General Electric and Nozomi Networks: Defending Industrial Control Systems using Machine Learning

General Electric has partnered with Nozomi Networks, a company well known for its cybersecurity and artificial intelligence capabilities, to protect the energy and industrial sector.

Introduction

General Electric Company is a conglomerate that operates in various energy and industrial segments that rely heavily on industrial control systems (ICS).  Machine learning has become a pivotal element in protecting these systems against cyber-attacks.  Attacks have targeted various functions of these energy and industrial companies operating on the SCADA (supervisory control and data acquisition) system.[1]  SCADA systems have been the target of probing attacks conducted by terrorist groups and nation states.  According to an independent survey conducted by Business Advantage, approximately 54% of companies have experienced an ICS security incident in the past 12 months.[2] The presence of these attacks highlights the rapidly growing market for ICS cybersecurity for vulnerable public infrastructure.  As a result, General Electric has partnered with Nozomi Networks, a company well known for its cybersecurity and artificial intelligence capabilities.  Together, they are aiming to leverage the megatrend of machine learning in order to protect the energy and industrial sector.[3]

Partnership for Secure Systems

General Electric’s partnership with Nozomi Networks uses the proprietary SCADAguardian platform in order to protect ICS from various cyberattacks.  SCADAguardian leverages both artificial intelligence and machine learning in order to protect the control system components.[4]  The system is designed to assist subsidiaries of GE to monitor their physical and digital infrastructure using large amounts of data that have established operating baselines.  The overarching goal is to align the system with the company’s desire to optimize the “efficiency, security, and reliability” of industrial systems[5]  SCADAguardian operates in concert with GE’s Predix, which is a system that supports infrastructure and operations.[6]  The Predix system in concert with SCADAguardian provides key indicators to investigate causes of equipment malfunction or degradation.

Current and Near Future Applications

This data collected by both GE’s Predix system and SCADAguardian are quintessential examples of using machine learning to optimize performance.  In the short term, General Electric has partnered with Naomi Networks to implement SCADAguard to assist with multiple levels of security.[7]  This includes security for endpoint devices and data stored in the cloud in concert with a Central Management Console (CMC), which centralizes the aggregated data.[8]  Machine learning is critical throughout these functions to complete risk assessment, threat identification, prevention, and response.

In the medium term, there are two primary areas where General Electric is weighing their investment in machine learning.  The first is standardizing the defense of all plants and SCADA systems.[9]  The second is aggregating the data of SCADA systems into a defensible network with the appropriate firewalls in place. Once all of the plants are online, they are using machine learning techniques to optimize their defense against cyber-attacks.

Recommendations

In the short term, GE should continue to hire cybersecurity professionals for upgrades and training.  With its wide expanse of geographic and networked subsidiaries, GE has the potential to be a significant target.  Not only could cyberattacks on SCADA systems threaten brand image, but also endanger the lives of employees operating the machinery.[10]  While specific company data is often held confidential, on average, ICS attacks resulted in $497,097 of costs for targeted large companies in 2017 (500+ employees).[11]

Over the next decade, GE should partner with entities in the U.S. government in order to counter the wider range of threats.  The Department of Energy created an office of Cybersecurity, Energy Security, and Emergency Response (CESER) to assist with mitigation techniques.[12]  Still, there is a gap between mitigation techniques sponsored by the DOE and companies’ willingness to report incident data.  Since threats range from spear phishing to Advanced Persistent Threats (APTs), where a wide span of responses is required, requiring additional funding and resources.[13] General Electric should join in partnership with CESER in order to consolidate corporate data with classified data and improve the quality of their data analysis.

Conclusion

Machine learning has improved General Electric’s ability to face a complex threat on SCADA systems by leveraging SCADAguardian.  In this specific case, a large conglomerate invested capital in a cybersecurity company in order to tailor products.  A few questions remain – should other large companies follow a similar model and partner with outside organizations?  Would it be more beneficial to grow machine learning techniques in the cybersecurity realm internally?  Are there any cases where companies should develop solely internal tools for securing their ICS?

 

(Word Count: 717)

 

[1] General Electric Digital, “Cyber Security and Data Governance,” Accessed on November 10, 2018, https://www.ge.com/digital/applications/cyber-security.

[2] Kaspersky Labs, “The State of Industrial Cybersecurity 2017,” Business Advantage, 2017, https://go.kaspersky.com/rs/802-IJN-240/images/ICS WHITE PAPER.pdf.

[3] Mary Ryan, “Invenergy Future Fund Leads $15 Million Investment in Industrial Cybersecurity Leader Nozomi Networks,” January 10, 2018, https://invenergyllc.com/news/invenergy-future-fund-leads-15-million-investment-in-industrial-cybersecurity-leader-nozomi-networks.

[4] Aaron Hand, “Partnership Combines Cybersecurity With Predictive Maintenance,” August 24, 2018, https://www.automationworld.com/article/technologies/security/partnership-combines-cybersecurity-predictive-maintenance.

[5] Rebecca Slayton, “Efficient, Secure Green: Digital Utopianism and the Challenge of Making the Electrical Grid ‘Smart’” Information & Culture 48, no. 4 (2013): 448-78. http://www.jstor.org.ezp-prod1.hul.harvard.edu/stable/43737372.

[6] General Electric, “Predix HMI/SCADA,” Accessed on November 10, 2018,  https://www.ge.com/digital/applications/hmi-scada.scada

[7] Nozomi Networks, “GE Power and Nozomi Networks to Enhance Cyber Security for Energy and Industrial Operators Worldwide,” October 4, 2018, https://www.nozominetworks.com/2018/10/04/press-release/ge-and-nozomi-networks-to-enhance-cyber-security-for-energy-and-industrial-operators-worldwide/.

[8] Nozomi Networks, “Data Sheet SCADAguardian,” Nozomi Networks, 2018, https://www.nozominetworks.com.

[9] Nozomi Networks, “GE Power and Nozomi Networks.”

[10] Dong-Joo Kang, Hak-Man Kim, “Development of test-bed and security devices for SCADA communication in electric power system”, Telecommunications Energy Conference 2009. INTELEC 2009. 31st International, pp. 1-5, 2009.

[11] Kaspersky, “The State of Industrial Cybersecurity 2017.”

[12] Sonal Patel, “DOE Layes Out How Power Sector Could Win the Cybersecurity Battle,” May 17, 2018, https://www.powermag.com/doe-lays-out-how-power-sector-could-win-the-cybersecurity-battle/.

[13] Kaspersky, “The State of Industrial Cybersecurity 2017.”

Previous:

Making the Leap: Can Machine Learning Take Root in Animal Healthcare?

Next:

Treating Soldiers with Tech

1 thought on “General Electric and Nozomi Networks: Defending Industrial Control Systems using Machine Learning

  1. Claire, fascinating topic – thanks for sharing! I think any company dealing with critical infrastructure needs to ensure they have the appropriate security and skill set, either in house or through partnership or acquisition. Because infrastructure is such a capital intensive industry and it requires deep expertise, most companies a will have to partner with other cybersecurity experts because this is a different, yet critical, skill set. Vert companies have the resources to do it all and do it all well. This is not an industry that you can take short cuts. Another question I would ask around security in critical infrastucutre is how do you select and validate these propsective partners. Many of these energy projects have investors from around the world. Currently, the US government is reviewing various minority investment requests in US energy projects by China. How do comapnies manage this national security risk when they have international partners and how can AI support this?

Leave a comment