×

Energy sector cyber pro speaks at MSU

Ben Pifher/MDN Jennifer Sackett, a cybersecurity professional from Minnesota, gives the keynote speech at NoDAKoN, a cybersecurity conference held at Minot State University Thursday.

A cybersecurity professional who spoke about legacy systems at a cybersecurity conference in Minot Thursday gave a succinct description of them: “outdated but functional.”

Jennifer Sackett, the Business Applications and Data director at Connexus Energy, a large cooperative near Minneapolis, spoke at the 4th annual NoDAKoN, hosted by Minot State University.

Legacy systems are systems that still operate effectively for what they were built to do but can no longer do it well. An example would be an aging operating system on a computer, which can no longer accept updates needed to protect it from threats.

Sackett said these systems must be upgraded to accept new updates to ensure their security. One of her main concerns is the cost of supporting aging systems; eventually companies are faced with the massive costs of replacing systems, when routine upgrades would save them resources and protect them from threats.

Sackett explained users must keep their systems upgraded, or “you are going to be opening yourself up to exploitation.” If systems are so old that they can’t receive updates, or if employees aren’t updating the systems, the whole company is open to attack, she said. She also said that keeping systems updated would prevent compatibility issues.

Sackett discussed identifying personal risk and conducting a self assessment, as well as developing a risk management plan. Through this process, users are encouraged to conduct an honest self test to see where their vulnerabilities lie and develop a plan to fix them.

Sackett explained how she incorporates the concepts into her work life and told stories about problems she has overcome regarding power outages and other technical issues. She spoke about performing analysis to decide risk and her fight to convince her company to address problems before they happen.

She also told how her cooperative performs annual “penetration testing,” during which she gets outsiders to attempt to break into her systems, to do an in-depth risk assessment and find holes to patch.

Another aspect of her job she shared was the “excellent phishers” award given out. Her cyber team devises fake emails for “practice runs,” which are sometimes used as pranks on employees. She said even their CEO has been “phished.” If an employee clicks a link they should have been suspicious of, a graphic pops up that says “you’ve been phished through a simulation.” She reminded listeners they should be paying attention to what they do while using technology.

When speaking about the effort involved to upgrade legacy systems, she called it “not fun” but stressed it is necessary, while sharing anecdotes about how new technology allows her cooperative to be able to communicate effectively with its customers in situations where that would otherwise be impossible.

She left listeners with a message targeted to the whole workforce, inspiring them to make positive changes in their environments and improve on the legacy systems around them. She challenged listeners to challenge themselves, and she drove home the message that sometimes, change is necessary.

A panel on cybersecurity and asset protection was also held at NoDAKon.

Starting at $2.99/week.

Subscribe Today