The CyberWire Daily Briefing 03.25.13

Cyber Trends

Forcing us to educate users on cybersecurity won't work: Telstra (ZDNet) Trying to educate users on cybersecurity is like leading a horse to water, according to Telstra, and making such education a legal requirement isn't going to solve the problem. In a joint select committee on cybersafety (PDF) held on Friday, two Telstra representatives told the committee that laws forcing it to educate users on the perils of the online world would be useless. Telstra's director of corporate security and investigation and internet trust and safety, Darren Kane said that users currently have enough information about online risks, but that it sees the current education issue as one similar to "taking a horse to water"

Next cyber attack targets: Cars? (CNN International) Unlike a PC, where the biggest risk lies in losing data, a cyber attack on a car could result in the loss of life. Carmakers and suppliers say that this is currently a purely theoretical problem and there are no known cases of a cyber attack causing

Legislation, Policy and Regulation

Departing commissioner says net neutrality was FCC's biggest recent failure (Ars Technica) Robert McDowell, net neutrality foe, shares his FCC parting thoughts with Ars

South Korea mulls cybersecurity secretary post (ZDNet) The proposed cybersecurity secretary position will help coordinate actions from multiple agencies and speed up response time. The South Korean government is considering creating a cybersecurity secretary post within the presidential office to handle any cyberattacks on key national bodies. This follows last week's online attack that crippled the networks of two major banks and three broadcasters

Hackers could be fair game for deadly force, cyberwar experts say (CSO) New report details cyberwar rules, puts hackers in crosshairs. Deadly force against organized hackers could be justified under international law, according to a document released Thursday by a panel of legal and cyber warfare experts. Use of lethal force on those behind a cyberattack on a nation would be legal if the virtual attack meets criteria similar to those currently accepted for real-world warfare, said Michael N. Schmitt, chairman of the International Law Department at the U.S. Naval War College in Newport, Rhode Island

U.S.-Israeli Cyberattack On Iran Was 'Act Of Force,' NATO Says (Washington Times) The 2009 cyberattack by the U.S. and Israel that crippled Iran's nuclear program by sabotaging industrial equipment constituted "an act of force" and was likely illegal under international law, according to a manual commissioned by NATO's cyberwarfare center in Estonia

Leahy and others introduce bipartisan legislation to expand cyber National Guard (Vermont Digger) U.S. Senators Kirsten Gillibrand, a member of the Senate Armed Services Committee, David Vitter, Chris Coons, Roy Blunt, Mary Landrieu, Patrick Leahy, Mark Warner and Patty Murray today introduced the Cyber Warriors Act of 2013. This legislation would, for the first time, establish Cyber and Computer Network Incident Response Teams (CCNIRT), known as Cyber Guards, as part of the National Guard, significantly expanding the limited cyber mission being performed by the National Guard

Cybersecurity: The lobbyist's dream? (ZDNet) Is President Obama's view on cybersecurity producing the desired effect? Congress and the Obama Administration have been vehement in what they want to see in terms of cybersecurity defense, but cybercrime appears to be producing growth in unexpected areas. According to Bloomberg, recent attempts to bring light to the issue of cybersecurity have resulted in exploding growth in political lobbying. By the end of 2012, 513 filings by consultants and companies were made to try and press Congress on the issue, which is up 85 percent from 2011 according to Senate filings

Fixing the Worst Law in Technology (New Yorker) On the opening day of this year's South by Southwest festival, in Austin, an audience gathered in a giant conference hall to remember the life and tragic suicide of Aaron Swartz. Tim Berners-Lee, the inventor of the World Wide Web, spoke of Swartz's curious and restless mind. Swartz's girlfriend Taren Stinebrickner-Kauffman described him as a man who was constantly asking whether what he was doing was the most important thing that he could be doing. (A quality extensively documented by Larissa MacFarquhar in her Profile of Swartz.) The proceedings were yet another reminder that Swartz's suicide was heartbreaking beyond belief, and that something must be done about the law that he was aggressively prosecuted under, the Computer Fraud and Abuse Act

