Reassessing CRASHOVERRIDE: Advanced ICS Cyber Attacks on Electric Utilities

Reexamine the CRASHOVERRIDE cyberattack on Ukraine's power grid in this webinar from Dragos ICS Cybersecurity. Explore how the 2016 incident differed from the 2015 attack, analyzing the attackers' likely intentions and why the operation fell short of its ambitious goals. Learn about the subtle threats to industrial control systems, particularly focusing on protective relays and electrical integrity. Gain insights into developing visibility, resilience, and response measures to counter similar attacks. Discover the implications of integrity-based attacks on electric utility operations and understand the growing importance of root cause analysis in cybersecurity defense strategies.

Intro
What is Dragos?
CRASHOVERRIDE Event
Ukraine 2015 vs. 2016
CRASHOVERRIDE Failures
Post-Attack Silence
Post-Attack Comparison
2016 Post-Attack
Process Integrity & ICS
ICS Impact - Popular Conception
ICS Impact - Subtle Threats
Protective Relays and Operations
Protective Relay Implications
CRASHOVERRIDE & Protection
Layer Impacts for Ultimate Effect
Attack Implications
Overcurrent Repercussions
Mistakes were made
Attack Caveats
Future Considerations
Integrity Attacks on the Rise
Integrity Attack Possibilities
Electric Utility Operations
Electrical Integrity
Electric Utility Attacks
Detection, Defense, & Mitigation
Root Cause Analysis
References & Resources