The CyberWire Daily Briefing 02.05.13

Summary

By The CyberWire Staff

The US Department of Energy sustains a "sophisticated" cyber attack. Just how the attackers got into the Department's servers is unclear, but an official letter admonishes employees and contractors to encrypt files and emails that contain personally identifiable information. Some officials are quoted on background as blaming Chinese espionage services, but no firm attribution has been made. (See also the stories below on the US Administration's views concerning cyber conflict with China, and on its reservation of a right to preemptive cyber attack.)

Several retail exploits are circulating. Anonymous exposes 4000 bankers' personal information (logins, passwords, phone numbers), bogus income tax emails carry a malware payload, a "Lucky Thirteen" exploit recovers plaintext of authentication cookies.

Further investigation of attacks on US newspapers suggests that the perpetrators were politically motivated. A lesson is drawn from the Red October campaign: monitor data, not just endpoints and perimeters. And we might draw some encouragement from Lockheed Martin's successful parry of 2011's RSA hack: the company's security team concludes that it's more important (and affordable) to keep intruders from getting anything of value than it is to keep them out.

Oracle patches fifty Java bugs, and Apple restores patched Java to OS X.

In industry news, Dell's board votes to take the company private. Microsoft and Huawei launch a joint venture to sell smartphones in Africa. Startup Silent Circle offers an advanced peer-to-peer encryption app designed to enable secure ("silent") file sharing. Sophos observes Safe Internet Day by offering tips on protecting children online.

Notes.

Today's issue includes events affecting Angola, Canada, China, Egypt, Estonia, Finland, Israel, Ivory Coast, Kenya, Morocco, Nigeria, Romania, South Africa, United States.

Selected Reading

Cyber Trends

Single Sign-On Increasingly Connected In The Cloud (Dark Reading) Behind the scenes, identity and access solution providers continue a broad effort to integrate to cloud services, the biggest hurdle to SSO adoption. The difficulty in integrating single sign-on with service providers almost spelled the end to the ambitions of e-learning firm Edulabs Global Learning Solutions

Why media companies stink at security (CSO) Recent attacks on the New York Times and other papers reveal a security weakness I'm all too familiar with. I've been following the recent attacks on The New York Times and other newspapers with much interest in recent days. It's yet another snapshot of how much trouble China will continue to be in the years to come and elevates the discussion on state-sponsored cyber attacks to new levels. But as someone who has worked in the media for almost 20 years, I'm interested in this story because it exposes an uncomfortable truth I've actually known about for some time

Frost warns M2M roaming challenges pose 'significant obstacle' to enterprise adoption (Fierce Mobile IT) Machine-to-machine connectivity roaming challenges are the "most significant obstacles to enterprise adoption" of M2M technology, said Yiru Zhong, senior industry analyst with Frost & Sullivan. These challenges arise because providing global connectivity for M2M devices relies on partners for communication to the home network. M2M roaming challenges include identity management and security, configuration management, and service layer and connection management for M2M roamers, according to a white paper by the Connected Device Forum

Gartner: Enterprise IT will accept Apple Macs next year the way PCs are accepted today (Fierce Mobile IT) By next year, Apple (NASDAQ: AAPL) Macs will be as accepted by enterprise IT as Microsoft (NASDAQ: MSFT) PCs are today, predicted David Mitchell Smith, vice president and fellow at research firm Gartner. "Apple will continue to benefit from consumerization and will continue to evolve Macs to take on more iOS characteristics, which will contribute to acceptance of Macs in the enterprise," Smith observed

Legislation, Policy and Regulation

Who protects the Israeli civilian home front from cyber attack? (Haaretz) Gil Sharon, the CEO of cellular operator Pelephone, on Monday rushed to rule out the possibility that the failure of his company's cellular network on Sunday was caused by hacking or another form of cyber attack. Sharon made his comments even though he

US in Growing Cyber War With China? (Fox Business) To defend against it so defense cuts across the board maybe not such a good idea we are doing things not may be enough cyber command

Obama can 'order pre-emptive cyber-attack' if US faces threat (ZDNet) At a time where the U.S. continues to work on its cyber-warfare strategy, a 'secret legal review' of the use of America's cyber-arsenal has concluded that the U.S. government can launch a cyber-attack against a threatening nation if the country needs

Broad Powers for Obama to Respond to Cyber Attack on America (New York Times) The Times's David E. Sanger discusses a secret legal review concerning President Obama's powers in the face of a major cyberattack on America

