Ukraine says Russian DDoS hits SBU. Accellion compromise attributed. SolarWinds on Solorigate. US DHS cyber intentions.

Cyber Attacks, Threats, and Vulnerabilities

SBU site targeted in massive DDoS attack (UNIAN) The cyberattack has been ongoing for several days already.

Chinese spyware code was copied from America's NSA: researchers (Reuters) Chinese spies used code first developed by the U.S. National Security Agency to support their hacking operations, Israeli researchers said on Monday, another indication of how malicious software developed by governments can boomerang against their creators.

Global Accellion data breaches linked to Clop ransomware gang (BleepingComputer) Threat actors associated with a financially-motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion's legacy File Transfer Appliance and steal data.

Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion (FireEye) Malicious actors we track as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliances to install a newly discovered web shell named DEWMODE.

Accellion Provides Update to FTA Security Incident Following Mandiant’s Preliminary Findings (Accellion) Mandiant has identified the criminal hacker behind the cyberattacks and data theft involving Accellion’s legacy FTA product.

SolarWinds CEO: This could have happened to anyone (FCW) In what will be the first of several public appearances this week, Sudhakar Ramakrishna says his company will be transparent about the supply chain attack it suffered as a way to help other companies prepare for the next attack.

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code (Redmondmag) Microsoft has reconfirmed that the 'Solorigate' advanced persistent threat attackers saw some of its source code, although 'only a few individual files were viewed.'

Bitcoins, blockchains, and botnets (Akamai) Additional research and reporting provided by: Chad Seaman Executive Summary A recent piece of malware from a known crypto mining botnet campaign has started leveraging Bitcoin blockchain transactions in order to hide its backup C2 IP address. It's a simple,...

Bulletproof hosting: How cybercrime stays resilient (Intel 471) To understand how cybercrime proliferates, security professional need to understand how bulletproof hosting props up all kinds of malware.

A race to reverse-engineer Clubhouse raises security concerns (TechCrunch) As live audio chat app Clubhouse ascends in popularity around the world, concerns about its data practices also grow. The app is currently only available on iOS, so some developers set out in a race to create Android, Windows and Mac versions of the service. While these endeavors may not be ill-int…

Clubhouse chats leaked by hackers on third-party site: See what happened (BGR India) Clubhouse is the latest popular audio-based chat app, which has been prone to a data breach. This has raised security concerns.

The Rise of Initial Access Brokers (Digital Shadows) Digital Shadows analyzes the role played by Initial Access Brokers, an emerging figure, in the broader criminal infrastructure of ransomware.

Organizations at growing risk from initial access brokers – a fast growing class of cybercriminal who breach firms and then charge others to do the ‘dirty work’ (Digital Shadows) Thriving on disruption to business process and remote working caused by pandemic as listings for RDP and VPNs increase with an average price of $7,100 London and San Francisco, February 23, 2021 - Digital Shadows, the leader in digital risk protection, has today highlighted the growing role of Initial Access Brokers within the criminal ecosystem. ...

Initial Access Brokers Report (Digital Shadows) Initial access brokers are benefitting from a rise in adoption of remote access software. This Initial Access Brokers Report analyzes this phenomenon and what it means for security practitioners.

Evolving Risks, Insecure Defaults, Watering Hole Threats: New Research from Accurics Uncovers Developing Sources of Cloud Risk (Accurics) Terrascan by Accurics supports Helm and Kustomize, enabling Policy as Code guardrails in your cloud native projects to enforce security best practices.

M1 safer than Intel Macs: Apple's Security Guide (Macworld UK) With two cases of M1 malware already appearing, Apple has showcased the new security features of the M1 Macs in a Security Guide

Hackers expose Hyundai logistics data after apparent ransomware attack (FreightWaves) A ransomware gang has leaked data related to Hyundai Motor America’s logistics operations after an apparent ransomware attack on the automaker and subsidiary Kia Motors America.

10K Microsoft Email Users Hit in FedEx Phishing Attack (Threatpost) Microsoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express – but that really steal their credentials.

You’ve Got A Phish Package: FedEx and DHL Express Phishing Attacks (Armorblox) This blog focuses on two email attacks impersonating FedEx and DHL Express. Both attacks aimed to extract email account credentials. Phishing pages were hosted on free services like Quip and Google Firebase to trick users into thinking they were legitimate.

