Remote Engineering Access Solution Delivers Cybersecurity and Convenience

At the northern end of the Alaska Railbelt—a 570-mile electric artery that connects five utilities supplying power to the Last Frontier—you’ll find Golden Valley Electric Association (GVEA).

The Railbelt serves around 75 percent of the Alaskan population, and for their share, GVEA provides electricity to close to 100,000 people. The service area for GVEA, a member-owned electric cooperative, includes Fairbanks, surrounding small cities and towns, and rural stretches of interior Alaska.

“We’re in a somewhat remote area,” says Keith Palchikoff, grid modernization manager for GVEA. “Our substations are spread out, and for our maintenance crews, that means a lot of time driving.”

Their furthest transmission substation is a three-hour drive from GVEA headquarters in Fairbanks. When outages occur, event reports produced by intelligent electronic devices (IEDs) in substations can be essential to determining root cause and guiding how utilities such as GVEA restore power to consumers.

Golden Valley Electric Association (GVEA) is a member-owned electric cooperative headquartered in Fairbanks, Alaska. Their mission is to safely provide member-owners with reliable electric service, quality customer service, and innovative energy solutions at fair and reasonable prices.
GVEA supplies electricity to the city of Fairbanks, surrounding small cities and towns, and rural stretches of interior Alaska.

With streamlining root cause analysis in mind, among other goals, GVEA embarked on a project to enhance remote engineering access to IEDs in transmission substations. They envisioned convenient, centralized access to the event reports produced by IEDs, which would help them diagnose issues faster and, ultimately, improve their reliability.

“There were some instances where it could take two hours after an incident to get the event information and then another couple hours for an engineer to look at it,” says Sarah Aanrud, a GVEA relay technician. “This system had the potential to cut down on incident time in cases like these.”

But for the project to succeed, GVEA would need to meet two goals that, with a less careful approach, could be at odds: providing engineers and operations staff with convenient access to data via high-speed communications, while also upholding strict cybersecurity standards.  

Partnership Produces a Custom Solution

In addition to powering the homes and businesses of interior Alaska, GVEA serves large industry and military sites common to their region and the state.

“We take our responsibility seriously as the only utility serving the interior of Alaska,” says Palchikoff. “This project has allowed us to demonstrate our emphasis on secure access.”

At the time GVEA was preparing to improve remote engineering access, Alaska was developing critical infrastructure protection (CIP) standards, modeled on NERC CIP, which sets the security standards for the bulk power system serving the contiguous United States, eight Canadian provinces, and one state in Mexico.

GVEA sought a modern remote access solution that would also comply with NERC CIP, and therefore, the Alaska-specific cybersecurity standards in development. They found a project partner in SEL, who manufactures the bulk of their protective relays (i.e., IEDs that produce the event reports GVEA wanted streamlined access to) and had supplied the utility with a previous generation of remote access technology.

“We almost exclusively use SEL products for our relaying and protection,” says Palchikoff. “And an Ethernet security gateway from SEL was a good fit for interacting with SEL IEDs at the other end. So we approached SEL, and we asked them what they could do to help us.”

With SEL as their project partner, GVEA embarked on designing the remote access system. GVEA recognized that a custom approach was needed: for their small utility to successfully implement, maintain, and scale the system, it would need to deliver security and convenience while remaining simple.  

“We needed something with a smaller footprint,” says Palchikoff. “So SEL worked with us. We were able to refine the design and get it down to a more compact architecture that our small IT and engineering departments could keep viable for the future.”

To streamline root cause analysis after system disturbances, GVEA modernized their remote engineering access system. They chose SEL as their project partner.

Implementing Layered Defenses

After completing the testing stage at SEL facilities, the project partners were ready to pilot the remote engineering access system at a GVEA transmission substation. SEL arrived on site in Alaska and, over a few days, supported GVEA substation relay technicians and IT personnel in installing, commissioning, and testing the pilot system.

Solution components include an Ethernet security gateway, housed in the substation alongside one or more SEL Real-Time Automation Controllers (RTACs) connected to substation IEDs. When a disturbance occurs on the system, IED event reports are automatically generated and pushed upstream through the RTAC and security gateway for centralized storage via SEL software.

“In the past, when our engineers or others wanted to access event reports, they’d have to connect and get access to a relay, request the event report, and hope to remember all the right key commands,” says Palchikoff. “Now the reports are all automatically stored on a central host. Users just connect to that host—they don’t need to log into individual devices—and they can look at the history of the reports and pick out the ones they’re interested in. It updates fairly quickly—within a few minutes of the event happening, the event report is available in there.”

With this system, GVEA has reduced the number of employees with direct access to substation IEDs. And to access event reports, employees no longer need to know the passwords for IEDs—just their own credentials. This is both a convenience and a security improvement.

“The system uses Active Directory to manage single sign-on to the system,” says Al Sparks, systems and network engineer supervisor at GVEA. “But from there the system takes care of the password management of the end devices. The user doesn’t need to know what the actual password is.”

Additional layers of cybersecurity include multifactor authentication, user permissions levels, access logging, and more—all working together to make the system a robustly secure method of remote engineering access that supports CIP compliance efforts.

GVEA considers this emphasis on cybersecurity essential to any grid modernization effort.

“Cybersecurity improvements—that really is grid modernization. We have to deal with modern obstacles and issues using new technology and remote access. We have to do that securely. And this system is providing that.”
Keith PalchikoffGrid Modernization Manager, GVEA
In collaboration with SEL, GVEA designed a remote engineering access system that would deliver convenient, centralized access to data—while complying with NERC CIP standards for cybersecurity.

Streamlined and Secure Analysis

For GVEA, thorough documentation was an essential deliverable for the remote engineering access project. This included documentation that would demonstrate their compliance with NERC CIP and instructions they could use to reproduce the pilot system at other substations, either independently or with support from SEL.

“We received a document from SEL that was really well designed,” says Aanrud. “It was a step-by-step process for everybody involved in the project, whether it was the relay techs out physically installing it or the IT guys doing the digital side of it.”

Following the successful pilot, GVEA rolled out the remote engineering access system at more than 15 substations. With centralized access to IED event reports, GVEA personnel can more efficiently analyze events and provide system operators or maintenance crews with the information they need to mitigate disturbances or restore service after an outage.

“If we have to go out to a transmission substation that’s, say, two hours away, with that event already in a database that our engineers can go and look at, they can start analyzing that event while we’re on our way,” says Aanrud.

And while they’ve streamlined their access to event reports, they've done so in a way that is meticulously cyber-secure.

“One of my mottos as a networking professional is ‘Don’t get famous,’” says Sparks. “We’re doing our best to keep our infrastructure secure but also allow the access that is needed to do quick troubleshooting.”

More Customer Highlights

ELES

Defending Critical Substation Communications in SloveniaView the project 

Davao Light

Creating a Better Future: Innovative Substation Modernization in the PhilippinesView the project 

Contact us

For more information about this story’s featured solution or how SEL can engineer solutions to meet your needs, contact us below.