FTC urges mobile platforms to consider offering Do Not Track (Help Net Security) The explosive growth of mobile services allows consumers to do things that would have been hard to imagine only a few years ago, but at the same time, mobile technology raises unique privacy concerns

Products, Services, and Solutions

Lancope Increases Network Visibility And Security Context With New NAT Support (Dark Reading) StealthWatch stitches and deduplicates network address translation communications. Lancope, Inc., a leader in network visibility and security intelligence, is now providing more granular visibility at the network edge through support for network address translation (NAT)

Autonomic Resources Unveils Federal Cloud Stack Portfolio (The New New Internet) Autonomic Resources will offer agencies private cloud stacks as part of the company's cloud platform offering for U.S. government customers, the company announced Friday. The company's ARC-P cloud provides U.S. agencies a government community infrastructure-as-a-service cloud offering, designed to provide agencies both managed and unmanaged virtual machine

OpenDNS Offers Security Researchers Free Service For Tracking Cybercrime, Cyberespionage (Dark Reading) Red October, PayPal phishing campaign connection discovered via new OpenDNS service for researchers. An OpenDNS executive here today will announce that the DNS and security service provider is offering security researchers free access to its Internet and DNS traffic data and analysis: the idea is to provide researchers with a more global view of malware, botnets, and advanced threats rather than just a snapshot or slice of the activity

BlackBerry Works With Trend Micro To Expand Third-Party App Protection For Customers (Dark Reading) Collaboration will incorporate the Trend Micro Mobile Application Reputation Service with BlackBerry's current internal, proprietary system for analyzing applications

BlackBerry Z10 Selling In 'Large Numbers', Says BlackBerry — Some U.K. Retailers Sold Out Over The Weekend (TechCrunch) The company formerly known as RIM is holding its first developer event in Europe since launching its new BlackBerry 10 platform last Wednesday. Speaking at the BlackBerry Jam event in Amsterdam, UK MD Stephen Bates said the launch of the first BB10 device — the full touch Z10 — has exceeded expectations, with some U.K. retailers selling out a few days after launch

Facebook may create a passive location-logging app (Ars Technica) A new app is in the works to track users' whereabouts. Facebook is planning an app that tracks the location of users, according to a report from Bloomberg. The feature would be able to run on a handset even when the app isn't open, and it may be used to help the company target ads based on location

iOS 6 untethered jailbreak released, Cydia app store flooded (CSO) The latest jailbreak works for the iPhone, iPod touch, iPad and iPad mini models on iOS 6.0 through 6.1. Apple modders can rejoice: The latest jailbreak software for iOS 6 was released on Monday. The jailbreak is the result of months of work by a four-man computer security research team called the "Evad3rs." They probed Apple's latest OS to find a string of vulnerabilities that would allow an untethered jailbreak, or one that can be installed without the device being connected to a computer

Windows 8 Outlook: Murky At Best (InformationWeek) Based on the latest numbers, Microsoft should slash prices on both Surface RT and Windows 8 to motivate sales, some analysts say

Sophos updates mobile device management for Android (Help Net Security) Sophos announced Sophos Mobile Control 3.0, which is offered both on-premise and as-a-service. It includes support for Samsung SAFE devices, granting control over how devices are used and making BYOD

Workers Want Windows 8 Tablets, Not iPads, Study Says (LAPTOP Magazine) Apple may have popularized the tablet genre with its first generation iPad back in 2010, but in 2013 workers want Windows--at least that's what the researchers at Forrester are saying

Technologies, Techniques, and Standards

Canada Joins The DNSSEC Party (Dark Reading) Implementing DNSSEC will take some effort, but it plays an important role in securing the future Internet. So what is the big deal about Canada signing its .ca ccTLD? To Canada, it is a big deal to configure its DNS (domain name system) server to respond to DNSSEC lookups because it is the 99th country to do so. Ninety-nine is also the hockey jersey number of the immortal Wayne Gretzky. Not to mention, DNSSEC signing the .ca ccTLD adds another layer of protection from cybercriminals looking to steal data or send spam. Clearly there is a lot to be excited about and a mysterious numerological connection

Is SCIM The Shim You Have Been Looking For? (Dark Reading) SCIM is designed to solve common, real-world scenarios while managing users across cloud and enterprise domains, but incentives will drive its success

Securing your website: A tough job, but someone's got to do it (Ars Technica) Website breaches can be devastating to your business—here's how to prevent them. In 2006, members of a notorious crime gang cased the online storefronts belonging to 7-Eleven, Hannaford Brothers, and other retailers. Their objective: to find an opening that would allow their payment card fraud ring to gather enough data to pull off a major haul. In the waning days of that year they hit the mother lode, thanks to Russian hackers identified by federal investigators as Hacker 1 and Hacker 2

