AUSTIN, TX — Is hacking ever a good thing? Fathom5 has found that in an age of ever-increasing cyber threats, companies and governments are faced with an urgent need to prepare and strengthen defenses against cyber-attacks, which includes analysis of vulnerabilities. Ethical hacking involves duplicating strategies and actions of malicious attackers to identify security vulnerabilities which can then be resolved before they might be exploited. Further, the process of ethically resolving and reporting the discovered vulnerabilities strengthen critical systems from food supply and water distribution to national security.
Fathom5 is an industrial technology company, delivering security-first, data-driven solutions to all levels of industry, whether commercial or defense. A proud member of the cybersecurity research community, the team at Fathom5 believes that a healthy cyber community is critical to the development of safe and secure products. This is particularly important for Operational Technology (OT) systems such as maritime equipment, industrial automation products, and components of critical infrastructure. Through Fathom5’s work with DEFCON, HACKtheMACHINE, Grey Hat, and other cybersecurity groups, Fathom5 is uniquely positioned to strengthen the broader industrial cybersecurity research community.
A key component of this community is that Fathom5 follows an ethical approach to disclosing any cybersecurity vulnerably discovered during their own product development. Fathom5’s IT Security Console (part of their Grace Maritime Cyber Testbed) is a platform for training primarily network defenders, on how to recognize, diagnosis, and remediate cyber-attacks on maritime and aviation OT equipment. Fathom5 pairs deep technical experience and commitment to cyber and Artificial Intelligence (AI) ethics in collaboration with industry best practices to confirm, address, resolve and ensure accurate reporting for Coordinated Vulnerability Disclosure (CVD).
The use of their cyber testbeds and process facilitates working with Original Equipment Manufacturers (OEMs) to make CVD a critical part of maintaining an ethical stance regarding hacking and cybersecurity research. Once resolved, these vulnerabilities are entered into the Common Vulnerability Scoring System (CVSS), allowing security risks to be addressed to bolster security of the individual component identified. Correcting individual discoveries strengthens overall systems for food production, water quality, physical security, and even national defense.
Once resolved, the OEMs involved can reserve numbers in the CVE (Common Vulnerability Enumeration) database, a nonprofit research company that serves as a repository to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
Fathom5’s senior leadership is available for interviews regarding cybersecurity and vulnerabilities, including the importance of coordinated vulnerability disclosures in the face of ever-increasing cybersecurity threats. Founder and CEO, Zac Staples served more than two decades in the U.S. Navy, culminating as the Director of the Center for Cyber Warfare. Fathom5’s Chief Technology Officer, Dr. Dave Burke served as Program Executive Officer for NAVAIR and Director of the Cyber Warfare Detachment at NATO.
Over the next several months, Fathom5 will be releasing several examples of the CVD’s discovered within the scope of projects with major industrial companies and a white paper on AI Ethics over the last ten years and the implications and considerations for future use.