Risk Assessment of Lithium-ion Based Energy Storage Systems

Presented By:
Sujit Purushothaman
FM Global
TechCon 2019

Abstract

The objective of this study is to provide a better understanding of the hazards of Li-ion Energy Storage Systems (ESS) and generate recommendations, to help ESS operators improve decision making to avoid or reduce loss. The focus of this study is limited to non-utility type Li-ion ESS typically rated at less than 1 MWh and installed in commercial facilities that include office buildings or warehouses. The paper describes the configuration of a typical system, along with details on the construction, operation and failure modes for Li-ion cells. A scenario-based FMEA (failure modes and effects analysis) was conducted. The failure of each component in the ESS and the failure progression to outcomes of various severities were studied and documented with the objective to propose measures that can help reduce the loss exposure. The identified measures involve the design of the ESS, and/or maintenance/operational procedures for the ESS. These measures form the basis for recommendations that reduce or avoid loss. Next, a risk matrix was developed to prioritize each scenario into one of three defined risk categories (i.e., high, medium and low) based on the assigned likelihood and severity for each outcome. The recommendations developed from the mitigation measures were assigned priorities based on the associated risk category. The recommendations were further segregated into three categories, namely, design, maintenance and operation and were prioritized within each category. Results indicate that scenarios involving cell thermal runaway and propagation to multiple cells causing a battery pack fire are the highest risk scenarios.

Introduction

Recent advances in energy storage technologies have caused an increase in Energy Storage System (ESS) installations. ESSs have been installed or are planned to be installed at FM Global client locations across various occupancies. These systems provide the capability of capturing energy produced at one time for use at a later period. Energy may be stored in various forms, i.e., mechanical, heat, chemical, pumped hydro and others. Pumped hydroelectric plants have traditionally been used for bulk energy storage, i.e., tens to hundreds of MWs. Other technologies are implemented for smaller energy storage installations. Various efforts have been undertaken to pave the way for the inclusion of ESSs into the power grid. Currently, owing to its superior design and operating characteristics, Lithium-ion (Li-ion) battery based ESSs are the dominant form of energy storage technology being used worldwide in terms of number of installations. This number is expected to increase in the coming years with many FM Global clients citing interest in installing these systems at their facilities.

The risk exposure presented by these systems that involve hundreds to thousands of individual Li-ion cells is not clearly understood, especially considering the unstable chemistry of Li-ion batteries that can lead to thermal runaway. The objective of this study is to provide a better understanding of these systems and generate recommendations to eliminate or reduce losses. The study is limited to non-utility type Li-ion ESSs. These systems are typically rated at less than 1 MWh and are installed in commercial facilities that include office buildings or warehouses. Various efforts have been undertaken to ensure the safe inclusion of the ESS in the power grid. Various IEC, IEEE, UL and NFPA standards are available that discuss performance and safety compliance of these systems [1] [2]. Battery safety [3] [4] is a critical topic that needs addressing since this is a new and rapidly evolving technology. The US Department of Energy, along with national laboratories, has spearheaded this task [5]. Limited fire testing [6] has also been undertaken by the NFPA to understand the exposure and recommend mitigation steps as needed.

The following subsections describes some utility and non-utility applications for ESS. Section II describes the components and typical configuration for an ESS. Section III describes the scenario-based FMEA approach and section IV presents the risk matrix. The conclusions are presented in the section V.

Applications

ESS applications range from bulk energy, transmission, and distribution to customer focused applications [7] [8]. The advent of renewable energy (mostly photovoltaics and wind energy) has presented additional opportunities for the application of energy storage systems in the power grid. Utility scale applications include bulk energy services, ancillary and T&D services. ESS within customer energy management is used to provide a customer related service. This can involve enhancing power quality, improving reliability and/or realizing additional profits for a customer. Applications include:

• Power Quality: Protect against short-duration events that affect the quality of power delivered to the customer’s loads including voltage/frequency variations, low power factor and harmonics.
• Power Reliability: Provide the ability of customer loads to island (operate without utility power) during the utility outage and resynchronize with the utility when power is restored.
• Retail Energy Time-Shift: Retail electric energy time-shift involves storage used by utility customers to reduce their overall costs for electricity by charging the ESS during off-peak time periods (low retail electric energy price), then discharge the energy during peak times (higher energy prices).
• Demand Charge Management: Electricity storage can be used by end users (i.e., utility customers) to reduce or eliminate their demand charge. To avoid a demand charge (specified by the electric utility), load must be reduced during all hours of the demand charge period, usually during a specified period.

