Check out the Cyber Job Fair, April 19 in San Antonio.

Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, April 19 in San Antonio. Meet leading cyber employers including Bank of America, Parsons, Engility, Fulcrum and more. Visit ClearedJobs.Net or CyberSecJobs.com for details. 

The daily briefing.

The CyberWire announces its 5th Annual Women in Cyber Security Reception. (our regular summary appears below)

We're excited to announce that our 5th Annual Women in Cyber Security reception (#cyberwomenconnect) will be held October 18th, 2018, in the new International Spy Museum at L'Enfant Plaza in Washington, DC. To sponsor the event or request an invitation, go here.

Today's regular daily summary starts here.

Kapersky describes "Operation Parliament," a wide-ranging cyberespionage campaign that, since early 2017, has cloaked its activities by pretending to be the Gaza Cybergang, a well-known and not well-respected group of skids. The actor behind Operation Parliament appears anything but unsophisticated. The malware it used is still under study, but it does not appear to have any obvious relationship with previously seen attack code. Targets were carefully verified before infection, and Kaspersky says the unidentified operators did "just enough to achieve their goals." Most of the organizations targeted were in the Middle East and North Africa, but infections extended to Europe, South Korea, and North America as well. The campaign has slowed since the beginning of 2018, suggesting the spies got what they came for.

Proofpoint has successfully sinkholed what they call the oldest running infection chain: EITest. They say the campaign, active since 2011, seems to have been "purely criminal" as opposed to state directed. The large network of compromised servers it used (about 51 thousand), and its concealment of  command-and-control infrastructure behind a domain generation algorithm, made EITest unusually resistant to takedown. EITest passed "filtered, high-quality traffic to threat actors operating exploit kits and web-based social engineering schemes."

Facebook's sessions before Congress are over, with House inquisitors getting higher marks from the media than did their Senate counterparts.

Those interested in seeing how a small country punches far, far above its weight in cyberspace will find the Estonian Internal Security Service's newly released Annual Report for 2017 good reading.

[250]

Cylance is proud to be the CyberWire sustaining sponsor for 2018. Learn more about how Cylance prevents cyberattacks at cylance.com

A note to our readers: RSA is next week, and the CyberWire will be there. If you'll be at San Francisco's Moscone Center, too, stop by and say hello to the CyberWire team. We'll be at the Akamai booth, #3625 in the North Hall. We hope to see you there (and thanks to Akamai for their kind hospitality).

Today's edition of the CyberWire reports events affecting Afghanistan, Canada, Chile, China, Denmark, Djibouti, Egypt, Estonia, Germany, India, Iran, Iraq, Israel, Jordan, the Republic of Korea, Kuwait, Lebanon, Morocco, Oman, thePalestinian Territories, Qatar, Russia, Saudi Arabia, Serbia, Somalia, Syria, the United Arab Emiratesthe United Kingdom, and the United States.

Headed to RSA? Get a free pass expo pass on LookingGlass!

RSA can be hectic, but we’ll make putting together your schedule easy for you. If want to know the latest trends and technology in cybersecurity and threat intelligence, look no further than LookingGlass Booth #100 in the South Hall. We offer solutions – not more work – for your toughest security challenges. Come meet with us on the Expo floor or at our meeting suite in the Marriott – enjoy the discussion, demos, and refreshments. Get your free pass here.

On the Podcast

In today's podcast, we speak with our partners at Virginia Tech's Hume Center, as Dr. Charles Clancy discusses LTE network vulnerabilities. Our guest is Dinah Davis from CodeLikeaGirl.io and Arctic Wolf Networks, with thoughts on diversity at tech conferences.

Sponsored Events

Wombat Security at RSA Conference 2018 (San Francisco, California, United States, April 16 - 20, 2018) Cyberthreats lurk around every corner. Visit our booths at RSA to ensure you are providing your team with the tools they need to be cybersecurity heroes in your organization: South Expo 1033 and North Expo 4701. We’ll be presenting: a sneak peek at our new superhero-themed Awareness Video Campaigns; a free copy of our security awareness comic book, and previews of our newest training modules, including GDPR, Insider Threats, and Password Policy.