Vulnerability Summary for the Week of February 15, 2021 | (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.

Notice of Data Breach (Harvard Eye Associates) Notice of Data Breach | Harvard Eye Associates are the Orange County area's leading LASIK, cataract surgery, and eye care specialists.

Council apologises for free school meals payment data breach (Future Scot) A Scottish local authority has apologised for a data breach after sending details of 600 free school meals claimants to ‘multiple’ email accounts.

South Carolina County Rebuilds Network After Hacking (SecurityWeek) A South Carolina county continues to rebuild its computer network after what it called a sophisticated hacking attempt.

Mysterious cyber-attack on Lakehead University's network under investigation (CTV Barrie) Lakehead University security experts in Orillia are trying to solve a debilitating cyber-attack and get students and staff back online.

Security Patches, Mitigations, and Software Updates

Apple has taken steps to eradicate mysterious malware strain | AppleInsider (AppleInsider) Following the discovery of a new and unusual malware that had the potential to attack Macs running on Apple Silicon, Apple has moved to minimize any impact the maliciously-crafted software could have in the future.

Nvidia announces official “anti-cryptomining” software drivers (Naked Security) “It’s a DoS, Jim, but not as we know it.”

Cyber Trends

Cyber-risk to critical and industrial infrastructure reaches all-time high (Intelligent CIO North America) A new report from Nozomi Networks Labs finds cyberthreats to industrial and critical infrastructure have reached new heights as threat actors double down on high value targets. With industrial organizations ramping connectivity to accelerate Digital Transformation and remote work, threat actors are weaponizing the software supply chain and ransomware attacks are growing in number, sophistication […]

Report Found That Credential Spilling Doubled Within Four Years, Credential Stuffing Attacks Now Preferred Intrusion Method (CPO Magazine) F5 annual Credential Stuffing Report 2021 indicated that credential spill incidents nearly doubled from 2016 to 2020. Contrarily there was a recorded 46% reduction in the volume of credentials spilled during the same period.

CrowdStrike: Pandemic didn’t slow targeted cyberattacks by criminals and nation-states (VentureBeat) The pandemic didn't slow targeted cyberattacks by criminals and nation-states, according to the 2021 Global Threat Report by CrowdStrike.

A Constant State of Flux: Trend Micro 2020 Annual Cybersecurity Report (Trend Micro) The upheavals of 2020 challenged the limits of organizations and users, and provided openings for malicious actors. A robust cybersecurity posture can help equip enterprises and individuals amid a continuously changing threat landscape.

Cynet Reviews the Top 6 Most Notable Cyber Attacks of 2020 (The Salamanca Press) Cynet today turned back the pages of 2020 to review the most noteworthy cyberattacks making up the cyber-pandemic, which came with COVID-19

UK's cybersecurity firms hit over $12 billion in 2020 revenue (Atlas VPN) Atlas VPN research team found that in the 2020 financial year, online security companies in the UK raked in nearly 8.88 billion GBP which is equivalent to 12.51 billion US dollars, a 7% increase from last year's 8.3 billion GBP (11.69 billion USD).

Marketplace

PerimeterX Raises $57M in Growth Capital Funding to Fuel Expansion Into New Geographies and Verticals (PerimeterX) Protect your web apps against account takeover, carding, denial of inventory, scalping, skewed analytics, digital skimming, Magecart, PII harvesting, scraping.

Kaseya Supercharges IT Complete Security Suite with the Acquisition of RocketCyber | Kaseya (Kaseya) RocketCyber’s managed security operations center (SOC) brings 24x7x365 cybersecurity to Kaseya IT Complete, strengthening the platform

Proofpoint To Acquire Data Security Provider InteliSecure For $62.5M (Yahoo) Cybersecurity company Proofpoint, Inc. (NASDAQ: PFPT) inked an agreement to acquire data security provider InteliSecure, Inc for $62.5 million in cash to consolidate its cloud-based people-centric security platform. The acquisition is expected to close during the first quarter of 2021.

Proofpoint to buy MSP InteliSecure for US$62.5M (CRN Australia) Data loss protection MSP to protect data in diverse environments.

