May 21, 2019
3 min read

Sensformer® and cyber security

The Sensformer® IoT device allows key transformer data such as oil temperature, oil level and inductor current to be securely sent to a cloud service with the help of automatic registration and cryptographically secured communication between the device and the cloud service.

The challenge of secure registration and data transfer

Sensformer® is a new product class of connected transformers. Sensors installed on the transformer measure key performance data such as oil level, oil temperature and inductor current. The data can then be transmitted from the Sensformer® IoT device on the transformer to Siemens Energy’s cloud service where it can be visualized and evaluated via dashboards or correlated with environmental data such as weather information. The transmitted data can be used to optimize operation and act as an eye to the grid for the transmission grid operator. When dealing with this kind of sensitive data, cyber security is of utmost importance. While the registration of the Sensformer® IoT devices with the cloud service needs to be user-friendly, it must be ensured that the transfer of customer data from the Sensformer® IoT device to the cloud service is secure at all times.

Encrypted TLS connection

As one of the main founders of the Charter of Trust initiative, cyber security is fundamental for Siemens Energy. In order to securely connect Sensformer® IoT devices to the cloud service, the devices are equipped with device specific private keys and corresponding certificates during production. These certificates are issued by Siemens Energy’s Product PKI Services, which are hosted in Siemens Energy’s highly secure Trust Center. Streamlined processes ensure that the issued certificates, which confirm that the device is a specific Siemens Energy device with a dedicated serial number, are provided to the correct devices. The device’s private key is used for client authentication when establishing a secure TLS (Transport Layer Security) connection between the Sensformer® IoT device and the cloud service. In addition, it’s possible to automatically register the devices at the cloud service.

After successful registration and client authentication with the device’s private key, communication between device and Siemens Energy cloud service is TLS protected and can therefore be neither spoofed nor modified during transmission.

A high level of security for Sensformer® customers

Solution design allows automatic registration of Sensformer® IoT devices with the cloud solution. The registration process is cryptographically protected by key material that is securely introduced into devices as part of the production process. The certificates for the utilized public key based mechanisms are issued by Siemens Energy’s Product PKI Services which are securely operated in the Siemens Energy Trust Center. After authentication with device specific keys communication between devices and cloud infrastructure is TLS protected which ensures confidentiality and integrity of transmitted data.

„The Sensformer® is the next generation transformer portfolio, which comes born connected and only needs to be registered by the operator. As a trusted partner to the industry for decades, we place a strong emphasis on providing robust cyber security to protect our customer’s data“, Dr. Beatrix Natter, CEO of Siemens Energy Transmission Products.

Siemens Energy Transmission Products

Transmission products play a vital role in the energy value chain. Siemens Energy Transmission Products offers all key elements including power transformers, gas-insulated and / or air-insulated switchgear and components, individually or bundled, with related engineering. With our global factory network and leading innovations we provide the highest level of quality and reliability to support our customers in achieving their objectives.