question

Hi @billcarson

I am proud to say that Victron is one of the first companies that I have ever worked for that has felt secure, takes IT security seriously, and gives the necessary time and resources to stay on top of it.

A big reason for this is that the owner, Matthijs Vader has a personal working knowledge of software and IT systems. It's not an afterthought, or something left until it goes wrong. It's an integral part of the development, release and maintenance processes.

We have a very strict internal permissions system, which has only gotten more restrictive over time. I have less access and control today than I did in years past, with my admin privileges now mostly limited to this Community. Someone compromising my accounts would not yield them very much, besides embarrassing me.

As an example I can no longer even independently publish Victron manuals and documentation any more, as that process has been improved for quality control and consistency, but also as a side effect now has a clearer chain of custody and control.

Generally we have regular penetration tests, that independently test the computer systems themselves, but also the social attack vectors, which are also a common weakness. When weaknesses are found, we receive firm guidance and training.

I don't want to go into TOO much detail because Victron is a target, and we are subject to attacks, but I think that one thing working in our favour is we aren't an extremely high value target, at least not the specific IT systems that manage peoples power systems.

There would be some notoriety for a hacker, and we really do take it super seriously because we believe power systems are critical importance and value user trust, but in terms of an attacker extracting a financial return for the efforts required, there are many many easier targets (see http://web3isgoinggreat.com for example).

I have seen some novel features for VRM held back for many months to give enough time for the security researchers to properly understand their security implications.

Indeed right now we'd love to expand beta testing for the next generation of remote console, but won't until everyone in the chain is confident in its security. Not to say all will always be perfect, we are writing new code to provide remote access after all, but it isn't something that is rushed or ignored.

Now on to your proposal, there are solutions today such as grafana that can be run locally right now without requiring an internet connection.

They leverage the existing software stack of MQTT and then allow a seperate and quite independent system to ingest that and make it workable. This is very useful, and also very lightweight to support from Victron's perspective.

The reason for not having a verbatim version of VRM itself running locally is ironically because that would take the focused and single platform oriented team that currently develops VRM and then require them to grapple with an entirely new set of requirements and restrictions - it's not feasible, and whenever we've come close to attempting it, everyone (customers included) balk at the costs that would be involved.

VRM itself is something of a fortune of the commons, there are so many users that the massive development and maintenance costs can be spread out to reasonable numbers, and justified.

There aren't nearly the same number of people demanding onsite service, so the significant development costs and opportunity cost of focus remain very very large per user.

If you're still concerned, there are some additional practical steps you can take to harden your Victron system outlined here - https://www.victronenergy.com/live/ccgx:root_access#hardening_a_gx_device