Red Hat closes acquisition of StackRox (Container Journal) Today, we are pleased to share that Red Hat has closed the transaction to acquire StackRox, a leader and innovator in container and Kubernetes-native security. Since announcing our plans for the acquisition, we have been met with excitement both internally and externally around what the future holds for Red Hat OpenShift as well as Red Hat’s entire open hybrid cloud portfolio.

Michael Dell forms new acquisition company (CRN Australia) Seeking to raise upward of US$575 million through an initial public offering.

Vectra closes strongest quarter in company history (PR Newswire) Vectra AI, a leader in network detection and response (NDR), today reported that in calendar 2020, sales continued to grow at a compound annual...

Placing 2021 Bets on Zero Trust Identity & BehavioSec (BehavioSec) It is an exciting time to join the BehavioSec team as Chief Revenue Officer. In almost 20 years of working in the digital identity space around financial services and other sectors, I have seen successive key technologies emerge that enable and redefine how people securely bank, pay and prove authenticity in a digital world. But … Continue reading "Placing 2021 Bets on Zero Trust Identity & BehavioSec"

The 2021 Security 100 (CRN) Digital transformation and COVID-19 have changed the cybersecurity game. The vendors of CRN's 2021 Security 100 met the challenge.

Aryaka Is Recognized for the Second Year in a Row in 2021 Gartner Peer Insights ‘Voice of the Customer’: WAN Edge Infrastructure (BusinessWire) Aryaka announced it's been recognized for the second consecutive year in the Gartner Peer Insights ‘Voice of the Customer’: WAN Edge Infrastructure.

Reddit Names Allison Miller as CISO, VP of Trust (SecurityWeek) Reddit has hired Allison Miller as Chief Information Security Officer (CISO) and VP of Trust, who reports to Reddit CTO Chris Slowe.

Cybereason Snags Channel Leaders From Check Point, Fortinet (CRN) Cybereason has brought on Check Point channel leader Abigail Maines and Fortinet veteran Stephen Tallent to oversee traditional channels and MSSPs in North America, respectively.

Cybersecurity Expert Melissa Hathaway Joins LookingGlass Advisory Board (Homeland Security Today) LookingGlass Cyber Solutions, a leader in operationalizing threat intelligence, announced the appointment today of Melissa Hathaway to its Advisory Board. Hathaway brings extensive cyber policy and technical expertise to the Board.

Kaspersky picks former Symantec exec as new UK boss (CRN) Cybersecurity vendor appoints Christopher Hurst as new general manager of UK and Ireland

Cybersecurity Executive Malcolm Harkins Joins BlackCloak Advisory Board (PR Newswire) BlackCloak, Inc., the cybersecurity industry's first Concierge Cybersecurity & Privacy™ protection platform for Executives and High-Profile...

BehavioSec Triples Revenue in 2020; Welcomes New CRO (BusinessWire) BehavioSec announced the appointment of Michael Nelson as Chief Revenue Officer.

Products, Services, and Solutions

Enveil ZeroReveal 3.0 Delivers Performant, Scalable Privacy-Enhancing Capabilities for Secure Data Search, Sharing, and Collaboration (Enveil | Encrypted Veil) The performance and efficiencies in the software’s 3.0 release affirm that the groundbreaking, business-enabling capacity of homomorphic encryption is ready now for broad commercial use

SecurityHQ Release New Mobile App (PR Newswire) SecurityHQ, the leading provider in managed security services, launch their new Mobile App, SecurityHQ Response. Cyber never sleeps. Survival...

Entrust Introduces New Visitor Management as a Service Solution (BusinessWire) Entrust launches Adaptive Issuance Visitor Management as a Service, a cloud-based tool enabling a modern approach to visitor management and security.

Thycotic Integrates with Slack for Seamless Privileged Credential Access and Daily Workflow (PR Newswire) Thycotic, a provider of privileged access management (PAM) solutions to more than 12,500 organizations worldwide, including 25 of the Fortune...

Project Ares (Circadence) Circadence’s Project Ares is an award-winning, gamified cyber security learning platform that helps novice and seasoned cyber professionals keep skills sharp against evolving cyber threats.

Viasat authorized to use U.S. government provided classified cyber threat intelligence (Help Net Security) Viasat named one of four companies authorized to use U.S. government provided classified cyber threat intelligence.

