The CyberWire Daily Briefing 02.15.13

Summary

By The CyberWire Staff

Mac users cannot validate McAfee apps they wish to install on their devices—a McAfee administrator inadvertently revoked the necessary digital key early last week—and they'll have to wait for McAfee to complete resigning its apps. (Some users report being told to "just allow untrusted certificates," but McAfee brass is quick to disavow such rash advice.)

The Adobe zero-day is implicated in a recent spearphishing campaign against aerospace companies. (One vector was a widely circulated IEEE conference schedule.) Other infected pdfs used a decoy document technique—after infection was complete, the vector replaced itself with an innocent version, thereby covering the attacker's tracks. Adobe's workaround—use Protected View—works for Windows, but Mac and Linux users have no good alternatives yet.

A Trustwave study points out that many attacks take months to detect, and here's an example: the Los Angeles Times' "Offers and Deals" sub-domain began redirecting visitors to the Blackhole exploit kit back on December 23, 2012.

China's Uyghurs—often out-of-favor with the government—experience a spike of spearphishing attacks. Social media, including Twitter and Facebook, are being used elsewhere for phishing. Raytheon's RIOT social media surveillance tool continues to spook international media.

ENISA thinks cloud computing holds great promise for critical infrastructure protection. (For counterpoint, see Bruce Schneier on security's return to a feudal model.)

US President Obama's cyber executive order seems to pass muster with privacy advocates (like the ACLU), but others see it as indefinitely expanding the definition of "critical infrastructure" and misapplying risk analysis.

Notes.

Today's issue includes events affecting Australia, China, Germany, Iran, Russia, and United States..

Selected Reading

Cyber Trends

Serious data breaches take months to spot, analysis finds (Network World) One in five incidents take years to detect, Trustwave says. More than six out of ten organisations hit by data breaches take longer than three months to notice what has happened with a few not uncovering attacks for years, a comprehensive analysis of global incidents by security firm Trustwave has found

Mobile network infections increase by 67 percent (Net Security) Kindsight released a new report that reveals security threats to home and mobile networks, including a small decline in home network infections and an increase in mobile network infections. Highlights include:The rate of home network infections decreased from 13 to 11 percent in Q4; 6 percent exhibited high-level threats, such as bots, rootkits and banking Trojans. The ZeroAccess botnet continued to be the most common malware threat

Infosec pros don't trust their own networks (Help Net Security) A SafeNet survey of 230 United States security professionals, revealed that, despite continued investments in network perimeter technologies, respondents are not confident that they are employing the

Cloud computing in critical information infrastructure protection (Help Net Security) ENISA has launched a new report looking at cloud computing from a Critical Information Infrastructure Protection (CIIP) perspective, and identifying that cloud computing is critical given the concentration

When It Comes to Security, We're Back to Feudalism (Bruce Schneier) Some of us have pledged our allegiance to Google: We have Gmail accounts, we use Google Calendar and Google Docs, and we have Android phones. Others have pledged allegiance to Apple: We have Macintosh laptops, iPhones, and iPads; and we let iCloud automatically synchronize and back up everything. Still others of us let Microsoft do it all. Or we buy our music and e-books from Amazon, which keeps records of what we own and allows downloading to a Kindle, computer, or phone. Some of us have pretty much abandoned e-mail altogether…for Facebook

ISACA cyber security survey reveals that one in five enterprises has experienced an APT attack (Business Wire) A global cyber security survey of more than 1 500 security professionals found that more than one in five said their enterprises have experienced an advanced persistent threat (APT) attack. According to the study by global IT association ISACA, 94% say APTs represent a credible threat to national security and economic stability, yet most enterprises are employing ineffective technologies to protect themselves

Telcos begin formal big data push (FierceBigData) For an industry that has long had the means, as well as the historical and real-time data necessary to pull off big data analytics, and has actually dabbled in it, telecom has taken its time jumping on the bandwagon and driving its adoption

