GE's 'Industrial Internet' Bolsters Critical Infrastructure Security
As is the case with the public Internet, the Industrial Internet provides everything from routine access to the customer’s enterprise allowing remote users to have access to office functions while they’re in the field. It also allows employees to implement secure WiFi hotspots and it makes employees more effective in the process. However, the need to bolster the US critical infrastructure means that critical industries, including electric utilities, water systems, power stations, transportation and communications need to be secure and dependable. What GE has done is integrate what were once a loose collection of private, leased and public communications pathways and consolidated it into a single, cohesive and secure internet. As is the case with the public Internet, users don’t have to spend time thinking about how they’re going to communicate, they simply do. But the difference for the Industrial Internet is that the connections are more secure and reliable. The use of private and leased networks wherever possible isolates the network from intruders, while also allowing access for monitoring and intrusion detection. While it’s certainly not impossible for someone to find a way to break into the Industrial Internet if someone has access to a company’s infrastructure, it’s not likely that such an intrusion would go undetected. So as a result the Industrial Internet that GE has developed meets all of the requirements that Congress, the White House and others have said is necessary to protect the critical infrastructure in the U.S. and with our partners. But obviously there’s something that GE, not to mention Congress and the White House can’t accomplish.When companies are run by managers too dumb, ill-informed or just plain lazy to take even the most basic precautions, then it’s impossible to protect the critical infrastructure, no matter how good products such as the Industrial Internet are. But maybe there’s a solution there, too. Perhaps in instead of the hand-wringing about critical infrastructure, Congress were to hold those managers personally and financially responsible for failings of the critical infrastructure that are their responsibility, much like managers are responsible for certifying compliance in other areas, it would make a difference. The tools are there. But they don’t work if managers won’t use them. [Disclosure: As of the publication date of this article Wayne Rash held several shares of GE common stock]
That something is what we lovingly call The Stupid Factor. Examples of the Stupid the managers of a power generation plant that took no data security precautions at all, resulting in a malware infection that shut the plant down for months. Or the water system in Texas that didn’t even have a firewall. Or the defense contractors that have been hosting Chinese hackers for years without knowing it?