The Mimecast Ecosystem Now Offers Over 60 Cybersecurity and Compliance Integrations (GuruFocus) Designed to Reduce Complexity, Minimize Risk and Improve Threat Detection and Response through Integrations with CrowdStrike, IBM Security, Netskope, Palo Alto Networks, Rapid7, ServiceNow, Splunk and more

An Industry First, Imperva Sonar Platform Delivers A Unified Security Platform Across Edge, Applications and Data (GlobeNewswire) Imperva, Inc., (@Imperva), the cybersecurity leader whose mission is to protect data and all paths to it, introduces the Imperva Sonar platform, which eliminates the need for siloed point solutions and delivers integrated analytics while automating workflow and accelerating incident response.

Students Learn About Online Threats With the Free Hackers' Epoch: The Cybersecurity Card Game Download (Dickson Post) KNOXVILLE, Tenn., Feb. 23, 2021 /PRNewswire/ -- Parents and teachers concerned about online safety have a fun learning tool called the Hackers' Epoch: The Cybersecurity Card Game by Scruffy City

Technologies, Techniques, and Standards

CISA Takes on Security Challenges with 5G (Government CIO) The agency provides a look at how the risks with 5G impact supply chain and uncover new vulnerabilities.

Cyber-insurance: Why you need it and how to choose the right plan (Compliance Week) As cyber-attacks surge, the need for cyber-insurance is growing more urgent. But it's critical for companies to first familiarize themselves with how to navigate the labyrinth of cyber-insurance products on the market so that they are properly covered.

Best Practices for Managing Cyber Risks in a Cyber World (The National Law Review) 1One remarkable aspect of the COVID-19 pandemic has been how quickly and completely global businesses were able to pivot to a virtual work environment. Across the world, employees fired up their lapto

What is a legacy system? The key is relevance, not age. (Defense News) Systems nearing the end of their service lives cost much more to maintain, so retiring them in favor of newer systems is pragmatic. However, the services’ record here is decidedly mixed and inconsistent.

How to Ensure Active Directory is not Your Achilles Heel (iTWire) GUEST OPINION by Jim Cook, ANZ Regional Director, Attivo Networks: With cybercriminals always on the hunt for new ways to mount attacks, organisations are paying more attention to the weaknesses that exist within many deployments of Microsoft’s Active Directory (AD). Developed by Microsoft as a set...

‘Pirates find the weak link and exploit it’: Akamai’s anti-content theft action plan (Sports Pro Media) Ian Munford, director of industry strategy at Akamai, offers his thoughts on how best to battle sports piracy, as well as offering insight into how the industry can become more sustainable.

The Threat From Within: Automotive Ramps Up Cybersecurity But Must Understand Hiring Better (Forbes) A storm is brewing.

Design and Innovation

A promising step forward on disinformation (Microsoft On the Issues) Today, Microsoft and the BBC have teamed up with Adobe, Arm, Intel and Truepic to create the Coalition for Content Provenance and Authenticity (C2PA).to counter deepfakes and develop standards and specifications that will prove the authenticity of digital media.

Academia

UA Little Rock Fights Social Media Misinformation (Arkansas Business) Devising the tools, methods and policies for promoting good behaviors on the web while marginalizing the bad actors is a serious challenge facing Arkansas, the nation and the international community.

NJCU and NPower Launch New Agreement for Cybersecurity Students (NJCU) New Jersey City University (NJCU) and NPower, a national tech training nonprofit, have signed an agreement granting qualified NPower graduates the ability to transfer nine (9) credits towards Bachelor of Science in Cybersecurity at the institution.

Legislation, Policy and Regulation

In the Middle East, War Is Going Digital (Foreign Policy) And that should scare everyone.

How China’s Digital Silk Road Is Leading Countries Away from the United States (Defense One) Beijing is using technology products, markets, and training to secure influence with U.S. security partners, a IISS report finds.

China Censors the Internet. So Why Doesn’t Russia? (New York Times) The Kremlin has constructed an entire infrastructure of repression but has not displaced Western apps. Instead, it is turning to outright intimidation.

Facebook reverses ban on news pages in Australia (BBC News) Facebook will reverse a decision to block access to news content, Australia's government says.