Legislation, Policy and Regulation

Australia's National Security Paper: A Case Of Lost Opportunities? – Analysis (Eurasia Review) Australian Prime Minister Julia Gillard delivered a statement about the country's national security policy to a carefully selected crowd of defense, public service, and academic personnel at the Australian National University late last month. The 58-page paper entitled 'Strong and Secure: A Strategy for Australia's National Security' supersedes the last one given by former Prime Minister Kevin Rudd back in 2008 and it is considered a supplement to Australia in the Asian Century, a white paper presented by Premier Gillard last October. The paper outlines the country's assessment of priorities, risks, and capabilities

Putin orders setting up of anti-hacker defence (Hindustan Times) Russian President Vladimir Putin has personally instructed the Federal Security Service (FSB) to promptly set up a unified system to detect and counter computer-hacking attacks on Russia's IT resources. In the near future, we need to set up a unified system for detecting, preventing and defending against computer attacks on Russia's information (technology) resources," Putin said at a meeting of the FSB

Taming The Cyber-Dragon (Washington Post) Stronger measures are needed to stop China's online espionage

DHS and NIST sign cybersecurity agreement (FierceGovermentIT) The Homeland Security Department's National Protection and Programs Directorate and the National Institute of Standards and Technology say they'll work together more closely on cybersecurity issues following a memorandum of agreement the two agencies signed earlier this month

CISPA backers reintroduce bill; privacy advocates quick to reiterate criticism (FierceGovermentIT) Backers of a controversial cybersecurity bill approved by the House in April 2012 reintroduced it again Feb. 13 for consideration by the new Congress. The Cyber Intelligence Sharing and Protection Act (H.R. 624) would create a mechanism for the private sector to share with the federal government cyber threat information--the Homeland Security Department, or another federal agency. Critics such as the Center for Democracy and Technology say the bill language creates an avenue for information on American Internet users to go to the intelligence community, a criticism CDT President Leslie Harris reiterated soon after the bill's reintroduction

Obama executive order redefines critical infrastructure (CSO) More companies could get designated as part of the sector under this week's presidential cybersecurity orde

PPD 21: Extreme Risk Management Gone Bad (Forbes) On Tuesday, February 12, 2013, President Obama issued Presidential Policy Directive 21: Critical Infrastructure Security and Resilience. PPD 21 represents my worst nightmare: the misguided mantra of management consultants writ large. How large? The entire Federal juggernaut is to be roped into a tangle of coordination, data exchange, R&D, and risk management to address ephemeral threats to critical infrastructure. It even stretches around the world to include governments that may host critical facilities and assets of the United States

Cooperation seen as crucial in facing US cyber threats (Reuters) House Intelligence Committee Chairman Mike Rogers of Michigan reintroduced his cyber-security bill on Wednesday with a pledge there would be no schism with the White House over the issue. Obama threatened to veto the bill in 2012, citing lax safeguards

Reactions to Obama's Executive Order on cybersecurity (Help Net Security) On February 12, we have witnessed U.S. President Barack Obama sign an Executive Order and issue a Presidential Policy Directive aimed at improving the cybersecurity of critical infrastructure

Cybersecurity framework could be mandatory for some companies (FierceGovermentIT) Adoption of the cybersecurity framework called for by an executive order on cybersecurity signed by President Obama on Feb. 12 might not be voluntary for companies regulated by federal agencies with authority to require adoption--specifically those "agencies with responsibility for regulating the security of critical infrastructure," the executive order says

Cybersecurity Executive Order Leaves Tough Work Undone (InformationWeek) Government and industry must work together in challenging new ways to implement the White House's executive order on cybersecurity, top federal officials said Wednesday

New High-Tech Warfare Medal Draws Backlash (Army Times) The Pentagon sparked an uproar among troops and veterans when it revealed that a new high-level medal honoring drone pilots will rank above some traditional combat valor medals in the military's "order of precedence."