Lithium-Ion Battery Systems

This section will briefly discuss components and configuration of a Li-ion ESS with the objective of defining a typical ESS and its architecture/layout.

A. Main Components and Configuration

The ESS consists of a large number of individual components. The ESS fundamentally consists of the battery pack, inverter/charger, HVAC and the enclosure. While the inverter/charger, HVAC and enclosure are subsystems that are seen in other systems, the battery pack is unique to the ESS. Hence the battery pack and the Lithium-ion battery will be presented in detail in the following subsections.

A typical battery pack consists of multiple cells connected by a low voltage (LV) bus. A cell is the smallest electrochemical component. It involves an anode, a cathode and electrolyte, which can store energy. Multiple cells are connected in series/parallel combination to form a module. The individual cells are supervised by a cell controller that monitors the cell voltage and temperature and is responsible for the cell balancing operation during the charging process. The high voltage (HV) bus is used to connect multiple battery modules in series, to develop a high DC voltage that is fed to the inverter/charger. This string of connected modules, typically housed in a single housing assembly, is called a rack. The rack also includes switching components (circuit breaker, isolator, and contactor) to isolate the rack during a contingency. Larger systems may have multiple racks connected in parallel to form a battery pack. The battery management system (BMS) is the supervisory system that ensures basic functionality of the battery pack while maintaining safe operating conditions and acting appropriately to contingencies.

B. Lithium ion Battery

Li-ion batteries are available in mainly two types; cylindrical and prismatic cells. The advantages of cylindrical cells are ease of manufacture and good mechanical stability. The tubular cylinder can withstand high internal pressures without deforming.

Most cylindrical cells also feature a pressure relief mechanism, and the simplest design for this mechanism utilizes a membrane seal that ruptures under high pressure. Leakage and dry-out may occur after the membrane breaks. Re-sealable vents with a spring-loaded valve are the preferred design. Some Li-ion cells connect the pressure relief valve to an electrical fuse that permanently opens the cell if an unsafe pressure builds up. Typically, cells are available in the 18650 format where the cell cylinder diameter is 18 mm and length is 65 mm.

Prismatic cells make optimal utilization of space by using the layered approach. Other designs are wound and flattened into a pseudo-prismatic jelly roll. These cells are predominantly found in mobile phones, tablets and low-profile laptops ranging from 800 mAh to 4,000 mAh. No universal format exists and each manufacturer designs its own. Prismatic cells also come with some protective measures built into the design like fuses and pressure relief valves.

Li-ion cells include a wide variety of chemistries pertaining to the composition of the anode and cathode, which affect performance and cost. NMC and NCA chemistries have very good stability while at the same time providing relatively high specific capacities. The most commonly used anode active material is partially graphitized carbon. LTO is typically used in high safety applications since it benefits from higher stability.

C. Battery Module

A typical module consists of a group of cells (5 – 15) connected in a combination of series or parallel by means of a low voltage bus. Typical module level voltages vary from 35 to 60 Volts. Each module contains a voltage sensor for each cell (or parallel cell combination) and at least two temperature sensors for the entire module. Each module also consists of a local electronic controller, which will be referred to as the cell controller in this report. The functions of the cell controller are as follows:

• Collect temperature and cell voltage to ensure that safe operating conditions are maintained within the module.
• Constantly communicate critical parameters with the BMS.
• During charging operation, ensure cell balancing to avoid a cell-overvoltage condition. • Control active cooling within the module.

Active cooling involves forced air cooling of the module with the help of fans. Active cooling of the battery module is better than natural convection in providing adequate cooling to cells in case of cell failure.

D. Battery Management System (BMS)

The BMS is the central system capable of taking important decisions within the ESS. The BMS is responsible for operational and safety related functions. The main objective of the Battery Management System is to maintain the health and safety of the battery so that it can fulfil the functional requirements of the application for which it was specified [9]. This is achieved as follows:

• Protect the cells or the battery from damage from overcharge, over-discharge, overcurrent and over-temperature.
• Track the operational state of life of the battery by constantly evaluating the State of Charge (SOC). SOC is expressed as a percentage of the real-time amount of energy stored in the system compared to the rated capacity.
• Track and prolong the health of the battery by monitoring operational variables like cell voltage, current, and temperature to evaluate capacity and internal resistance. These parameters provide a quantitative value of the remaining health of the battery or the State of Health (SOH). The SOH is a measure of a battery’s capability to deliver its specified output.

