Control Risks experts in risk

Greetings!

THE CYBERWIRE (Tuesday, March 7, 2017)—Kaspersky Lab reports finding a new version of Shamoon, which it's calling "StoneDrill." Like its progenitor, StoneDrill is destructive, deploying a wiper across infected machines to destroy data. Kaspersky discovered StoneDrill in the course of investigation the three waves of Shamoon 2.0 attacks that began in November 2016. 

StoneDrill is more evasive than Shamoon (it avoids execution in sandboxes) and includes "mostly Persian resource language sections." (Shamoon 2.0 featured Yemen's version of Arabic; Kaspersky notes that both language cues could easily be false flags.) It's begun to turn up in Europe, indicating its potential spread beyond its original Saudi range. The threat group associated with Shamoon, and probably with StoneDrill, is Charming Kitten (a.k.a. Newscaster and NewsBeEF), thought to be an Iranian group. Kaspersky, however, offers no attribution.

Malwarebytes warns that a Trojanized version of Facebook Lite for Android targets Chinese users with Spy FakePlay.

In the US, center-left and progressive advocacy groups are subjected to online blackmail: Russian hackers (thought to be criminals and not intelligence services, although, as Bloomberg observes, in Russian operations that can be a difficult line to draw) threaten to release embarrassing emails and shared documents.

In M&A news, CA buys Veracode for $614 million. Edwards acquires Evolved Cyber Solutions, Inabox buys Logic Communications, and Okta acquires Stormpath.

In the US, Congress considers legislation that would permit hacking victims to access their attackers' non-cooperating systems to determine attribution. Observers are divided as to whether this is a good idea.

The Obama-Trump wiretapping dust-up remains...unclear? Uncomfortable?

[250]

Today's edition of the CyberWire reports events affecting Australia, Azerbaijan, Canada, the European Union, Iran, Russia, Saudi Arabia, the United Kingdom, the United States, and Yemen.

Cylance is proud to be the CyberWire sustaining sponsor for 2017. Learn more about how Cylance prevents cyberattacks at cylance.com

On the Podcast

In today's podcast, we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin talks about a murder case involving Amazon's Alexa (not, we hasten to add, as either suspect or victim). We also speak to Neill Feather of SiteLock about a new WordPress vulnerability.

Our special edition about RSA (Perspectives, Pitches, and Predictions) is up. You may also enjoy some video from RSA. Done by Cylance in partnership with the CyberWire, the video collects some of the more vigorous opinions voiced on the exhibit hall floor. And, of course, our special edition on artificial intelligence is still up, so you can hear what we learned in conversations with experts in the field.

Sponsored Events

What we do matters. Join Booz Allen. (Tysons Corner, Virginia, USA, March 15, 2017) Calling all innovators, designers, and coders to solve tough problems. Come interview with Booz Allen and learn about their cutting edge cyber job opportunities.

Tech Talk: Ethereum & Graph Databases (Laurel, Maryland, USA, March 20, 2017) Join Novetta and Cyberwire at Jailbreak Brewery to learn about Ethereum and Graph databases, forward leaning technology transforming how we relate with our data. Mingle with like-minded techies and enjoy craft beer - See you then!

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

StoneDrill: New wiper targets Middle East, shows interest in Europe (Help Net Security) Researchers discovered a new wiper malware, called StoneDrill. Just like another infamous wiper, Shamoon, it destroys everything on the infected computer.

Cyber threat that attacked military now using new 'wiper' malware (TheHill) Cybersecurity firm Kaspersky Lab announced Monday it had discovered what it believes to be new malware from a hacking group that has, in the past, targeted United States Army personnel and Congressional staff.

Data-wiping malware Shamoon is back, and now it’s targeting Europe: (Ars Technica UK) Meaner strain of Shamoon returns, joined by new, never-before-seen disk wiper.

Kaspersky Lab uncovered a new wiper malware (IT Pro Portal) Security researchers believe StoneDrill has ties to Shamoon 2.0.

From Shamoon to Stonedrill: Wipers attacking Saudi organizations and beyond (Kaspersky Lab) Beginning in November 2016, Kaspersky Lab observed a new wave of wiper attacks directed at multiple targets in the Middle East. The malware used in the new attacks was a variant of the infamous Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012.

SHA1 Collision Attack Can Serve Backdoored Torrents to Track Down Pirates (Bleeping Computer) A theoretical scenario that leverages the SHA1 collision attack disclosed recently by Google can serve backdoored BitTorrent files that execute code on the victim's machine, deliver malware, or alert copyright owners when their software has been pirated.