Products, Services, and Solutions

Service encrypts files stored on Dropbox (ZDNet) DigitalQuick lets users add 256-bit AES encryption to entire Dropbox folders or to specific files stored within them, and helps small companies manage editing privileges. The diversity of opinion about whether or not small businesses should use cloud storage services like Dropbox to share or archive sensitive or confidential company information is wide and fierce. But the fact is, some of the smallest organizations are going to do it anyway

Trend Micro Unveils Complete End User Data Protection Solutions for Today's Post-PC Environments (MENA Financial Network) Trend Micro Incorporated (TYO: 4704;TSE: 4704), the global leader in cloud security, today announced a new suite " Trend Micro? Enterprise Security and Data Protection -- designed to help companies efficiently mitigate the risks of attacks and data breaches across the spectrum of end user platforms, from smartphones to tablets, laptops to removable drives

Panda Security Offers Partners Greater Simplicity and Profitability (PR Urgent) Panda Security, The Cloud Security Company, is launching the new version of Panda Cloud Partner Center, the exclusive free management console for Panda

Alcatel-Lucent launches cloud-based product to enable mobile UC (FierceMobileIT) BYOD is fueling the enterprise's need for cloud-based solutions, and Alcatel-Lucent is stepping up to the plate with a cloud-based unified communications product based on its OpenTouch architecture--Enterprise Cloud

Technologies, Techniques, and Standards

When Active Directory And LDAP Aren't Enough (Dark Reading) Cloud and mobile pose problems to most enterprise's centerpiece identity and access management technology

Monitoring The Nomads In Your Network (Dark Reading) As more employees bring their own devices into the network, tracking the nomadic technology can be difficult. From basic to sophisticated, options abound, say experts

Agile is great but don't bet lives on it, says founder (IT World) When reliability is more important than flexibility it's best to opt for traditional methods

How to Detect a Zero-Day Threat (Seculert) The term "zero-day threat" may sound like the title of a blockbuster movie, but for organizations victimized by such threats, the story has anything but a happy ending. On the contrary, it's typically a tale characterized by lost revenues, severely damaged reputations, and sometimes even costly litigation, regulatory fines and harsh court sanctions

Marketplace

China's state media is waging PR war on Apple, and the company's growth could be at stake (Quartz) When it comes to public relations, Apple is notoriously tough: stonewalling reporters, obsessively stage-managing the roll-out of new products, even calling in the cops when necessary. But the image-conscious tech firm may have finally met a worthy opponent in the Chinese Communist Party

The Blackstone and Icahn offers haven't seriously endangered Michael Dell's deal yet (Quartz) The special committee of Dell's board announced that the rival preliminary acquisition proposals it received from private equity firm Blackstone and activist investor Carl Icahn could reasonably lead to better offers, meaning the parties will now enter into negotiations. This isn't a surprise. But there is still a long way to go before the board can declare their offers, both of which have some issues, superior to the buyout scheme involving founder and CEO Michael Dell

Kaspersky Aims To Be 'Big Boy' Of Enterprise Security World (CSO) Maxim Mitrokhin, Director-Operations, Kaspersky Lab, APAC, talks about the company's aspirations for the Indian market. Maxim Mitrokhin, Director-Operations, Kaspersky Lab, APAC, talks about the company's aspirations for the Indian market

Raytheon, Lockheed hunt for security gig (Fort Wayne Journal Gazette) Lockheed Martin and Raytheon are vying with telecommunications companies to defend banks and power grids from computer attacks, in a program that gives them access to classified U.S. government data on cyber threats. President Obama's Feb. 12 cybersecurity executive order authorized the Department of Homeland Security to let new companies get the government intelligence

Cybersecurity Lobby Surges as Congress Considers New Laws (Bloomberg) The determination by Congress and President Barack Obama's administration to protect networks of critical U.S. industries from hackers and cyberspies is creating an explosive growth opportunity -- for lobbyists. There were 513 filings by consultants and companies to press Congress on cybersecurity by the end of 2012, up 85 percent from 2011 and almost three times as many as in 2010, according to U.S. Senate filings

