Petermann, Thomas und Bradke, Harald und Lüllmann, Arne und Poetzsch, Maik und Riehm, Ulrich. 2010. Gefährdung und Verletzbarkeit moderner Gesellschaften – am Beispiel eines großräumigen und langandauernden Ausfalls der Stromversorgung. Bundestag (Berlin).
- Renn, Ortwin. 2014. Das Risikoparadox: Warum wir uns vor dem Falschen fürchten. Fischer Verlag (Frankfurt am Main).
- Saurugg, Herbert. 2012. Die Netzwerkgesellschaft und Krisenmanagement 2.0: Durch aktive Systemgestaltung zu einer nachhaltigen Zukunft. Masterarbeit (Wien).
- Schumpeter, J. A. 1912. Theorie der wirtschaftlichen Entwicklung. Duncker & Humblot (Berlin).
- Servigne Pablo, Stevens Raphael, Brown Andrew. 2020. How Everything Can Collapse. A Manual for our Times. Polity Press (Cambridge E-Book),
- Taleb, Nassim Nicholas. 2012. Der Schwarze Schwan: Konsequenzen aus der Krise. Deutscher Taschenbuch Verlag (München),
- Taleb, Nassim Nicholas. 2013. Antifragilität: Anleitung für eine Welt, die wir nicht verstehen. Albrecht Knaus Verlag (München).
- Taleb, Nassim Nicholas. 20135. Der Schwarze Schwan: Die Macht höchst unwahrscheinlicher Ereignisse. Deutscher Taschenbuch Verlag (München).
- Thurner, Stefan. 2020. Die Zerbrechlichkeit der Welt: Kollaps oder Wende. Wir haben es in der Hand. edition a GmbH (E-Book).
- Vester, Frederic. 20118. Die Kunst vernetzt zu denken: Ideen und Werkzeuge für einen neuen Umgang mit Komplexität. Ein Bericht an den Club of Rome. Deutscher Taschenbuch Verlag (München).
- Weick, Karl E. Sutcliffe und Kathleen M. 20102. Das Unerwartete managen: Wie Unternehmen aus Extremsituationen lernen (Systemisches Management). Schäffer-Poeschel (Stuttgart).
Herbert Saurugg is an international blackout and crisis preparedness expert, President of the Austrian Society for Crisis Preparedness (GfKV), author of numerous specialist publications and a sought-after keynote speaker and interview partner on the topic of „a Europe-wide power, infrastructure and supply failure (‚blackout‘)“. For the past 10 years, he has been dealing with the increasing complexity and vulnerability of vital infrastructures as well as possible solutions for making the supply of vital goods more robust again. At www.saurugg.net he runs an extensive specialist blog and supports communities, companies and organisations in blackout preparedness.