XM Cyber is coming to RSA (San Francisco, California, United States, April 16 - 20, 2018) Visit XM Cyber at the Israeli Pavilion, South Hall booth 635, to experience the first automated APT simulation platform to expose, assess and amend every attack path to organizational critical assets.

Cyber Job Fair, April 19, San Antonio visit ClearedJobs.Net or CyberSecJobs.com for details. (San Antonio, Texas, United States, April 19, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, April 19 in San Antonio. Meet leading cyber employers including Bank of America, Parsons, Engility, Fulcrum and more. Visit ClearedJobs.Net or CyberSecJobs.com for details.

HackNYC2018 (New York, New York, United States, May 8 - 10, 2018) Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth is that there is a credible capability to use cyber attacks to achieve kinetic effects. Kinetic Cyber refers to a class of cyber attacks that can cause direct or indirect physical damage, injury or death solely through the exploitation of vulnerable information systems and processes. Use code CWIRE20 for 20% off the $50.00 individual ticket price.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

'Operation Parliament' Imitates Another Actor to Stay Undetected (SecurityWeek) A series of geopolitically motivated attacks ongoing since early 2017 and targeting high profile organizations worldwide appear to be a symptom of escalating tensions in the Middle East

New global cyberespionage campaign targets top legislative and judicial systems (BusinessTech) Kaspersky Lab says that a new cyberespionage campaign dubbed “Operation Parliament” is targeting high profile organisations from around the world with a focus on the Middle East and North Africa.

EITest: Sinkholing the oldest infection chain (Proofpoint) Proofpoint researchers detail the evolution of the EITest infection chain and help sinkhole the long-running operation.

Multi-Purpose Proxy Botnet Ensnares 65,000 Routers (SecurityWeek) More than 65,000 routers exposed to the Internet via the Universal Plug and Play (UPnP) protocol are being abused by cybercriminals as part of a large, multi-purpose proxy botnet.

Cyber-Espionage Groups Are Increasingly Leveraging Routers in Their Attacks (BleepingComputer) Cyber-espionage groups —also referred to as advanced persistent threats (APTs)— are using hacked routers more and more during their attacks, according to researchers at Kaspersky Lab.

Fake Hillary p[0]rn just the tip of Russia’s Reddit penetration (Naked Security) How Russian trolls embraced rule 34 (but Redditors didn’t buy it)

The Fake Facebook Pages Targeting Vietnam Veterans (The Atlantic) The pages are operated out of Eastern Europe and the social network took almost two months to shut one of them down.

LimeSurvey Flaws Expose Web Servers to Attacks (SecurityWeek) Hackers can chain two vulnerabilities in the popular online survey tool LimeSurvey to take control of web servers with little or no user interaction

New Mirai Variant Launching DDoS Attacks on IoT Devices (KoDDoS Blog) The financial sector has experienced a series of DDoS attacks executed by a Mirai botnet variation. The number of ‘Internet of Things’ devices the attack affected reaches 13,000.

Fake Chrome & Firefox browser update lead users to malware infection (HackRead) Another day, another malware scam - This one uses Chrome and Firefox browsers as bait to infect Windows users.

Glitch in malspam campaign temporarily reduces spread of GandCrab (SANS Internet Storm Center) Since March 2018, I've noticed malicious spam (malspam) pushing GandCrab ransomware.

Researchers Create Malware That Steals Data via Power Lines (BleepingComputer) A team of academics has successfully developed and tested malware that can exfiltrate data from air-gapped computers via power lines. The team —from the Ben-Gurion University of the Negev in Israel— named their data exfiltration technique PowerHammer.

Why Child Identity Theft Is a Growing Concern During Tax Season (Consumer Reports) Data obtained via child identity theft can be used by cybercriminals to file fake tax returns and loan requests. Consumer Reports explains how to protect your child's info.

When Identity Thieves Hack Your Accountant (KrebsOnSecurity) The Internal Revenue Service has been urging tax preparation firms to step up their cybersecurity efforts this year, warning that identity thieves and hackers increasingly are targeting certified public accountants (CPAs) in a bid to siphon oodles of sensitive personal and financial data on taxpayers.

