ICS Security Suite

Resilient and Scalable Industrial Control System Security Appliance

Power Conversion provides a comprehensive cybersecurity management suite that can be deployed on a virtual environment or on its cybersecurity appliance built with a CIS Compliant Windows 10 installation.

This enables customers to meet industry standards and regulations to ISA/IEC 62443 or other regional regulations such as US DODI 8510-01 risk management framework or the French Gov ANSSI.

General Electric

Standard Power Conversion Security software

ICSArmor - A dedicated Security Appliance, enabling defence-in-depth across the Power Conversion control system. Enabling system compliance with IEC 62443 4-2 3-3 and IEC 62351-8, ICSArmor gives owners and operators easy access to Power Conversion’s security toolchain. ICSArmor provides an intuitive and secure interface to host and utilize Power Conversion’s security toolchain and optional, embedded third party software.

ICS Security Management Suite with SYSLOG - ICS Security Management Suite provides a central system authentication server to manage users across the Power Conversion OT network, in accordance with IEC 62351-8. ICS Security Management Suite deploys and manages system trust certificates using a PKI with an optional customer-provided root CA. ICS SYSLOG, in accordance with RFC 5424, collates and stores OT network SYSLOGs with the ability to integrate with a third party SIEM.

ICSGuard - ICSGuard is a unique patented and integrated health and security monitor for your controller, equipped with machine learning capabilities. ICSGuard serves as a host intrusion detection system (HIDS) in accordance with NIST 800-94. ICSGuard utilizes the various HPCi diagnostic pointers and virtual sensors for monitoring controller behavior during operation. For HMI workstations the MITRE ATT&CK framework is used in combination with Windows OS security event logs to detect threats and anomalies. Upon detection of abnormal events, ICSGuard will then alert the operators.

Customer challenges

Secure host platform for both GE Vernova and non-GE Vernova security tools. ICSArmor provides a consolidated dashboard with optional RAID 1 or VM hosting for resiliency to quickly assess OT network health and provision user accounts as a system SecAdmin.

System security orchestrator, enabling user account provisioning in accordance with RBAC, ensuring no single username or password is re-used. Provisioning and management of PKI and facilitating machine to machine trust with embedded SYSLOG.

What is the customer value-added?

Control system compliance to IEC 62443 3-3 and asset compliance to IEC 62443 4-2.

Contributes to defence-in-depth adding protection on the user and machine communication layers, featuring security monitoring of HPCI and HMI devices.


ICSArmor is a secure host that can be deployed either on a GE Vernova industrialized RXi2 controller with optional RAID 1 disk configuration. Alternatively, it can be deployed in a virtual machine. During installation ICSArmor is hardening using the CIS Benchmark L1 or L2 plus high STIG compliance, with Windows Defender activated by default. ICS Security Management Suite with SYSLOG and ICSGuard are hosted within the ICSArmor container.



  • Host for Power Conversion’s security toolchain
  • Hardware-agnostic, able to be deployed on virtual machine
  • Multiple deployment architectures including RAID 1 for data resilience and backup
  • Simple setup process with optional CIS benchmark compliant OS configuration
  • Optional High Windows STIG compliance during installation
  • Secure host for third party applications supporting full control system security compliance
  • Patching options available
  • Optional firewall to provide network segmentation
  • Full service and support package available

ICS Security Management Suite

  • Role-based access control
  • Account profile administration
  • Password strength definition
  • FIPS 140-2 compliant encryption algorithms
  • Windows HMI credential management
  • Option to integrate other applications and devices
  • 2-Factor authentication
  • Microsoft Active Directory LDAP proxy


  • User log-in events to control system devices
  • Incorrect password or failed login attempts
  • User profile creation/ updates
  • Device configuration or re-configuration logs
  • Device security status
  • Windows event log import/ extraction (security events only)
  • ICSGuard security events
  • Integration with third party SIEM


  • Easy to use dashboard to view and action alerts in real time with alarm list in accordance with ISA/IEC 18.2
  • Patented machine learning (ML) to detect HPCI controller and workstation anomalies using virtual sensors (ICSAgent) deployed in the monitored assets
  • Machine learning dashboard to view the performance of the ML models
  • Executive report generation for system cyber administrators to view all detected events and anomalies
  • Integrates directly with Power Conversions ICS SYSLOG and 3rd party SIEM solutions
  • Continuous threat detection using Sigma rules and MITRE ATT&CK frameworks

Technical data

  • Meets the seven foundational requirements of ISA/IEC 62443
  • Developed following ISA/IEC 62443-4-1 SDLC/ SDLA
  • RBAC to IEC 62351-8
  • Built on CIS Benchmark or High STIG compliance
  • Assists with NIS2 & NERC CIP compliance
  • SYSLOG in accordance with RFC 5424
  • HIDS in accordance with NIST 800-94 using Sigma rules and MITRE ATT&CK framework along with patented machine learning