Intra-jihadist information ops competition flares in South and Southwest Asia, as Al Qaeda and ISIS compete for mindshare. ISIS may have begun an online market in hostages.
Observers tally up the numbers after the latest US health insurance provider breach and conclude that, from Anthem to Excellus, more than 100 million records have been stolen.
By consensus most of that theft appears, like the OPM breach, to be the work of state espionage services, and the US at least expects to sustain more such incidents. But senior members of the US Intelligence Community sensibly continue to distinguish such espionage — troubling as it is — from "attacks," that is, acts of war. That said, the US Director of National Intelligence wants to see "costs imposed" on those responsible for cyber espionage. (Senior Chinese Foreign Ministry officials, resenting being thus mentioned in dispatches, decry "baseless" US accusations and think the two countries should cooperate more in cyberspace.)
The nature of such costs continues to be a matter of debate in the US, as will the fate and effects of strong encryption — observers see rekindling of the 1990s' crypto-wars.
Researchers find troubling Android malware in the wild.
Those interested in responsible disclosure will find two stories noteworthy. FireEye is suing ERNW over the latter's disclosure of a vulnerability, and Wired thinks it took GM years (as opposed to Chrysler's days) to respond to a proof-of-concept hack because GM wasn't named.
The global market for cyber insurance is expected to exceed $20 billion by 2025.
Today's issue includes events affecting Afghanistan, China, India, Iraq, Democratic Peoples Republic of Korea, Republic of Korea, Pakistan, Russia, Syria, United Kingdom, United States.
Today, of course, is the fourteenth anniversary of the 9/11 attacks. Spare a thought for the victims of that violence, and for all who've suffered since.
Dateline Cyber 6.0 and the Second Annual Executive Cyber Security Conference
Cyber 6.0(GovConnects) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure
2nd Annual Senior Executive Cyber Security Conference(Johns Hopkins Whiting School of Engineering) Is information sharing an invitation for governments to siphon data that is meant to be private, or can effective limitations be enforced so that the private sector and the government can work together to combat data breaches and other attacks? In this one-day event, we will explore these questions in depth, with presentations from government officials, representatives from industry, and academicians. We will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business, legal, legislative, and regulatory points of view
"The Quandary of Information-Sharing and Data Privacy": Report from the Johns Hopkins University(The CyberWire) The Senior Executive Cyber Security Conference took up questions raised by information sharing measures currently under consideration by the US Congress. Not only did the conference organizers see the tension between information sharing and privacy as a "quandary," but the symposiasts also looked at other implications of information sharing, including its prerequisite: collection
DoE Cyber Attacks Not Surprising, Experts Say(Homeland Security Today) The revelation this week that the Department of Energy (DoE) Joint Cybersecurity Coordination Center recorded more than 1,000 hacks into department computer systems from 2010 to 2014, including more than 150 successful intrusions into systems containing sensitive data about the nation's electric power grid, cybersecurity experts said they aren't at all surprised
Chinese and Russian Cyber Espionage: the Kaiser Would be Jealous(War on the Rocks) After the OPM hack, there were suggestions that the Chinese might be building digital dossiers on every U.S. government official, or even on all Americans. More recent reports have the Russian and Chinese intelligence services exploiting personally identifiable information about Americans from security clearance databases, airline records, medical records and many other sources on a massive scale
Just Like Old Days: IOT Security Pits Regulators Against Market(Threatpost) Listening to today's privacy panel at the Security of Things Forum, you might have thought you were beamed back to the early 2000s: government people hinting that legislation might be the ultimate solution for security and privacy concerns when it comes to embedded computers and connected things, with enterprise security officers countering that market pressures will dictate the integrity of devices, software and data
Continuing the march: The past, present, and future of the IoT in the military(Deloitte University Press) Military commanders have always lived and died by information — both quantity and quality. No surprise, then, that the US military has been an early adopter of the Internet of Things and is looking to expand its applications. But this new technology brings with it organizational and security challenges that present both opportunities and obstacles
Global cyber insurance market to grow to over $20 billion by 2025(Help Net Security) Cyber risk is a major and fast-increasing threat to businesses with cyber-crime alone costing the global economy approximately $445 billion a year, with the world's largest 10 economies accounting for half this total and the U.S. accounting for $108 billion, according to Allianz Global Corporate & Specialty (AGCS)
Argus Cyber Security Secures $26M Series B Funding(PRNewswire) New investors include Magna International, Allianz SE, the SBI Group, with participation of existing investors Magma Venture Partners, Vertex Venture Capital and the Co-Founder of the RAD Group, Mr. Zohar Zisapel. Funding will accelerate the development of Argus' automotive cyber security solutions
Cisco reorg consolidates IoE, cloud ops(CIO) Cisco has announced another organizational restructuring to streamline its Internet of Everything and Cloud operations, expanding the roles of two executives and reassigning another
Trust Kaspersky to Root Out Russian Spyware(BloombergView) If you think U.S. tech companies have a hard time convincing their customers that they don't pass on data to U.S. intelligence services, consider the case of Kaspersky Lab, the Moscow-based cybersecurity company
