August 10, 2019 1:30 PM
CRASHOVERRIDE initially seemed a malware-directed but otherwise straightforward electric power disruptive event, similar to the 2015 Ukraine event. Yet further investigation of what the adversary attempted indicates a more sophisticated attack designed to undermine safety and protection. This presentation will review evidence of protective relay attacks and the implications behind this attempt.
Joe Slowik current hunts ICS-targeting adversaries at Dragos. Prior to this, Joe ran the incident response team at Los Alamos National Laboratory and served as an Information Warfare Officer in the US Navy.