Fortiphyd Logic’s cover photo
Fortiphyd Logic

Fortiphyd Logic

Computer and Network Security

Atlanta, Georgia 2,657 followers

Cyber training with physical impact

About us

At Fortiphyd Logic, our mission is to build solutions that make sense for both security and operations, so that IT and OT can work as a team to secure the world's critical infrastructure. Our cyberphysical ranges use virtual OT networks attached to realistic 3D process simulations to give users hands-on experience with more OT protocols and physics than any other training out there. We also conduct applied R&D in OT security to create and demonstrate new technologies like PLC endpoint detection, PLC static analysis, and other tools.

Website
https://www.fortiphyd.com
Industry
Computer and Network Security
Company size
2-10 employees
Headquarters
Atlanta, Georgia
Type
Privately Held
Founded
2018
Specialties
Cybersecurity Training, ICS Security, OT Security, Network Security, and PLC Security

Locations

  • Primary

    1345 Seaboard Industrial Blvd NW

    C7

    Atlanta, Georgia 30318, US

    Get directions

Employees at Fortiphyd Logic

Updates

  • One of the most overlooked protocols in OT security isn't an ICS-native one. SNMP sits in the gap between IT and OT and gets claimed by neither. IT security teams know it well. OT security curricula barely touch it, because it isn't Modbus or DNP3 or IEC 61850. But it runs on devices inside most industrial facilities regardless: UPS systems, managed switches, server management interfaces, anything with a remote management card and a network connection. SNMPv1 and v2c, still common in legacy-heavy OT environments, send community strings in plaintext and support remote commands issued over the network. That's a well-understood weakness on the IT side. It's considerably less discussed on the OT side, where the devices carrying it often sit close to critical infrastructure. An attacker with access to an OT network and knowledge of default or weak SNMP community strings has a quiet path to devices that most OT defenders weren't specifically trained to think about. Our upcoming substation simulation includes SNMP-managed infrastructure as part of the attack surface, because a realistic scenario doesn't stop at the ICS-native protocols. How many SNMP-enabled devices are on your OT network right now with default community strings? #ICSsecurity #OTsecurity

    • No alternative text description for this image
  • A lot of active-duty members find our free labs, then ask for more as they get closer to the job market. So this quarter we're opening up a limited number of complimentary training months for active-duty, Reserve, and National Guard members. One full month of Student tier access on the Virtual Training Grounds: real Modbus, DNP3, OPC UA, and BACnet traffic, across simulated substations, water treatment plants, and building automation systems. No credit card required. And since we know a .mil address doesn't last forever, your account and progress carry over to a personal email whenever that day comes. Spots are limited each quarter. Full details and how to apply: https://lnkd.in/etcRWmqi #ICSsecurity #OTsecurity

  • Having a manual override doesn't mean you can use it. After the 2015 Ukraine attacks cut power to 225,000 people, operators restored service within hours, not because of sophisticated incident response technology, but because they knew how to work their systems by hand and had the muscle memory to do it under pressure. That's increasingly uncommon in modern facilities. Today's control systems are built around centralized interfaces, remote operation, and automated responses. Manual fallback procedures often exist in a binder somewhere, but the people who wrote them may no longer be on the team, and the people who are may have never operated in manual mode outside of a tabletop exercise. If your recovery plan depends on manual operation, your training program needs to actually include it. Manual recovery scenarios are part of our upcoming substation simulation, built into the full 2015 and 2016 Ukraine attack chains, not as an afterthought but as a core piece of what it takes to be ready. When did your team last practice restoring a system manually under adversarial conditions? #OTsecurity #ICSsecurity

    • No alternative text description for this image
  • The headline from December 23, 2015: attackers opened breakers at 30 substations and cut power to 225,000 Ukrainians. That's the version most training materials teach. Here's what they leave out. Before the outage, the attackers had also accessed the remote management interfaces for server UPS (uninterruptable power supply) systems and scheduled disconnects. When defenders moved to respond, their own systems were already shutdown. The attack wasn't just designed to cause an outage. It was designed to slow the people who could end it. To our knowledge, this is the only publicly documented attack where UPS systems were deliberately targeted to degrade incident response. That level of operational awareness, understanding how defenders work and eliminating their options before they start, is what separates a sophisticated campaign from a loud one. Our upcoming substation simulation covers the full 2015 and 2016 Ukraine attack chains, including this component. Because you can't train defenders to respond to moves they've never had to consider. #ICSsecurity #OTsecurity

