With streamlining root cause analysis in mind, among other goals, GVEA embarked on a project to enhance remote engineering access to IEDs in transmission substations. They envisioned convenient, centralized access to the event reports produced by IEDs, which would help them diagnose issues faster and, ultimately, improve their reliability.
“There were some instances where it could take two hours after an incident to get the event information and then another couple hours for an engineer to look at it,” says Sarah Aanrud, a GVEA relay technician. “This system had the potential to cut down on incident time in cases like these.”
But for the project to succeed, GVEA would need to meet two goals that, with a less careful approach, could be at odds: providing engineers and operations staff with convenient access to data via high-speed communications, while also upholding strict cybersecurity standards.
Partnership Produces a Custom Solution
In addition to powering the homes and businesses of interior Alaska, GVEA serves large industry and military sites common to their region and the state.
“We take our responsibility seriously as the only utility serving the interior of Alaska,” says Palchikoff. “This project has allowed us to demonstrate our emphasis on secure access.”
At the time GVEA was preparing to improve remote engineering access, Alaska was developing critical infrastructure protection (CIP) standards, modeled on NERC CIP, which sets the security standards for the bulk power system serving the contiguous United States, eight Canadian provinces, and one state in Mexico.
GVEA sought a modern remote access solution that would also comply with NERC CIP, and therefore, the Alaska-specific cybersecurity standards in development. They found a project partner in SEL, who manufactures the bulk of their protective relays (i.e., IEDs that produce the event reports GVEA wanted streamlined access to) and had supplied the utility with a previous generation of remote access technology.
“We almost exclusively use SEL products for our relaying and protection,” says Palchikoff. “And an Ethernet security gateway from SEL was a good fit for interacting with SEL IEDs at the other end. So we approached SEL, and we asked them what they could do to help us.”
With SEL as their project partner, GVEA embarked on designing the remote access system. GVEA recognized that a custom approach was needed: for their small utility to successfully implement, maintain, and scale the system, it would need to deliver security and convenience while remaining simple.
“We needed something with a smaller footprint,” says Palchikoff. “So SEL worked with us. We were able to refine the design and get it down to a more compact architecture that our small IT and engineering departments could keep viable for the future.”
Streamlined and Secure Analysis
For GVEA, thorough documentation was an essential deliverable for the remote engineering access project. This included documentation that would demonstrate their compliance with NERC CIP and instructions they could use to reproduce the pilot system at other substations, either independently or with support from SEL.
“We received a document from SEL that was really well designed,” says Aanrud. “It was a step-by-step process for everybody involved in the project, whether it was the relay techs out physically installing it or the IT guys doing the digital side of it.”
Following the successful pilot, GVEA rolled out the remote engineering access system at more than 15 substations. With centralized access to IED event reports, GVEA personnel can more efficiently analyze events and provide system operators or maintenance crews with the information they need to mitigate disturbances or restore service after an outage.
“If we have to go out to a transmission substation that’s, say, two hours away, with that event already in a database that our engineers can go and look at, they can start analyzing that event while we’re on our way,” says Aanrud.
And while they’ve streamlined their access to event reports, they've done so in a way that is meticulously cyber-secure.
“One of my mottos as a networking professional is ‘Don’t get famous,’” says Sparks. “We’re doing our best to keep our infrastructure secure but also allow the access that is needed to do quick troubleshooting.”