Security Updates Matter: Exploitation for Beginners
-
date post
21-Oct-2014 -
Category
Technology
-
view
330 -
download
0
description
Transcript of Security Updates Matter: Exploitation for Beginners
Security Updates Ma0er Exploita5on for Beginners
William Whitney III
Who am I?
• William Whitney III – Alphabet Soup • Electronics and PLC’s • Power system engineering • IT/EMS/SCADA Opera5ons/Security/Compliance
• Enjoy finding and fixing business/technical process flaws
• I am a researcher at heart
Who I Work For
• Garland Power & Light / City of Garland – Municipality started in 1923 – 68,000 residen5al customers with a peak load of 492MW – Genera5on – 640 MW, gas and coal fired – Transmission – 29 substa5ons and 133 miles of lines – Distribu5on – 2007 miles of overhead and underground lines
– TMPA adds many miles of lines and sta5ons • College Sta5on to Denton TX
Who Are You?
Control System Engineers IT Professionals
Compliance/Legal
What People Think We Do
What We Think We Do
What We Really Do
Patch Your Systems NOW!
• Why? – Fix bugs – not ants, grasshoppers, etc – Protect systems from being breached – Be0er func5onality? Some5mes……….
Prove it FUD Man!!!
• Live Demo of what can happen if not patched – It takes 5me and resources to plan and act on patching systems for the many updates that are available
– It only takes one missing patch for someone to P0wn your system (yes, thats hacker speak)
• Anyone can do it today with the tools freely available on the internet
• Verizon Data Breach report stated 97% of breaches could have been avoided through simple or intermediate controls such as patching, password complexity, etc.
What to do?
• Patch your devices; All of them! Windows, Linux, Java, Adobe, RTU’s, and network devices ASAP!
• Most important is to show FERCing NERC TFE love; install an5virus on printers, network devices, and your toaster!!!
Ques5ons / Comments
William Whitney III Cyber Security & Compliance Manager Garland Power & Light / City of Garland
[email protected] 972-‐205-‐3080