Dealing with cybersecurity vulnerabilities

The IT field is very familiar with cybersecurity vulnerabilities and how to address them. Not so in the turbomachinery field. Yet this sector is now increasingly under attack. So, it is good news that GE Gas Power has been authorized by the Common Vulnerability and Exposures (CVE) Program as a CVE Numbering Authority (CNA). CNAs are organizations responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publishing.The mission of the CVE Program is to identify define, and catalog publicly disclosed cybersecurity vulnerabilities.CVE is an international, community-based effort and relies on the community to discover vulnerabilities. The vulnerabilities are discovered then assigned and published to the CVE List.

As a CNA, GE Gas Power can now assign CVE identification numbers to newly discovered vulnerabilities potentially related to its products and allow GE Gas Power to directly publish new CVE Records and streamline the reporting process.

“Receiving this accreditation will help us to communicate information about vulnerabilities with our customers and partners timely and in accordance with the CVE Program standards,” said GE Gas Power’s VP Product Security and Chief Engineer, Robert Garry.