Facebook to reverse news ban in Australia after reaching an agreement with the government (Computing) Facebook and Google unlikely to be punished as long as they can demonstrate a 'significant contribution' to local journalism

Facebook Reaches Deal With Australia to Restore News (Wall Street Journal) The company reached a deal with the Australian government to restore news pages to its platform. The agreement includes changes to legislation requiring more negotiations before arbitration kicks in.

Why Facebook Is Right to Pull the Plug on Australia (Foreign Policy) This isn’t about regulating Big Tech. It’s about fleecing foreigners for news that Australians no longer want to pay for.

Looking behind the UK's new Cybersecurity Council (Includes interview) (Digital Journal) The UK government has launched a new independent body to set standards that professionals in cybersecurity will have to meet, much like there are standards for professionals in accountancy, finance, etc. What does this entail?

Is Congress Spending Enough on Cybersecurity? (Dispatch) Recent developments underscore legitimate concerns about our capacity to defend against a growing threat.

Election Infrastructure Council Applauds Cyber Cooperation in 2020 Cycle (Meritalk) The Election Infrastructure Government Coordinating Council – whose leadership spans Federal, state, and local government election officials – applauded inter-government cooperation on implementing cybersecurity safeguards in the 2020 election cycle, and pledged to use lessons learned going forward to improve election security and resiliency.

Election Infrastructure Government Coordinating Council Holds Winter Meeting to Discuss Path Forward on Election Security and Resilience (CISA) The Election Infrastructure Government Coordinating Council (GCC) held its winter meeting virtually the afternoon of Thursday, Feb. 18, 2021, to discuss lessons learned from the 2020 election and ways to improve coordination between the federal government and state and local election officials.

Lawmakers Call for Ambassador to Represent U.S. in Cyberspace (Wall Street Journal) A group of congressional lawmakers are renewing their call for a cyber ambassador in the State Department, reviving a bill that created friction between Congress and the Trump administration.

Biden pledges international cooperation on cyber in speech (FCW) Biden addressed the global security forum for the first time as president last week when he called for the United States to cooperate with European allies on establishing cyberspace norms.

Biden Wants International “Rules” to Combat Alleged Russian, Chinese Cyberattacks (MSSP Alert) The United States & democratic nations must jointly frame the “norms of behavior in cyberspace,” President Biden asserts at virtual Munich Security Conference.

The Cybersecurity 202: Investigations into Russian, North Korean hackers are shaping Biden's foreign policy (Washington Post) The Biden administration is plunging ahead in a pair of high-profile cybersecurity investigations into North Korean and Russian hackers, shedding light on how it plans to crack down on foreign hackers after the Trump administration downplayed the issue in the 2016 election and its aftermath.

DHS Announces Steps to Advance President’s Commitment to Elevate Cybersecurity (Department of Homeland Security) Secretary Alejandro N. Mayorkas announced the many ways the Department of Homeland Security (DHS) will carry out President Biden’s vision to elevate cybersecurity across the government. DHS will lead efforts to mitigate risks to the United States, further strengthen its partnerships with the private sector, and expand its investment in the infrastructure and people required to defend against malicious cyber attacks as part of a whole-of-government effort.

DHS announces new measures to boost nation's cybersecurity (TheHill) The Department of Homeland Security (DHS) on Monday announced a range of steps it will take to bolster the nation’s cybersecurity posture, including increasing funding for key cybersecurity issues.

Mayorkas Sets Out Steps to Elevate Cybersecurity (Homeland Security Today) Secretary Alejandro N. Mayorkas has today announced the many ways the Department of Homeland Security (DHS) will carry out President Biden’s vision to elevate cybersecurity across the government.

CISA Welcomes New Members to Leadership Team (CISA) The Cybersecurity and Infrastructure Security Agency (CISA) announced today that three new administration appointees have joined the agency in leadership roles. Nitin Natarajan has joined CISA as its Deputy Director, Eric Goldstein as Executive Assistant Director for Cybersecurity, and Dr. David Mussington as Executive Assistant Director for Infrastructure Security.

Navy says ‘liking’ or sharing extremists’ posts on social media can get you in trouble (Navy Times) Here's how the Navy will conduct its stand-down addressing extremism in the ranks.

New York issues cyber insurance framework as ransomware, SolarWinds costs mount (CSO Online) The state looks to protect one of its core industries, which is threatened by mounting and potentially "unsustainable" losses due to the SolarWinds and ransomware attacks.