Trojanized Facebook Lite steals info, installs apps (Help Net Security) A Trojanized Facebook Lite app for Android has been found stealing device information and installing malicious apps in the background.

Mobile Menace Monday: Facebook Lite infected with Spy FakePlay - Malwarebytes Labs (Malwarebytes Labs) A lite version of the popular mobile app Facebook has been infected with Android/Trojan.Spy.FakePlay.

Hackers could bypass protective measures to gain access to locked Twitter accounts (Graham Cluley) Twitter has patched an issue that allowed attackers to bypass protective measures for user accounts that have been locked.

Russian Hackers Said to Seek Hush Money From Liberal Groups (Bloomberg.com) Russian hackers are targeting U.S. progressive groups in a new wave of attacks, scouring the organizations’ emails for embarrassing details and attempting to extract hush money, according to two people familiar with probes being conducted by the FBI and private security firms.

A very convincing Typosquatting + Social Engineering campaign is targeting Santander corporate customers in Brazil (SANS Internet Storm Center) Distracted users mistyping the first “n” when accessing www.santanderempresarial.com.br are subject to banking credentials theft and a very convincing phone call from a pretended Santander’s attendant. The call’s reason? To collect the victim’s OTP Token combination and proceed with previously prepared fraudulent.

Western Australia's Web votes have security worries, say 'white hat' mathematicians (Register) iVote's proxy issues certs – and decrypts data – in America

Twitch suffers potential security breach (Computing) Streaming service sends messages to some users warning of potential unauthorised access,Cloud and Infrastructure,Hacking ,cloud summit,Cyber security

Despite cyber attack, Sen. Dinniman’s office stays open (Daily Local News) State Sen. Andy Dinniman said Monday that his offices remain open for business, and Saturday’s upcoming Town Hall Meeting will go ahead as planned despite a ransomware cyber attack that has disabled computers in Senate Dem

Poachers are trying to hack animal tracking systems (Help Net Security) Electronic tagging has helped researchers gain insight into the lives of many wild animal species, but can also be misused by wildlife poachers and hunters.

Security Patches, Mitigations, and Software Updates

WordPress webmasters urged to upgrade to version 4.73 to patch six security holes (We Live Security) Another day, another important security update for WordPress. Oh boy.

Cyber Trends

FTC Report Highlights Low DMARC Adoption (Dark Reading) New Federal Trade Commission research discovers most online businesses employ email authentication, but few use DMARC to combat phishing.

Study: Online Businesses Vulnerable To Phishing (PYMNTS.com) A study released by the Federal Trade Commission’s (FTC) Office of Technology Research and Investigation has found that most major online businesses don’t have enough cybersecurity and are not doing enough to prevent consumers from phishing attacks. Phishing is an email scam where cyber criminals send a consumer an email that appears to be from a reliable...

Consumers are wary of smart homes that know too much (CSO Online) Nearly two-thirds of consumers are worried about home IoT devices listening in on their conversations, according to a Gartner survey released Monday.

Protecting data isn't optional: What frustrates CIOs and CISOs? (Help Net Security) Chris Drake, CEO at Armor, talks about the frustration that he sees in the cybersecurity industry as he continues to meet CIOs and CISOs in the field.

Cyber risk management starts with preparing children ‘around a whole different mindset,’ says former Toronto deputy police chief (Canadian Underwriter) Cyber security is more of a human resources issue than a technological issue, while cyber security threats are often detected more than six months after they occur, speakers told insurance professionals at a conference last week. “The nature of IT…

iTWire - Aussie SMBs lose $6600 for each cyber attack (ITWire) Australian small to medium businesses — that is 97% of all Australian businesses — lose around $6600 each time they suffer a cyber attack,...

Marketplace

Endpoint Security Industry To Gain From Enhanced Demand by 2022 | TechAnnouncer (TechAnnouncer) The Global Endpoint security market is valued at USD 9.15 billion in 2016 and is expected to reach a value of USD 17.33 billion by the end of 2022, growing at a projected CAGR of 11.22% during the forecast period of 2017 – 2022. The growing number of PCs, laptops, smart phones, tablets and specialized...

Boardrooms engage in blame games after cyberattacks, finds survey (CSO Online) ​Company execs and their IT department both think the other is responsible in the event of a cyberattack, research has revealed.

CA Technologies to broaden security and DevOps with US$614 acquisition of Veracode (CRN Australia) Broadening security and DevOps offering.

Finjan Signs Licensing Agreement with Veracode (Yahoo! Finance) Finjan Holdings, Inc. , a cybersecurity company, announced that on March 2, 2017, its subsidiary Finjan, Inc. closed a Confidential Patent License Agreement with Veracode, Inc., a cloud based application ...