Scenario-Based FMEA

This section describes the details of the scenario-based FMEA undertaken with the objective to develop recommendations aimed at reducing or avoiding the loss exposure. This chapter presents the details of each scenario. In the following section, these scenarios and their outcomes form the basis for segregating and prioritizing recommendations with the help of the risk matrix.

The scenario-based FMEA (failure modes effects and analysis) was conducted based on system understanding and similar high-level studies conducted by EPRI [10]. Different standards (UL, IEC and IEEE standards) were reviewed and used as a foundation to conduct this analysis. In addition, discussions with OEMs (battery integrators) and FM Global’s Field Engineering helped support the scenarios. Each scenario discusses a deficiency and its progression to yield its effect. The deficiencies pertain to various components in the ESS with more focus on the battery pack and related components since other support systems like HVAC, inverters, etc. are well understood and pertain to other standards.

The failure of each component in the ESS and its progression to various severity levels is studied and documented in this section. This scenario-based FMEA was conducted to understand the progression of each scenario and develop mitigation measures that can help reduce the loss exposure. The propagation from the initial failure to the final outcome is studied. Each scenario could have multiple outcomes and the scenarios are evaluated in a sequential format in increasing order of severity. The likelihood (L) and Severity (S) values for the outcomes are also stated. The likelihood scale represents the relative frequency of the occurrence of that scenario from low to high in increasing order. E.g., software and communication issues are more frequent as compared to a cell failure causing thermal runaway of the cells. The severity scale on the other hand, represents the amount of damage or potential outage that a scenario could lead to. A ‘Low’ severity represents no permanent damage, ‘Medium’ severity may require a derate or short outage to repair. A ‘Major’ severity may consist of permanently damaged components, requiring extensive repair. A ‘Catastrophic’ event would mean extensive damage which may even require complete replacement of sub-systems. Following is a sample scenario involving cell overcharging.

Scenario 1: Cell Overcharging
Component: Li-ion cell
Failure Mode: Cell failure from decomposition of electrolyte (exothermic reaction involving generation of HF acid).
Cause: Over-charging of cell due to failure of cell controller/BMS.
Failure mechanism: Decomposition of electrolyte leading to generation of HF acid (exothermic reaction) and to high temperatures. (Note: This failure mode can lead to outcomes of different severities depending on the availability and/or functioning of protection systems. Additional mitigation measures would be needed at each outcome level and the same are noted).

A. Outcome 1: Temperature (and Pressure) Increase in Cell Casing

Impact description: Cell controller fails to detect temperature rise, and BMS fails to trigger automatic shutdown of battery pack. Cells are potentially damaged and may need replacement requiring ESS outage (Likelihood: Low, Severity: Medium).
Mitigation measures:

• Cell controller protection (electronic protection against temperature rise and overcharge). • Automatic shutdown of battery pack triggered by BMS.
• BMS response (safety systems), higher cooling rate to dissipate excess heat. • Adequate battery spacing.
• Robust cell design by conformance to tests recommended in UL1642. Actions/gaps:
• Ensure adequate battery spacing in modules. Battery spacing in modules is critical to minimize heat transfer by conduction.

B. Outcome 2: Explosion of the Cell Shell and Loss of Cell Containment
Impact description: Hot gases released by operation of cell Pressure Release Valve (PRV). Hot gases dissipated by adequate venting. Cell damaged and needing replacement, entire system may require thorough evaluation, extended ESS outage (Likelihood: Low, Severity: Major).

Additional mitigation measures:

• Cell PRV design and orientation.
• HVAC system designed to provide adequate air renewal and heat dissipation. • Action/gaps:
• Ensure PRV operates without physical deformation of cells. Note: Cell design and operating pressure of PRV are critical parameters.
• Hot gases given out by operation of PRV should not be directed towards other cells to prevent propagation of thermal runaway.

C. Outcome 3: Release of Toxic Gas and Toxic Liquid Substances (Electrolyte) with Spread of Thermal and Mechanical Effects to Neighboring Cells
Impact description: Smoke damage within ESS enclosure. Inadequate venting leading to build up of toxic gases and liquids. Additional cells entering thermal runaway conditions (Likelihood: Low, Severity: Catastrophic).

