Upon discovery and initial analysis in mid-2017, audiences primarily viewed CRASHOVERRIDE as a disruptive event targeting electric utility operations in Ukraine. Similar to the 2015 attack in the same area, CRASHOVERRIDE interrupted the flow of electricity by manipulating ICS equipment and delayed recovery operations to prolong the impact. However, CRASHOVERRIDE’s immediate effects represent only the precursors for an attempt at a more ambitious attack than what was achieved. In this presentation, Dragos Principal Adversary Hunter Joe Slowik reexamines the CRASHOVERRIDE event and likely attacker intentions, highlighting how CRASHOVERRIDE attempted a different type of attack than 2015. Viewers learn how to begin developing and deploying the required visibility, resilience, and response measures needed to cope with an attack like CRASHOVERRIDE. To view the webinar, go here: https://youtu.be/yX0ZSu_rVc0