System Security and Data Protection

A digital energy services platform deployed at scale provides great opportunities in terms of customer engagement and recurring service-based revenue streams. However, unless it is built on a foundation that was designed to be secure and compliant with data protection regulations, its risk profile could be intolerably high, not only for the company providing the digital energy services but to the nation’s energy infrastructure as a whole.

While most information technology professionals understand the principles of cyber security as they relate to cloud-based SaaS (software as a service) solutions, they cover only a small part of the attack surface of an end-to-end digital energy services platform. In-depth knowledge of the attack vectors associated with IoT (Internet of Things) devices, in this case the in-home device that collects meter information and sends it to the cloud, is much less widespread. However, as the Mirai Botnet incident demonstrated, a large installed base of permanently-connected and often badly secured IoT devices is a very attractive target for cyber criminals because it can be used to create powerful botnets. If a fleet of IoT devices provided by a single blue-chip company was hijacked in this way, the resulting reputational damage could be enormous.

Delivering security for an IoT solution requires an end-to-end secure design philosophy, supported by an information security management system such as ISO 27001, and regular penetration testing of key components.

Secure IoT devices will be designed and developed to the latest best practices in the following areas:

  • Operating System (OS) – Good system design recognises that no OS is 100% secure and that any product vulnerabilities discovered may be exploited unless they are patched using firmware updates. The ability to update the device OS however creates opportunities for cyber-attacks, so validation of firmware updates to prevent malware injection and unauthorised 3rd party software installation is critically important.
  • IO Port, Bus and Physical Access – Data that is of interest to hackers (including personal data or passwords) may be stored persistently on the device, so it is important that unauthorised users who have physical access to the device cannot obtain this data via hardware interfaces including UARTs, memory interfaces and JTAG interfaces.
  • Data Storage and Transfer – Data stored persistently on the device should be secured by means of encryption and/or storage in hardened components. Transfer between system components and between the device and the cloud should use encrypted communications interfaces.
  • Security Certificates – All access to and data transfer from devices should be protected using well-managed security keys and verification certificates with an appropriate cypher strength. Device-specific keys provide much better overall security as one set of keys being compromised doesn’t leave the entire device population open to exploits. 

To ensure end-to-end security of the digital energy services solution, these secure design principles need to be mirrored in the cloud platform.

Cloud platforms should use the following security best practices:

  • Secure Perimeter – The best way to secure virtual machines and other service components is to ensure they are not exposed to the public Internet. For system components that cannot be isolated fully, only essential ports and interfaces should be exposed. Secure IoT cloud platforms tend to use Amazon’s Virtual Public Cloud (VPC) or similar approaches to provide advanced security features, such as security groups and network access control lists, to enable inbound and outbound filtering at the instance level and subnet level.
  • Access Control and Proactive Intrusion Detection – Access to systems should be limited to authorised personnel and their access should be limited strictly to the level required to do their job and logged for forensic analysis in case of an incident. The use of powerful proactive intrusion detection technologies such as Amazon’s GuardDuty ensures that any unauthorised access attempts are detected early on and made available for review.
  • Operating System Updates and Security Patches – Any OS security updates and application patches should be applied in a timely manner to ensure old and newly identified vulnerabilities are not left open for exploitation.
  • Data Protection – The cloud platform should only store data that is required for the provision of services covered by the contract between the relevant parties and with informed consent from the consumer. Personal data should, where possible, be physically separated from all other data or logically isolated using adequately strong encryption and appropriate key management.

In summary, there are many important system security and data protection aspects which all need consideration during the technology evaluation and selection stages, as well as on an ongoing basis while the digital energy services are operational. Security is a moving target, requiring continuous improvement through upgrading product designs with new, more secure technologies and approaches as they become available.

About the authors

This white paper was written by Rik Temmink (Chief Data Services Officer) and Adrian van den Heever (Chief Technology Officer) of geo, the UK’s leading smart energy technology company. If you would like to explore the topics discussed in this white paper in more detail, please contact geo by phone on +44(0)1223 850 210 or by email at marketing@geotogether.com.

Download the full white paper here