    • No alternative text description for this image
  • Threat intelligence indicates the power distribution sector of the city of Terminus is the newest target of an advanced persistent threat... (Translation: our CRASHOVERRIDE-inspired power distribution simulation is almost ready.) This scenario is modeled loosely on the 2015 and 2016 Ukraine grid attacks, two of the most studied intrusion campaigns in #ICSsecurity history. Learners will work through full attack chains in a simulated environment that includes realistic physics of three interconnected substations, not just the networks. #OTsecurity Details coming soon!

    • No alternative text description for this image
  • IEEE 2030.5 has real cryptographic protections for distributed energy resources (DER). Exfiltrated certificates bypass all of them. That's the core tension we built our new DER security course around. The protocol's design is genuinely thoughtful: - TLS - mutual authentication - PKI-backed device identity. An attacker sniffing traffic or spoofing commands runs into walls at every turn. But certificate data can be stolen. Once an attacker has valid credentials, they don't fight the protocol at all. They present a legitimate identity, pass every check, and issue commands the system trusts completely. We walk through this scenario in detail, including what happens when a certificate authority itself is compromised. The course also covers the operational situations that quietly become attack windows: device deregistration, certificate revocation and reissuance, and the real consequences of fail-open versus fail-closed configurations. Check it out now at https://lnkd.in/eyA7ijrd

  • OT security training has always been too narrow. One sector, one protocol, one device type. That's the scope of most lab environments, and it's a problem. Real incidents don't stay in their lane. A hazardous spill in a chemical plant affects nearby port operations. Lack of water supply impacts cooling systems and manufacturing. A substation failure impacts everything it powers. The world is made of interdependent systems, and most training environments don't model those at all. We've been building something that does. This is Terminus. The fictional city that will serve as the setting for all Fortiphyd Logic labs and exercises moving forward. Chemical plant, power plant, water treatment, port, railway, substation, distributed energy, building automation. All in one place, all with realistic interdependencies. Your actions in the lab will affect the city. And eventually, so will everyone else's... More to come! #ICSsecurity #OTsecurity #gamification

    • No alternative text description for this image
  • DNS is not just for name resolution. In the wrong hands, it's a covert channel, and OT networks are not immune. DNS-based command and control is one of the more insidious techniques in an attacker's playbook because it blends in. Most OT environments aren't watching DNS traffic closely. dnsmasq now in the GRFICS router gives you a realistic DNS server to practice finding the kind of traffic patterns that show up when something on your network is phoning home, and setting rules to block them. But the C2 angle is only part of the story. The GRFICS router has quietly become something closer to a production-grade network appliance. Wireguard VPN, stateful firewall, IDS, dnsmasq, ARP monitoring, packet capture for diagnostics, user management. It's not a toy router standing in for the real thing. It's a realistic network appliance that behaves like the infrastructure your engineers will actually encounter. That matters, because training on oversimplified environments builds oversimplified instincts. Try it out now at https://lnkd.in/eeyAYp8w #OTsecurity #ICSsecurity

  • A new device just appeared on your OT network. You didn't add it. Your team didn't add it. But there it is. Asset visibility is one of the most basic requirements in #OTsecurity, and one of the hardest to practice without a realistic lab environment. You can't just plug rogue devices into a live plant to see what your monitoring catches. The router in GRFICS now includes ARP-based device monitoring, so you can practice exactly that scenario. Spin up a new host, watch it get flagged, and trace how an attacker might use ARP spoofing to impersonate a trusted device and intercept traffic between your HMI and PLC. The lab is free and open source. The skills it builds are not easy to get anywhere else. #ICSsecurity https://lnkd.in/eeyAYp8w

  • Most #OTsecurity professionals have never seen a full attack chain play out against distributed energy infrastructure to cause a physical impact. Our latest course changes that. Built around the Poland DER attack scenario, it walks trainees through every phase. The reconnaissance, the lateral movement, and the physical disruption. Inside a simulated facility where the physics behave like the real thing. Use code DER20 for 20% off at checkout: https://lnkd.in/eYaME-pm #ICSsecurity

Similar pages

Browse jobs