Great Western Railway is urging online customers to reset passwords (The Sun) GREAT Western Railway is urging online customers to reset passwords after confirming it was the target of a cyber attack. The firm said hackers used an automated system to gain access to customer a…

Kemi Badenoch MP, self-confessed website hacker (Graham Cluley) In 2008, the deputy leader of the British Labour party had her website hacked. And now we know who did it…

Dark Web Market Price Index (US Edition) (Top10VPN.com) Scammers are buying and selling your stolen personal info on the dark web and it's not just credit card details. With hacked dating profiles, streaming services, even Deliveroo accounts for sale, we've created the Dark Web Market Price Index to monitor this. Find out just what your personal information is worth.

New Research from CAST Exposes Risk in Open Source Software (GlobeNewswire News Room) The prevalence of open source software in enterprise applications signals the need for greater Software Intelligence to prevent exploitation by hackers

What Happens In Cyberspace Stays Online Forever: Cryptocurrencies And Privacy (Forbes) Bitcoin’s staggering growth and adoption brought strong scrutiny to its transaction rates capabilities.

Facebook shines a little light on ‘shadow profiles’ (Naked Security) Shadow… what now?

Security Patches, Mitigations, and Software Updates

Patch Tuesday brings some surprises, some early crashes, and a surreal solution (Computerworld) Windows 7 and Server 2008R2 continue to get beaten into the ground, and the Win10 1709 patch prompts complaints, as the Windows security patching business gets even more complex.

How Android Phones Hide Missed Security Updates From You (WIRED) A study finds that Android phones aren't just slow to get patched; sometimes they lie about being patched when they're not.

Apple has begun notifying macOS users of coming 32-bit app incompatibility (Ars Technica) Warnings have started, but 32-bit support will likely continue for many months.

Instagram bends to GDPR – a “download everything” tool is coming (Naked Security) The tool will let you get at your photos, videos and messages

Cyber Trends

Hot Topics at the 2018 RSA Conference (BankInfo Security) GDPR compliance. New uses for blockchain. IoT security. These are some of the hottest topics on tap at the 2018 RSA Conference, taking place April 16-20 in San Francisco.

U.S. faces evolving, emboldened adversaries in cyberspace, officials warn (Stripes Okinawa) As threats in cyberspace constantly evolve, the United States is facing adversaries that are increasingly sophisticated, capable and emboldened in that domain, top defense officials told lawmakers today.

Venafi Study Results: Will We See Future Browser Distrust Events? (Venafi) Venafi’s latest study reveals that IT professionals are concerned about future CA incidents, but few can quickly respond to them.

More than 2.5 billion records stolen or compromised in 2017 (BusinessWire) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, today released the latest findings of the Breach Level Index, revealing tha

Risk of compromised credentials an HR problem, say senior executives (Global Banking And Finance Review Magazine) Centrify report shows that around half believe only a major breach would change their opinion that compromised user credentials are a ‘significant risk’

Marketplace

Cyber security firm Avast plans watershed London tech listing (Reuters) Avast, the world’s largest consumer antivirus supplier by customers, said on Thursday it will apply to list its shares on the London Stock Exchange in what could be a blockbuster float expected to value the company at around $4 billion.

Sequoia Israel Partner Launches New $50 Million Cybersecurity Fund (CTECH) Called Cyberstarts, the fund established by Gili Raanan raised funding from the likes of Check Point and Palo Alto Network's founders

Governor Northam Announces Creation of the Virginia Founders Fund (Virginia Governor, Newsroom) New seed investment fund that brings increased access to venture capital to Virginia’s underrepresented entrepreneurs

SonicWall CEO squares up to Sophos after launching new cloud platform (Channelnomics) Security vendor launches a cloud platform it claims pits it against enterprise rivals such as Sophos

Could Palo Alto Networks Be a Millionaire-Maker Stock? (The Motley Fool) It’s been a good year for Palo Alto Networks’ investors. Will the good times keep rolling?

Intelligence office needs industry help to attain ‘acquisition agility’ (Fedscoop) Industry stakeholders will likely have a voice in ODNI’s redesign of the intelligence community’s acquisition process, officials said Tuesday.

