Information is a basic building block in any platform, in the same way as developers, premises and equipment. Information expresses knowledge or messages in a concrete form. We can communicate information, store it, refine it and control processes with it – we simply need it for most of what we do. Therefore, information is valuable, even vital and needs to be protected based on the needs. If such information is lost or incorrect, it can have catastrophic consequences. We need to protect our information so that:
– it is always available when we need it (availability)
– we can trust that it is correct and not manipulated or destroyed (integrity)
– only authorised persons may take part in it (confidentiality)
When dealing with information security in any way, a fundamental principle to apply is prevention first. This means to ensure that an appropriate security and privacy plan has been designed and put into place before the phases of software or system development have started. In this way, the data (information) that will be handled on such system will be identified, determining how the data will be used, with which technologies. From this, the best practices and legal requirements will be identified.
In the demand response world specifically, often privacy is not even mentioned in its implementation, despite being one of the most relevant concerns for users which can hinder their engagement in a demand response program. Given that user engagement is not only essential but an aspect we are seeking to further increase in this project, it is vital to ensure that data and information is kept secure, and the users are aware of such security practices.
Therefore, in DR-RISE project, privacy is considered a fundamental cornerstone of the overall project. On the technological side, DGS has designed the architecture to minimize the amount of information shared using modular smart nodes. On the information security side, DGS is concerned with designing the security-by-design plan for all data being handled on the platform and across the various modules. By its nature, information security includes the three aspects: confidentiality (i.e. privacy), integrity and availability. Thus, the plan will include privacy-by-design. This plan will then be followed throughout all stages of system development.
Designing the security plan
