GE Cyber Security

One of the biggest concerns in our industry today is cyber security.

GE Cyber Security

After the wide-scale Wannacry attacks in 2017 that crippled numerous multi-national corporations and manufacturers, people are looking for a secure control system they can trust. Companies with aging infrastructure see security threats as the most important reason to upgrade their systems. With the most secure hardware in the industry, all new GE controllers are now equipped with Trusted Platform Module, secure firmware, and Achilles Level 2 certification, making them the most secure controllers available.

If you thought your industrial control system wasn’t included in the modern day wave of cyber-attacks, think again. During security assessments of 40 global power sites, the GE Security Assessment Team found some interesting facts:

  • 96% of sites assessed had at least one system with a vulnerable operating system
  • 88% had user access practices that don’t align to industry best practices
  • 96% had at least one “dual homed” system, allowing circumvention of a firewall
  • 8% had at least one system where malware was detected
  • 12+ years was the longest duration since the administrator password had been changed
  • None had effective cyber security monitoring!

If any of these sound familiar, read on. It wasn’t too long ago that control systems were “exempt” from attacks from hackers and viruses. However, in today’s age of mass connectivity, our industrial control systems are very vulnerable. In fact, in 2015 (yes, it’s been going on that long!), the Department of Homeland Security responded to 295 incidents that could have been mitigated with basic security controls.

Upgrade strategies used to be focused around the life cycle of a product, availability of spare parts, performance, and support. However, that has quickly changed to security and vulnerability. During a recent site visit, a customer was sure that their control system was secure and “invisible” to the outside world. However, it didn’t take long to discover that…

  • The control system was tied to a SCADA system over their internal and “segregated” network
  • The SCADA server was remotely accessible by the IT department from the “office” network
  • The company was connected to the internet and also had a VPN portal
  • Therefore, any hacker from the outside world could conceivably gain access to the control system
  • Unfortunately, “could conceivably” often turns to “does”

What to do? A security assessment is a quick and easy way to identify the vulnerabilities of your industrial control system. First outlining the vulnerabilities and then identifying the effects/ramifications of those vulnerabilities is a good start. With that, you are able to design and implement a robust cyber security program for you industrial control system.

Click here to read more details about GE’s full cyber security platform.

GE Cyber Security

Fill out my online form.