Physical isolation for wind, solar and battery storage sites
Renewable generators run a fleet of remote sites with heavy OEM remote access into turbines, inverters and battery management. Firevault Control puts a real boundary between the office, the OEM zone, the fleet operations centre and the controllers behind them.
Utilities - Renewables and BESS
When OEM access, fleet operations and site control share the same paths, every vendor incident becomes a candidate for a fleet-wide outage.
100%
Site SCADA isolation from corporate IT
Zero
Persistent OEM access to inverter or BMS controllers
6
Control modules deployed per renewable site
Full
Evidence for NIS2 and Grid Code expectations
Renewables carry vendor risk that other operators have spent decades trying to avoid.
OEM remote access by default
Turbine, inverter and BESS vendors expect persistent remote access into their kit for monitoring and firmware. That is a standing connection into operations.
Fleet operations across many sites
Remote operations centres run dozens of sites at once. A compromise in the ROC can cascade to every site it manages.
Grid Code and curtailment control
Curtailment, setpoint and Grid Code response commands flow into inverter-based resources from the fleet operations centre. Those commands have to be trustworthy.
The Scenario
Scenario: OEM portal compromise across a wind fleet
Attackers compromise the OEM remote support portal used to monitor a wind fleet. From there they pivot through the persistent VPN into the fleet operations centre and push a malicious firmware payload to turbine controllers across multiple sites. Several sites curtail to zero output for the rest of the day. With Firevault Control, OEM access opens only on scheduled, brokered windows. Firmware updates that cross into a site require named, multi-party approval. The fleet operations centre and the per-site SCADA sit on separate fabrics, so a ROC compromise cannot walk straight into every site. Verified baselines for turbine and inverter configuration are held on infrastructure that has no live network path to production and require multi-party authorisation to release.
"Our biggest standing connection was never an attacker. It was a vendor. That is the gap to close."
Where each Control module is deployed across wind, solar and battery storage.
Renewable generators run a fleet of remote sites with heavy OEM remote access into wind turbines, inverters and battery management. Control puts a real boundary between the office, the OEM zone, the site SCADA and the inverter and battery controllers behind it.
Grounded in NIST SP 800-82 Rev. 3, IEC 62443-3-2, IEC 61400-25 and Grid Code requirements for inverter-based resources.
Cloud / Internet
External
Market and cloud traffic terminates at the perimeter.
Enterprise
IT
Office and trading systems.
Office and trading systems.
OEM paths exist on a schedule and not a minute more.
OEM / vendor zone
DMZ · trust boundary
Turbine and inverter OEM access opens on a schedule only.
Turbine and inverter OEM access opens on a schedule only.
OEM activity into fleet operations is named, checked and approved.
Fleet operations
OT
Remote operations centre across the fleet.
Remote operations centre across the fleet.
Fleet ROC and site SCADA on separate fabrics.
Site supervisory
OT
Per-site control view.
Per-site control view.
Curtailment, setpoints and firmware need approval before they move.
Basic control
Field
Wind, solar and battery controllers.
Wind, solar and battery controllers.
Turbine, inverter and battery devices tie to named engineers.
Physical
Field
Crown jewels
Off-network
Detail callout · A
Offline Secure Storage
Turbine and inverter configurations, BESS baselines, grid code settings and the recovery sets you need after a vendor incident.
Offline by design · secure by defaultModules & symbols
Where each module is deployed, and what it does there.
One row per module. Placement on the network, then plain-English purpose at that point.
-
Isolate
At every zone boundary on the diagram
Office, OEM, fleet ROC and site SCADA all sit on separate physical fabrics. An OEM compromise cannot walk into the fleet.
-
Firebreak
On the L5 to L4 link
A real off switch on the public boundary when an incident is in flight.
-
Relay
On the OEM link
OEM connections exist for the window of work and not a minute more.
-
Unlink
On the OEM link
When an OEM engagement or maintenance window ends, Unlink removes the persistent connection and the inherited trust.
-
Validate
On the L5 to L4 link and the OEM link
Firmware and engineering traffic is checked for origin, integrity and authority before it reaches fleet operations.
-
Execute
Inside the OEM link and on the L2 to L1 link
Firmware, curtailment and setpoint changes hold until the right authority signs them off.
-
Lock
On the OEM link and the L1 to L0 link
Access to turbines, inverters and batteries ties to named engineers. Standing access is the exception.
