Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
March 2, 2018.
By The CyberWire Staff
Germany, which continues to work on remediation of what's being called an "ongoing" attack on a government dedicated secure network, officially declines to attribute the attack. Economy Minister Zypries yesterday said that, while there were no indications Russia was behind the hack, it would be "problematic" if this would turn out to have been the case.
Few others are so reticent. The industry consensus is that the attack is the work of Fancy Bear, Russia's GRU. Some members of the Bundestag who've been briefed on the incident are calling it "a form of warfare."
Fancy Bear has been busy elsewhere, too. Palo Alto Networks reports that it's observing a campaign mounted against diplomatic targets elsewhere in the world.
As disturbing as Russian cyber operations have been, CrowdStrike says that, in its view, North Korea remains the greater threat. Dragos agrees that North Korea needs to be taken seriously. The company believes Pyongyang has been working hard on tools to be used against industrial control systems. It also believes the DPRK is sizing up the US power grid as a promising high-payoff target.
General Paul Nakasone, nominated to succeed Admiral Rogers as head of NSA and US Cyber Command, thinks deterrence is cyberspace difficult but essential. The opposition must, he told Congress, face costs.
The amplification attacks against which security experts warned turned up in the wild Wednesday. GitHub was briefly taken down-estimates range from five to twenty minutes. Security experts call it the biggest distributed denial-of-service campaign on record: 1.3Tbps.
Today's issue includes events affecting Australia, China, European Union, Germany, Iran, Democratic Peoples Republic of Korea, Russia, Ukraine, United States.
A note to our readers: We'll be in Mountain View, California, next week, covering SINET's ITSEF conference. Sessions will be held on March 7th and 8th. Watch for summaries, articles, and live tweets beginning Wednesday.
Struggling with your DLP? It's time to rethink your data loss prevention strategy.
Traditional data loss prevention tools aren’t cutting it anymore. Why? They are high-maintenance and require endless fine-tuning. They often miss insider threats. They stymie communication between security and other departments. And they slow down endpoints, leading to crashes and failures that drive users crazy. Learn from ObserveIT why DLP tools aren’t getting the job done in 2018 and how you can stop data loss in its tracks. Read Now.
ON THE PODCAST
In today's podcast we talk with our partners at Dragos. CEO Robert M. Lee discusses industrial control system security in advanced manufacturing. Our guest is Marcus Harris from Saul Ewing Arnstein & Lehr LLP, who talks about the decision by some security companies to allow the Russians to inspect their source code.
Billington International Cybersecurity Summit(Washington, DC, USA, March 21, 2018) Billington International Cybersecurity Summit, March 21, Washington, D.C. Cybersecurity leaders from Asia, Europe, the Middle and U.S. on global threats and best practices, including Acting DoD CIO and Singapore Cyber Commissioner-designate. Sponsor Opportunities: Sandy Nuwar at 443-994-9832
Third Annual Cyber Investing Summit 5/15/18(New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.
First Native IPv6 DDoS Attack Strikes, As Organisations Face Yet Another New Cyber Threat(Information Security Buzz) DNS dictionary attack came from around 1,900 different hosts on over 650 varying networks A first of its kind IPv6 DDoS attack hit servers over the weekend, raising a red flag for the future era of cyber-crime, according to global web security firm, Neustar. The DNS threat – which was successfully defended against – came from …
Financial Cyber Threat Sharing Group Phished(KrebsOnSecurity) The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, said today that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members.
Cybersecurity Incident & Important Consumer Information(Equifax) As a result of ongoing analysis of data stolen in last year’s cybersecurity incident, Equifax announced that the company has confirmed the identities of U.S. consumers whose partial driver’s license information was taken. We were able to identify these consumers by referencing other information in proprietary company records that the attackers did not steal, and by engaging the resources of an external data provider.
The Industrial Cyber Threat Landscape(Committee on Energy and Natural Resources, United States Senate) Chairwoman Murkowski, Ranking Member Cantwell and members of the committee, thank you for providing me the opportunity to testify before you today.
NGA previews acquisition overhaul(FCW) The National Geospatial-Intelligence Agency is looking to revamp its acquisition process to lean heavily on small businesses and agile spending authorities.
One third of directors concerned about the cost of GDPR compliance(Africom) Those in arts & entertainment are least prepared, with over half (52%) not having started compliance efforts. Non-compliance can result in fines of up to 4% of the company's global annual turnover or €20 million, whichever is higher. Losing this amount of money could force most businesses into liquidity issues.
