How we protect your operations
ECC handles control-path commands to grid-connected energy assets. Security is treated as a default, not a checkbox.
Transport + identity
All edge-to-cloud telemetry is encrypted with TLS over AMQP, terminated at Azure IoT Hub. Every dashboard request is HTTPS-only with HSTS. User sessions use JWT in HttpOnly cookies with SameSite=lax, a per-user lastLogout field for cross-device invalidation, and account lockout after 5 failed login attempts within 15 minutes. Inactive accounts are rejected at JWT verification time, not just at login.
Tenant isolation
Every database query is constructed through a tenant-filter helper that derives the customer scope from the authenticated user. Cross-tenant access returns 404, never 403, so no information about other customers' existence is leaked through error codes. The isolation invariant is verified by an automated test suite (test_tenant_isolation.py) that runs on every commit.
Audit chain
Every mutation in the platform — login, configuration change, command issued, user invited or removed — is appended to a hash-chained audit log. Each entry stores a SHA-256 digest over (previous entry's hash + canonicalised entry payload). A scheduled job verifies the chain hourly; a break alerts to Discord and refuses further audit writes until investigated. This satisfies the NIS2 directive's logging obligations.
Remote commands
Write commands to devices are server-resolved against an operations catalogue stored per device type, not constructed from raw client input. Only registers explicitly whitelisted as Function Code 6 writable can be the target of a command. Every command requires explicit confirmation in the UI, is rate-limited per user, and is recorded in the audit chain with the resolved Modbus address.
Disclosure
Suspected security issues in ECC: email [email protected] with the subject "Security disclosure". Acknowledgement within one business day. Published disclosure policy at /.well-known/security.txt.
Penetration testing
Internal adversarial testing runs continuously through the test suite. External penetration testing scheduled for Q3 2026 after the second production customer onboards.