Security

Access to HES systems is restricted to Home Energy Saver staff. Supporting IT staff have maintenance access to the underlying hardware/virtual infrastructure for HES.

The HES system, as well as supporting systems, maintain extensive log records and send logs to a central collection point. These logs are used to detect malicious activity. For example, failed logins to the system are reviewed.

The HES system is maintained and patched by professional IT staff.

HES follows best practices in firewalling and reducing network exposure by only allowing network traffic required for business needs. For example, database connectivity is limited to the IP addresses of the web servers.

Data stored by HES is hosted at Amazon and stored in a MySQL database.

There is no encryption on the data stored in the HES databases.

Please note that only the zip code is required to run the HES application. All other data is optional input. The optional login utility requires having a Facebook account. For more details on the information collected, please see our Privacy Policy.

We may share the information you choose to provide to us with our research collaborators and our partners who help to provide this service. We may share the information you provide to us with the Department of Energy and other Federal Agencies. For information on data sharing policy please see our Privacy Policy.

No system is immune for compromise. However, if a compromise or data-breach is detected, we follow incident response procedures which include taking affected systems offline and performing forensics to identify the cause and extent of the breach. Any compromised system is rebuilt from original media to ensure system integrity.