My consulting practice is grounded in active, independent security research targeting critical infrastructure and industrial control systems. My findings are coordinated through CISA and publicly disclosed in accordance with responsible disclosure practices. Engagements are informed by real-world vulnerability discovery — not theoretical frameworks.
This white paper documents a critical-severity authentication vulnerability (CVSS 9.8) affecting the IEC 60870-5-104 protocol implementation across 19 GE Vernova Universal Relay product lines. The vulnerability, present for 15+ years, allows unauthenticated remote access to protective relay functions in electric grid infrastructure. I submitted my findings to CISA in February 2026 and publicly disclosed them in March 2026 following coordinated vendor notification.
I have submitted 35+ coordinated disclosures to CISA covering the GE Vernova Universal Relay platform across multiple industrial protocols: