Why Grid Cybersecurity Remains Critical Priority for Grid Operators and GE Vernova Grid Software
Author Sticky
Matt Yourek
Grid Software, GE Vernova
Jan 15, 2025
Share
Of all the challenges grid operators face in the energy transition, few cause quite as many sleepless nights as the idea of receiving the dreaded call: “Unfortunately, we’ve been hacked.”. Cyberthreats increase in number and frequency every year and a large proportion is directed at the grid. Research from Check Point Research cites more than 1,100 cyberattacks on utilities per week in 2022 – an increase of 48% from 2021.
The modern electrical grid has grown particularly vulnerable to cyberthreats because of the increases in connected technology, convergence of IT/OT, cloud services, and mobile workforces. As a result, this has become a national security concern evidenced by enaction of legislation such as Australia’s Security of Critical Infrastructure (SOCI) Act, the UK Cyber Assessment Framework (CAF), the EU’s Network and Information Systems Directive v2 (NIS2) and upcoming Cyber Resilience Act (CRA), and of course NERC CIP in North America. The power grid is a tempting target for cyber criminals and terrorists seeking to bring society to a grinding halt.
Utilities need a new, advanced methodology to help shield against cyber threats ensuring the power infrastructure is hyper resilient. Ensuring the corporate IT and OT solutions stack is built upon Zero Trust principles is the safest way to deliver non-negotiable grid security.
Zero Trust, as the name suggests, trusts absolutely nothing accessing a resource by default, whether or not they are a known entity. Every person or service accessing a Zero Trust-protected network is subject to frequent re-authentication, strict time limits, and minimum viable access (i.e. they can only access the data and assets strictly relevant to their jobs), among other defensive measures.
Zero Trust grid security principles are built into our GridOS® grid software solutions at GE Vernova, not bolted on. In other words, our solutions are built from the ground up with Zero Trust grid security principles in mind, placing protection from cyberthreats at every level of the system, from initial connection to back-end API interactions. This delivers significant advantage over other solutions with grid security is “bolted on,” or simply added “around” the solution in order to compensate for large amounts of inherent risk located internally. Bolted-on security packages have shown to be ineffective against crafty threat actors, and once circumvented, attackers tend to have full, unadulterated access to the protected information. It is much harder to get past systems designed with Zero Trust security principles because the security controls are woven into the very fibers of a solution. This gives our utility customers some of the most modern cyber protections on the market today.
In recognition of our innovation and first mover commitment to Zero Trust as a core component of GridOS, S&P Global Market Intelligence has released a 451 Research Market Insight Report devoted to GridOS and its Zero Trust grid security principles.
“Through its modern architecture, GridOS not only provides zero-trust access at the platform level but also fits an antifragility systems design incorporating more security controls in the application level,” the report states. “Additionally, its alignment under GE Vernova’s Electrification business brings broader capabilities in products and services across Grid Solutions, Power Conversion, Solar and Storage businesses.”
Read the full report on why utilities need Zero Trust grid security, which has been licensed by GE Vernova.
For more information on the Zero Trust grid security model at GE Vernova, check out our webinar on the topic and see our latest whitepaper - The Future Digital Grid Demands a Zero Trust Grid Security Framework.
The modern electrical grid has grown particularly vulnerable to cyberthreats because of the increases in connected technology, convergence of IT/OT, cloud services, and mobile workforces. As a result, this has become a national security concern evidenced by enaction of legislation such as Australia’s Security of Critical Infrastructure (SOCI) Act, the UK Cyber Assessment Framework (CAF), the EU’s Network and Information Systems Directive v2 (NIS2) and upcoming Cyber Resilience Act (CRA), and of course NERC CIP in North America. The power grid is a tempting target for cyber criminals and terrorists seeking to bring society to a grinding halt.
Utilities need a new, advanced methodology to help shield against cyber threats ensuring the power infrastructure is hyper resilient. Ensuring the corporate IT and OT solutions stack is built upon Zero Trust principles is the safest way to deliver non-negotiable grid security.
Zero Trust, as the name suggests, trusts absolutely nothing accessing a resource by default, whether or not they are a known entity. Every person or service accessing a Zero Trust-protected network is subject to frequent re-authentication, strict time limits, and minimum viable access (i.e. they can only access the data and assets strictly relevant to their jobs), among other defensive measures.
Zero Trust grid security principles are built into our GridOS® grid software solutions at GE Vernova, not bolted on. In other words, our solutions are built from the ground up with Zero Trust grid security principles in mind, placing protection from cyberthreats at every level of the system, from initial connection to back-end API interactions. This delivers significant advantage over other solutions with grid security is “bolted on,” or simply added “around” the solution in order to compensate for large amounts of inherent risk located internally. Bolted-on security packages have shown to be ineffective against crafty threat actors, and once circumvented, attackers tend to have full, unadulterated access to the protected information. It is much harder to get past systems designed with Zero Trust security principles because the security controls are woven into the very fibers of a solution. This gives our utility customers some of the most modern cyber protections on the market today.
In recognition of our innovation and first mover commitment to Zero Trust as a core component of GridOS, S&P Global Market Intelligence has released a 451 Research Market Insight Report devoted to GridOS and its Zero Trust grid security principles.
“Through its modern architecture, GridOS not only provides zero-trust access at the platform level but also fits an antifragility systems design incorporating more security controls in the application level,” the report states. “Additionally, its alignment under GE Vernova’s Electrification business brings broader capabilities in products and services across Grid Solutions, Power Conversion, Solar and Storage businesses.”
Read the full report on why utilities need Zero Trust grid security, which has been licensed by GE Vernova.
For more information on the Zero Trust grid security model at GE Vernova, check out our webinar on the topic and see our latest whitepaper - The Future Digital Grid Demands a Zero Trust Grid Security Framework.
Author Section
Author