RESEARCH CHARTER

ThreatSpire (threatspire.com) transforms raw threat data into actionable intelligence. Powered by AI, it aggregates IOCs across top CTI sources, normalizes scores into a single precision threat metric, and automatically generates YARA rules at scale. Analysts receive contextual, confidence-rated intelligence in seconds, cutting research time, improving triage accuracy, and enabling SOC teams to respond to emerging threats with unprecedented speed. 

PhakeOut (phakeout.com) is an AI-powered security awareness platform that creates hyper-realistic deepfake phishing simulations from curated organizational content. By generating personalized, scenario-accurate phake injects, PhakeOut exposes users to the next generation of social engineering threats and trains them against the tactics adversaries actually use. The result is a dramatically more effective, behavior-driven awareness program that prepares organizations for modern AI-enabled attacks. 

Entry-Level OT Cybersecurity Certification  

The Cyber Defense Associate Certification™ (CDAC) is the entry point into the OTSEC learning path and the industry’s first foundational certification dedicated to cybersecurity for power stations, substations, transmission, and distribution environments. CDAC equips learners with essential knowledge of operational technology, industrial architectures, threat landscapes, vulnerability testing, consequence-informed engineering, and basic OT defense strategies.

Designed for IT professionals transitioning into OT, cybersecurity students, OT personnel seeking cyber expertise, or newcomers entering the field, CDAC builds the critical baseline skills required to begin a career in energy-sector cybersecurity.

Professional-Level OT Security Certification

The Cyber Defense Professional Certification™ (CDPC) is an advanced, practitioner-level credential for professionals responsible for securing industrial control systems and OT environments. Building on the CDAC foundation, CDPC develops the skills needed to analyze sophisticated threats, design secure architectures, implement advanced controls, manage risk, harden systems, and monitor networks in real time.

This certification prepares industry professionals to protect critical energy infrastructure against modern adversaries, including ransomware actors, APT groups, and cyber-physical threat campaigns. Through hands-on simulations, live lab exposure, and applied case studies, including real-world incidents, the CDPC validates readiness for high-stakes cyber defense roles within the electrical sector.

 Expert-Level OT Cyber Defense Certification

The Cyber Defense Expert Certification™ (CDEC) is the capstone of the OTSEC training program and the highest-level credential for professionals securing operational technology in the Bulk Electric System. Intended for seasoned engineers, system architects, and cybersecurity leaders, CDEC validates mastery across advanced ICS/OT defensive operations, threat hunting, consequence-based architecture, red/blue OT exercises, and large-scale incident management.

Delivered through immersive live labs, multi-day attack simulations, and advanced engineering challenges, the CDEC prepares experts to lead cyber defense strategy for complex, interconnected energy systems. This certification represents the pinnacle of OT security readiness and demonstrates elite capability to defend critical infrastructure against the world’s most sophisticated threat actors.

GridSim (gridsim.org) is the Cyber Defense Center’s flagship operational technology simulation platform, designed to support the OTSEC™ certification program and provide a realistic laboratory environment for training the next generation of energy-sector cyber defenders.

This research initiative creates a fully functional, small-scale electric grid that integrates real industrial control systems, renewable energy generation, programmable logic controllers, smart grid components, and defensive cyber technologies. GridSim enables students and professionals to interact directly with live OT equipment, execute defensive operations, perform vulnerability testing, and experience the complex behaviors of modern grid infrastructure.

Developed as the practical foundation for the Cyber Defense Associate (CDAC)™, Professional (CDPC)™, and Expert (CDEC)™ certifications, GridSim provides hands-on exposure to:

• Electric generation via PV and wind systems
• Industrial PLCs and vendor-specific control architectures
• Distribution networks and smart meter arrays
• Industrial-grade networking, firewalls, mesh systems, and radio backhaul
• Realistic cyberattack and cyber defense scenarios

By combining renewable energy systems, ICS equipment, and cyber defense tools into a cohesive, interactive grid model, GridSim advances workforce readiness and strengthens the sector’s ability to defend critical infrastructure from modern cyber threats.

