Abstract: This is a presentation explaining the purposes behind why security updates should be installed on systems and why it matters to protect the bulk electric system. Many people don’t understand the full purpose of installing security updates and this presentation walks through the reasons at a very high level so that everyone can understand.
2. Who
am
I?
• William
Whitney
III
–
Alphabet
Soup
• Electronics
and
PLC’s
• Power
system
engineering
• IT/EMS/SCADA
Opera5ons/Security/
Compliance
• Enjoy
finding
and
fixing
business/technical
process
flaws
• I
am
a
researcher
at
heart
3. Who
I
Work
For
• Garland
Power
&
Light
/
City
of
Garland
– Municipality
started
in
1923
– 68,000
residen5al
customers
with
a
peak
load
of
492MW
– Genera5on
–
640
MW,
gas
and
coal
fired
– Transmission
–
29
substa5ons
and
133
miles
of
lines
– Distribu5on
–
2007
miles
of
overhead
and
underground
lines
– TMPA
adds
many
miles
of
lines
and
sta5ons
• College
Sta5on
to
Denton
TX
4. Who
Are
You?
Control
System
Engineers
IT Professionals
Compliance/Legal
8. Patch
Your
Systems
NOW!
• Why?
– Fix
bugs
–
not
ants,
grasshoppers,
etc
– Protect
systems
from
being
breached
– Be0er
func5onality?
Some5mes……….
9. Prove
it
FUD
Man!!!
• Live
Demo
of
what
can
happen
if
not
patched
– It
takes
5me
and
resources
to
plan
and
act
on
patching
systems
for
the
many
updates
that
are
available
– It
only
takes
one
missing
patch
for
someone
to
P0wn
your
system
(yes,
thats
hacker
speak)
• Anyone
can
do
it
today
with
the
tools
freely
available
on
the
internet
• Verizon
Data
Breach
report
stated
97%
of
breaches
could
have
been
avoided
through
simple
or
intermediate
controls
such
as
patching,
password
complexity,
etc.
10. What
to
do?
• Patch
your
devices;
All
of
them!
Windows,
Linux,
Java,
Adobe,
RTU’s,
and
network
devices
ASAP!
• Most
important
is
to
show
FERCing
NERC
TFE
love;
install
an5virus
on
printers,
network
devices,
and
your
toaster!!!