What's your security story? How to use security as a sales tool (Help Net Security) When your sales team not only knows your security story, but knows it so well that they can communicate it themselves, the sales cycle is dramatically accelerated.

Global operators team on security effort (Mobile World Live) Telefonica, Singtel, Etisalat and SoftBank created a global cyber security alliance, designed to protect enterprise ...

Former CIA Director, John O. Brennan Joins SecureAuth + Core Security Advisory Board to Fortify Gaps in Cybersecurity Battle Lines (GlobeNewswire News Room) Leading Expert in National Security to Advise on Market Approach, Product Strategy, and Customer Value for Identity Based Security Automation Solution

This Deloitte exec makes cybersecurity a contact sport (Washington Business Journal) How James Turgal transitioned from a long career at the FBI to the C-suite in the private sector.

Products, Services, and Solutions

Absolute Debuts GDPR Readiness Assessments to Help Global Organizations Jump-Start Compliance Ahead of May 2018 Deadline (BusinessWire) Absolute (TSX: ABT), the endpoint visibility and control company, today announced new GDPR Data Risk and Endpoint Readiness Assessments to accelerate

Digital Defense Announces the Launch of Cyber Threat Management Offering (Digital Defense) Digital Defense, Inc., a security technology and services provider, today announced the launch of a new product line offering, Frontline Cyber Threat Management (Frontline CTM™), a trio of predictive cyber intelligence solutions.

CYBRIC and IBM Resilient Integrate to More Quickly Identify and Remediate Cyber Threats (BusinessWire) CYBRIC, provider of the first continuous application security platform, today announced an integration with IBM Resilient, the leading platform for or

Cylance® Axiom Alliance Program Extends AI Based Security Approach Across Endpoints to Network and Cloud (BusinessWire) Cylance Inc., the company that revolutionized the antivirus and endpoint protection industry with true AI-powered prevention that blocks advanced cybe

Mocana Launches Supply Chain Integrity Platform to Secure IoT, ICS Devices (SecurityWeek) Mocana TrustCenter provides supply chain integrity, allows faster development and provisioning of devices containing TrustPoint security, and to reduce costs by automating secure enrollment and provisioning at a scale.

Infoblox and McAfee Deliver Comprehensive Threat Protection and Faster Threat Response (PR Newswire) Infoblox Inc., the network control company that provides...

Intezer Unveils Compromise Assessment Service Extending Threat Detection and Analysis Platform, Intezer Analyze (BusinessWire) Intezer Compromise Assessment service provides a complete health check of IT environment, detection of and remediation of cyber attack/s

Netwrix adds data discovery and classification functionality to Netwrix Auditor (Netwrix) The new edition empowers users to identify, classify and secure the sensitive data on their file shares

Echoing TRITON, CyberX's Innovative ICS Security Research Selected for 'Hackers & Threats' Session at the 2018 RSA Conference (PR Newswire) CyberX, the IIoT and industrial control system (ICS) security company, today...

IGEL OS 10 Now Supports UEFI Secure Boot (IGEL) IGEL met the requirements of the UEFI Secure Boot security standard

CipherCloud Announces Groundbreaking CASB+ Platform, Unifying Cloud Security Capabilities with End-to-End Data Protection in a Single Cloud-Native Security Platform (GlobeNewswire News Room) New CASB+ platform combines powerful CASB capabilities with award-winning, data protection technology enabling enterprises to rapidly deploy cloud-native security and compliance across any SaaS, PaaS or IaaS application

Etherparty Enhances Security with Aporeto Ahead of Rocket Launch (Aporeto) Etherparty Smart Contracts Inc. (“Etherparty”), a blockchain technology company providing smart contract solutions for enterprise and everyday use on the world’s most popular blockchains, has enlisted Zero Trust security solutions provider Aporeto, to provide an added layer of security to bolster the platform ahead of the ICO product launch...

Over 60s take up SAS cyber attack training (Mortgage Finance Gazette) It doesn’t matter whether you are an individual or run a business, everyone is susceptible to cyber attacks and scams. Santander is tacking this head on by taking the over 60s back to school; meanwhile businesses continue to be bombarded with cyber ammunition

Tanium Ambitions, How Can A Security Company Be A Platform Company? (Forbes) Every technology organization wants to position themselves as a platform company, let’s get over that core truism.

