Phone Number +1-202-802-9399 (US)

Thycotic is now Delinea!

Thycotic PAM, IT and
Cyber Security Webinars

Ongoing education, on-demand


Real Life Ethical Hack of a Power Station: Inside the mind of a Hacker on how to Successfully Break in and the Lessons Learned

Watch the Webinar


Our Chief Cyber Security Scientist Joseph Carson breaks into networks for a living as an Ethical Hacker. But he usually can’t talk about his work. In this real training, we will get a rare opportunity to hear Joseph describe a fascinating ethical hack he has recently received limited permission to discuss. And this isn’t just any pen test. It’s a successful pen test of a power station. We think you’ll love the imaginative (well, brilliant) methods he used, including some very crafty social engineering, gaining physical access, and ultimately gaining remote access to the actual control stations and diagnostics of the plant.

Here’s how Joseph describes what he is going to show us:

Hacking into a Power Station is something that is a scary thought about the possibility of someone being able to turn off the power or damage systems. We have seen major incidents in previous years in which the Ukrainian energy sector was hit by a cyber-attack that caused a power outage for more than 86,000 homes.

This session is a real-world ethical hack into a power station, that explains my process for planning and preparation, the major challenges of hacking into a power station, adapting to the risks, the perimeter security, engines, and SCADA controls. The session will reveal some of the amazing security, as well as some of the most shocking findings that will surely see people put their hands on their face. I also share the challenges of reporting the findings to the board and the lessons learned.

It is critically important to know how cybercriminals target their victims, what you can do to reduce the risk and make it more challenging for the attackers who steal your information, your identity or your money or even turn off the power. I will explain how outside attackers or malicious insiders can exploit vulnerabilities using examples such as a compromised email account password that escalates into a full-blown breach of network security.

Compromising a privileged account, therefore, can be the difference between a simple network breach and a cyber catastrophe. When a single system is compromised, it is typically easier to mitigate, isolate, and eradicate the risk and restore control. When a privileged account is breached, it can lead to a major disaster. That’s because when a privileged account gets hacked, it allows the attacker to impersonate a trusted employee or system and carry out malicious activity without being detected as an intruder. Once attackers compromise a privileged account, they can typically roam at will through an IT environment to steal information and wreak havoc.

Just a few of the things covered are:

  • What it’s like and what it took to hack into a power station
  • How this became a privileged account hack + remote access
  • How cybercriminals target their victims
  • Insights on reporting risks to the board
  • What you can do to reduce your risk and prevent abuse of your critical information assets