Top 10 tips to keep your kids and teens safe online (Naked Security) Today is Safer Internet Day. And with 86% of 7-11 year olds and 96% of 11-19 year olds communicating online it's important everyone knows how to stay safe. So here are some tips for you to pass on to youngsters to make sure they're clued up about their online safety

Marketplace

DoD Cyber Crime Conference A Victim Of Sequester (Dark Reading) As the U.S. federal budget 'sequester' approaches, annual conference to be sponsored by the Department of Defense is canceled due to budget uncertainty

Law enforcement slow to adopt cloud computing (Fierce Government IT) Cloud computing adoption remains low among law enforcement agencies, according to the results of a survey unveiled Jan. 31. According to a Ponemon Institute survey (.pdf) of 272 officials, most of them chief executives of police or sheriff departments, 46 percent of law enforcement agencies are not considering utilizing cloud computing. Thirty-eight percent say they're considering it, or planning for adoption within the next 2 years, and 16 percent say they use it now. Ponemon did the survey at the behest of the International Association of Chiefs of Police and cloud computing promoter SafeGov

Hidden Secrets Of Spending (Wall Street Journal) While the debate rages over the size of government, a funny thing has been happening: Quietly, government has been shrinking

NASIC 'Vital' To U.S., Intelligence Chief Says (Dayton Daily News) The leader of the nation's military intelligence agency toured the National Air and Space Intelligence Center to learn more about the secretive center's missions, and how massive defense cuts might impact capabilities officials said are vital to national security

Air Force Offers Early Out To Meet End Strength (AirForceTimes.com) The Air Force is beginning to release details about how it will reduce its end strength by 3,340 airmen by the end of September

Cyber Experts Needed, But There's a Skills Gap (Fox Business) So -- this latest string of cyber attacks -- we're just talking about prompting the Pentagon to add thousands of new employees to -- US cyber command but

Accenture CEO Pierre Nanterme Adds Board Chairman Title (Govconwire) Accenture (NYSE: ACN) CEO Pierre Nanterme has succeeded William Green as chairman of the board of directors, effective Friday. Green, whom Nanterme succeeded as CEO in January 2011, retired from the company. "I am honored to take on the additional role of chairman," Nanterme said "I want to thank Bill Green, once again, for his

Cubic Promotes CFO William Boyle To CEO, Bradley Feldmann COO (Govconwire) Cubic Corp.'s (NYSE: CUB) board of directors has promoted Chief Financial Officer William Boyle to president and CEO in a series of executive moves, Cubic announced Friday. Boyle, who also held the executive vice president title, has served as interim president and CEO of the San Diego-based firm since the death of founder and former

Dell Goes Private In $24.4 Billion Leveraged Buyout Deal By Michael Dell And Partners (TechCrunch) Dell has indeed made the decision to go private, according to reports today from The AP and other sources. The deal reportedly involves a leveraged buyout worth $24.4 billion by company founder Michael Dell and partners. Talks about Dell going private have been growing this year, with reports last week saying that Michael Dell was offering up to $1 billion of his own funds to take control of the

Microsoft and Huawei debut Windows Phone for Africa (CNET) Looking to get an edge on one of the world's most rapidly growing markets, the software giant teams up with the Chinese phone maker to sell low-cost smartphones to African consumers

VMware Vs. Microsoft: The Next Chapter (InformationWeek) Microsoft has already some stolen some VMware customers and there will be more to come. But some watchers missed the early success of software-defined data center buried in VMware's Q4 numbers

Nokia 'looking closely' at tablets, with 'first focus' on Microsoft's platform (Ars Techica) Nokia CEO says Samsung's rise vindicated his decision to use Windows Phone. A Nokia-built, Windows-powered tablet has been rumored before, and it's being rumored again. Speaking in Sydney, Nokia CEO Stephen Elop said the company planned to "broaden its portfolio," and tablets were something Nokia was "clearly looking at very closely," reports the Australian Financial Review

Research and Development

The Threat of Silence (Slate) Meet the groundbreaking new encryption app set to revolutionize privacy and freak out the feds. For the past few months, some of the world's leading cryptographers have been keeping a closely guarded secret about a pioneering new invention. Today, they've decided it's time to tell all