Edwards Acquires Evolved Cyber Solutions (Edwards Performance Solutions) Brian Hubbard joins Edwards as Director of the Commercial Strategic Business Unit.

Inabox acquires Perth MSP and cloud provider Logic Communications for $1.5 million (CRN Australia) Logic Communications is the second acquisition this year.

Okta acquires Stormpath to boost its identity services for developers (PCWorld) Okta has acquired Stormpath, a company that provides authentication services for developers. The deal should help the identity provider improve its developer-facing capabilities.

Cyber security business helmed by former BAE Systems experts raises £12m (Bdaily Business News) Cyber security business helmed by former BAE Systems experts raises £12m | Technology | London | Bdaily UK | Business News

'Kaspersky Lab' to develop cooperation with Azerbaijan (AzerNews.az) "Kaspersky Lab", a global cyber security company, will develop cooperation with the public and private sectors of Azerbaijan in the field of protection of critical infrastructures.

How Much Is a Google Remote Code Execution Vulnerability Worth? (eSecurity Planet) Google is increasing the amount it pays for RCE vulnerabilities by 57 percent, and payouts for other security flaws are rising as well.

ISACA’S 2017 Women in Technology Survey (ISACA) In 2017, women in tech are still facing significant barriers in the workplace—from a shortge of women role models, to gender-based pay gap, to persistent gender bias that nearly 90% of them say they have experienced.

Industrial Cyber Expert, Karl Henderson, Joins Verve Industrial Protection as EMEA Application Development Leader (Yahoo! Finance) Verve Industrial Protection is pleased to announce the appointment of Karl Henderson as leader of Application Development in EMEA.  Mr. Henderson will ...

Products, Services, and Solutions

1E Launches The Fastest EDR Platform To Query and Control All Endpoints - 1E Enterprise Software Lifecycle Automation (1E Enterprise Software Lifecycle Automation) Tachyon enables IT teams to interact with millions of endpoints running multiple operating systems in real time New York, NY – March 7, 2017 – 1E, which provides the only software lifecycle automation solutions that can handle both routine IT tasks and emergency actions in real time, today launched Tachyon. The fastest and most scalable

Thales Announces Test Drive of Vormetric Transparent Encryption for Google Cloud Platform (Thales) Powered by Orbitera, Test Drive enables prospects to try security solution before purchasing

Webroot Partners with Kaseya to Deliver (Webroot) Webroot with Kaseya helps managed service providers increase security, reduce costs and save

ExtraSecure, the World's Most Secure iOS Email Application, Launches (PRNewswire) Today, electronic communication security has reached a level never seen before...

Synnex beefs up its cloud backup and recovery offering with Acronis partnership (CRN Australia) Tapping into hybrid-cloud data protection market.

Symantec Delivers Solution to Automate Discovery and Remediation Actions for CloudBleed Exposures - PCQuest (PCQuest) Within days of receiving news of the CloudBleed vulnerability

Smart DOM XSS Detection in Qualys WAS (Network Security Blog | Qualys, Inc.) The new mechanism in Qualys WAS for detecting DOM based cross-site scripting (DOM XSS) works in an automated manner with no special setup or knowledge requirements, enabling security teams to great…

White Ops Launches SDK-less Mobile Invalid Traffic Detection Capabilities (BusinessWire) White Ops has announced the latest release of its product portfolio, which includes new detection capabilities for invalid traffic on both mobile web

Owl Computing Technologies expands data diode cybersecurity to the oilfield | Digital Oilfield | JWN Energy (JWN Energy) A major multinational oil and gas company will use Owl Computing Technologies Inc.’s the OPDS-1000 to help protect oil...

Enable self-healing endpoint security with Application Persistence (Help Net Security) In this podcast recorded at RSA Conference 2017, Richard Henderson, Global Security Strategist at Absolute Software, and Todd Wakerley, SVP of Product Deve

Automating PKI for the IoT platform (Help Net Security) Jeremy Rowley from DigiCert talks about automating PKI for IoT platform and building scalable solutions for the IoT platform.

KoolSpan Wins Trust Award for Best Mobile Security Solution at SC Awards 2017 (BusinessWire) KoolSpan's TrustCall wins the SC 2017 Trust Award for Best Mobile Security Solution.

Review: vArmour flips security on its head (Network World) Instead of focusing on the bad guys, vArmour identifies good processes and locks them down.

DNA Connect partners with Radware to protect against “multi-vector attacks” (CRN Australia) New partner offers DDoS protection solutions.

Church of England puts a stop to ransomware with Darktrace (ComputerworldUK) After a two-week learning period where the Darktrace box monitored the Church's traffic, it was able to flag up ransomware attacks in the early stages and before any serious damage was done.