Amazon-CIA Deal Would Fit Intel Community Strategy (InformationWeek) Reported deal for Amazon to help develop CIA's private cloud infrastructure squares with intelligence community strategy to work with public cloud vendors. A report that the CIA has turned to Amazon to build and manage a private cloud computing environment for the agency is consistent with the IT strategy outlined by intelligence officials over the past two years. The CIA declined comment on the report by government tech trade publication FCW that the Central Intelligence Agency has agreed to a multi-year deal with Amazon to help the CIA build a private cloud computing infrastructure, nor did Amazon respond to InformationWeek by publication time

Jim Ousley Retiring As Savvis CEO (GoveConWire) Jim Ousley will be retire as CEO of CenturyLink's Savvis subsidiary on April 1 and Jeff Von Deylen will assume Ousley's role as senior leader of CenturyLink's data hosting segment, comprising primarily of Savvis operations. Von Deylen, who joined Savvis in 2003 as chief financial officer and board member, will report to CEO Glen Post

Fortinet To Acquire Coyote Point (Dark Reading) Coyote Point provides enterprise-class application delivery, load balancing, and acceleration solutions

Research and Development

NSA Critiques Public Key Cryptography (Cryptome) Revelation of the early public key cryptography work of James Ellis, Malcolm Williamson and Cliff Cocks at GCHQ occurred in 1997, eleven years after this secret 1986 review cites them. Whitfield Diffie, one of the inventors or PKC, commented in 1999 on the British precursors

Security Patches, Mitigations, and Software Updates

T-Mobile patches Wi-Fi eavesdrop vulnerability (The Register) Last week, T-Mobile scrambled to patch a vulnerability uncovered by two University of California Berkeley students that made its Wi-Fi calling feature susceptible to man-in-the-middle attacks. At issue in the students' research, published in full here (PDF), is the certificate implementation used in the feature. The now-patched bug in its Android feature used a certificate chain in which one certificate's name was the IP address of the server, and the second self-signed root certificate is not included in standard Certificate Authority (CA) distributions

'Implementation mistake' weakens encryption in newer Cisco IOS versions (Fierce CIO: TechWatch) Cisco has revealed that an algorithm used to encrypt passwords on recent versions of the Cisco IOS operating system is weaker than the older one it was designed to replace

Apple Takes Tool offline After New Security Hole Surfaces (Threatpost) Less than a day after Apple announced a new two-factor authentication to better protect Apple ID and iCloud accounts, the company was scrambling to fix another major security hole with its own password reset tool

Apple adds two-step verification to Apple ID (FierceCIO: TechWatch) Apple is rolling out two-step authentication for its Apple ID users as an additional safety measure to protect user accounts

Why two-factor authentication is a must (FierceCIO: TechWatch) Apple this week beefed up the security of its Apple (NASDAQ: AAPL) ID with the addition of two-factor authentication. You can read about it in Apple adds two-step verification to Apple ID. This is a move that ultimately benefits businesses, given how much the BYOD culture is making its way into the mainstream

Cyber Attacks, Threats, and Vulnerabilities

This Week in Cybercrime: What Do We Know about the South Korean Cyberattack? (IEEE Spectrum) What do we know about this week's cyber-attack on South Korean broadcasters and banks? We know that it was a coordinated attack that hit roughly 32 000 computers on 20 March at 2pm local time

South Korea cyber attack 'increasingly likely' to have been government-led (The Guardian) The cyber attack against TV stations and banks in South Korea on Wednesday this week seems increasingly likely to have been by a government-level hacker who may have inserted a virus into a central computer providing antivirus protection

South Korean cyberattacks used hijacked patch management accounts (Techworld.com) According to South Korean antivirus company AhnLab, the 20 March attacks used stolen IDs and

Cyber attack-probe (Global Post) Some of the malicious code that paralyzed network systems at South Korean banks and TV broadcasters originated from a local computer, Seoul's communications watchdog said Friday. Local TV broadcasters KBS, MBC and

South Korea Misidentifies Cyber Attack Source (Voice of America) South Korean investigators say they were mistaken when they said a cyber attack that paralyzed tens of thousands of computers at six companies this week originated in China. Seoul's Korea Communications Commission said Friday that an Internet Protocol