GDPR Is Almost Here, Let the Data Protection Officer Talent Race Begin(Wall Street Journal) T.S. Eliot once said most of the evil in this world is done by people with good intentions. And while data privacy is certainly a good intention, GDPR mandates may create unintended consequences. But help may be on the way in the form of a management position designed for knotty data challenges: the data protection officer.
Cyber Insurer Coalition Raises $10 Million to Solve Cyber Risk for SMBs(Coalition) Coalition Inc., the first technology-enabled cyber insurance solution, announced today that it raised $10 million in Series A funding from leading technology investors including Vy Capital, Ribbit Capital, Valor Equity Partners, Sam Altman (President, Y Combinator), and Deep Nishar (Senior Managing Director, Softbank Vision Fund).
Cyber insurance, lessons from the trenches(ITWeb) Cyber insurance should be seen more as part of a risk management strategy, a retainer if you would, says says Ryan van de Coolwijk, ITOO Special Risks: Product Head Cyber Insurance.
Why You Need Collaborative Defense in Depth(Security Intelligence) A collaborative defense strategy enables companies to unite siloed departments, integrate threat defense and extend security capabilities beyond the individual power of each tool.
Microsoft president Brad Smith '82 discusses artificial intelligence future(The Princetonian) “We really need to step back and recognize that we can’t afford to look at this future without critical eyes,” explained Smith. “Technology is always used in good ways and bad, and even when it’s used in good ways, it has an impact that we can’t necessarily predict. It had indirect effects that aren’t necessarily intended.”
German government under cyber attack, shores up defenses(Reuters) Germany's government was marshalling its defenses on Thursday against a powerful cyber attack that lawmakers said had breached the foreign ministry's computer network and whose origins officials admitted were still unclear.
Cyber Command Nominee Deflects Questions on Russia(Roll Call) The nominee to lead U.S. Cyber Command and the National Security Agency told lawmakers Thursday he would offer options to the president and Defense secretary to respond to Russian hacking of U.S. elections “if directed” to do so.Lt. Gen. Paul Nakasone, the current head of the Army’s Cyber Command, said the decision whether or not to retaliate for Russian disinformation efforts during the 2016 presidential election or to preempt future attempts at election interference is a policy matter for civilian leadership in the executive and legislative branches.
Army officer: China, Russia don't fear US cyber retaliation(San Francisco Chronicle) Nations including China and Russia that launch cyberattacks against the U.S. don't fear retribution and see no reason to change their behavior, the Army officer tapped to be the next head of U.S. Cyber Command told a Senate Committee Thursday.
Recent NPAs Set ‘Troubling Precedent’(Who's Who Legal) In 2017, companies settled violations with the DOJ in unprecedented non-prosecution agreements that contained disavowals of any criminal liability.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
2nd Billington Automotive Cybersecurity Summit(Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included,...
SINET ITSEF 2018(Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment...
AFFIRM and USCC 5th Annual Cybersecurity Summit(Arlington, Virginia, USA, March 8, 2018) The 5th Annual Cybersecurity Summit is a place for important discussions about the challenges with cyber-security and is also a significant benefit both for the AFFIRM scholarship program, which helps...
PCI Security Standards Council Middle East and Africa Forum(Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes...
SecureWorld Boston(Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
Cyber 9-12(Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...
Infosecurity Magazine Spring Virtual Conference(Online, March 21, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and...
3rd Annual Billington International Cybersecurity Summit(Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought...
Infosecurity Magazine North America Virtual Conference(Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and...
The Cyber Security Summit: Denver(Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.
Women in CyberSecurity 2018(Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as...
Northeast Regional Security Education Symposium(Jersey City, New Jersey, USA, March 23, 2018) The Professional Security Studies Department at New Jersey City University (NJCU) will hold its Northeast Regional Security Education Symposium on Friday, March 23, 2018, from 8 am to 2 pm. The symposium...
SecureWorld Philadelphia(Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...
National Cyber League Spring Season(Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...
4th Middle East Cyber Security Summit(Riyadh, Saudi Arabia, April 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit...
Cybersecurity: A Shared Responsibility(Auburn, Alabama, USA, April 8 - 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled...
Sea-Air-Space: The Navy League’s Global Maritime Exposition(National Harbor, Maryland, USA, April 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete.
2018 Mississippi College Cybersecurity Summit(Clinton, Mississippi, USA, April 10 - 11, 2018) The 2018 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. The 2018 Cybersecurity Summit will provide valuable...
ISC West 2018(Las Vegas, Nevada, USA, April 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.