Effectively Detecting Low Throughput and Malicious DNS Exfiltration (Security Boulevard) In a previous blog post, we described how the DNS protocol, mainly designed for hostname to IP addresses resolution, can be abused for arbitrary data exchange. Based on throughput (i.e., bytes per hour), we distinguish between two classes of data...

DarkOwl Announces Release of Map the Dark (WebWire) DarkOwl, a Denver based information security company specializing in darknet intelligence information, today announced the release of Map the Dark, an interactive data visualization of the darknet...

Twistlock Advances Security For All Cloud Native Environments Beyond Containers and Serverless (PR Newswire) Twistlock, the leading provider of container and cloud native...

Technologies, Techniques, and Standards

UK’s GCHQ unveils the 6 levels of cyber attack and how to respond (CSO) The UK readies ministers and local police for an impending 'category 1' national cyber crisis.

Cybersecurity Drills More Important Than Ever for Data Centers (Data Center Knowledge) No amount of planning can replace regular drills. Here’s what they should include.

Uncovering Unknown Threats With Human-Readable Machine Learning (TrendLabs Security Intelligence Blog) In this blog post, we will discuss how we developed a human-readable machine learning system that is able to determine whether a downloaded file is benign or malicious in nature.

New threats mean new training for the Navy (C4ISRNET) The Navy's new Norfolk, Virginia-based group targets information warfare training.

How Effective Is Security Awareness Training for Threat Prevention? (Security Intelligence) Employees represent the first line of defense against cyberthreats, and effective security awareness training is more crucial than ever given the volatility and sophistication of the threat landscape.

Research and Development

Cisco and ISARA Collaborate on a Proof of Concept of the World’s First Digital Certificate Compatible with Both Classic and Quantum-Safe Cryptographic Algorithms (BusinessWire) Cisco Systems and ISARA Corp., the leading provider of security solutions for the quantum computing age, today announced the world’s first collaborati

Academia

Wagner Proposes Cutting CyberX Program To Help Fund Tax Credit (Community Idea Stations) Republican Senator Frank Wagner’s proposed tax credit to help middle-income earners pay their healthcare premiums is getting the attention of fellow GOP leaders. But how does he want to pay for it?

Legislation, Policy, and Regulation

Estonian Internal Security Service Annual Review 2017 (Estonian Internal Security Service) The specific nature of work of special services responsible both for national security and foreign intelligence has throughout the ages required operating as covertly as possible and certain mystery has always surrounded it...[2017 Annual Review available for download at this link.]

National cyber strategy could come by summer (FCW) A top Pentagon official told the House Armed Services Committee that the much-anticipated national cyber strategy 'should be forthcoming in the near future.'

Cyber Command has a role, but Pentagon leaders struggle to define it (Fifth Domain) DoD is still contemplating policy and employment of cyber forces several years after the stand up of Cyber Command.

Trump signs bill to shut down websites that facilitate prostitution (Ars Technica) FOSTA becomes law—sex work forums were already shutting down to prepare.

States Turn To National Guard To Help Protect Future Elections From Hackers (NPR) Election officials have traditionally focused on a smooth voting experience, but after the 2016 elections, they've also had to focus on cybersecurity.

UK cyber attack reporting set to be more streamlined (ComputerWeekly) Government funding has been allocated to help streamline cyber attack reporting, according to the National Cyber Security Centre.

Litigation, Investigation, and Law Enforcement

Congress chews up Zuckerberg, day two: A far more thorough mastication (Naked Security) “What’s the difference between Facebook and J. Edgar Hoover?”

Key Points From Facebook-Zuckerberg Hearings (SecurityWeek) Facebook chief Mark Zuckerberg testified for nearly 10 hours over two days on Facebook's privacy and data protection issues before committees of the Senate and House. Here are key points:

European Court of Justice to investigate Facebook's data transfers (Computing) Irish Court has referred long-running Schrems privacy case to the ECJ,Legislation and Regulation ,Facebook,Privacy Shield,Safe harbour,ECJ,Max Schrems,Privacy

Android ruling is unlikely to weaken Google in Europe (Computing) Google will be fined, but that won't affect its established dominance,Legislation and Regulation ,Google,European Union,anti-trust,Android

Death SWAT suspect tweets threats from jail using buggy inmate kiosk (Naked Security) He apparently got online when a jail kiosk software upgrade glitched. Alternatively, as his account explained it, because “I’m an eGod.”

