IWCE is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

What Happened in Curry County?


Chris Essid  (Chief, Emergency Communications, Regions 4-7, Cybersecurity and Infrastructure Security Agency (CISA))


William Chapman  (Statewide Interoperability Coordinator, State of Oregon)

Michael Finch  (Chief Information Officer, Lane County Department of Technology Services)

Location: W230A

Date: Monday, March 25

Time: 11:20 am - 12:20 pm

Track: State & Local Government, Incident Management

Topic: Cybersecurity, IT & OT, System Resiliency

Format: Panel Session

Vault Recording: TBD

Curry County. A peaceful, rural community in Oregon was enjoying their 2023 Spring, but little did they know that something was lurking, waiting for the moment to attack. Royal Ransomware threw lives into chaos when it emerged from its hiding spot within the county's hardware and software and unleashed its terror. It attacked multiple government entities, rendering everything inoperable. No inmates were able to be booked, no marriage licenses given, not even an email was able to be sent. A once quiet, remote county had to painstakingly be rebuilt from scratch, ensuring long-term solutions for safe cyber hygiene were being implemented at every step for months on end all while requiring immediate solutions. Curry County was forcibly frozen in time while the real-world never stopped moving.

Key Takeaways
1. Become aware of issues that should be considered when establishing management of incident response when it is invisible, hiding in the hardware and software of everyday government equipment
2. Discern different strategies to responding to ransomware attacks and different ways to prevent them from annihilating Emergency Operation Centers and other headquarters functions and capabilities
3. Learn how to address cybersecurity issues that impact multiple government entities, especially those in rural, remote locations
4. Identify what the real-world vital steps and procedures are when you don't have the funding necessary to pick up all the pieces of a destroyed inoperable system