Cyberspace battleground: Is North Korea training cyber warriors? (India Today) Investigators have yet to pinpoint the culprit behind a synchronized cyber-attack in South Korea last week. But in Seoul, the focus remains fixed on North Korea, where South Korean security experts say Pyongyang has been training a team of computer

Data Can Be Recovered From South Korea Data-Wiping Attacks (Dark Reading) Researchers confirm data-destroying malware that hit South Korean media and banks doesn't completely erase data. Researchers from a unit of defense contractor General Dynamics today confirmed their suspicions that it is possible to recover data wiped from South Korean media and bank systems in a destructive targeted attack earlier this week

Trend Micro Deep Discovery Protects South Korean Customers From Attack (Syc-Con Media) Trend Micro Incorporated announced today that customers using its Deep Discovery advanced threat protection product were able to discover and react to the recent cyber-attack before damage could be done. These attacks paralyzed several major banking and media companies, leaving many South Koreans unable to withdraw money from ATMs and news broadcasting crews cut off from their resources

20 Chinese Government Sites Defaced by Anonymous Algeria Hacker Charaf Anons (Softpedia) Charaf Anons, the Anonymous Algeria hacker who defaced over 1,000 websites last week, has breached around 20 Chinese government websites and has replaced their index pages with his own defacement webpage. In addition to the Chinese sites, the hacker has also defaced a Vietnamese government website and the one belonging to an Iranian university. Around two dozen commercial websites from Australia, Italy, Korea, Taiwan, Brazil, the United Arab Emirates, Canada and Chile have suffered the same fate

Don't believe hack claims against Mossads website, expert says (Times Of Israel) In an unsettling announcement, the hacker group known as Anonymous and affiliates proclaimed over the weekend that they had broken into the Mossads servers and stolen the names and personal details of top IDF officials, politicians and, especially, Mossad agents. But those claims are inflated, to say the least, according to Middle East Internet expert Dr. Tal Pavel. Whatever they stole, it probably wasnt secure details of top Israeli brass, either from the army or the Mossad, Pavel told The Times of Israel

Expert: Details of Israeli Officials Not Compromised in Mossad Hack (Softpedia) On Saturday, we learned that hacktivists from RedHack, Anonymous and Sector 404 claimed to have taken down the official website of Israels Secret Intelligence Service (mossad. gov. il). They also claimed to have leaked the details of over 30,000 Israeli officials

Preparing major Israeli companies against Anonymous attacks on the 7th of April (i-HLS) Several pilots were started in Israel using the new BOT_TREK real-time botnet and cyber intelligence worldwide service. Several groups of hackers are planning a massive cyber-attack against Israel on the 7th of April and threatening to Erase Israel from the Internet. It seems that aggressive hacker teams will try to make this a reality by uniting under the name #oplsreal

Web addresses put Indian govt at risk (ZDNet) Government's technology department lists Web-based GMail and Yahoo accounts as e-mail correspondence, which a security player believes can expose the Indian government to a significant security vulnerability. India's technology department uses Gmail and Yahoo to host official e-mail corespondence, which one IT security vendor believes can expose the government to significant security vulnerabilities. The Web site of the country's Department of Electronics and IT (DeitY), which lists the contact details of ministers and secretaries, reveals several e-mail addresses hosted on the popular, free Web-based e-mail services

Bitdefender Warns Internet Users on Fake Bank of America Campaigns (SPAMfighter News) Security firm, Bitdefender is alarming Internauts on the numerous scam e-mails dispersed by the Bank of America since a random hacker disclosed the details on the financial institute. According to one of the e-mails, titled "Online Banking Pass Code

Hackers Eavesdrop Using Legitimate Remote Control Software (InformationWeek) For a decade, "TeamSpy" cyber espionage campaign has used TeamViewer software already installed on PCs to eavesdrop on communications and steal data from targets in Eastern Europe. Remote administration tool users beware: An online espionage group that's been operating for the past decade has been surreptitiously accessing legitimate TeamViewer remote administration tools already installed on PCs to remotely eavesdrop on targets

