Transcription
OpShield for Healthcare from GE DigitalVisibility and security for connected healthcare environmentsSeeing it is an important first step01Medical device connectivity, which parallels the Industrial Internetof Things (IIoT), is a huge new opportunity for safety and efficiency.To realize this value, clinical environments need to be networked inunprecedented ways.To protect it, you need to see it. OpShield can see the devices and trafficon your clinical networks because it understands what IT firewallscan’t: the protocols—or machine languages—medical devices use tocommunicate.As clinical environments become more interconnected, the risk ofcyber incidents increases. Inadequately protected devices exposeentire networks to attacks and disruptions that put safety, carequality, and reputation at risk.GE Digital provides leading security solutions for networked clinicalenvironments. Specifically, OpShield from GE Digital provides visibilityand protection within clinical networks, minimizing the risk ofmalicious activity and other disruptions that can harm patients, harmequipment, and reduce efficiency.Outcomes Reduces risk of cyber-related unplanned downtime, which candecrease safety and availability Improves asset protection from cyber-related damage Helps safeguard protected health information (PHI) byprotecting networks from device compromise Reduces risk of damage to reputation and intellectual propertytheft due to cyber incidents Increases your confidence to connect and optimize yourclinical assets02InspectSolutionsKnowing something’s wrong is useful, but having the ability to preventit is better. That’s why OpShield’s enforcement policies not only alert,but can also be configured to block traffic that is not on a whitelist ofallowable commands in the context of a particular data flow.OpShield supplements its whitelist capability with unique vulnerabilitysignatures. These heavily researched signatures help protect a device’sroot vulnerabilities vs. spotting known exploits one by one. The result isincreased effectiveness and signature life.03FeaturesVulnerability Research TeamIn addition to the ongoing inspection and enforcement OpShieldprovides, it helps protect clinical networks structurally, via virtualsegmentation. Segmentation creates zones that reduce the mobility anddamage of a misconfiguration or attacker.Our vulnerability research team focuses solely on devices and softwarethat control critical infrastructure. And whereas other research groupstypically identify and track threats, we painstakingly reverse engineerexploits and conduct our own tests to identify the root causes—theweakness in the software or embedded device.From segmentation to protocol inspection a,nd command blocking,OpShield provides several layers of the defense-in-depth approachnecessary to help protect the people, assets and operations that runhospitals and other clinical facilities.We then write signatures to block traffic that could exploit thevulnerability. This means longer life, more comprehensive protection fromexploit variants, and protection against currently unknown exploits.
OpShield for Healthcare from GE DigitalVisibility and security for connected healthcare environmentsProtocol Support: Industrial and Medical*Features Available with fiber optic support, networkmodules and SFP ports, and high availabilityfeatures like hot-swappable dual powersupplies Vulnerability signatures protect against rootcauses, not just one-off threats Drag-and-drop virtual network segmentationlimits misconfiguration and attacker impactSecurity alerts can be delivered to themanagement console and SIEM tools OT network baselining to establish and review“normal” Intelligent policy creation uses machine learningto suggest policy based on baseline Simplifies security administration with easy touse graphical interfaces—no CLI required OT protocol inspection engine reads OT packetsto the command and