As recent examples such as Ivanti, ConnectWise, Snowflake, and even Microsoft show, no company or organisation is infallible to cybersecurity threats. In a world where risk changes constantly, there is no such thing as “100% secure”.
So, rather than looking for a meaningless zero-risk guarantee from your energy solution providers, you should be looking at whether a provider:
– Takes security seriously by applying the proper weighting to issues
– Structurally reduces your risk in the first instance (for example, by using effective organisational structures, tools and practices etc.)
– Responds to any cyberthreats rapidly and decisively
– Communicates openly and honestly about risks
Here at GivEnergy, we’re committed to all the above. We invest heavily in making our systems and applications as secure as we can.
And, as the latest proof of that commitment, we’ll share a real-world example with you.
The context
Perhaps, when you bought from GivEnergy, you bought your system on the strength of its supporting software. But did you also know about the security offering behind those clever features in your dashboards?
GivEnergy is the only global battery storage manufacturer that operates with a UK software and data team.
Our company is UK owned, our cloud and app software is fully written by our internal, UK-led team, and all customer data is hosted in UK/EU clouds. (Or the relevant location according to data protection rules where you are based.)
Let’s share some fast facts:
💂♂️ All app & portal development, testing, security & IT operations take place in our UK HQ
💻 We employ an internal team of 30+ software engineers to continually hone what is widely acknowledged as the most powerful app / portal in the industry
👨💻 Our software department runs as its own separate legal entity to keep our critical digital assets secure and isolated within the UK only
☁️ All data from each and every UK GivEnergy battery storage system – commercial and residential alike – is hosted in the UK (and similarly for other geographies) within best in class cloud data centres – governed by UK and EU GDPR data laws
So, why does this matter? According to the Cabinet Office, an attack on the UK’s energy network is now a ‘major risk.’
Imagine if a bad actor could exert influence shutting down a rival nation’s power stations? Imagine if they could cut homes and businesses off from their power supply?
That’s why it’s critical that our infrastructure is protected, and why we go to such lengths to minimise risk.
And, should risk arise, you can rest assured that we react immediately and resolutely. Take the below incident that occurred recently.
The incident
In July, a security flaw in our API encryption approach was highlighted by a highly skilled white hat security researcher, Ryan Castellucci, who is also a member of our expert user community.
The vulnerability discovered, in certain scenarios could have allowed brute forcing of the API key encryption resulting in unauthorised access to GivEnergy accounts. This was due to a weakness in the encryption protecting our API keys.
Unrectified, malicious use of the flaw could have exposed personal information or have allowed reconfiguration of inverters. We confirmed via our logs that no such exploitation actually occurred in this instance, however clearly even the possibility of this occurring was serious.
So, what did we do?
Our open approach – built on our history of community collaboration – enabled us to work with the security researcher collaboratively and directly communicate to address the issue head on. (Rather than viewing it as something to obfuscate or avoid acknowledging.) We also actively engaged with Ryan to take further proactive steps to improve our security posture.
Our agility – with our fully insourced product development – enabled us to investigate, understand, and fix the newly identified security flaw in production within 6 hours of it being reported.
Not months, not weeks, not days. Hours.
GivEnergy security – as with any company’s security – can never be completely infallible. However, our commitment, transparency and our level of investment mean that:
a) Risk is minimised in the first instance
b) We’re lightning-fast in the event of a flaw being found
The continued investment
We continue to invest heavily in cybersecurity. As well as our hardware being ETSI certified, GivEnergy is en route to ISO27001 certification & CAF compliance.
Plus, we’re constantly rolling out firmware updates to keep our hardware at the forefront of security best practices. Meanwhile, from a people perspective, we heavily invest in human resource to bring the best and the brightest to our software team to keep our knowledge up to date.
Couple these investments with our long term commitment to third-party & community support – through our official public API and local control options – and we are confident that this will allow us to make GivEnergy kit the most secure on the market. Sustainably.
Ultimately, it is this continued investment and transparency that makes our position unique in a field that is dominated by outsourced and white labelled products masquerading as originals.
GivEnergy security – the TL;DR:
Here at GivEnergy, security is paramount. We work – and will continue to work – hard to protect you. While nothing is infallible and incidents may arise, our transparency and collaborative approach allows us to move faster than our competitors and to provide a level of responsiveness that is best in class.