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

Wombat Security at RSA Conference 2018
XM Cyber is coming to RSA
Cyber Job Fair, April 19, San Antonio visit ClearedJobs.Net or CyberSecJobs.com for details.
HackNYC2018

Newly Noted Events

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 22 - 23, 2018) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in technology and systems research and development. The agenda for 2018 focuses on: innovations in software engineering, advances in data security, blockchain impact on C4I, exploiting machine learning, collaborative community resilience, IoT impact on national security, understanding information warfare, innovations in IT acquisition, and disruptive mobility technology.

International Cyber Risk Management Conference (Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC to Bermuda, the “world’s risk capital,” where we, with the support of a stellar advisory committee, will focus on cyber risk with an emphasis on insurance and risk-transfer solutions.

Upcoming Events

CYBERTACOS San Francisco (San Francisco, California, USA, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

RSA Conference 2018 (San Francisco, California, USA, April 16 - 20, 2018) Take this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Our Security Advocates (San Francisco, California, USA, April 17, 2018) OUR Security Advocates highlights a diverse set of experts from across information security, safety, trust, and other related fields. OURSA is a single-track, one-day conference with four topic sessions. In each session, you'll hear short talks from multiple experts followed by a moderated discussion.

5th Annual Cybersecurity Summit (McLean, Virginia, USA, April 24, 2018) Join the Potomac Officers Club for the Fifth Annual Cybersecurity Summit to hear from public and private sector leaders on how federal agencies can improve their respective data security measures.

Secutech (Taipei, Taiwan, April 25 - 27, 2018) To meet the rising demand for intelligent and customised solutions, Secutech converges security and safety, ICT, IoT, artificial intelligence, big data, edge computing, intelligent video analytics and deep learning to enable you to create new value in the rapidly evolving market, and provide intelligent solutions in factory, retail, healthcare, transportation, home, building and safe city sectors.

Industrial Control Systems (ICS) Cyber Security Conference Asia (Singapore, April 25 - 27, 2018) The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region. Three days of multi-track training & workshops for days for operations, control systems and IT security professionals to connect on SCADA, DCS PLC and field controller cyber security.

INFILTRATE (Miami Beach, Florida, USA, April 26 - 27, 2018) INFILTRATE is a "pure offense" security conference aimed at the experienced to advanced practitioner. With the late-90s hacker con as its inspiration, the event has limited attendance in order to foster a close-knit, casual and open environment for speakers and attendees. There are no sponsored talks, panels or other gimmicks, just two days of carefully vetted, highly technical talks which present new research in advanced exploitation techniques, vulnerability discovery, malware/implant design, anti-forensics and persistent access. Speakers include hackers from all across the offensive spectrum. The conference also hosts advanced training classes in web hacking, exploit development, cryptanalysis, kernel exploitation, Java attacks and other techniques (April 22-25). Now in its eighth year, the two-day, single track conference is organized by Dave Aitel and Immunity Inc., and is held in warm, sunny Miami Beach.

Automotive Cybersecurity Summit 2018 (Chicago, Illinois, USA, May 1 - 8, 2018) Smart Vehicles. Smart Infrastructures. The 2nd annual Automotive Cybersecurity Summit brings together public and private-sector manufacturers, suppliers, assemblers, technology providers and V2X partners to discuss the increasingly complex and interdependent relationships between smart vehicles and ever-expanding smart infrastructures. The SANS Automotive Cybersecurity Summit was created to develop and foster a culture of cyber-awareness in organizations across the vehicle supply chain as we work together to understand risks, safeguard organizations, their products, and their customer from the evolving threat landscape.