Additional mitigation measures:

• Venting of gases.
• Hazardous liquid restriction.

Action/gaps:

• Evaluate the chemical composition of toxic gas emitted. Note: Any carbon powder (electrically conductive material) released may cause an electrical arc leading to an electrical hazard.
• Ensure toxic gases are vented adequately to avoid asphyxiation to personnel.

D. Outcome 4: Fire with Components Burning
Impact description: Additional cells involved in fire and contributing to generation of toxic gases and liquids causing the entire ESS to be engulfed in fire. System significantly damaged requiring complete replacement (Likelihood: Low, Severity: Catastrophic).

Additional mitigation measures:

• Appropriate fire detection and suppression systems.
• Adequate spacing between battery modules.

Action/gaps:

• Heat continues to be generated due to internal chemical reaction in cell. When O2 is reintroduced, fire can re-ignite. Fire suppression methods to be tested for avoiding re ignition.
• Ensure adequate spacing between battery modules to avoid heat transfer and mitigate propagation of thermal runaway between modules.

Considering size limitations on the material that can be presented in this paper, the other scenarios are only stated for concise presentation of the details. Each scenario is identified by its number (used in the risk matrix). Note that each scenario may consist of multiple outcomes, which are listed below.

Scenario 2: Cell over-discharge (similar outcome as scenario 1)

Scenario 3: Cell insulation failure (similar outcome as scenario 1)

Scenario 4: Cell aging
Possible outcomes are as follows
a. Cell deterioration (L: Low, S: Low)
b. Thermal runaway (similar outcome as scenario 1)

Scenario 5: Cell controller failure (similar outcome as scenario 4)

Scenario 6: Loss of active cooling
Possible outcomes are as follows
a. System trip (L: Medium, S: Medium)
b. Multiple cells breach safety limits (L: Medium, S: Major)
c. Multiple cell thermal runaway (L: Medium, S: Catastrophic)

Scenario 7: External fire (similar outcome as scenario 6.c)

Scenario 8: Low voltage bus failure (similar outcome as scenario 6)

Scenario 9: Frame assembly failure from impingement, Outcome: connection failure, short circuit (L: Low, S: Major)

Scenario 10: Software inadequacies
Outcome: System unresponsive during contingencies (L: High, S: Low)

Scenario 11: Communications failure
Outcome: BMS triggered ESS outage or derate (L: High, S: Low)

Scenario 12: Data acquisition failure
Outcome: BMS triggered ESS outage or derate (L: Medium, S: Low)

Scenario 13: Thermal management failure (similar outcome as scenario 6)

Scenario 14: High voltage bus insulation failure
Outcome: ESS outage (L: Low, S: Medium)

Scenario 15: Lightning/Power surge
Outcome: ESS outage (L: Medium, S: Medium)

Scenario 16: Mechanical stress (shock) of structure
Outcome: Connection failure, short circuit (L: Low, S: Major)

Scenario 17: Electronic failure by external surge
Outcome: ESS outage (L: Medium, S: Medium)

Scenario 18: External fault
Outcome: ESS outage (L: Medium, S: Medium)

Scenario 19: Aux power failure (similar outcome as scenario 6)

Scenario 20: Inadequate grounding
Outcome: ESS outage (L: Medium, S: Low)

Scenario 21: Moisture ingress
Outcome: ESS outage (L: Low, S: Medium)

Scenario 22: Vermin Ingress
Outcome: ESS outage (L: Low, S: Medium)

Scenario 23: Corrosion
Outcome: ESS outage (L: Low, S: Medium)

Scenario 24: Earth movement
Outcome: Mechanical and electrical damage (L: Low, S: Major)

Scenario 25: Failure from cyber-attack (similar outcome as scenario 6)

I. RISK-BASED PRIORITIZATION

The previous section listed a set of potential scenarios. Mitigation measures for each scenario were identified. However, due to the relatively new technology available in Li-ion ESS and hence limited operational experience, it is difficult to prioritize the mitigation measures in view of limited loss experience. The risk matrix (Fig. 1) presents an opportunity to do so based on some engineering assumptions. The matrix presents a visual representation of the likelihood and severity of the scenarios and their outcomes. E.g. Scenario 10 in the top left corner box indicates that it has high likelihood and low severity.

