BusByte's security model starts with a physical constraint — a hardware air gap that no software vulnerability can bridge — and adds hardened cryptographic protections at every subsequent layer.
The core of BusByte's security is a serial connection between the Expansion Module and the Olympus Unit. The Expansion Module's serial interface is configured for transmit-only (TX) operation — the receive (RX) line is not connected. This is not a firewall rule. It is not a software policy. It is the absence of a physical wire. There is no electrical path by which the Olympus Unit, cloud servers, or any internet-connected system can send a signal to the Expansion Module or the asset network it is connected to.
Industrial ARM Compute Module running hardened Linux with full storage encryption. Applications and customer data are protected even if the hardware is physically removed.
All service ports are closed by default. Maintenance is conducted exclusively via SSH using cryptographic keys. Passwords are not permitted.
All communication between the Olympus Unit and cloud servers uses HTTPS over TLS 1.2. No unencrypted upload path exists.
JWT (JSON Web Tokens) secure all API communication. Each unit uses a unique credentials stored on an encrypted partition — not shared, not reused.
Built-in mitigation against DDoS, flood attacks, port scans, and TCP-based exploits at both the Olympus Unit and the industrial router.
The system continuously tracks hardware health metrics and flags suspicious activity, including unauthorised login attempts, in real time.
A two-page technical overview of BusByte's security design, suitable for IT security reviews and compliance assessments.
Questions about compliance? Get in touch →