Our security approach
GE Vernova has established a product security program driven by and tied to the NIST Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1) and incorporates other leading industry practices—including NERC CIP, ISO 27001/2, IEC 62443-2-4, and NIS. The program is focused on reducing the cybersecurity risk associated with cyber-applicable products, enabling GE Vernova to be more vigilant towards emerging threats and continuously improve cybersecurity early on and throughout the product development lifecycle.
To accomplish this, GE Vernova has established key areas of a product security program from a programmatic level—including, but not limited to, designating Product Security Leads (PSLs), a defined product security program framework, a well-structured governance model, and product-level security controls (for example, remote access, access management, logging, and monitoring).