Increased connectivity – including the increasing significance of industrial Internet of Things (IoT), supply chains, customers, and operations – brings new operational cybersecurity risks and threats which demand attention. The critical infrastructure sectors that GE Gas Power’s products support are subject to an ever-changing cyber threat landscape. As such, GE Gas Power continuously integrates end-to-end cybersecurity to ensure integrity throughout the product lifecycle.
GE Gas Power has developed a product security program based on industry leading standards, such as IEC 62443, to support the design and development of secure products across people, process, and technology and allow GE Gas Power’s customers to continue to power the future.
If you are a security researcher looking to report a vulnerability in a GE Gas Power product, please follow the guidelines listed in Vulnerability Response.
If you are looking for GE Gas Power Security Advisories, cyber-applicable TILs, or other cyber-relevant documents, please see the list of documents and links to other resources in Security Advisories.
For the latest on the December 2020 security incident involving the SolarWinds Orion platform, please see the following advisories from the Department of Homeland Security, the Cybersecurity & Infrastructure Security Agency, and Solarwinds.
For the latest on the May 2020 Executive Order on Securing the United States Bulk-Power System, please see the following One Pager and Frequently Asked Questions released by the United States Department of Energy.
GE Gas Power’s products operate in a highly dynamic operating environment which is marked by threats that are constantly changing and evolving. As such, it is critical that GE Gas Power maintains product security throughout the product lifecycle of marketed products, including components sourced from third party suppliers.
The GE Gas Power Product Cybersecurity White Paper contains a concise summary of our committment to integrating security throughout the life cycle of each of our products, from inception to end-of-life.
You can also view a summary of the various areas of the GE Gas Power Product Cybersecurity Program below.
GE Gas Power has established a product security program driven by and tied to the NIST Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1) and incorporates other leading industry practices, including NERC CIP, ISO 27001/2, IEC 62443, and NIS. The program is focused on reducing the cybersecurity risk associated with cyber applicable products, enabling GE Gas Power to be vigilant towards emerging threats and continuously improve cybersecurity early on and throughout the product development lifecycle. To accomplish this, GE Gas Power has established key areas of a product security program from a programmatic level, including, but not limited to, designating Product Security Leads (PSL), a defined product security program framework, a well-structured governance model, and product-level security controls (e.g., remote access, access management, logging and monitoring).