Products, Services, and Solutions

Facebook Blocks Perverts From Graph Searching For Kids (TechCrunch) Facebook has coded some special rules into Graph Search to make sure shady adults can't stalk minors. Today Facebook clarified that searches that could identify kids under 18 by age or location won't return any results for strange adults

Qualys and iViZ partner on cloud-based web application security (Help Net Security) Qualys announced its partnership with iViZ to help companies ensure and validate the security of their web applications and web sites. The partnership combines the automated testing of QualysGuard Web Application Scanning (WAS) with iViZ Penetration Testing Technology, coupled with manual testing to provide organizations with scalable solutions to protect web sites and web applications against possible attacks

Bump turns your phone into your universal thumb drive (CNET) The latest version of the hit app makes it possible to quickly and easily move any kind of file between an iPhone or Android phone and any computer -- or vice versa

HP Eyes Android For Tablets, Smartphones (InformationWeek) HP is getting trounced by competitors in the mobile market and reportedly plans to respond by adopting Google's Android platform for tablets and smartphones

Are Businesses Waiting For Windows 9? (InformationWeek) Analysts don't expect Windows 8 to establish enterprise dominance -- but Microsoft's real problem continues to be lack of enthusiasm from consumers

Technologies, Techniques, and Standards

More Intelligent Services Help Rein In Security Policies (Dark Reading) From managed services to threat intelligence, companies are using security services to create better policies, as well as manage and tune existing ones. Companies are used to buying maintenance service agreements for their networking and security infrastructure. Increasingly, however, companies are relying on an array of services to help them establish better policies and translate those strategic guidelines into technical ones

Modular system development mitigates risk, says Werfel (FierceGovernmentIT) Federal agencies should embrace modular development because it lessens the dangers of information technology project failure, said Daniel Werfel, federal controller for the Office of Management and Budget

Supplementing big data with crowdsourcing (FierceBigData) An image developing of big data is of the lone, but brilliant, data scientist employed as the seer and overlord of all corporate data, creating algorithms that manipulate libraries full of data in an instant and bringing forth remarkable new insights. Yeah, that's not how it happens

New reference architecture from MapR, HP (FierceBigData) MapR Technologies, Inc. and HP have given the big data market something it has been looking for. They collaborated on a new reference architecture for big data workloads. The technology, known as the HP (NYSE: HPQ) Reference Architecture for MapR M5, can be used by customers to accelerate performance and improve efficiency in a broad set of use cases across any industry, according to the announcement

Major Certificate Authorities Unite In The Name Of SSL Security (Dark Reading) Comodo, DigiCert, Entrust, GlobalSign, Go Daddy, Symantec, and Trend Micro form Certificate Authority Security Council (CASC)

Tech Insight: New CA Group Has Big Names, Small Impact (Dark Reading) The Certificate Authority Security Council will promote new technologies and best practices in the PKI, starting with improving certificate revocation-checking, but any changes that would have a real effect soon are too disruptive to consider

Marketplace

House Moves To Extend Pay Freeze For Fed Workers (Yahoo.com) House conservatives want to extend to a full three years the current freeze on cost-of-living pay increases for the nation's 2 million civilian federal workers

Sequestration Furloughs Won't Begin Before April (GovExec.com) Carter said the Pentagon would likely be forced to furlough most civilian employees for one day each week for up to 22 weeks. As a sign of solidarity, Carter said he would cut his own salary by 20 percent if his employees do in fact face furloughs, despite personally being exempt from the sequester

Clapper Says Budget Cuts Would Be Disastrous For U.S. Spy Agencies (Reuters) U.S. spy agencies are making preparations for potentially sweeping budget cuts that could drastically limit their ability to respond to crises, the top U.S. intelligence official said on Thursday

Cabinet Officials Caution Against Automatic Cuts (Washington Post) Already, the Pentagon has taken steps to trim spending in preparation for the possible sequester, including implementing a hiring freeze and slashing operating costs on military bases

Senate Democrats Offer A Proposal To Head Off Automatic Cuts (New York Times) Senate Democratic leaders reached agreement Thursday on a $110 billion mix of tax increases and spending cuts to head off automatic spending cuts through the end of the year. But with even some Democrats tepid on the proposal, the chances of a deal before the March 1 deadline have receded

P&G CIO: There's A Better Way To Create Software (InformationWeek) Procter & Gamble CIO Filippo Passerini thinks cooperation among the likes of Disney, FedEx and Goldman Sachs could push software vendors to build more relevant analytics software --and build it faster

Security Patches, Mitigations, and Software Updates

No patch yet for Adobe PDF exploits - Adobe suggests a workaround; Mac and Linux users need not apply (Naked Security) Adobe issues advice on how to mitigate the latest exploits against its PDF Reader software. For Windows users, anyway. Mac and Linux fans are still out in the cold