How TeamSpy Turned Legitimate TeamViewer App Into Cyberespionage Tool (Dark Reading) Attackers abused TeamViewer's functionality as part of their effort to go undetected for years. The discovery of the so-called TeamSpy espionage campaign marks yet another example of malware sliding under the radar while pilfering data from sensitive systems. But perhaps the most striking element of the attack is its abuse of a legitimate remote access tool (RAT) to administer infected machines

Fake Zendesk security notice spammed out, directs traffic to Canadian drug websites (Naked Security) Should you trust the security notice you have just been emailed, telling you to watch out for scam emails and to use hard-to-crack passwords? Perhaps not

Cyber-attack left Knight Center's websites down for two weeks (Knight Center for Journalism in the Americas) After a two-week hiatus following a massive cyber-attack, the websites of the Knight Center for Journalism in the Americas and the International Symposium for Online Journalism are now back online

How Your Webhosting Account is Getting Hacked (Internet Storm Center) If you're like me you actually have your own little website project hosted on one of the many inexpensive website hosting companies. Perhaps you've recommended one as a solution to a small business, or organization. You may also be aware that they are pretty attractive targets for professional computer criminals. Brian Krebs has a nice writeup of the value of your standard PC to a criminal here

Unintentional file-sharing a boon for hackers (Tribune Live) Thousands of computer users every moment could lose their most personal information -- tax returns, credit cards, and banking and investment accounts -- even though no one hacked or scammed them. They give it away, often unknowingly, and potentially expose not only themselves but family, friends and employers. People who go online to download music and movies on file-sharing or peer-to-peer networks often incorrectly configure default settings so that they end up sharing other files on their computer. Anyone else using those sharing networks at the same time can take whatever they find

Academia

PLA and Shanghai Jiaotong linked on cyber-war papers (South China Morning Post) Academics at a top university have collaborated for years on technical research papers with a PLA unit accused of being at the heart of the alleged cyber-war against Western commercial targets. In reviewing the links between the PLA and Shanghai Jiaotong, whose students include former president Jiang Zemin, the head of the nation's top carmaker and the former executive of its most popular internal portal, at least three papers on cyber-warfare were found on a document-sharing web site that were co-authored by university faculty members and PLA researchers. The papers, on network security and attack detection, state on their title pages they were written by Unit 61398 researchers and professors at Shanghai Jiaotong's School of Information Security Engineering (Sise)

Information security system attempts to protect UT from cyber-attack (Daily Texan Online) Concerns about sensitive personal and business information in cyberspace are growing and colleges and universities are no exception. Mandiant, an American cybersecurity firm, released a detailed report in late February exposing a multi-year espionage campaign by one of the largest Advanced Persistent Threat groups. The group hacked 141 companies from the United States, stealing many terabytes of compressed data

Learning: Cybersecurity center at Brookdale to serve as national model (Asbury Park Press) It wasn't just James Bond-esque. The cybersecurity competition at Brookdale Community College Saturday actually included a clip of Daniel Craig as 007 with Dame Judi Dench at his side as the pair worked under near impossible conditions to avert an act of cyber terrorism. The fate of the free world rested with them

In the Developing World, MOOCs Start to Get Real (Technology Review) Putting free U.S. college courses online is only the first step to filling higher education needs around the world

Litigation, Investigation, and Enforcement

Three Hackers Jailed for Theft of Carbon Credits (eSecurity Planet) Three men have been jailed in the UK for hacking into the Web sites of carbon credit registries, banks, brokerages and financial services companies in an attempt to steal almost 8 million euros worth of carbon credits between June and November of 2011

Jury rules Cisco owes $70 million for patent fraud (Ars Technica) XpertUniverse Inc says the networking company used its patented tech illegally

Five cuffed for stealing 2M euros via e-banking hacks (Help Net Security) Five people were arrested last week when the Slovenian police conducted a series of house searches following an investigation into an gang that was emptying business bank accounts with the help of malware. According to the Slovenian national Computer Emergency Response Team (SI-CERT), it all started last year, when several small companies notified the CERT and the police about their unexplained losses. The investigation revealed that the companies' accounting personnel were targeted with emails pretending to come from a bank or tax authority, warning about a late payment or a bogus change in laws that would affect the companies

