Security Posture
Principles and architecture ensuring grid integrity.
Layered Security Architecture
A defense-in-depth approach protects the system at every level, from the cloud to the physical hardware.
Cloud/API
No control write-access; telemetry and alerts only.
Application
Role-based auth, rate limits, IP restrictions.
Firmware/Control
Signed firmware, rollback protection, hardware logic.
Network
VLANs, MAC whitelisting, no public IPs.
Physical
Tamper sensors, physical locks, circuit lockouts.
Solar Fortress Mode Principles
Default Isolation
Critical hardware like inverters and batteries operate on isolated networks with no direct external access. The grid tie-in is physically locked by default.
- No external IP for solar inverters.
- Battery systems air-gapped or behind strict VLANs.
- Hardware relay locked by default.
Controlled Access
Access is granted on a temporary, authenticated basis. Critical overrides require physical presence and authorization, preventing remote-only attacks.
- Time-limited tokens for maintenance.
- Physical switch required for emergency override.
- Read-only dashboard access with IP whitelisting.
Cyber-Physical Separation
The web interface cannot unilaterally control hardware. It sends requests that firmware can choose to obey or ignore, ensuring software glitches don't cause physical issues.
- No critical functions tied directly to cloud actions.
- Grid disconnection logic resides in hardware only.
- Watchdog timers restore safe state on system fault.
Failsafe & Resilience
The system is designed to fail into a safe state. Firmware is signed, logs are immutable, and the system can operate autonomously if cloud connection is lost.
- Local autonomy during connectivity loss or attack.
- Firmware is cryptographically signed and version-locked.
- Logs stored locally and remotely with integrity checks.