Adobe offers mitigation for Reader 0-day attack, fix is yet to come (Help Net Security) Adobe has confirmed FireEye researchers' findings about new Adobe Reader and Acrobat zero-day vulnerabilities being exploited in the wild and has issued a security bulletin detailing the flaws and off

Cyber Attacks, Threats, and Vulnerabilities

A world of hurt after McAfee mistakenly revokes key for signing Mac apps (Ars Technica) Just allow untrusted certificates, one customer told. A McAfee administrator accidentally revoked the digital key used to certify desktop applications that run on Apple's OS X platform, creating headaches for customers who want to install or upgrade Mac antivirus products. A certificate revocation list [CRL] hosted by Apple Worldwide developer servers lists the reason for the cancellation as a "key compromise," but McAfee officials said they never lost control of the sensitive certificate which is used to prove applications are legitimate releases. The revocation date shows as February 6, meaning that for seven days now, customers have had no means to validate McAfee applications they want to install on Macs

Adobe Confirms Zero-day Exploit Bypasses Adobe Reader Sandbox (CIO) The exploit and the malware it installs are super high-level, according to Costin Raiu, director of Kaspersky Lab's malware research and analysis team

Adobe Zero-Day Attack Bypasses Sandbox (InformationWeek) Adobe fumbles on the security front by not enabling -- by default -- technology built into its PDF Reader and Acrobat that would have blocked the current attacks

Adobe 0-days used for IEEE aerospace spearphishing attacks (CSO) Attackers using the zero day Adobe Flash flaws patched last week delivered the exploits with a spearphishing email aimed at the aerospace sector, according to security researchers. Security firm Alien Vault on Friday published details confirming the exploits underpinned a targeted campaign against US aerospace companies and industry

Phishing campaigns run rampant on social networks (Help Net Security) In January, GFI threat researchers identified a number of social network-based cybercrime attacks, including phishing messages on Twitter and Facebook, as well as malicious spam messages disguised as

LA Times website redirected users to exploit kit for over six weeks (Help Net Security) A sub-domain of Los Angeles Times' website has been redirecting visitors to compromised websites hosting the latest version of the Blackhole exploit kit for over six weeks (since Dec. 23, 2012), says Brian Krebs, and estimates that some 325,000 visitors were exposed to the attack. Alerted to the fact that something was wrong with OffersandDeals.latimes.com by some of its readers, he investigated the matter with the help of Avast's director of threat intelligence Jindrich Kubec, who checked it and confirmed that the tips were, indeed, true and correct

Cyber-espionage hacktivist campaign targets China's Uyghur population (InfoSecurity) A fresh cyber-espionage campaign against China's Uyghur community has been uncovered that infects Mac OS X systems using spear-phishing mails. The politically motivated malware then sets about stealing information from hard drives

Cyber Attacks Against Journalists Are On The Rise, Says Advocacy Group (TechCrunch) More journalists are now the target of cyber attacks, said the Committee to Protect Journalists. CPJ deputy director Robert Mahoney said cyber attacks on individuals and news organizations have increased notably over the past few years and that the practice serves as easy and inexpensive censorship. In a press conference with reporters, Mahoney cited the recent attacks on The New York Times and

China, Iran cyber attacks on US rising: lawmaker (Sydney Morning Herald) China and Iran are intensifying cyber assaults against the US, the head of the House Intelligence Committee said as he pressed for legislation to encourage companies to share information on hacker threats. China's cyber espionage effort targeting US industrial secrets "has grown exponentially both in terms of its volume and damage it's doing to our economic future," the intelligence panel's chairman, Mike Rogers, said at a hearing Thursday. "We have no practical deterrents in place today"

World In The Net Of Total Spying – OpEd (Eurasia Review) Posting their personal photos with various comments on line, most users do not give a thought to the fact that they willingly place themselves under the control of a large number of interested individuals and organisations. Several companies specializing in software are developing programmes for monitoring people's activities with the help of information posted in open access on the websites of social networks. This kind of work is usually done secretly, so as to avoid unnecessary discussions. The Guardian recently reported about the latest RIOT software (Rapid Information Overlay Technology) developed by the US defence company Raytheon