parameter levels Can deploy with minimal or no productiondisruptionProtocol: SubprotocolProtocol Whitelisting CapabilityALSPA E80001 interface, 10 commands, 8 parametersALSPA PCX7 commands, 9 parametersALSPA PGD27 commands, 5 parametersALSPA S80005 commands, 6 parametersBACnet16 interfaces, 310 commands, 3 parametersDCE-RPC over UDP11 commandsDCE-RPC over UDP: DCE-RPC over UDP Common2 interfaces, 12 commandsDCE-RPC over UDP: ProfinetAcyclic4 interfaces, 24 commandsDICOM1 interface, 29 commands, 12 parametersDNP334 commands, 17 parametersEGD20 commandsEGD Configuration (over HTTP)8 commands, 1 parameterIEC-1042 interfaces, 58 commands, 3 parametersModbus19 commands, 55 parametersMS-RPC20 commandsMS-RPC: DCOM13 interfaces, 72 commandsMS-RPC: OPC Data Access19 interfaces, 137 commands, 86 parametersSDI (Mark VI)2 interfaces, 91 commands, 1 parameterSDI (Mark VIe)201 commands, 2 parameters*OpShield is fluent in these protocols to the command level. OpShield recognizes over 20 additional protocols,including Siemens S7, OPC UA and EtherNet/IP-CIP
OpShield for Healthcare from GE DigitalVisibility and security for connected healthcare environmentsProduct Specifications by ModelOpShield-300-2AC PowerRange Line VoltageNormal Line VoltageMax CurrentFrequencyRedundant PowerDC PowerPower SupplyPower Consumption (Avg/ Max)Redundant PowerEnvironmentalOperating TempStorage Shield-3000-8OpShield-4000-490 264 VAC100 240 VAC1.2 A (100 VAC)50/60 HzNo90 264 VAC100 240 VAC12.0A at -48 VDC50/60 HzHot Swappable AC PSU12 36 VDC13.8 W / 15.7 WDual DC Connectors12 36 VDC13.8 W / 15.7 WDual DC Connectors12 36 VDC13.7 W/20.5 WDual DC Connectors-36 -72 VDC89.3 W/165.7 WOptional Hot Swappable DC PSU-40º 70º C-40º 85º C5% 95% (non-condensing)Passive (Fanless)-40º 70º C-40º 85º C5% 95% (non-condensing)Passive (Fanless)-40º 75º C-40º 85º C5% 95% (non-condensing)Passive (Fanless)0º 40º C-10º -70º C20% 90% (non-condensing)Fan0º 45º C-25º 75º C5% 90% (non-condensing)Hot-swap fans146 mm / 5.75 inches65 mm / 2.56 inches127 mm / 5.00 inches1.0 kg / 2.2 lbsDIN (or optional Wall-Mount)146 mm / 5.75 inches65 mm / 2.56 inches127 mm / 5.00 inches1.0 kg / 2.2 lbsDIN (or optional Wall-Mount)146 mm / 5.75 inches78 mm / 3.07 inches127 mm / 5.00 inches1.25 kg / 2.75 lbsDIN (or optional Wall-Mount)44 mm / 1.73 inches438 mm / 17.24 inches292 mm / 11.50 inches8.6 kg / 19 lbs1U rack44 mm / 1.73 inches431 mm / 16.97 inches514 mm / 20.20 inches8.0 kg / 17.63 lbs1U rack, rails included (tool-less)8x Gigabit SFP4x Gigabit CopperNetwork ModulesGigabit Ethernet RJ45Gigabit Ethernet SFPUSBConsole2 with bypass 1 mgmt port2Serial over DB94 with bypass 1 mgmt port2 with bypass 1 mgmt port2Serial over DB942Serial over DB98 with bypass 2 mgmt ports2Serial RJ454 with bypass 2 mgmt ports(add’l ports via network modules)Supported via network module(s)2Serial RJ45
OpShield for Healthcare from GE DigitalVisibility and security for connected healthcare environmentsProduct Certifications8 Port (3000, 4000)2/4 Port (300, 400)RoHSRoHSSafetyIP30 (Ingress Protection)ATEX C1D2 (300 only)ULUL 60950-1, 2nd Edition, 2011-12-19UL 60950-1, Information Technology Equipment Safety Part 1: GeneralRequirementsCSA C22.2 No. 60950-1-07, 2nd Edition, 2011-12CSA C22.2 No. 60950-1-07, Information Technology Equipment SafetyPart 1: General RequirementsFCC Part 15 Class A or BFCC Part 15, Subpart B: 2012 Class AIC ICS-003ICES-003 Issue 5: 2012 Class AFCCCEIEC 60068-2-64 VibrationIEC 60068-2-27 Mechanical ShockEN-55022: 2010 AC: 2011 (Class A or B)EN 55022: 2010 AC: 2011 Class AEN-61000-3-2: 2006 A1: 2009 A2: 2009EN 61000-3-2: 2006 A1: 2009 A2: 2009 Class AEN-61000-3-3: 2008EN 61000-3-3: 2008EN 55024: 2010EN55024: 2010IEC 61000-4-2: 2008IEC 61000-4-2: 2008IEC 61000-4-3: 2006 A1: 2007 A2: 2010IEC 61000-4-3: 2006 A1: 2007 A2: 2010IEC 61000-4-4: 2012IEC 61000-4-4: 2012IEC 61000-4-5: 2005IEC 61000-4-5: 2005IEC 61000-4-6: 2008IEC 61000-4-6: 2008IEC 61000-4-8: 2009IEC 61000-4-8: 2009IEC 61000-4-11: 2004IEC 61000-4-11: 2004IEC 61000-4-12: 2006VCCIVCCIOpShield is now availablewith or without fiber,high availability features,and SFPs. Contact usto learn about the righttechnology for youroperational environment.LEARN MORE