Security Patches, Mitigations, and Software Updates

Apple, Oracle restore Java on OS X (CSO) Java browser plug-in functionality restored to Snow Leopard, Lion and Mountain Lion after latest blacklisting. Apple on Friday shipped an update to Java 6 for Mac users running OS X Snow Leopard, matching Oracle's cadence for Java 7, which was patched the same day

Oracle Issues Emergency Java Security Update (InformaitonWeek) Oracle's Java update addresses 50 bugs, including flaws that can be used to remotely compromise a desktop or server

Cyber Attacks, Threats, and Vulnerabilities

Department of Energy hit by 'sophisticated' cyber-attack (Daily Mail) The U.S. Department of Energy suffered a major security breach after a large cyber-attack that targeted computer networks, it was revealed today. The Washington Free Beacon reported that an unknown group targeted the government organization two weeks

Hackers breach U.S. Energy Department networks (Help Net Security) Notifications sent out to employees and contractors of the U.S. Department of Energy have confirmed that it and its networks have been the latest victim of "sophishicated [sic] hackers" in search of confidential

Latest Cyber Attack By Alleged 'Chinese Hackers' May Be The Most Dangerous (Business Insider) The concentrated cyber attack that breached the defenses of U.S. Department of Energy [DoE] last week may be the scariest yet. Unnamed officials tell Bill Gertz of The Washington Free Beacon that the hackers were only after personal information of

Department of Energy hack exposes major vulnerabilities (CSO) Security experts say damage probably not serious, but that the implications are. The U.S. Department of Energy (DoE) is the latest federal agency to become the victim of a cyberattack while not immediately being aware of it. Several security experts say the intrusion was unlikely a prelude to what outgoing Secretary of Defense Leon Panetta has warned is a coming "cyber Pearl Harbor" aimed at the U.S. But, they said it is serious all the same, because it shows how vulnerable critical government departments are to espionage

Anonymous posts personal data of 4,000 bankers online (CSO) Logins, passwords, phone numbers included in the info made public. Personal information on some 4,000 people in the banking industry, including bank officers, was posted online Sunday by the hacker collective Anonymous. The list was initially posted to the website for the Alabama Criminal Justice Information Center (ACJIC), then apparently taken down by that site's operators. The ACJIC did not respond to a request for comment about the incident

Malware Strikes With Valid Digital Certificate (CSO) One of the foundational elements of ecommerce is the web of trust enabled by digital certificates. When you go to a web site, you can feel confident that it's legitimate because it has a certificate from a recognized certificate authority that validates it. But the certificates themselves can be vulnerable. Case in point: Security firm Malwarebytes recently discovered some malware in the wild with a valid, signed digital certificate. "One of our security researchers identified this piece of malware," says Jerome Segura, senior security researcher at Malwarebytes. "It's a typical Trojan with one peculiarity: It was signed, and unlike a lot of malware that uses signatures, this one was valid"

Malware spammed out widely posing as income tax email (Naked Security) A widespread Trojan horse tricks users into opening it by posing as a tax return-related email. Are you taking enough care over your computer's security

Google Blocks High Profile Sites After Advertising Provider NetSeer is Hacked (Threatpost) Google Chrome users, among others, couldn't access some of the most popular Web sites Monday after an advertising network's corporate Web site was injected with malware. But, according to the ad company's chief executive, those sites were safe.

An expose of a recent SANS GIAC XSS vulnerability (Internet Storm Center) Last week (30 JAN) Attrition.org (@SecurityErrata) tweeted that the SANS GIAC site was susceptible to cross-site scripting (XSS) via the search field. XSS is, without question, a vulnerability almost every web application will or has suffered at some point. One need only read Attrition's OSVDB, Secunia Advisories, or Whitehat's website statistics reports to get a feel for how prevalent the issue is. There are many reasons why the vulnerability is #2 on OWASP's Top 10 and SANS, like so many others, is no stranger to the issue as Johannes Ullrich (Dr. J) points out in his ISC Diary entry from 12 JUN 2012

'Lucky Thirteen' attack snarfs cookies protected by SSL encryption (Ars Technica) Exploit is the latest to subvert crypto used to secure Web transactions. Software developers are racing to patch a recently discovered vulnerability that allows attackers to recover the plaintext of authentication cookies and other encrypted data as they travel over the Internet and other unsecured networks

URL detection flaw causes OS X apps to crash (CSO) Over the weekend, reports of a rather curious OS X bug were reported with a mixture of amusement and surprise. Affecting only recent versions of Mountain Lion--including, according to some reports, as-yet unreleased betas of the operating system--the bug manifests itself in the form of a crash every time you type File:/// (with an uppercase F) inside most standard text input controls like those you can find in a Web form or in text editors like TextEdit