Attack5 (attack5.com) is a Cyber Defense Center research and incubation initiative focused on developing a next-generation platform for real-time external threat surface analysis and intervention readiness. Unlike traditional tools that only measure exposure after an incident, Attack5 evaluates an organization’s ability to detect, prevent, and actively disrupt attacks as they unfold.

The platform aggregates OSINT, threat-surface data, and public intelligence feeds, integrating sources such as IPVoid, Shodan, CertView, and other discovery engines, into a unified, contextualized threat profile. Automated listening engines continuously monitor for emerging indicators, map external exposure, and generate an Attack5 Threat Score that feeds into the broader Cyber Defense Center member rating system.

Attack5 also provides enriched intelligence that supports other CDC projects, including PhakeOut, by supplying real-world threat signals and external behavioral indicators. The ultimate goal of this research is to create a scalable, precision intervention platform that empowers organizations to understand their threat surface, anticipate threat actions, and elevate their readiness to interrupt attacks, not just respond to them.

Exploit5 is an automated penetration testing and red-team orchestration platform being incubated within the Cyber Defense Center as part of the broader Attack5 initiative. Designed to push beyond traditional vulnerability scanning, Exploit5 uses GPU-accelerated attack execution, one-button automation, and pre-built exploit chains to test defenses across nearly every layer of an organization's technology architecture.

By leveraging custom threat models, wartime-grade exploit sequences, and scenario-driven attack paths, Exploit5 provides a realistic, high-intensity assessment of an organization’s resilience under active adversarial pressure. It is built to evaluate not just exposure, but how well defenses respond, adapt, and contain sophisticated attack progression in real time.

Exploit5 extends the Cyber Defense Center’s capability model, already used to measure defensive maturity, by validating the actual effectiveness of deployed technologies, processes, and response teams. This new generation of automated red teaming gives organizations continuous, on-demand insight into their true defensive posture and their readiness for advanced cyber warfare scenarios.

Breach Reports (breachreports.org) is a Cyber Defense Center innovation initiative designed to create a comprehensive, next-generation catalog of historical and emerging breach data. By aggregating information from diverse public, private, and sector-specific sources, the platform applies new analytical criteria to uncover patterns, impacts, and systemic vulnerabilities affecting communities, critical infrastructure, and national security.

In addition to research and analytics, Breach Reports functions as a secure whistleblower intake platform, enabling individuals to confidentially submit breach information, emerging threat indicators, or early-warning concerns that may otherwise go unreported. This dual mission strengthens collective situational awareness and supports timely intervention across sectors.

Breach Reports empowers defenders, policymakers, journalists, and researchers with clearer visibility into the evolution of cyber threats, while providing a trusted channel for reporting incidents that help protect the public and the nation.

INCTEP Automation is a Cyber Defense Center capability designed to modernize and streamline the full lifecycle of CISA cyber tabletop exercises (CTEPs) for members across critical infrastructure, government, and industry. Built to enhance readiness, coordination, and exercise value, this platform provides end-to-end management tools that drastically reduce administrative overhead while increasing analytical depth and repeatability.

The system includes a custom inject catalog, full CTEP package management, automated scheduling, dynamic feedback form generation, and integrated analytics to measure participation, performance, and organizational readiness. CTEP Automation also produces standardized After Action Reports / Improvement Plans (AAR/IPs) and maintains a structured CTEP Risk Register that links exercise outcomes to real operational risks and mitigation priorities.

By unifying planning, execution, documentation, and performance analysis, CTEP Automation enables organizations to conduct more frequent, higher-quality exercises, transforming CTEP engagement from a manual

Code Origin is a Force Labs research initiative being developed in partnership with DreamForge. Code Origin is focused on distinguishing AI-generated code from human-written code across open-source and public code repositories. As generative AI accelerates software development, the ability to verify authorship, trace code provenance, and identify synthetic contributions has become critical for supply chain security, intellectual property protection, and vulnerability management.

This project explores advanced detection methods such as machine-learning analysis, pattern differentiation, metadata correlation, and behavior-based signatures, to classify code origins accurately at scale. Force Labs also advises and supports community innovators developing commercial applications of this technology, including tools inspired by early grey-market prototypes such as GPTHero.me.

Code Origin advances the broader mission of strengthening software assurance and helping organizations understand where their code comes from, how it is produced, and what risks AI-generated contributions may introduce.