Featured In
'%3e%3cpath%20fill='%23E40784'%20d='M141.363%2026.6a5.905%205.905%200%200%201-5.899-5.9%205.905%205.905%200%200%201%205.899-5.895%205.901%205.901%200%200%201%205.895%205.895%205.9%205.9%200%200%201-5.895%205.9Zm0-8.347a2.448%202.448%200%200%200%200%204.895%202.449%202.449%200%200%200%202.447-2.448%202.449%202.449%200%200%200-2.447-2.447ZM141.363%200c-.821%200-1.638.052-2.447.144v3.731a16.897%2016.897%200%200%201%202.447-.177c9.373%200%2017.002%207.626%2017.002%2017.002%200%20.825-.063%201.642-.177%202.448h3.732c.095-.81.143-1.627.143-2.448%200-11.411-9.285-20.7-20.7-20.7Z'/%3e%3cpath%20fill='%23E40784'%20d='M141.363%207.268c-.825%200-1.645.077-2.447.228v3.787a9.733%209.733%200%200%201%202.447-.313c5.369%200%209.734%204.368%209.734%209.734%200%20.832-.107%201.652-.313%202.447h3.783c.151-.802.228-1.623.228-2.447.004-7.412-6.024-13.436-13.432-13.436Z'/%3e%3cpath%20fill='%23fff'%20d='M71.382%207.537h-2.84a5.82%205.82%200%200%200-5.815%205.818v9.785h4.037v-9.789a1.78%201.78%200%200%201%201.777-1.777h2.841V7.537ZM80.539%2019.1a3.787%203.787%200%200%201-3.783-3.784%203.787%203.787%200%200%201%203.783-3.783%203.787%203.787%200%200%201%203.783%203.784%203.787%203.787%200%200%201-3.783%203.783Zm0-11.6c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82%201.372%200%202.66-.357%203.78-.982v.982h4.036V15.32c.004-4.313-3.503-7.82-7.816-7.82ZM41.806%2018.71a5.512%205.512%200%200%201-4.34%202.1%205.55%205.55%200%200%201-5.541-5.541%205.55%205.55%200%200%201%205.542-5.543c1.696%200%203.279.766%204.339%202.102l.088.114%201.656-1.656-.077-.092a7.865%207.865%200%200%200-6.01-2.797c-4.339%200-7.871%203.533-7.871%207.872s3.532%207.871%207.871%207.871a7.865%207.865%200%200%200%206.01-2.797l.077-.091-1.656-1.656-.088.113ZM19.479%207.397c-4.34%200-7.872%203.53-7.872%207.872%200%204.342%203.533%207.871%207.872%207.871a7.883%207.883%200%200%200%207.205-4.71l.081-.18H24.15l-.037.058a5.543%205.543%200%200%201-10.05-1.873h13.2l.015-.11c.048-.357.073-.714.073-1.053%200-4.346-3.529-7.875-7.871-7.875Zm-5.417%206.705a5.54%205.54%200%200%201%205.417-4.376%205.54%205.54%200%200%201%205.417%204.376H14.06ZM46.192%2023.14h2.33v-8.847a4.599%204.599%200%200%201%204.593-4.592%204.599%204.599%200%200%201%204.592%204.592v8.844h2.33v-9.149h-.008a6.887%206.887%200%200%200-2.082-4.648%206.89%206.89%200%200%200-4.832-1.972%206.863%206.863%200%200%200-4.593%201.751V.545h-2.33V23.14ZM2.686%207.393H0v2.33h2.686v8.471a4.944%204.944%200%200%200%204.94%204.939h2.435v-2.33H7.625a2.613%202.613%200%200%201-2.609-2.612V9.726h3.772v-2.33H5.016V1.84h-2.33v5.553ZM101.968%208.457a7.721%207.721%200%200%200-2.547-.858c-.088-.014-.177-.03-.265-.04-.1-.011-.199-.022-.302-.03a9.993%209.993%200%200%200-.574-.029c-.022%200-.04-.004-.062-.004h-.037c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82h.037c.25%200%20.496-.014.743-.04l.037-.003a7.742%207.742%200%200%200%203.003-.939v.979h4.037L106.005.537h-4.037v7.92Zm0%206.863a3.788%203.788%200%200%201-3.769%203.78%203.786%203.786%200%200%201-3.76-3.78c0-2.08%201.688-3.772%203.764-3.78a3.787%203.787%200%200%201%203.765%203.78ZM119.75%2023.11h4.037V15.299c-.011-4.302-3.515-7.798-7.82-7.798-4.313%200-7.821%203.507-7.821%207.82%200%204.313%203.508%207.82%207.821%207.82%201.372%200%202.66-.357%203.783-.982v.953Zm-3.783-4.01a3.786%203.786%200%200%201-3.783-3.784%203.786%203.786%200%200%201%203.783-3.783%203.79%203.79%200%200%201%203.783%203.78v.003a3.787%203.787%200%200%201-3.783%203.784ZM132.273%207.5a5.824%205.824%200%200%200-5.818%205.818v9.822h4.037v-9.822a1.78%201.78%200%200%201%201.777-1.777h2.841V7.5h-2.837ZM173.736%2020.807a5.534%205.534%200%200%201-5.527-5.527%205.534%205.534%200%200%201%205