OpShield for Healthcare from GE DigitalVisibility and security for connected healthcare environmentsServicesRelated productsContinue your IIoT journeyIn the world of Industrial Internet of Things (IIoT), organizations are able tooptimize productivity, reduce costs, and achieve Operational Excellence. Whilethis is an exciting time for opportunity and growth, it can also bring on newchallenges, questions, and uncertainty. No matter where you are on your IIoTjourney, GE Digital has the right services offering for you.GE Digital's OT cyber security suite helps protect industrial and healthcarecompanies against misconfigured devices and unplanned downtime dueto cyber incidents. We can help you test, certify, and secure industrialconnected devices, applications, and processes.Transforming your business requires innovative foundational solutionsthat lay the groundwork for optimized performance.Advisory Services We can help you plan and start your IIoT journey in a waythat aligns to your specific business outcomes.Managed Services We can help you maintain your critical machines fromone of our remote locations around the world using model-based predictiveanalytic technology.Implementation Services Our team will help develop a collaborative, multigenerational plan that will marry your existing investments to the right processenhancements and technology.Education Services We specialize in education services to ensure thatyou’re leveraging our solutions to the fullest extent with our training andcertificate programs.Achilles Test PlatformBuild in product security. Achilles TestPlatform discovers vulnerabilitiesand faults to be reproduced, isolated,identified, and resolved beforeproduct introduction.HistorianOptimize asset and plantperformance through time-seriesindustrial data collection andaggregation, leveraging Predix IIoTconnectivity.PredixInnovate and transform yourbusiness with the cloud-basedoperating system for the IndustrialInternet, purpose-built for industry.iFIXGain visibility into your operationsand secure agility for smarterdecision making that drives results.GlobalCare Support Services Let us help by ensuring that your businesscontinues to operate at its highest efficiency, all while mitigating risks toyour investments.Asset Performance ManagementMove from reactive to proactivemaintenance to reduce unplanneddowntime, minimize maintenancecosts, improve efficiency and extendasset life.Cyber Security Services Our solutions provide industrial-grade security for awide range of OT network and application topologies.About GEContactGE (NYSE: GE) is the world’s Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsiveand predictive. GE is organized around a global exchange of knowledge, the “GE Store,” through which each business shares and accesses the same technology,markets, structure and intellect. Each invention further fuels innovation and application across our industrial sectors. With people, services, technology and scale,GE delivers better outcomes for customers by speaking the language of industry.Americas: 1-855-YOUR1GE (1-855-968-7143)gedigital@ge.comwww.ge.com/digital 2017 General Electric. All rights reserved. *Trademark of General Electric. All other brands or names are property of their respective holders. Specifications aresubject to change without notice. 05 2017
DNP3 34 commands, 17 parameters EGD 20 commands EGD Configuration (over HTTP) 8 commands, 1 parameter IEC-104 2 interfaces, 58 commands, 3 parameters Modbus 19 commands, 55 parameters MS-RPC 20 commands MS-RPC: DCOM 13 interfaces, 72 commands MS-RPC: OPC Data Access 19 interfaces, 137 commands, 86 parameters SDI (Mark VI) 2 interfaces, 91 .