Facing FTC pressure, Apple bolsters privacy, security (CSO) Apple is adding two-factor Apple ID authentication, and announced a May 1 end for developers using iPhone and iPad UDID information

Design and Innovation

Scenes From Penn State's Startup Week Hackathon (TechCrunch) For the past week or so I've been at hanging out at Penn State University for its second annual Startup Week, an educational get-together of startup founders and entrepreneurs spearheaded by Weebly CEO (and Penn State alum) David Rusenko. The idea is simple enough: to give students some crucial insight into what it means to be a startup founder, and hopefully inspire some to take a chance on an

Filipino Accelerator IdeaSpace Picks Country's Top 20 Tech Startups (TechCrunch) Many of the brighter ideas coming out of tech startups in the Philippines are health-related, with a heavy slant on mobile technologies. Filipino incubator, IdeaSpace just whittled a list of 700 entries from startups down to just 20. These 20 will eventually be halved further. IdeaSpace is offering 10 slots to startups to get six months incubation support and funding of up to $120,000

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Software Engineering Institute Invitational Career Fair (Pittsburgh, Pennsylvania, USA, April 11 - 12, 2013) Attention software engineers and cyber security professionals, the Carnegie Mellon Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on April 11 & 12 at their offices in Pittsburgh to fill immediate local positions. All candidates must be eligible to obtain a Security Clearance. Interviews are by appointment only. At the SEI you will have opportunities to make an impact on internet security and work with some of the most talented people in the field.

CEIC 2013 (Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers. It will be of interest to anyone interested in cyber forensics and e-discovery. Former Director of Central Intelligence Michael Hayden will deliver the keynote.

Private Sector Crossovers: Protecting People, Property and Information (, January 1, 1970) With its annual cyber conference on May 29, the Howard County Chamber of Commerce and its GovConnects initiative will offer expert speakers on cyber security and efforts to protect government agencies and private industry. There will be opportunities for informal networking and formal, targeted match-ups for businesses interested in making connections with government contractors and agencies.

CSO40 (Braselton, Georgia, USA, April 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.

Cloud Connect Silicon Valley (Santa Clara, California, USA, April 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.

An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, April 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.

Cyber 1.3 (, January 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.

HITBSecConf2013 (Amsterdam, the Netherlands, April 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team, a brand new kernel level exploit affecting _all versions_ of Microsoft Windows up till Windows 8 and even a presentation on remotely hacking airplanes.

SANS Northern Virginia 2013 (Reston, Virginia, USA, April 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply to a SANS Technology Institute's Master of Science Degree in Information Security Management or Master of Science Degree in Information Security Engineering.

INFILTRATE 2013 (Miami, Florida, USA, April 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.

Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, April 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .

InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, April 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.

Cyber Guardian 2013 (Baltimore, Maryland, USA, April 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection, perimeter protection, hacker techniques, penetration testing, and advanced forensics. Cyber Guardian will feature the popular SANS NetWars Tournament on April 18-19, a hands-on, interactive training exercise.

A Dialogue on Cyber Warfare from Legal and Corporate Perspectives (New York, New York, USA, April 16, 2013) Conversation on Cyber Warfare and the LawThe Journal of Law & Cyber Warfare in partnership with the Columbia Society of International Law is honored to host this first cutting edge conference on the complex issues of cyber warfare.States are faced with the multi-faceted challenges of cyber warfare. No longer confined to the world of technology professionals and spies, these threats are a growing part of the daily lives of corporations and individuals. The constitution and legislation are both scarce and obsolete and the bench and the bar lack the resources and expertise to decide or advocate on these issues.

Infosec Southwest 2013 (Austin, Texas, USA, April 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.

Mobile Device Security for Defense and Government (Alexandria, Virginia, USA, April 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan to maximize the potential uses of mobile devices. Within specific key areas: wireless infrastructure, mobile devices and mobile applications. The thought leadership and community goal of this event is to advance flexible and secure mobile devices to benefit the warfighter and keep pace with changing technology.

Infosecurity Europe (London, England, UK, April 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.

INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, April 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community. Registration will open on Thursday, March 14 and will close Thursday, April 18.

23rd Annual Government Procurement Conference (Washington, DC, USA, April 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.