Litigation, Investigation, and Enforcement

Facebook Wins Court Challenge In Germany Against Its Real Names Policy (TechCrunch) Facebook has won a court challenge against its real names policy in Germany. Yesterday an administrative court in the North of Germany granted Facebook's request for "suspensive effect" against a ruling made by Schleswig-Holstein's Data Protection Commissioner that Facebook was violating German and European law

A Chinese Hacker's Identity Unmasked (BusinessWeek) Joe Stewart's day starts at 6:30 a.m. in Myrtle Beach, S.C., with a peanut butter sandwich, a sugar-free Red Bull, and 50,000 or so pieces of malware waiting in his e-mail in-box. Stewart, 42, is the director of malware research at Dell SecureWorks, a unit of Dell (DELL), and he spends his days hunting for Internet spies. Malware is the blanket term for malicious software that lets hackers take over your computer; clients and fellow researchers constantly send Stewart suspicious specimens harvested from networks under attack. His job is to sort through the toxic haul and isolate anything he hasn't seen before: He looks for things like software that can let hackers break into databases, control security cameras, and monitor e-mail

Bush Hacker's Victims Include U.S. Senator (The Smoking Gun) Republican Lisa Murkowski's Yahoo, Flickr accounts breached. As federal agents hunt for the culprit who illegally accessed several Bush family e-mail accounts, The Smoking Gun has learned that the hacker's victim list also includes a U.S. Senator, a senior United Nations official, security contractors in Iraq, two former FBI agents, and a Department of Defense supervisor

Successful ways of undermining cybercrime ecosystems (Help Net Security) Most cybercrime is carried out by a loose confederation of independent contractors who work together when necessary through online forums and "partnerkas" that allow them to pool their resources, but these online criminal networks can be foiled, according to a new report by the Digital Citizens Alliance. The report sheds light on how global organized crime leverages the Internet for scams and other schemes that hurt consumers. It also highlights recent examples in which others have weakened the glue that binds these criminal communities together by undermining trust relationships, isolating and apprehending key members, and making it more difficult for them to receive payment for their crimes

Unlock an iPhone without the passcode - harmless trick or computer crime? (Naked Security) A YouTube video showing you how to unlock an iPhone 5 without the passcode has racked up nearly 300,000 hits over the past two weeks. Paul Ducklin looks into the good and the bad of the story

The privacy implications of big data (FierceBigData) Although the term big data is likely one that lawyers and business managers have heard, its impact on privacy is one they still need to understand, says David Navetta, one of the founding partners of the Information Law Group. While its potential uses and benefits are endless, he said, "Big data also poses some risk to both the companies seeking to unlock its potential, and the individuals whose information is now continuously being collected, combined, mined, analyzed, disclosed and acted upon." Even the best definitions of big data are abstract from a legal standpoint, Navetta said

Oracle Appeals Google Verdict, Fights 'Software Exceptionalism' (InformationWeek) Oracle tries to undo Google's successful defense of Android by claiming that software code is no different than literary text in matters of copyright

Design and Innovation

Could Smart-Watches Replace Passwords as Authenticators? (Threatpost) Good passwords are hard to remember while passwords that are easily remembered are often just as easily guessed. Therein lies the reason passwords are such a security headache. The race to replace passwords is ever-present in the security industry, and the newest entrant is the smart-watch. "If the [iWatch] would do nothing but free me from having to enter pass codes, I would buy it even if it couldn't tell the right time!" says Bruce Tognazzini, usability engineer and human-computer interaction expert

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

ATMiA US Conference 2013 (Scottsdale, Arizona, US, February 19 - 21, 2013) A conference devoted to the design of ATMs, and the future of the ATM industry.

Cybergamut Technical Tuesday: Cloud Security (, January 1, 1970) Dr. Susie Cole of Exceptional Software Strategies will discuss cloud security..

#BSidesBOS (Cambridge, Massachusetts, USA, February 23, 2013) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening..

RSA USA 2013 (San Francisco, California, USA, February 25 - March 1, 2013) RSA Conference continually evolves program offerings to meet the ever-changing needs of our delegates in the dynamic infosec industry.

