CRASHOVERRIDE: Re-Assessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack

August 10, 2019 1:30 PM

CRASHOVERRIDE initially seemed a malware-directed but otherwise straightforward electric power disruptive event, similar to the 2015 Ukraine event. Yet further investigation of what the adversary attempted indicates a more sophisticated attack designed to undermine safety and protection. This presentation will review evidence of protective relay attacks and the implications behind this attempt.

Speaker Information

Panelist Information

Joe Slowik


Joe Slowik current hunts ICS-targeting adversaries at Dragos. Prior to this, Joe ran the incident response team at Los Alamos National Laboratory and served as an Information Warfare Officer in the US Navy.