Squadra Technologies Adds USB Data Loss Prevention to Microsoft System Center With secRMM (Yahoo! Finance) Squadra Technologies today announced support for Microsoft System Center Configuration Manager (ConfigMgr) by developing a Windows security solution that audits ...

Technologies, Techniques, and Standards

DRM in HTML5 is a victory for the open Web, not a defeat (Ars Technica) W3C's decision to publish a DRM framework will keep the Web relevant and useful.

New York's Cyber Regulations: How to Take Action & Who's Next (Dark Reading) Even if your company isn't directly subject to these new rules, you can assume that the approach will be adopted by regulatory agencies at home and abroad eventually.

Bruce Schneier on IoT Regulation (Threatpost) Bruce Schneier talks about the early days of the RSA Conference, his campaign for IoT regulation, and more.

Consumer Reports Debuts Impartial Privacy Standard (Infosecurity Magazine) It can be used by businesses to measure the privacy and security of products, apps and services.

Cyber is a ‘tool to knock down fake news:' former top DoD official (C4ISRNET) Multiple tools are needed to take down Russian propaganda efforts.

Security vendor RSA introduces new strategy for businesses to take on digital challenges (Financial Post) During his keynote at the 2017 RSA Conference, CTO Zulfikar Ramzan told the crowd that any enterprise has to be a joint venture between business and security

How to become a master cyber-sleuth (TechRepublic) Digital Guardian's cybersecurity chief explains how to spot intrusions and password dumping programs, locate dropper software, and block secret backdoors in your company's network.

Pay attention to your threat intelligence’s shelf life (Information Age) Organisations want to be seen to be taking threat intelligence seriously, implementing effective strategies and platforms in the process

Design and Innovation

The Fed-Proof Online Market OpenBazaar Is Going Anonymous (WIRED) OpenBazaar is set to integrate Tor's anonymity features---but still swears it's not trying to attract the dark web's black market sales.

Irish Funds Deloitte wrap up blockchain project (IBS Intelligence) Irish Funds completed its blockchain proof of concept for regulatory reporting, RegChain

Research and Development

Verizon to help develop data analytics capabilities for insurance industry (Networks Asia) Getting access to real cybercrime data is a huge boon to the insurance industry.

Legislation, Policy, and Regulation

'A solution looking for a problem': the downside to a Department of Homeland Security for Australia (The Sydney Morning Herald) Australia's record in preventing terrorist attacks is one of the best in the world, so why would you want to restructure the system responsible for it? This is the threshold question for the push to create a new mega-department along the lines of the US Department of Homeland Security.

Proposed Bill Will Allow Victims to Hack Their Attackers to Stop Cyber-Attacks (Bleeping Computer) The US is discussing new legislation that will allow victims of ongoing cyber-attacks to fight back against hackers by granting more powers to entities under attack in regards to the defensive measures they can take.

Active Defense Bill Raises Concerns Of Potential Consequences (Threatpost) A bill that would exclude organizations from prosecution for hacking back is already stirring up some concerns about potential unintended consequences.

Trump cybersecurity executive order coming soon (FederalNewsRadio.com) Former federal cyber officials and industry stakeholders say it's important to consider the role of agency leaders and not to jump to conclusions on hiring.

Donald Trump: The First Cyber President - Leadership Starts at the Top (SC Magazine US) President Trump enters office in a very unique situation with revelations of Russia cyber operations' potential influence on the outcome of his election.

DHS finalizing best practices for notifying victims of major cyber breaches (FederalNewsRadio.com) A committee within the Homeland Security Department is finalizing a new guide for agencies, state and local governments and other organizations involved in cyber breaches with best practices for notifying victims.

Litigation, Investigation, and Law Enforcement

Journalists: How hacking details matter (Errata Security) When I write my definitive guide for journalists covering hacking, I'm going to point out how easy it is for journalists to misunderstand....

Trump hits out at security services in Obama wiretap row (Times of London) Donald Trump signalled a new rift with intelligence chiefs yesterday when he refused to accept guarantees that President Obama had not tapped his phone. The head of the FBI fought privately over...

U.S. Warned of Foreign Intel Operations After Russian Met With Team Trump at RNC (The Daily Beast) While members of the Trump campaign mingled with Moscow’s ambassador, DHS was prepping a warning: Watch out for approaches by foreign intelligence officers.

Trump, Offering No Evidence, Says Obama Tapped His Phones (New York Times) President Trump called former President Barack Obama a “bad (or sick) guy” as he leveled an explosive claim about election-season wiretapping.

