A secure foundation for the oil & gas industry
Our Security Program
The industrial world is becoming more digitally connected, making operations smarter and more productive. GE is committed to a culture of security to protect our systems, products, and customer operations.
The GE Oil & Gas security program is designed to meet the demands of operating in today’s complex threat environment. Our security program addresses people, process and technology areas key to supporting secure energy operations. Backed by leadership directives, GE’s Oil & Gas security program includes dedicated teams accountable for implementing security controls in ten key areas that span a secure development lifecycle, from product design to ongoing operational support.
Delivering outcomes through technology and services
In a complex world of ever-changing technologies, GE realizes the importance of having an experienced partner to guide successful cyber security implementation. As a global leader of industrial controls, GE is well-equipped to help customers improve their security posture and support compliance efforts. Our products are built with security in mind and are easily integrated into broader plant-level systems and IT architectures. GE’s SecurityST* centralized security management solution and Cyber Asset Protection (CAP) subscription are a key part of a defense-in-depth system for turbine, plant, and generator controls environments. Together with Wurldtech Security Technologies, GE offers certified security services and products to assist our customers with cyber security needs.
Employing modular defensive services and technologies, this centralized system gives companies a single vantage point to see their cyber security posture, implement proactive strategies and policies to protect critical control system and related networks, and provide a centralized reporting capability to manage cyber risk. The SecurityST solution helps mitigate cyber vulnerabilities at the network, endpoint and controller levels.
The CAP subscription service includes operating system and application patches as well as anti-virus/intrusion detection signatures to cover updates for HMIs, servers, switches, and network intrusion detection devices. Monthly updates can be applied to individual HMIs or via the SecurityST* appliance for network-wide deployment.
The SecurityST Mark* VIe Solution and Commissioning Services, which includes SecurityST and CAP, is Achilles® Practice Certified – Bronze, indicating the solution has undergone strict cyber security best practices demonstrating to customers that systems are developed and implemented securely. The SecurityST solution and related services are designed to support the plant operation’s compliance to cyber security standards and guidelines including NERC CIP, NEI 08-09 and ISA99/IEC 62443.
WurldTech Security Technologies, a GE Company.
Wurldtech Security Technologies works to secure operational assets, reduce compliance penalties and enforce supplier security. Through industrial managed security services (iMSS), site security assessments, security training, and OpShield, an intrusion detection and prevention system tailored for OT environments, Wurldtech helps operators and device manufacturers mitigate operational technology threats.
Report a product vulnerability or security concern
If you believe you have discovered a vulnerability in a GE product, please contact firstname.lastname@example.org. A GE Security Incident Response Team member will review and respond to your submission within 48 hours, depending on the severity of the concern. GE supports encrypted emails via PGP (GE’s public PGP key). Please include the following details in your email:
Partnering with Industry
GE Oil & Gas serves as a trusted partner to energy-related operators actively working to improve their security posture. From reference architecture co-development, operational security requirement input, ongoing lifecycle security maintenance, and solution co-development, we are privileged to support the security efforts of some of the world’s leading energy companies. These close security partnerships and collaboration with customers enable GE Oil & Gas to reduce risk in digital and industrial environments.
Adherence to Global Security Standards
GE Oil & Gas understands the importance of leveraging and integrating industry cyber security practices that have been developed by organizations such as the National Institute of Standards and Technology (NIST) and the International Standardization Organization (ISO). Specifically, the internationally recognized frameworks we have chosen to adopt include:
• ISA-99 (Industrial Automation & Control Systems Security)
• ISA/IEC 62443-4-1/2 (Industrial Network & System Security)
• WIB M-2784 (Process Control Domain – Security Requirements for Vendors)
• NIST 800-82 (Guide to Industrial Control Systems)
• ISO 27002 (Enterprise Cyber Security)
GE Oil & Gas standards compliance efforts provide our customers with greater visibility into our secure environments, while offering concrete guidelines to improving operational resilience.