Schneider Electric has designed the IoT data transfer processes, storage, access and management operations to be compliant with the EU power Utility data security requirements.
Remote Sensor Security
The data contains no location information or direct load information. There is no direct sensor-to-customer network interface, nor any backdoor access to the customer’s network, as all data is transferred over the 3G/4G network. The files are stored in a Linux operating system and so are protected against data damage using the protection processes of the operating system.
Network Connection Security
Schneider Electric uses a power controlled 3G/4G interface to the internet via an IP-address-limited VPN managed by the network provider. Sensor data upload is conducted at a different and random connection time each day using a new (session-allocated) IP address. The 3G/4G interface is on-line for < 2 minutes per day solely for uploading data and is otherwise powered down. Data is encrypted before transmission with AES-256 using a heavy memory/hardware Key Derivation Function (KDF) algorithm.
It can only be decrypted if it is undamaged. The encryption process includes a checksum. This restricts even a part file from being decrypted correctly. Any damage of even 1 byte would result in a complete scramming of the output. This ensures transfer integrity to the very highest level.
Data Transfer and Back-end Security
Schneider Electric uses a novel data upload format and the logger connects to a dedicated clearing site. There is no direct access from the logger to the Schneider Electric back-end processing server. Data integrity of upload is checked prior to ingestion and storage in a firewalled/AES-256 encrypted database. Raw data from the sensors is stored in a separate database which contains no identifiable information, making it impossible to link data to a transformer/customer, without access to the other databases.
User Data and Dashboard Website Security
Schneider Electric uses an encrypted upload from the back-end processing service to the user-accessible website with secure password and HTTPS encrypted access for users. Schneider Electric operates benchmark password security including password hardness management. The user interface only holds and displays processed plot-based data and outputs i.e. no raw data. The user interface has no system-stored linkage between data and a user site (transformer location /site name) other than that entered (at the discretion) of the user.
API Security
Schneider Electric provides a REST based API that returns structured JSON data. API keys, generated by an organisation's user admin on demand, protect data from unauthorized access.
Comments
0 comments
Please sign in to leave a comment.