Trump's Wiretap Claims: What We Know and What We Don't (Weekly Standard) I spent most of the last two days reporting out the extraordinary allegations President Donald Trump made against his predecessor, Barack Obama – that Obama had Trump's "wires tapped in Trump Tower." And I've spent many hours over the past several weeks looking into claims about ties between Trump's team and Russia and counterclaims that the entire thing is an elaborate attempt to delegitimize Trump's presidency.

FISA Is Not Law-Enforcement -- It’s Not Interference with Justice Department Independence for White House to Ask for FISA Information (National Review) In my earlier post, I explained that the Obama camp is disingenuously responding to revelations that, during the presidential campaign, the Obama administration conducted an investigation, including wiretapping, against Trump associates and perhaps Donald Trump himself. As I elaborated, one avenue of response is to conflate the Justice Department’s two missions – law-enforcement and national security. We can see this strategy playing out in the New York Times coverage of the controversy.

Spies have ‘considerable intelligence’ of collusion between Russian officials and Donald Trump team (The Independent) A former National Security Agency (NSA) counterintelligence officer says US agents have “considerable intelligence” of high-level Russians discussing collusion with Donald Trump’s election team.  John Schindler, a security expert specialised in espionage and terrorism, tweeted : “Ahem: US IC has considerable SIGINT featuring high-level Russians talking about their collusion with Team Trump.”  The former agent said that intelligence has been gathered from the NSA and its partners from intercepted electronic and communication signals. 

Bush-Era CIA Director: U.S. Has 'Been in Continuous Crisis for 45 Days,' All Internal (News and Politics) Hayden: If Trump saying FISA judge found probable cause, 'I don't think that is a good news story, either.'

This is as Serious as it Gets (Canada Free Press) This is as Serious as it Gets, President Trump has been provided the evidence of a paper trail leading to a FISA court that substantiates his assertions that Obama, obtained authorization to eavesdrop on the Trump campaign under the pretense of a national security investigation

NSS Labs releases scathing response to CrowdStrike endpoint security accusations, questions customer security (http://www.channelnomics.com) CEO says lab will test product again if CrowdStrike 'fixes' it,Security,Vendor ,crowdstrike,NSS Labs,Cyber security

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

What we do matters. Join Booz Allen.
Tech Talk: Ethereum & Graph Databases 03.20.17

Newly Noted Events

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.

Upcoming Events

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, March 7 - 8, 2017) Don’t miss out on the opportunity to be a part of the conversation regarding how cybersecurity is impacting not only ground vehicles, but air and maritime platforms. What are the synergies amony Army, Air Force, Navy, and Marine platform cybersecurity initiatives? What can we learn from connected car and autonomous initiatives in the automotive industry? Who and what is driving acquisition reform to ensure agility and speed? What are the supply chain impacts? What are the “seams” that create vulnerabilities? Who and what is driving cybersecurity platform requirements? What is being done to assess execution readiness? What are platform stakeholders doing technically to address vulnerabilities?

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations and cutting edge training opportunities, including hands-on demonstrations and workshops.

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.

Integrated Adaptive Cyber Defense (IACD) Community Day (Laurel, Maryland, USA, March 23, 2017) Advancing cyber operations through secure automation & interoperability. Government agencies, commercial firms, research organizations, academic institutions and cyber security experts align in community efforts demonstrating cyber defenses art-of-the-possible, through automation and interoperability. Learn how to dramatically change the timeline and effectiveness of cyber defenses, increase community awareness and defensive capabilities. Free event, registration requested.

SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.

Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge partner, the Forum will integrate McKinsey’s extensive knowledge of best practices in cybersecurity with Yale’s scholarly expertise. The Forum will expose participants to effective approaches to recognizing, preparing for, preventing, and responding to cyber threats.

WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include creating solutions. The organizers bill it as a training conference.

Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Atlanta is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando, Florida from April 7-14. This event features over 40 different cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. SANS 2017 also features numerous opportunities to learn new skills, techniques, and trends at the SANS@Night talks, Vendor Expo, and Lunch-and-Learn sessions. You will hear about the latest and most important issues in talks led by SANS practitioners who are leading the global conversation on cybersecurity.

Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture the Flag competition, technology exhibition with hackerspaces, lock picking villages and hardware related exhibits plus a free-to-attend track of 30 and 60 minute talks!

THE CYBERWIRE
Compiled and published by the CyberWire editorial staff. Views and assertions in linked articles are those of the authors, not the CyberWire.
The CyberWire is published by Pratt Street Media and its community partners. We invite the support of other organizations with a shared commitment to keeping this informative service free and available to organizations and individuals across the globe.