CESER, in collaboration with cybersecurity firms Bastazo and Network Perception and researchers from the University of Arkansas, has developed a new software toolset to help energy utilities assess and address security vulnerabilities. The solution, named V-INT: Automated Vulnerability Intelligence and Risk Assessment, addresses a big hurdle in cybersecurity of understanding an organization’s complex firewall policy. The project delivers advanced capabilities for identifying cyber risks in critical energy systems, aiming to strengthen the sector’s resilience against evolving threats.
The University of Arkansas project funded by the Department of Energy’s (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has created a solution that gives energy utilities a sophisticated way of assessing their system’s security vulnerabilities.
“V-INT enables companies to conduct realistic attack simulations to provide a clear view of how their vulnerabilities appear from an attacker’s perspective,” said Philip Huff, Bastazo’s co-founder and chief scientist. “By combining advanced vulnerability and threat intelligence with a deep understanding of asset exposure, Bastazo delivers actionable insights that help organizations prioritize and remediate their most critical vulnerabilities in operational technology networks.”
The V-INT toolset has been integrated into and works with existing commercial technology platforms from Bastazo and Network Perception.
“In the face of the increasing complexity of today’s OT networks, collaborative research initiatives are vital to safeguarding critical infrastructure from evolving cyber threats,” said Robin Berthier, founder and former CEO of Network Perception. “We are proud of this partnership that brought together experts and stakeholders from the public and private sectors to enhance the resilience of our nation’s essential systems through research innovation.”
Network Perception, a Dragos company, offers network security analysis by modeling and visualizing network access pathways. This capability enabled the V-INT solution to rapidly assess the network exposure of key vulnerabilities, which introduced a new way to prioritize mitigation efforts towards protecting critical operational technology (OT) equipment.
Bastazo is an AI-powered cybersecurity platform focused on OT remediation. It helps organizations protect their essential systems while reducing team workloads by addressing the top 3 percent of critical vulnerabilities with actionable work plans. Its proprietary AI solutions ensure efficiency, compliance, and security for complex infrastructures. The company got its start from DOE’s CESER’s cyber investments at the University of Arkansas.
V-INT features user-accessible deployment options and comprehensive materials, including promotional content and technical guides, readily available for energy utilities interested in this groundbreaking toolset. Bastazo currently leads V-INT’s commercialization effort through their platform.
