COLUMBIA, Md.–(BUSINESS WIRE)–SCYTHE, the leading provider of advanced cyber security solutions, is proud to announce its award selection with EPRI’s Automated Device Vulnerability Exploitation and Defensive Impact Analysis (ADVEDIA) project. This innovative project aims to refine vulnerability detection, classification, and exploitability determination techniques for control system software, focusing on enhancing the security of operational technology (OT) and industrial control systems (ICS).
EPRI, Finite State, SCYTHE, MITRE, Schneider Electric, and Southern will collaboratively tackle ADVEDIA Project tasks, each leveraging their unique expertise to enhance vulnerability detection and exploitability determination in control system software. Together, these organizations will create a robust framework for assessing and mitigating vulnerabilities in OT/ICS environments, ultimately enhancing the security posture of critical infrastructure systems.
SCYTHE’s focus will be spearheading Task 4.0 – Scenario Analysis Emulation. This critical research involves mapping likely exploitable vulnerabilities to specific tactics, techniques, and procedures (TTPs) that can be emulated and validated in a scenario. The findings from this scenario analysis will feed back into the vulnerability determination process, ultimately providing system owners and operators with a comprehensive list of prioritized vulnerabilities based on actual target testing and automated analysis of exploitability.
SCYTHE’s research and contributions will encompass emulation plan automation, exploitation mapping, attack determination, OT/ICS client, capability and communication development, and scenario analysis for OT/ICS environments. The project will focus on threat emulation payloads and protocols frequently used by electric utilities, including MIPS, PowerPC, ARM, Modbus, DNP3, and BACnet.
“SCYTHE’s involvement in the ADVEDIA project reflects our continued commitment to enhancing the security of OT/ICS systems, which are critical to the functioning of key sectors such as energy, manufacturing, and public services. By refining vulnerability exploitability techniques, we aim to provide these industries with the tools they need to ensure the safety and security of their operations. Citizens and personnel rely on these systems to be secure and safe, and our work is dedicated to upholding that trust,” said Jim Webster, Director of Federal Programs at SCYTHE.
SCYTHE’s commitment to investing in adversarial emulation for both IT and OT/ICS environments underscores its dedication to helping teams emulate today’s sophisticated cyber attacks, driving insight and potential impact understanding, and prioritizing threats. This proactive cyber security approach accelerates detection engineering and enhances control validation, enabling teams to optimize mean time to detect (MTTD) and mean time to respond (MTTR), ultimately enhancing the overall security posture of organizations in critical infrastructure environments.
For more information about SCYTHE’s involvement in the ADVEDIA project, review the announcement from the Department of Energy.
About SCYTHE
SCYTHE represents a paradigm shift in cybersecurity risk management, empowering organizations to Attack, Detect, and Respond efficiently. The SCYTHE platform enables collaboration between red, blue, and purple teams to build and emulate real-world adversarial campaigns. SCYTHE’s innovative dual-deployment options and comprehensive features ensure a proactive cybersecurity approach. Headquartered in Columbia, MD, SCYTHE is privately funded by distinguished partners dedicated to shaping a more resilient cybersecurity landscape. For more information, visit https://scythe.io or connect with SCYTHE on Twitter @scythe_io.
Contacts
Marc Brown | marc.brown@scythe.io