A few months after the release of Thales’ Cyberthreat Handbook, detailing the major groups of hackers and identifying the power generation industry as one of the most at risk, Thales and GE Steam Power are establishing a collaboration to deliver a suite of cybersecurity solutions to power plant operators. This agreement, signed at the International Cybersecurity Forum (France), brings together Thales’ cyber knowledge and GE’s expertise in the power generation industry to help protect customers from cyber risks by providing threat intelligence, joint training and a combined portfolio of cyber solutions.

Offering complementary experience sets and market knowledge, Thales and GE have published a joint cyber threat intelligence report that provides unprecedented analysis about threats in the energy sector. The landscape of cyber threats to the power generation industry follows the evolution of cyber threats in the broadest sense. It evolves, becomes more complex and requires permanent and specialized monitoring.

According to the report:

Up to 10% of cyber attacks on operations like power plants are led by highly effective threat actors, whether state-sponsored or cyber criminals. The growing intertwining of companies’ information technology (IT) and operations technology (OT) systems allows attackers to create bridges between any machine and the core infrastructure. While vulnerabilities in IT environments are mostly understood and managed, OT vulnerabilities still lack attention.

Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition Systems (SCADA) are more and more targeted by cyber attacks, especially from state-sponsored groups who know how to exploit the possibility of harshly targeting these systems in the event of international conflicts.

It has become vital for power generation operators to get specific and regular training to understand what they are fighting and how to better protect their systems. Through this partnership, Thales and GE are joining forces to perform joint training for customers that operate individual or fleets of power plants.

As part of the agreement, GE has already installed equipment at the National Digital Exploitation Centre (NDEC), created by Thales and the Welsh government for cyber and digital development and education, in order to carry out demonstrations of cyber-attacks and response scenarios using Thales’s Cyber Range and GE hardware.