The items highlighted in yellow have a low or medium likelihood and severity. These events present a low risk exposure and recommendations for preventing these events could be assigned a low priority from a risk reduction standpoint. Items in orange arise from medium or major likelihood and severity leading to medium risk exposure. Items highlighted in red arise from those combinations of likelihood and severity where at least one parameter is at the high (likelihood or severity) end of the spectrum. Recommendations for limiting/preventing such events must be taken up at a high priority. It is observed that scenarios involving cell thermal runaway and propagation to multiple cells causing a battery pack fire are the highest risk scenarios (highlighted in red).

II. RECOMMENDATIONS AND CONCLUSIONS

The risk matrix presents the prioritization for recommendations (risk reduction opportunities). The priority order is scenarios in ‘red’ followed by ‘orange’ and finally ‘yellow’. Mitigation measures listed under each scenario (as presented in section III A, B, C and D) become potential recommendations since these measures have the capability to either completely or partially limit the occurrence and/or consequences of the scenario. Recommendations are segregated by design, maintenance and operation basis. The findings of this study are also documented in FM Global Data Sheet 5-33 [11].

A. Design

• Ensure adequate battery spacing to avoid thermal runaway propagation.
• Ensure minimum release of electrically conductive materials during thermal runaway.
• Circuit board design to avoid short circuit.
• Operation of PRV without physical deformation of cells. Hot gases to be directed away from other cells.
• BMS design for overall reliability (hardware and software).
• Software to consider contingent scenarios based on FMEA.
• Redundancy and spare availability of critical hardware.
• DC arc flash studies to be conducted for personnel safety.
• IP ratings to be selected based on application.
• ESS not to be installed in flood prone areas.
• Ensure moisture monitoring. Corrosion protection as per UL50E.

B. Maintenance

• Regular ITM includes torqueing of power connections.
• Use of thermal IR scans to detect loose connections.
• Ensure spare batteries are not stored in discharged state.
• Regular testing of all subsystems: HVAC, seals/gaskets, grounding.
• Operation
• ESS must be operated within the bounds of defined application (duty cycle). ESS to be designed, tested and evaluated for end user application.
• Manual ES buttons for redundancy.
• Aux power to be made available for emergencies and kept independent of battery power.
• Sufficient IT rules to mitigate cyber-attacks.
• Operator training to avoid conditions that may cause damage to the ESS.
• ESS to be installed with humidity and shock sensors during transportation.
• Seismic sensors to be installed in ESS located in earthquake zones.

References

[1] David Conover, “Inventory of Safety-related Codes and Standards for Energy Storage Systems,” Pacific Northwest National Laboratory, Richland, WA, PNNL-23618, 2014.
[2] Laurie Florence, “Stationary Battery Standards: Current Landscape and What’s Coming Soon,” in Battcon, 2014.
[3] Jim McDowall, “A Guide to Lithium-Ion Battery Safety,” in Battcon, 2014.
[4] David Rosewater and Adam Williams, “Analyzing system safety in lithium-ion grid energy storage,” Journal of Power Sources, pp. 460-471, December 2015. 10.1016/j.jpowsour.2015.09.068
© TechCon North America – San Diego, CA 11
[5] Office of Electricity Delivery and Energy Reliability, “Energy Storage Safety Strategic Plan,” U.S. Department of Energy, 2014.
[6] Fire Protection Research Foundation, “Hazard Assessment of Lithium Ion Battery Energy Storage Systems,” Research Report 1503637.000 2770, 2016.
[7] Sandia National Laboratory, “DOE/EPRI 2013 Electricity Storage Handbook in Collaboration with NRECA,” SAND2013-5131, 2013.
[8] DNV-GL, “Safety, operation and performance of grid-connected energy storage systems,” Recommended Practice DNVGL-RP-0043, 2015.
[9] Yu Wen, Wenjin Zhang, and Jiale Lu, “The establishment of safety indicator set of lithium-ion battery and its management system,” in Prognostics and System Health Management Conference (PHM), 2015. 10.1109/PHM.2015.7380014.
[10] Electric Power Research Institute, “Energy Storage Safety: 2016,” Technical Update SAND2016-6297R, 2016.
[11] FM Global Property Loss Prevention Data Sheet 5-33, “Electrical Energy Storage Systems”, Jan 2017, available at www.fmglobal.com