GE Vernova's cybersecurity solution

With the application white-listing option, Windows-based devices have an improved security posture by reducing the risk and cost of malware, improving network stability and reliability.

This feature automatically identifies trusted software that is authorized to run on control system human-machine interfaces (HMIs) and prevents unknown or unwanted software.

Continuous threat monitoring and advanced logging intelligence that aims to give you deep, granular industrial control system (ICS) visibility via asset identification and asset configuration change detection.

By analyzing network traffic through deep packet inspection and fluent in over 42 of the native industrial protocols commonly found in ICS security, a baseline is constructed of normal operations, which is then used to detect anomalies.

Automatic, centralized backup and recovery of the process control domain saves time and cost by deploying a quick disaster recovery plan with minimal downtime. 

All backup activities are logged and easily accessed for generating reports that conform with compliance reporting.

A data diode is a physical piece of hardware that acts as a unidirectional network communication device that facilitates a secure, one-direction transfer of data between networks. 

Its design inherently creates a physical separation between the source and destination networks. Data diodes effectively eliminate all external points of entry to the sending system, thus preventing unauthorized users from gaining access to the protected network.

GE Vernova’s customizable network security option helps monitor and block malicious activity and attacks and provides continuous visibility of unusual activity and potential threats to the control system network. Stateful tracking of network traffic to allow approved communications between connected devices and the “outside” network.

Additionally, Next Generation Firewalls can inspect certain network traffic types to identify ports that may change during communications to demonstrate that traffic is permitted to flow (for example, FTP, TFTP). Next Generation Firewalls can perform additional checks on traffic—including application-level inspection and filtering of network traffic with exception.

Provides centralized control and management specific to the controls environment, enabling you to manage access to the industrial control system based on permissions. Benefits of RBAC include:

• Lower risk
• Cost reduction
• Enhanced operational efficiency
•  Improved compliance

GE Vernova provides a scalable solution with both real-time and historic dashboard views of cyber activity—such as changes to switch configurations, failed login attempts, unauthorized port access, and USB usage. Operator cybersecurity dashboards include:

• Data-rich SIEM
• Ready for SOC integration

Multifactor Authentication (MFA)—sometimes called “two-factor authentication” or 2FA—is a security protocol that requires a user to present two pieces of evidence when logging into a given account or application.

Multi-factor authentication combines hardware-based authentication and public key cryptography to ensure strong authentication and eliminate account takeovers.

A zero-trust solution that safeguards against cyber risks—including insider threats—through its unique, browser-based hardened platform. Secure remote access technology provides a simple and secure access mechanism to critical assets by using:

• Protocol and system isolation
• Encrypted display
• Multi-factor authentication