Proven best-practices protection for enterprises and consumers

Your security is our top priority.

Nothing is more important to energy service providers and their consumers—and every other participant in the Energy Internet—than security. It’s of utmost importance to Tendril, too. In fact, protecting the data entrusted to us is our top priority, and we can prove it.

Since its inception, Tendril has incorporated cyber-security and privacy protections adhering to industry best practices and specifications into its platform, as well as provided second-to-none physical security for the Network Operations Center. We also apply security best practices throughout Tendril’s software development life cycle.

Tendril actively participates in several open alliances and working groups in an effort to adopt and advance cyber-security solutions throughout the Energy Internet, including the Cyber Security Working Group (CSWG), OpenSG’s SG Security (UtiliSec) and the Open Web Application Security Project (OWASP).

Tendril Connect™ platform: built and operated in a secure, verifiable manner

Tendril identifies, classifies and analyzes relevant threats and vulnerabilities using a risk management approach based on NIST SP 800-30. We also use a qualified third-party to perform periodic external vulnerability assessments of our infrastructure and network services. In addition, we perform an end-to-end system security profile analysis, including (but not limited to) reviews of architecture, operating procedures, deployment and hardening process, audit and event management, packet traces and patch management. The Tendril Network Operations Center is SAS 70 audited.

Security standards

Tendril incorporates the following standards throughout the product life cycle:

NIST IR 7628 – Guidelines for Smart Grid Cyber Security

ASAP-SG AMI Security Profile – Profile for securing Advanced Metering Infrastructure (AMI)

AMI-SEC System Security Requirements – Advanced Metering Infrastructure (AMI) and Smart Grid end-to-end security

NIST Special Publication (SP) 800-30 – Risk Management Guide for Information Technology Systems

NIST Special Publication (SP) 800-53 – Recommended Security Controls for Federal Information Systems and Organizations

OpenHAN – Home Area Network (HAN) device communication, measurement, and control (includes security use cases)

ZigBee Smart Energy Profile – Home Area Network (HAN) Device Communications and Information Model

Open Web Application Security Project (OWASP) – Worldwide free and open community focused on improving the security of application software

Peace of mind with security across multiple layers

The increased complexity of energy technologies and operations require solutions that are secure and reliable on every level.

Physical security

Physical security is provided by a SAS 70 Type II certified colocation partner and includes 24-hour manned security, biometric access control, video surveillance and physical locks.

Network security

Tendril employs multiple layers of commercial firewalls to build a layered defense to external network attacks. Tendril utilizes a default deny firewall ruleset. Only the minimal set of required services are active and granted access via the multi-tiered firewall. All computing and network resources are continuously monitored for service availability as well as resource constraints.

Server security

Tendril maintains the system in a secure and hardened configuration in the Tendril data center.

  • All production servers have been hardened with the Bastille Linux hardening scripts.
  • All unnecessary services and software have been removed.
  • All production servers are registered with our patch management system.
  • All operating system and application patches are tracked and audited.
  • All user accounts are controlled by a centralized account management system based on LDAP. Each user is given a unique username and password that allows them access to only the resources that they require.

Virtual security

Tendril uses a virtualized server infrastructure. Remote access to all physical servers is restricted to Tendril NOC personnel and requires the use of a specific admin virtual private network (VPN).

Application security

Communications from the customer’s home to the Tendril platform servers over broadband are secured using two-way SSL/TLS encrypted communications, ensuring integrity, confidentiality and authentication of all data in transit. Role-based access control provides deeper security, while back-office file-based interfaces are secured using SSH File Transfer Protocol (SFTP). Application data access from portals and mobile applications occurs over HTTPS and all application data access is authenticated.

Home Area Network (HAN) security

ZigBee® enabled smart meters are adopting Elliptical Curve Cryptography (ECC) at a brisk pace. Tendril’s ZigBee Smart Energy® certified devices are ECC enabled, ensuring secure HAN device joining, network formation and data transmission within the Home Area Network and with the meter.

Data security

Customer-specific network security zones and servers are utilized to ensure system segregation. Application security encrypts sensitive data at rest. All backups are stored using AES-256 encryption.

Organizational security

Tendril uses a least privilege required system of access permissions. Personnel are only given as much access as is required for them to perform their duties.

To learn more about Tendril Connect™ please contact Tendril to speak with a technical specialist today.