The department for Business, Energy and Industrial Strategy (BEIS) launched an innovation fund – the Energy Entrepreneurs Fund (EEF) which aimed at supporting the development of innovative technologies and/or processes in the areas of energy efficiency, power generation, and heat and energy storage. Through EEF, BEIS has successfully supported a total of 113 projects, awarding grants to a value of over £50m.
Among the projects, Verv, a London-based company founded in 2015 and operating in the energy sector, had received support from BEIS for their innovative smart home hub.
The company specialises in high-frequency disaggregation, machine learning and data analytics, with the purpose of making homes and buildings smarter and more efficient.
The Verv device is a mains-powered smart home hub that connects directly to the electricity meter. It uses machine learning to perform device recognition, allowing the user to identify key appliances in the home and check running cost in real time. It supports fault prediction, home protection, financial calculations and environmental impact the more it learns about your home. With an easy to follow front-end app for the analysis output, and with a cloud service that stores key data, energy statistics and disaggregation results are easily shown.
It further uses patented AI technology to analyse electricity data and appliance usage in the home straight from the mains, to unlock unique insights and create new smart home experiences for consumers.
In addition, by incorporating blockchain technology into the hub, Verv enables peer-to-peer energy trading via a proprietary platform. This allows households with solar panels to sell any excess energy that they generate straight to their neighbours, improving access to cheaper green energy and providing a return to those who have invested in renewables.
Over the last decade, the scale of cyber-attacks have increased dramatically. The number of attack vectors enabled by the increasing internet facing interface points, coupled with the rapid development of the Internet of Things technology, have created the need for robust security to address increasing concerns amongst consumers and stay compliant against regulations and security best standards.
Securing the edge device and its associated services is a fundamental step that allows service providers to ensure that they protect customer data, build trust, and maintain reputation.
Verv knows the importance of carrying out independent assessments of their product, and appointed Gemserv as a trusted advisor. Gemserv was able to offer expertise around securing the Verv device against security best practices and to best ensure compliance with existing and upcoming regulations, allowing Verv to strengthen their product roadmap.
Based on the agreed scope, Gemserv conducted a comprehensive assessment, composed of two distinct phases:
- Evidence-based Assessment
- Product Testing (Penetration Testing)
To complete phase one of the engagement, Gemserv gathered key information and supporting documentation required to the security characteristics of the solution. Collaborating closely with the team at Verv, we were able to identify the strengths and areas of improvement.
The second phase of the engagement was penetration testing the product. This is done to find security vulnerabilities that an attacker could exploit. The process involves gathering information and attacking the device through reverse engineering and hacking tools. Test areas include – Hardware, software binaries, firmware, and communication interfaces.
A confidential report was provided clearly showing the status of each security objective, through a Red, Amber, Green (RAG) evaluation system.
As part of the process, Gemserv provided Verv with a list of mitigation actions and countermeasures that can serve as a starting point to achieve full compliance against the DCMS Code of practice.
How was Gemserv to work with?
It was a positive experience; Gemserv were proactive with sessions and prioritised face to face sessions to better understand our technology for the report.
Did our solution accomplish your objective(s)?
Yes, a very comprehensive report was delivered with a RAG status for clear identification of security elements.
What benefits did you see or plan to see because of this work immediately?
The main output was assurance that our plans are correct and that we’re focused on the correct areas of our tech stack.
What benefits should you see because of this work over time?
This will serve as a good reference point and enable us to keep improving as our technology scales.
Becky Haworth – Communications Manager, Verv