Litigation, Investigation, and Enforcement

SolarWinds Cyberattack Cleanup Costs: SWI Earnings, Senate & House Hearings May Provide Clues (MSSP Alert) How much will SolarWinds cyberattack cost to clean up? SWI Q4 2020 earnings & SolarWinds CEO testimony during House & Senate hearings may provide cleanup cost clues.

Analysis | The Cybersecurity 202: SolarWinds hearing puts the company's new CEO in the hot seat (Washington Post) Sudhakar Ramakrishna is looking to reframe the conversation after the massive Russian hack.

SolarWinds CEO Recommends Liability Protections for Sharing Information about Incidents (Nextgov.com) The new CEO had a couple of other asks for Congress too.

Covid-19 Vaccine Scams Grow, Leveraging Confusion About How to Get the Shot (Wall Street Journal) Scammers are taking advantage of widespread anxiety about Covid-19 with cyber schemes enticing people to give up their personal data and money with the promise of a vaccine.

CJEU to rule on processing of personal data from employees for videoconferencing (Pinsent Masons) Questions relating to distance learning and the data privacy implications of it have been referred to the Court of Justice of the European Union (CJEU) in a case before a German administrative court.

Watchdog Casts Doubt On IRS' Warrantless Phone Tracking (Law360) The U.S. Supreme Court's 2018 ruling that the federal government generally needs a warrant to access historical cellphone location records likely extends to the type of contractor-provided mobile app GPS data that the Internal Revenue Service had previously used in criminal investigations, a U.S. Treasury Department watchdog has said.

FabFitFun Reaches Preliminary Settlement in Data Breach Case (Bloomberg Law) FabFitFun Inc. reached a preliminary deal with plaintiffs over its alleged role in a 2020 data breach, agreeing to devote $625,000 to a settlement fund.

Crypto-Craze Icon Long Blockchain Has Shares Delisted by SEC (Bloomberg) Long Blockchain Corp., the former iced-tea company that became a poster child of crypto-investment excesses, had its shares delisted by U.S. regulators after failing to file financial reports for years.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

National Cyber League (NCL) Spring Season (Virtual, February 15 - April 11, 2021) The National Cyber League (NCL) is a defensive and offensive biannual puzzle-based, capture-the-flag style cybersecurity competition allowing US high school and collegiate students of all skill levels to showcase and build their skills. Its virtual training ground helps students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual Game and Team Game. Between easy, medium and hard challenges, students identify their strengths and weaknesses and expand their portfolio with an NCL Scouting Report. Registration for the Spring Season closes March 9, 2020.

America Under Cyber Attack: Operating in a Post-Sunburst World (Virtual, February 23, 2021) Last year foreign hackers secretly broke into a US-based IT security solution provider and added infected code into their software. As part of the company’s regular software update process, the company unknowingly forwarded malicious code, creating a backdoor to their clients’ IT systems. Multiple government agencies and private organizations were impacted. Register today and prepare to learn details of supply chain cyber attacks and the required steps to both reduce risk and operating costs while providing the security necessary to protect the warfighter and keep Federal agencies safe.

Acuant "Mind the Gap" Webinar (, February 24, 2021) The gap between physical and digital identity has been widening significantly and the pandemic has accelerated the move to digital. What has this meant for fraud and how will government and business address the growing trust gap? In our webinar we’ll be chatting with a panel of esteemed experts from the US and the UK on how to address these gaps and flip the script on fraudsters. Key talking points will include looking at today’s standards for government-issued identity documents, forgery trends and the impact of the lack of information sharing and cooperation between private corporations and law enforcement. We’ll also discuss the need for industry standards and how identity proofing technology can build trust.

Simplify PKI 2021 (Virtual, March 10 - 11, 2021) As technology breaks new ground, one thing’s for sure - cybersecurity isn’t going to get easier. On the one hand, security teams grapple with building and maintaining a robust machine identity management for new devices and workloads; on the other hand, they need to devise prevention and mitigation strategies for the increasingly ingenious cyber-attacks. In our one-of-a-kind virtual event Simplify PKI 2021, you’ll learn how to remove risk out of the equation, secure your enterprise by building a strong Crypto Center of Excellence (CCoE), and enable enterprise crypto agility through automation.

