Security is, and always will be, a top priority for GE. We work with customers, industry working groups and standards bodies, government agencies, and the security research community to continually improve the security of industrial control systems and global infrastructure. We are dedicated to maintaining the integrity, availability, and confidentiality of customer systems and data.
For our customers, secure control solutions boost productivity, maintain system availability, and protect valuable operational information and customer data. Today’s connected industries look to GE to help protect their system investments, reduce operational risk, protect the environment, and maintain their customers’ trust.
As a provider of mission-critical technology, we are committed to providing reliable products to our customers and helping them deploy them securely within the industries they serve.
The capabilities, frequency, and severity of global attacks on critical infrastructure has increased since then as control systems have evolved and become increasingly connected. The traditional approach of perimeter hardening by physically separating control systems and outside communications infrastructure is no longer adequate. Today’s interconnected control systems, have the potential to exchange information across the globe. These Industrial Internet systems require comprehensive cyber security capabilities to meet evolving cyber security threats.
Third-party patch validation
GE regularly validates the compatibility of selected GE products with third-party operating system security patches. More information on this process can be found on the GE Support website.
GE deploys a Secure Development Lifecycle process which incorporates security considerations in all phases of product development, from initial planning through release.
Evolution of Security Requirements
We protect our company, our assets, our customers and our employees – using a risk-based approach to balance the benefits of open connectivity, productivity enhancements, and IT security. As technology and the nature of threats and risks are changing, GE is evolving to address the ever-changing threat landscape.
Report a product vulnerability
or security concern
If you believe you have discovered a vulnerability in a GE product, please contact firstname.lastname@example.org. A GE Security Incident Response Team member will review and respond to your submission within 48 hours, depending on the severity of the concern. GE supports encrypted emails via PGP (GE’s public PGP key). Please include the following details in your email:
- GE product name(s) and version(s).
- Description of the concern or vulnerability (e.g. privilege escalation, buffer overflow, SQL injection, cross-site scripting).
- Information to help our team replicate the issue (e.g. configuration details, a proof-of-concept, or exploit code).
In addition, customers can also call GE Support for assistance with opening or escalating a case about a security vulnerability or other product security-related concern.
Product advisories provided here are subject to terms and conditions contained in customers’ underlying license agreements or other applicable agreements. Due to ongoing product enhancements, GE reserves the right to change or update advisories without advance notification.
Submitting information on potential vulnerabilities does not create any rights on behalf of the submitting party or obligations on behalf of GE. GE can use the information at its discretion.