security updates matter: exploitation for beginners
Post on 21-Oct-2014
331 views
DESCRIPTION
Abstract: This is a presentation explaining the purposes behind why security updates should be installed on systems and why it matters to protect the bulk electric system. Many people don’t understand the full purpose of installing security updates and this presentation walks through the reasons at a very high level so that everyone can understand.TRANSCRIPT
Security Updates Ma0er Exploita5on for Beginners
William Whitney III
Who am I?
• William Whitney III – Alphabet Soup • Electronics and PLC’s • Power system engineering • IT/EMS/SCADA Opera5ons/Security/Compliance
• Enjoy finding and fixing business/technical process flaws
• I am a researcher at heart
Who I Work For
• Garland Power & Light / City of Garland – Municipality started in 1923 – 68,000 residen5al customers with a peak load of 492MW – Genera5on – 640 MW, gas and coal fired – Transmission – 29 substa5ons and 133 miles of lines – Distribu5on – 2007 miles of overhead and underground lines
– TMPA adds many miles of lines and sta5ons • College Sta5on to Denton TX
Who Are You?
Control System Engineers IT Professionals
Compliance/Legal
What People Think We Do
What We Think We Do
What We Really Do
Patch Your Systems NOW!
• Why? – Fix bugs – not ants, grasshoppers, etc – Protect systems from being breached – Be0er func5onality? Some5mes……….
Prove it FUD Man!!!
• Live Demo of what can happen if not patched – It takes 5me and resources to plan and act on patching systems for the many updates that are available
– It only takes one missing patch for someone to P0wn your system (yes, thats hacker speak)
• Anyone can do it today with the tools freely available on the internet
• Verizon Data Breach report stated 97% of breaches could have been avoided through simple or intermediate controls such as patching, password complexity, etc.
What to do?
• Patch your devices; All of them! Windows, Linux, Java, Adobe, RTU’s, and network devices ASAP!
• Most important is to show FERCing NERC TFE love; install an5virus on printers, network devices, and your toaster!!!
Ques5ons / Comments
William Whitney III Cyber Security & Compliance Manager Garland Power & Light / City of Garland
[email protected] 972-‐205-‐3080