Supratik Pathak
Senior Product Manager - OT Cybersecurity
GE Vernova
Supratik Pathak is the Senior Product Leader for Cybersecurity at GE Vernova’s Grid Solutions business. Supratik drives the product strategy and development of innovative cybersecurity solutions and services for Grid Automation customers that align with both current market demands and emerging technological trends. He leads the entire product development cycle - from concept to market launch - ensuring seamless collaboration across R&D, engineering, sales, and marketing functions. Supratik’s team is responsible for the deployment, configuration, and ongoing support of cybersecurity solutions for Operational Technology (OT) infrastructure of Grid Automation customers, ensuring compliance with industry standards, mitigating cybersecurity risks, and providing comprehensive customer support and training.
Supratik Pathak’s 18+ years of experience in the energy sector, including power generation, transmission and distribution, led him to specialize in OT Cybersecurity early on. He has held pivotal roles at GE and Honeywell, leading cybersecurity innovation in the energy sector. As a Product Security Leader and OT Cybersecurity Solution Architect, Supratik integrated security into product development and designed advanced architectures for industrial environments. His technical foundation as an R&D Engineer and his expertise as an OT Cybersecurity Subject Matter Expert have enabled him to drive effective, innovative solutions that address the evolving challenges in the energy landscape.
His contributions to the field have made him a recognized thought leader, with numerous publications and presentations at national and international conferences. His work focuses on topics such as "Adaptive Defense Mechanisms in Power Systems" and "Cybersecurity Challenges in Today's Power Grids," and he has spoken at prestigious events including ADIPEC 2024 & 2025, CIGRE Paris, World Utilities Conference and the Fortinet APAC OT Security Summit, Dragos EMEA Forum, etc…
Supratik holds a B.E. in Electronics & Communication from Birla Institute of Technology - India, along with several professional certifications including ISACA - CISM, CRISC; SANS – GRID, GICSP, IEC-62443 Expert, and more. Supratik is based in Dubai, UAE.
Participates in
TECHNICAL PROGRAMME | Energy Technologies
This presentation will describe the methodology and results from testing the authentication of an IED with KDC, the distribution of session keys, encryption of the session key, the message integrity check where the IED verifies the integrity of the message using the MAC and finally the secure, interoperable Routable GOOSE Communication between different vendor IEDs.
R-GOOSE communication can be the backbone of any peer-to-peer inter substation communication and is what will support many wide-area use cases such as Zonal Autonomous Controls, which can be used for better regulation of Voltages across buses with a high injection of Renewable Power as well as Congestion Management Schemes, Anti-Islanding Schemes, or System Integrity Protection Schemes.
Routable GOOSE has several similarities and differences to Ordinary GOOSE messages. The main difference is that an R-GOOSE can travel through a Router and be sent to devices outside the substation. Ordinary GOOSE messages can boast a very high-speed data exchange due to local network delivery whereas with Routable GOOSE typical delays are less than 20 milliseconds for a well-designed Wide Area Network. Ordinary Layer 2 GOOSE Messages are normally broadcast to all devices which then have to check the Destination MAC address to determine whether or not the IED has subscribed to the message. This is not replicable for messages which are routed over wide area networks, instead these Routable GOOSE messages require a UDP /IP header and are multicast to specific devices using the destination IP address in the R-GOOSE Control Block Configuration. Another important difference between the ordinary Layer 2 GOOSE messages and Routable GOOSE is that given that the messages travel outside the boundary of the Substation, they require a security mechanism to ensure confidentiality, integrity and authentication. Authentication is used to ensure that it is the original message that is received by the Subscribing device whilst Encryption ensures that such a message cannot be interpreted by unauthorized actors.