Left Behind: Out-Of-Date Androids At Risk (Dark Reading) Researcher calls out mobile providers for not pushing regular updates to many Android devices. Mobile security researchers may be hunting bugs in Android mobile device software, but it doesn't take a zero-day attack to compromise most of those devices today

Roesch: Media Hackings Politically Motivated (Fox Business) So have we entered into a new air of cyber terrorism -- source fire founder and interim CEO is here. The Cali can protect against it is this now the new

Red October: The hunt for data (Help Net Security) The recent discovery of the Red October malware has focused a lot on its effects, but inadequate attention has been given to its purpose - which successfully evaded anti-virus and network intrusion detection

The rise of mobile advertising malware toolkits (Help Net Security) In Q4 2012, FortiGuard Labs has highlighted malware samples that show four typical methods cybercriminals are using today to extract money from their victims. In addition, the report shows increasing

How the RSA Attackers Swung and Missed at Lockheed Martin (Threatpost) The attack that resulted in the compromise of RSA's SecurID database in 2011 had a lot of ramifications and sent shockwaves through much of the security industry. But it could have had much broader consequences had the security team at Lockheed Martin not discovered the same attack team on its own network and taken actions to shut them down

Partial Disclosure Leaves Adobe Reader Zero-Day Story in Limbo (Threatpost) Adobe researchers presented at the Kaspersky Security Analyst Summit a case study on the partial disclosure of a zero-day vulnerability reported by Group-IB in

Academia

With $100M From The Gates Foundation & Others, inBloom Wants To Transform Education By Unleashing Its Data (TechCrunch) In 2012, the buzz around education technology reached new heights and, with the new year now underway, the hype surrounding the potential transformative impact of technology on both higher and K-12 education continues, thanks to initiatives like the one Udacity is piloting with largest university system in the world, which aims to bring affordable, lower-division and remedial online courses to the

Harvard will just be 'a dating service' when robots rule the US (Quartz) The FT's Edward Luce penned a piece opining on what the inevitable conflict between the US economy and Skynet will mean for working stiffs across the globe's biggest economy. But in an interesting aside he spotlights how technology is already turning the world of US higher education upside down

Litigation, Investigation, and Enforcement

DNSChanger malware suspect pleads guilty - faces 25 years and the prospect of paying back $7m (Naked Security) Just over a year ago, the FBI announced the bust of six Estonians over malware known as DNSChanger. The first of the six has just pleaded guilty

Dutch hacker imprisoned for trafficking 100,000 credit cards (Help Net Security) A Dutch citizen who was arrested and extradited from Romania was sentenced to 12 years in prison for a computer hacking and credit card fraud scheme that victimized people around the world, announced

Design and Innovation

The Next Global Smartphone Revolution: Made in Taiwan (Wired) MediaTek chips will drive a wave of global smartphone sales. There are almost 7 billion people on the planet, only 1 billion or so of whom have a smartphone. That means 6 billion people do not have one. The biggest tech company you've never heard of wants to flip that statistic, and in so doing make 2013 the year it brings the world online

Ship Ahoy: Inside Blueseed's 'Googleplex Of The Sea' (InformationWeek) Blueseed's "Googleplex of the Sea" for international startups and entrepreneurs has a waitlist of more than 350 companies and 1,100 workers who want to come aboard

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

North American ICS & SCADA Summit (Lake Buena Vista, Florida, USA, February 6 - 15, 2013) The Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses.

ATMiA US Conference 2013 (Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.

Cybergamut Technical Tuesday: Cloud Security (, January 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..

#BSidesBOS (Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..

RSA USA 2013 (San Francisco, California, USA, February 25 - March 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.

Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.

NRO Winter Way Forward Conference (Chantilly, Virginia, USA, February 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will gain valuable networking time with conference attendees and all NRO personnel.

TechMentor Orlando 2013 (Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.

Business Insurance Risk Management Summit (New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.

CanSecWest 2013 (Vancouver, British Columbia, Canada, March 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.

e-Crime Congress 2013 (London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.

CTIN Digital Forensics Conference (Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.

IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

AFCEA Belvoir Industry Days 2013 (National Harbor, Maryland, USA, April 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.

CSO40 (Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, April 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.

Cyber 1.3 (, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.

INFILTRATE 2013 (Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.

Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.

Infosec Southwest 2013 (Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.

23rd Annual Government Procurement Conference (Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.

Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.