Application of the Law of War to Cyber Operations (Washington, DC, USA, May 3, 2018) Cyber law experts meeting at the George Washington University will cover Title 10 vs. Title 32 vs. Title 50 and the lawful and operational restrictions related to these authorities. The panelists will discuss the legal processes of projecting power in the domain of cyberspace and what capabilities require legal review relating to Defensive Cyberspace Operations (DCO) -- both Internal Defense Measure (IDM) and Response Actions (RA) -- as well as Offensive Cyberspace Operations (OCO).

Global Cyber Security in Healthcare & Pharma Summit (London, England, UK, May 3 - 4, 2018) The number of cyber-attacks in healthcare is on the rise, and the industry must do more to prevent and respond to these incidents. The Global Cyber Security in Healthcare & Pharma Summit 2018 will bring together high-level representatives from around the globe to create a cybersecurity roadmap for the future. Attendees will come from all areas of cybersecurity for the healthcare, medical devices and pharmaceutical sectors. Experts will examine the cybersecurity landscape in these three industries, with a particular focus on strategies for protection and incident response, as well as on business/regulatory considerations. Central to the aims of this event is facilitating collaboration and cooperation amongst the diverse stakeholders that will be in attendance.

Secure Summit DC (Washington, DC, USA, May 7 - 8, 2018) (ISC)² Secure Summit DC will assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of the event is to equip security leaders to tackle today's threats, as well as arm them with the knowledge, tools and expertise to protect their organizations and advance their careers. Registered attendees will be immersed in two days of insightful, strategic cybersecurity knowledge.

HACKNYC (New York, New York, USA, May 8 - 10, 2018) The recent flood of data breach news may numb us to the threat of attacks with kinetic effects--direct or indirect physical damage, injury, or death. Hack NYC focus’ on our preparation for, and resilience to, the genuine potential for kinetic cyber attack. Be part of defining solutions and illuminate risks aimed at critical national Infrastructure. Hack NYC is about sharing big ideas on how we will fortify our daily life and economic vitality. The threat of attack aimed at Critical National Infrastructure is real as services supporting our communities and businesses face common vulnerabilities and an unspoken kinetic threat.

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, May 8 - 9, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

SecureWorld Kansas CIty (Kansas City, Missouri, USA, May 9, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cyber Investing Summit (New York, New York, USA, May 15, 2018) Now in its third year, the Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry, which is predicted to exceed $1 trillion in cumulative spending on products and services over the next five years from 2017 to 2021. Panels will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. Speakers include leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. Attendees will have the opportunity to network with key influencers in the investment and cyber security industries. A cocktail reception will be held following the presentations.

Third Annual Cyber Investing Summit (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 15, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Digital Utilitites Europe (Amserdam, the Netherlands, May 16 - 17, 2018) The conference will bring together key industry stakeholders to address the current challenges of the digitisation in the utilities sector. Join us in Amsterdam to hear latest business case studies and gain insight into technological advancements within the industry, as well as unique strategies utilised by to meet demands of rapidly changing energy consumer/prosumer market.

SecureWorld Houston (Houston, Texas, USA, May 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Ignite18 (Anaheim, California, USA, May 21 - 24, 2018) Palo Alto Networks' sixth annual conference features highly technical insights based on firsthand experiences with next-generation security technologies, groundbreaking new threat research, or innovative technical best practices. Don’t miss this outstanding opportunity to share your expertise with our Ignite community of distinguished security professionals and researchers.

PCI Security Standards Council’s Asia-Pacific Community Meeting (Tokyo, Japan, May 23 - 24, 2018) Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Asia-Pacific Community Meeting is the place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

North American Financial Information Summit (New York, New York, USA, May 23, 2018) Data is the most vital asset of any financial services firm. With volumes increasing exponentially, and the complexity and structure continuously changing, it is more vital than ever to keep on top of EDM strategy and analytical capabilities, while of course remaining compliant. Join us for the only conference around to challenge your current data strategy and evaluate your technology investments. Have your voice heard at interactive workshop tables, learn from peers facing the same challenges at their respective firms, listen to the experts, hear their success stories, and meet 350+ senior decision makers over 5 networking breaks - all this for only one day out of the office!

THE CYBERWIRE
Compiled and published by the CyberWire editorial staff. Views and assertions in source articles are those of the authors, not the CyberWire, Inc.