Security · our first value

Security comes first because energy systems are infrastructure.

NovaFir designs clean-energy control systems for buyers who need confidence in how equipment is sourced, secured, updated, monitored, and supported over time.

Discuss security requirements → Explore the platform →
Security posture · at a glance
Non-China critical-path sourcing
SBOM & HBOM disclosure for procurement
Bounded AI — no autonomous safety control
OT-standards-aligned architecture
25-year supported, serviceable horizon
Proof, not slogans

Security designed in, from sourcing to operation.

Three commitments that procurement teams, auditors, and security reviewers can evaluate.

Supply-chain transparency

Non-China critical-path sourcing for controllers, power semiconductors, communications silicon, secure elements, firmware, and cybersecurity-bearing components. Commodity parts are managed through best-efforts diversification.

SBOM & HBOM disclosure

Software and hardware bill-of-materials practices designed to support customer diligence, audit, and regulatory review under appropriate confidentiality terms.

Secure by design

Hardware-rooted device identity, mutual authentication, encrypted telemetry, signed firmware, secure boot, role-based access, and auditable operational actions.

Bounded AI

AI advises. Safety stays bounded.

NovaFir uses AI for forecasting, anomaly detection, optimization recommendations, diagnostic triage, and decision support. AI does not have autonomous authority over critical, safety-affecting, or material decisions.

AIForecasting, anomaly detection, optimization recommendations
AIDiagnostic triage and decision support
HUMANEvaluated against customer policy, site constraints, operator authority
LOCALProtection logic — deterministic, on-device
Standards alignment

Designed around OT security expectations.

Architecture principles aligned with established operational-technology security standards. Certification work is stated as targeted or aligned until complete.

IEC 62443
Industrial automation & control system security
Aligned
NIST SP 800-82
OT / ICS security guidance
Aligned
UL 2941
Inverter cybersecurity
Target
EU CRA
Cyber Resilience Act conformity
Readiness
NIS2
EU network & information security
Readiness
Operational posture

The controls behind the commitments.

Device identityHardware-rooted identity and mutual authentication for every device.
Encrypted channelsTelemetry and command paths encrypted end-to-end.
Signed updatesSecure over-the-air firmware with secure boot and rollback.
Separation of pathsControl and monitoring paths kept distinct.
Auditable actionsRole-based access with logged, reviewable control actions.
Fail-safe local operationCore operation continues if connectivity is lost.
Procurement & security review

Evaluating a secure energy platform?

We welcome conversations with procurement teams, security reviewers, and commercial buyers who need diligence-grade answers on sourcing, disclosure, and OT security.