Schneider Electric has designed the IoT data transfer processes, storage, access, and management operations to be compliant with the EU power Utility data security requirements.
Remote Logger Security
The design philosophy assumes there is no physical public access to logger hardware. All data transferred from site is anonymous and AES encrypted. The data contains no location information or direct load information. There is no direct Logger-to-Customer network interface nor backdoor access to the customer’s network.
Network Connection Security
Schneider Electric uses a power controlled 3G/4G interface to the WAN via an IP-address-limited VPN managed by the network provider. Logger upload is conducted at a different random connection time each day using a new (session- allocated) IP address. The 3G/4G interface is on-line for < 2 minutes per day solely for uploading data and is otherwise powered down. Data is encrypted before transmission with AES-256 using a heavy memory/hardware KDF.
Data Transfer and Backend Security
Schneider Electric uses a novel data upload format (double encryption in V2 logger), where the logger connects to a dedicated clearing site. There is no direct access from the logger to the Schneider Electric backend. Data integrity of upload is checked prior to ingestion and storage in a firewalled/AES-256 encrypted database. Raw data from the loggers is stored in a separate database that contains no identifiable information, making it impossible to link data to a transformer/customer, without access to the other databases.
User Data and Display Site Security
Schneider Electric uses an encrypted upload from backend to user-accessible web site with a secure password and HTTPS encrypted access for users. Schneider Electric operates benchmark password security including password hardness management. The user interface only holds and displays processed plot-based data and outputs - no raw data other than on special arrangement. The user interface has no system stored linkage between data and a user site (transformer location /site name) other than that entered (at the discretion) of the user.