Identity Management Day (Virtual, April 13, 2021) Identity Management Day aims to inform about the dangers of casually or improperly managing and securing digital identities by raising awareness, sharing best practices, and leveraging the support of vendors in the identity security space. There are many ways to participate as a consumer, practitioner or an organization.

Implement the New NIST RMF Standards and Meet the 2021 FISMA Metrics (Virtual, May 25 - 26, 2021) RMF now requires an additional step, Preparation Step with 18 new Tasks, and the security control baselines families have increased from 18 to 20 to include more privacy and supply chain security control families. The President and OMB have also increased the requirement to implement to new CSF process into the FISMA process and DHS has initiated several new activities that can be leveraged by enterprises and systems to increase the security and meet on-going authorization efforts. All of these have made major changes to Federal Cybersecurity requirements that will affect government and contractor information systems and enterprises. This seminar will identify the changes and provide strategies for effectively and quickly implementing solutions for meeting the new requirements.

8(a) National Security Showcase (Virtual, June 8 - 9, 2021) Are you an 8(a) business looking to expand into the DoD and Intelligence Community? Interested in learning how you can build your bottom line and advance national security? The INSA 8(a) National Security Showcase is designed to foster business partnerships between IC agencies, its prime contractors, and 8(a) businesses. This two-day virtual event offers the opportunity to market innovative national security technologies, applications, and services to procurement representatives from prime contractors and the 18 IC agencies.

Cloud Security Conference @930GOV (Virtual, June 10, 2021) Government agencies are using cloud computing solutions to reduce costs, increase efficiencies and improve service delivery. As the public sector continues to expand cloud adoption, the need for securing government data in the Cloud remains a top priority. DGI’s virtual Cloud Security Conference @930gov will explore the policies, applications, strategies, technologies, and best practices associated with securing the government Cloud. Registration is free. The Cloud Security Conference is co-produced with the 9th annual 930gov Conference.

Implement the New NIST RMF Standards and Meet the 2021 FISMA Metrics (Virtual, September 21 - 22, 2021) RMF now requires an additional step, Preparation Step with 18 new Tasks, and the security control baselines families have increased from 18 to 20 to include more privacy and supply chain security control families. The President and OMB have also increased the requirement to implement to new CSF process into the FISMA process and DHS has initiated several new activities that can be leveraged by enterprises and systems to increase the security and meet on-going authorization efforts. All of these have made major changes to Federal Cybersecurity requirements that will affect government and contractor information systems and enterprises. This seminar will identify the changes and provide strategies for effectively and quickly implementing solutions for meeting the new requirements.

upcoming Events

SoCal Cyber Cup Challenge (SCCC) (Virtual, February 15 - May 31, 2021) Now in its 12th year, the SoCal Cyber Cup Challenge (SCCC) is a cybersecurity competition for middle school, high school, and community college students in the Southern California region, started by NDIA San Diego. Supported by a Department of Defense grant, this year’s competition will include community college students and extensive training for competitors and their mentors. As part of the grant, faculty from Coastline College, Palomar College, and Riverside City College will be supporting the challenge by developing mentor training content and promoting the competition.

Intel Apps Virtual Industry Day (Virtual, February 23, 2021) A virtual event to provide contractors with information regarding the PM IS&A Intel Apps Program objectives, and to answer contractor questions. The Intel Apps Program is focused on four initial applications (All Source, Intelligence Support to Targeting, Weather Operational Effects, and Information Collection Management), and these Apps will provide leap ahead software capability in support of the Multi-Domain Intelligence (MDI) Framework, Multi-Domain Operations (MDO), and Joint All-Domain Operations (JADO) by enabling intelligence professionals to work through the intelligence cycle with increased speed, precision and accuracy.

Check Point Experience: CPX 360 2021 (Virtual, February 23 - 24, 2021) CPX 360 2021 is the one must-attend event for cyber security professionals. In 2021, you’ll discover the latest resources, game-changing insights and unique perspectives to help solve your toughest security challenges in this new post-pandemic world. With the sudden shift to remote work, we learned the value of being able to adapt. Your cyber security strategies must also change. Through our dynamic sessions, this virtual event will deliver the valuable information on defending against the latest vulnerabilities - all from Check Point’s world leading experts and partners.