What Happened in Curry County?
Moderator:
Chris Essid (Chief, Emergency Communications, Regions 4-7, Cybersecurity and Infrastructure Security Agency (CISA))
Panelists:
William Chapman (Statewide Interoperability Coordinator, State of Oregon)
Michael Finch (Chief Information Officer, Lane County Department of Technology Services)
Location: W230A
Date: Monday, March 25
Time: 11:20 am - 12:20 pm
Track: State & Local Government, Incident Management
Topic: Cybersecurity, IT & OT, System Resiliency
Format: Panel Session
Vault Recording: TBD
Curry County. A peaceful, rural community in Oregon was enjoying their 2023 Spring, but little did they know that something was lurking, waiting for the moment to attack. Royal Ransomware threw lives into chaos when it emerged from its hiding spot within the county's hardware and software and unleashed its terror. It attacked multiple government entities, rendering everything inoperable. No inmates were able to be booked, no marriage licenses given, not even an email was able to be sent. A once quiet, remote county had to painstakingly be rebuilt from scratch, ensuring long-term solutions for safe cyber hygiene were being implemented at every step for months on end all while requiring immediate solutions. Curry County was forcibly frozen in time while the real-world never stopped moving.
Key Takeaways
1. Become aware of issues that should be considered when establishing management of incident response when it is invisible, hiding in the hardware and software of everyday government equipment
2. Discern different strategies to responding to ransomware attacks and different ways to prevent them from annihilating Emergency Operation Centers and other headquarters functions and capabilities
3. Learn how to address cybersecurity issues that impact multiple government entities, especially those in rural, remote locations
4. Identify what the real-world vital steps and procedures are when you don't have the funding necessary to pick up all the pieces of a destroyed inoperable system