GE Power’s commitment to cyber security
Security is an important topic for GE Power. We work with customers, industry working groups and standards bodies, government agencies, and the security research community to continually improve the security of industrial control systems.
As a provider of important technology, we are committed to providing reliable products to our customers and helping them deploy them securely within the industries they serve.
Product security advisories and patches
Security advisories for GE Power products, including relevant security patches, can be found on the My Resource Center support page. These communications include Technical Information Letters (TILs) and are GE’s way of telling their customers about technical improvements, maintenance practices, or safety concerns regarding GE supplied equipment.
To receive notifications about new GE Power Security Advisories via email, please register for GE TIL distribution via Self Service website or on the My Resource Center page at www.gepower.com or My Resource Center.
GE is committed to providing customers with the TILs that affect their sites. When a TIL is issued that affects your turbine or generator, that TIL is emailed to the address listed for that unit that is contained in the GE database. Information provided as part of the Technical Communications registration will be used for the process of distributing TILs and will be stored on a secure server in compliance with GE Power data storage policy.
GE Power is aware of industry-wide malicious cyber activity targeting human-machine interface (HMI) devices connected to the internet. We recommend customers who have GE CIMPLICITY products installed follow security best practices and install the latest patches, details of which can be found here. Also, please report any suspected security concerns or incidents involving GE products on www.ge.com/security
Report a product vulnerability or security concern
If you believe you have discovered a vulnerability in a GE Power product, please contact email@example.com. A GE Security Incident Response Team member will review and respond to your submission. GE supports encrypted emails via PGP (GE's public PGP key). Please include the following details in your email:
- Subject line must have PSIRT.
- GE product name(s) and version(s).
- Description of the concern or vulnerability (e.g. privilege escalation, buffer overflow, SQL injection, cross-site scripting).
- Information to help our team replicate the issue (e.g. configuration details, a proof-of-concept, or exploit code).
Product advisories provided here are subject to terms and conditions contained in customers’ underlying license agreements or other applicable agreements. Due to ongoing product enhancements, GE reserves the right to change or update advisories without advance notification.
Submitting information on potential vulnerabilities does not create any rights on behalf of the submitting party or obligations on behalf of GE. GE can use the information at its discretion.