DEFCON CYBER Scores YOUR Risk Posture based on NIST Cybersecurity Framework(IT Business Net) Rofori Corporation is announcing the availability of its DEFCON CYBER software solution based on the NIST Cybersecurity Framework (CSF). DEFCON CYBER enables an organization to significantly reduce incident response times and measure its cybersecurity risk posture through the execution of its cybersecurity risk management strateg
Michelin Stars and Cybersecurity Intelligence(IBM Security Intelligence) One of the terms that is very current in the industry is security intelligence. There are many pseudo-definitions communicated to clients, but the true meaning of this term often remains vague
Government-backed IoTUK programme launches(ComputerWeekly) IoTUK programme is backed by £40m of government funding and will explore how the internet of things can be used to enable growth and improve quality of life
Intelligence chief: Little penalty for cyber attacks(Military Times) Cyber attacks against American interests are likely to continue and grow more damaging, in part because hackers face a low risk of consequences, the director of national intelligence told Congress Thursday
Sanctions For Hacking: Good or Bad Idea?(TrendLabs Security Intelligence Blog) Last week, news reports said the United States government was considering enacting sanctions against individuals and organizations in China and Russia for their involvement in hacking incidents targeting US companies
ODNI responds to cyber hacks with new counterintelligence campaign(Federal News Radio) Responding to cyber penetrations into federal IT systems at the Office of Personnel Management and elsewhere, the Office of the Director of National Intelligence said Wednesday that it was launching a "comprehensive" and governmentwide counterintelligence campaign
The 'Crypto Wars' of the 1990s are brewing again in Washington(Washington Post) A debate over data security is brewing in Washington. On one side, law enforcement officials warn that new deployments of encryption, the technology that protects our communications and stored data from prying eyes, is leaving the government without the insight it needs to track down criminals and terrorists
DoD Committed to Maintaining Strong Bonds with Industry(DoD News) The Defense Department is committed to maintaining the strong bonds between innovators and the department "because going forward, we need the best people, the best technology, and the best innovation to remain the world's finest fighting force," Defense Secretary Ash Carter said in St. Louis today
Officials deny ISIS intelligence reports were altered(C4ISR & Networks) After a damning Daily Beast report and the launch of an inspector general investigation, Pentagon officials are hitting back on implications that intelligence reports on ISIS and al Qaeda threats were skewed to favor U.S. dominance
Pentagon chief demands honest war intelligence(Navy Times) Defense Secretary Ash Carter has reminded the Pentagon's senior intelligence corps that they are expected to give him their unvarnished views, amid allegations that the military command overseeing the war against the Islamic State distorted or altered intelligence assessments to exaggerate progress against the military group, officials said Thursday
Ex-Ashley Madison CTO Threatens Libel Suit(KrebsOnSecurity) Last month, KrebsOnSecurity posted an exclusive story about emails leaked from AshleyMadison that suggested the company's former chief technology officer Raja Bhatia hacked into a rival firm in 2012. Now, an attorney for the former executive is threatening a libel lawsuit against this author unless the story is retracted
Sep 9 Old-School Law Enforcement vs The Deep Web(TrendLabs Security Intelligence Blog) The Deep Web is back in the news. Agora, one of the biggest darknet marketplaces, announced last week that it will go offline to bolster its defenses against law enforcement agencies who want to take them down
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
NSPW (New Security Paradigms Workshop)(Twente, Netherlands, September 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in...
Cybersecurity Innovation Forum(Washington, DC, USA, September 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland...
BSides Augusta 2015(Augusta, Georgia, USA, September 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...
SANS Institute: Information Security Training(Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...
Gulf Cooperation Council Cyber Security Summit(Abu Dhabi, United Arab Emirates, September 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack.
Hacker Halted 2015(Atlanta, Georgia, USA, September 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities...
EnergySec 11th Annual Security & Compliance Summit(Washington, DC, USA, September 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity...
Fraud Summit San Francisco(San Francisco, California, USA, September 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are...
Borderless Cyber 2015(Washington, DC, USA, September 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices...
Detroit Secure World(Detroit, Michigan, USA, September 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...
Cyber Security Summit: New York(New York, New York, USA, September 17, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at...
6th Annual Billington Cybersecurity Summit(Washington, DC, USA, September 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this...
Hacker Halted(Atlanta, Georgia, USA, September 17 - 18, 2015) Hacker Halted is a global series of computer and information security conferences presented by EC-Council. The objective of the Hacker Halted conferences is to raise international awareness towards increased...
Cyber Security Summit: New York(New York, New York, USA, September 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates...
Data Breach Investigation Summit(Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations,...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.