Nullcon Goa 2013 (Bogmallo Beach Resort, Goa, India, February 26 - March 2, 2013) An international information security conference that will feature speakers and training. Topics include security and politics, vulnerability elimination, Android hacking, SCADA and smart grid penetration testing, and more.

NRO Winter Way Forward Conference (Chantilly, Virginia, USA, February 28, 2013) This annual event will provide an increased awareness, understanding and support among the IT workforce by focusing on the NRO IT Way-Forward in terms of the NRO IT Sub-Portfolio Roadmaps. Exhibitors will gain valuable networking time with conference attendees and all NRO personnel.

TechMentor Orlando 2013 (Orland, Florida, USA, March 4 - 8, 2013) Celebrating 15 years of educational events for the IT community, TechMentor is returning to Orlando, Florida, March 4-8, for 5 days of information-packed sessions and workshops. Surrounded by your fellow IT professionals, you will receive immediately usable education that will keep you relevant in the workforce. TechMentor track topics include:Windows PowerShell and AutomationCisco and Networking Infrastructure Windows Server Management Windows Client Management Cloud and Virtualization Identity, Access Management and Security Performance Tuning and Troubleshooting Mobility and BYOD Messaging and Collaboration.

Business Insurance Risk Management Summit (New York City, New York, USA, March 5 - 6, 2013) The annual Risk Management Summit, now in it its fourth year, provides attendees with focused insight via specific, timely general sessions and strategic, thought-provoking discussions with peers and industry leaders.

CanSecWest 2013 (Vancouver, British Columbia, Canada, March 6 - 8, 2013) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices. It will feature a bigger, enhanced Pwn2own.

e-Crime Congress 2013 (London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding digital assets and sensitive information, protecting customers, defending against internal or external threats and responding to incidents.

CTIN Digital Forensics Conference (Seattle, Washington, USA, March 13 - 15, 2013) Speakers include experts and published authors in the field of digital forensics and cybersecurity. Topics include; Mobile Device Forensics, Internet Forensics, Physical Memory Analysis, Open Source Tools, Data Carving, Registry Forensics, Placing the Suspect Behind the Keyboard, Triage and Live Forensics CDs, and more.

IT Security Entrepreneurs' Forum (ITSEF 2013) (Palo Alto, California, USA, March 19 - 20, 2013) Supported by the U.S. Department of Homeland Security, Office of Science and Technology, ITSEF 2013 aims to connect the ecosystem of the entrepreneur: industry, government, and academia. The conference will advance innovation, lead change and build trusted global collaboration models between the public and private sectors to defeat Cybersecurity threats.

The Future of Cyber Security 2013 (London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.

SANS Cyber Threat Intelligence Summit (Washington, DC, USA, March 22, 2013) Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful intrusio…Network defense techniques which leverage knowledge about these adversaries - known as cyber threat intelligence - can enable defenders to establish a state of information superiority which decreases the adversary's likelihood of success with each subsequent intrusion attempt…The goal of this summit will be to equip attendees with knowledge on the tools, methodologies and processes they need to move forward with cyber threat intelligence. The SANS What Works in Cyber Threat Intelligence Summit will bring attendees who are eager to hear this information and learn about tools, techniques, and solutions that can help address these needs.

AFCEA Belvoir Industry Days 2013 (National Harbor, Maryland, USA, April 2 - 3, 2013) The purpose of this event is to inform the IT community about the recent successes and the forward-thinking opportunities that the Department of Defense and the Department of the Army have developed.

CSO40 (Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, April 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.

Cyber 1.3 (, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.

INFILTRATE 2013 (Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.

Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.

Infosec Southwest 2013 (Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.

23rd Annual Government Procurement Conference (Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.

Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest technology.

Consumerization of IT in the Enterprise Conference and Expo (San Francisco, California, USA, June 2 - 4, 2013) From smartphones to mobile apps, social software and 4G networks, the wave of innovation in the consumer space is transforming the way companies do business, both inside and outside of the enterprise. Over two and a half action packed days, CITE 2013 will bring together IT and business executives, venture capitalists and other practitioners to showcase leading efforts and teach others how to make the most of this transformation.

25th Annual FIRST Conference (Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

SECRYPT 2013 (Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.