.527-5.528%205.535%205.535%200%200%201%205.528%205.528%205.535%205.535%200%200%201-5.528%205.527Zm0-13.399a7.852%207.852%200%200%200-5.527%202.274V7.393h-2.344V30h2.344v-9.127a7.836%207.836%200%200%200%205.527%202.275c4.339%200%207.872-3.533%207.872-7.872s-3.533-7.868-7.872-7.868ZM186.735%2023.14h-2.385v-9.81a5.84%205.84%200%200%201%205.833-5.834h2.848v2.385h-2.848a3.45%203.45%200%200%200-3.448%203.448v9.811ZM202.813%209.774a5.535%205.535%200%200%200-5.528%205.528%205.535%205.535%200%200%200%205.528%205.527%205.534%205.534%200%200%200%205.527-5.527%205.534%205.534%200%200%200-5.527-5.528Zm0%2013.4c-4.339%200-7.872-3.533-7.872-7.872%200-4.34%203.533-7.872%207.872-7.872s7.872%203.53%207.872%207.872c0%204.339-3.533%207.871-7.872%207.871Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h210.68v30H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Key Capabilities
Sovereign generation data
Operational and Grid Code data remains within the agreed jurisdiction in carefully selected Firevault Bunkers.
Multi-party control
Curtailment, setpoint and firmware actions require sign-off from both fleet operations and security teams.
Regulatory evidence
Continuous compliance evidence for NIS2 and Grid Code cyber expectations for inverter-based resources.
Out-of-band management
Cellular and dedicated paths keep the control plane reachable when primary networks are compromised.
Tamper-proof logging
Every access, configuration change and curtailment command lands in immutable logs on physically separate infrastructure.
Verified configuration baselines
Verified baselines of turbine, inverter and BESS configuration enable a known-good restore of control-plane state.
Demo to Live
Adoption Guide
Network assessment
Map every path between corporate IT, OEM portals, the fleet operations centre and per-site SCADA to identify standing vendor connections.
Zone architecture design
Design physically separated zones aligned to OEM, fleet and per-site boundaries, with Control modules at each one.
Non-production pilot
Deploy in a test environment mirroring a single site and the ROC with full zone separation, multi-party authorisation and compliance logging.
Operational deployment
Full deployment across the renewables and BESS estate with verified configuration baselines, continuous compliance evidence and 24/7 out-of-band management.
Network assessment
Map every path between corporate IT, OEM portals, the fleet operations centre and per-site SCADA to identify standing vendor connections.
Zone architecture design
Design physically separated zones aligned to OEM, fleet and per-site boundaries, with Control modules at each one.
Non-production pilot
Deploy in a test environment mirroring a single site and the ROC with full zone separation, multi-party authorisation and compliance logging.
Operational deployment
Full deployment across the renewables and BESS estate with verified configuration baselines, continuous compliance evidence and 24/7 out-of-band management.
Explore More
Control for Utilities
The parent view across power, water and gas networks.
Learn more about Control for UtilitiesControl for Energy
Transmission, distribution and substation control.
Learn more about Control for EnergyControl for Critical Infrastructure
National-grade security for essential services.
Learn more about Control for Critical InfrastructureIT/OT Convergence Threat
Physically separate IT from operational technology.
Learn more about IT/OT Convergence ThreatQuestions
Frequently Asked
Speak to the team to organise a PoC
Walk through your blueprint with the Firevault team and scope a proof of concept on your estate. 30 minutes, no sales pitch.