Hubbell Power Systems Blog

Solving a Substation Network Security Flaw

Written by Hubbell Power Systems | Feb 27, 2018 4:28:00 PM

In 2014, Hubbell Power Systems, Inc. (HPS) acquired RFL Electronics, a protection and communication equipment manufacturer. The addition of RFL to HPS’ family of brands broadened our substation offering and forged a partnership between territory managers and regional sales engineers to elevate the technical expertise HPS provides its customers. Jacksonville Electric Authority (JEA) witnessed the benefit of this newly formed partnership firsthand.

BACKGROUND

JEA is the largest community-owned electric utility company in Florida with 417,000 electric customers. Around the time HPS acquired RFL, JEA was entering into an agreement with an international-based provider for substation communication and protection equipment. Despite JEA’s decision to go with a competitive product, HPS continued to call on JEA in a continued effort to understand their needs.

During a routine visits, we learned that early into their agreement, JEA began experiencing issues. Complicating matters, the current supplier was not US-based and JEA struggled to get responsive support. They were limited to one support person who serviced the entire United States.

A THREAT TO SECURITY

Already facing limited support, JEA further uncovered a security flaw in the network management system. The breach allowed anyone to access the system without providing a username/password combination. Someone could simply click on the management system platform and open a connection to the device. For JEA, “free access” was a critical breach of their security requirements.

DEDICATED SERVICE AND SUPPORT

HPS Territory Manager, Sheldon Weeks, and RFL Regional Sales Engineer, John Merryman, conducted a customer meeting with JEA. Understanding their issues, “We engaged JEA and offered them a product demo of our eXmux,” said Weeks. “This consisted of us shipping two eXmux units to JEA, and going on site to deploy the product at two substations.”

This meeting was a joint effort between JEA’s communications team and their NERC CIP security group, with a lot of detailed discussions around how the RFL eXmux could help them meet NERC CIP security guidelines. “We were able to address all of their concerns through these discussions,” said Merryman. “We were able to showcase our knowledge of NERC CIP requirements by sharing the training and information we created to help utilities understand NERC CIP guidelines.”

Next, we conducted our field study simulation where we deployed the eXmux units into the selected substations. We connected the eXmus to their existing carrier Ethernet equipment, substation IEDs, relays and RTUs. These simulations demonstrated the easy migration from existing RFL IMUX connections over to the RFL eXmux equipment, without experiencing any issues.

HIGH RELIABILITY

During the last part of our simulation, we demonstrated the eXmux feature called “hit-less operation.” This capability takes critical traffic, typically the relay traffic, transfers the message from the relay, duplicates it, and sends it out on both network links connected to the eXmux. In this instance, one network link was connected directly to our eXmux while the other fiber connection went through JEA’s existing Ethernet carrier equipment.

We were able to simulate failures by pulling fiber connections throughout the network, and JEA observed that the eXmux hit-less operation kept things running without problems. Merryman explained, “The eXmux would actually take that relay message, duplicate it and send it out on both paths. So if you did have a failure somewhere on one side of the network, the message would still reach the end relay device.” The hitless capability and security offering were enough for JEA to switch to the RFL eXmux.

THE HUBBELL DIFFERENCE

At Hubbell Power Systems, we don’t walk away from a problem. In addition to local service, we provide engineering support, design support and technical expertise to solve our customers’ problems. “Sometimes it would take a day or two of troubleshooting, and John would be there the whole time in the substation working with [JEA], helping in the design,” said Weeks.