Industries

GRIMM’s extensive security experience crosses critical sectors, providing clients with immediately impactful security best practices and solutions.

Transportation Sector

GRIMM evaluates the ability to predict, detect, protect, and respond to cybersecurity threats in transportation. GRIMM also develops and teaches advanced courseware for prominent security certification providers on automotive and control system security.

At GRIMM, we believe automotive and transportation security is intrinsically linked to safety, and are committed to helping the whole industry do better. In order to really understand how to secure a vehicle, truck, plane, drone or tank, we first must have a thorough understanding of how the system or system-within-a-system is intended to work. For that reason, most of the engineering team dedicate to the transportation sector hails from automotive and aviation developer roles.

With a lab in Sparta, Michigan -- big enough to park and reverse engineer a plane or tank -- our transportation sector team researches and develops proofs of concept for the physical systems as well as the system’s connectivity (e.g. vehicle to vehicle, CAN communications, GPS, telematics, cellular, etc.). Working with the manufacturers, vendors, insurers, end users including the U.S. military, autonomous software manufacturers, and consumer advocacy groups, we help our clients view their vehicle networks through the eyes of a bad guy. Our ability to blend an engineering perspective with that of a malicious hacker, assists our automotive clients in safely developing and deploying their fleets of connected and automated vehicles. If you can drive it or fly it, we’ve probably reverse engineered it!

But don’t just take our word for it. GRIMM believes firmly that showing is more compelling than simply telling, and in this spirit, build a mobile hacking demonstration to help automotive executives, security personnel, and citizens alike to understand the vulnerability of their vehicles to a cyberattack. In ten simple steps, our demo will teach you how to take control of the electronic components of a modern vehicle. Interested in your own demo to train your own workforce? Contact us to discuss if we can help!

Internet of Things

GRIMM pushes the discovery of security flaws and thinking for both practitioners and the public through practical vulnerability demonstrations in IoT

Governments, businesses, citizens - we all rely on the increasing number of connected devices in the Internet of Things (IoT) every single day. Like the transportation sector, and critical infrastructure, the security of IoT devices implicates an individual’s safety and privacy. The IoT team focuses on conducting security assessments of the hardware, firmware, and software of IoT devices, as well as its communications links, and encryption. As security of IoT devices has historically been an afterthought, many vendors need assistance with design and implementation review, source code or binary review, in addition to vulnerability assessments of the device itself.  Like in many of our other practices, GRIMM believes helping vendors and manufacturers, as well as consumers understand that developing and ultimately buying secure IoT devices common to an everyday household is best served by a demonstration. “Howdy Neighbor” is GRIMM’s IoT capture the flag-like competition, with more than thirty IoT challenges including webcams, toasters, smoke detectors, power meters, HVAC systems, sprinklers, video game consoles, locks, and light bulbs. More than just showing folks how your Nest smart thermostat can take over your home, Howdy Neighbor actually demonstrates the problem and raises awareness to help train the general public on the importance of IoT device security. Interested in your own demo? Contact us to discuss if we can help!

Federal Defense and Intelligence

GRIMM cares deeply about national security and the U.S.’ ability to project power as necessary; in large part because over half of the team has worked for the U.S. government as military officers, senior government officials, or contractors in their previous careers

With over half of our team having worked for the U.S. government as military officers, senior government officials, or contractors, GRIMM cares deeply about national security. Building on this operational experience, GRIMM provides forward-looking research, development, test and evaluation (RDT&E) for the Department of Defense and the Intelligence Community’s unique challenges operating in and through cyberspace. Additionally, GRIMM provides end-to-end security assessments of its contractor base for purposes of protecting the U.S. government’s supply chain.

Critical Infrastructure

GRIMM has long been helping to secure critical infrastructure through collaboration, conducting security assessments, and helping develop widely-used security frameworks.

GRIMM has long roots working to secure critical infrastructure by conducting security assessments, and helping develop security framework standards including the Uniform Cost Accounting International Users Group Advanced Metering Infrastructure (AMI) Security and Smart Grid Security working group, and the NIST standards for Cyber Physical Systems (CPS) which includes the whole gamut of critical infrastructure including health care, emergency response, traffic flow management, electric power generation and delivery, and evolving critical infrastructure areas such as election equipment. Our range of expertise extends across AMI, control software, human machine interfaces, programmable logic controllers, and other pertinent embedded devices at the intersection of operational software, firmware, and hardware. The Critical Infrastructure team overlaps with the Automotive and Transportation Sector team, which provides a unique skill set for evaluating the security of the grid as it relates to electric vehicle infrastructure and charging stations.  To be able to demonstrate the vulnerabilities in industrial control systems, GRIMM teamed with other leading industry experts to develop the ICS Village, a non-profit that brings experiential learning and awareness of ICS security so utility executives, ICS security personnel, and citizens alike can understand the vulnerability of critical infrastructure to a cyberattack. Contact the ICS Village for more information.

Banking, Finance, and Digital Currencies

GRIMM conducts blackbox/whitebox testing to evaluate areas of threats and weaknesses in banking and financial systems

The Financial Sector is consistently at high-risk for cyber attacks. Raising the barrier of defense so that the entire industry is better able to defend themselves is something we’re very committed to at GRIMM. For each engagement in the highly regulated finance sector, GRIMM puts together a skilled team of security researchers, engineers, and consultants to customize solutions and provide operationally sound recommendations for clients.

The GRIMM approach helps clients to better understand their security risk by identifying fraud, theft, and susceptibility of data breach through the discovery of vulnerabilities in application, embedded systems, and networks. GRIMM’s expertise in encryption, custom cryptography, blockchain and artificial intelligence technologies position GRIMM as one of the go-to security firms for design evaluation and implementation review.

Medical IT & Healthcare

GRIMM preforms end-to-end security assessments to identify vulnerabilities in Medical IT and Healthcare systems before attackers exploit them

The healthcare industry is threatened not only by external actors, but internal ones as well. Whether it is due to human error, such as fat fingering data entry, disposing of sensitive information in an improper manner, or otherwise being careless, either intentionally or unintentionally. In addition to testing workforce susceptibility to phishing or improper file transfer or handling, a skilled team of security researchers, engineers, and consultants to work hand-in-hand in customizing technical and policy solutions and recommendations for clients. This helps clients to better understand their security risk by identifying internal and external threats including in the hardware, firmware and software of medical devices, networks and infrastructure, applications, and in the workforce itself. GRIMM also offers business and industry consultation services in healthcare with robust understanding of this highly regulated environment.