The CyberWire Daily Briefing 06.09.14

Cyber Trends

Snowden, one year on, and it's still not 1984 (Naked Security) One of the most enjoyable aspects of working on Naked Security is reading and joining in with the discussions at the end of our articles

What we learned from Edward Snowden (Naked Security) Edward Snowden now holds a permanent place in the pantheon of US national security leakers, alongside the likes of Daniel Ellsberg, Julian Assange, and Chelsea Manning

Data Breach Roundup: May 2014 (eSecurity Planet) Third-party vendors played a significant part in a handful of data breaches in May. This is why, experts say, companies must ensure vendors are careful with their data

Most people have done nothing to protect their privacy (Help Net Security) Over 260 million people have been victims of data breaches and increased risk of identity theft since the Target revelations, yet nearly 80 percent have done nothing to protect their privacy or to guard their financial accounts from fraud, according to idRADAR

Just 22 Percent of Law Firms Use Encrypted Email (eSecurity Planet) A LexisNexis survey also found that 52.5 percent of attorneys have used free consumer file sharing services to share client-privileged communications

GAO Questions IT Security at U.S. Ports (GovInfoSecurity) The Department of Homeland Security hasn't done enough to secure the IT systems that manage American ports, Congressional auditors say in a new report

Legislation, Policy and Regulation

Merkel phone tapping claims "noted": Chinese FM (Xinhua via GlobalPost) China has "noted" that Germany has opened an investigation into claims the United States eavesdropped on German Chancellor Angela Merkel's mobile phone conversations, a Chinese Foreign Ministry spokesman said on Friday

Security ties top Tony Abbott's agenda in US (The Australian) Tony Abbott has put national security at the top of the agenda for his visit to the US this week as he meets the nation's military and intelligence chiefs as well as President Barack Obama

Snowden can't hide fact that America needs the NSA (Daily Journal) For six decades, the National Security Agency has been making codes and breaking codes to give the United States and its allies an edge against foreign adversaries. Hundreds of thousands have served this nation faithfully; 173 of them gave their lives in the line of duty. Such efforts have allowed the nation to defeat threats from those who never tire of trying to harm our people, partners, and way of life

Andreessen calls Snowden 'traitor,' blasts Obama for not countering leaks (San Jose Mercury News) While leading tech CEOs called on Congress to rein in the National Security Agency, one prominent Silicon Valley figure Thursday turned his ire toward a different target, calling former NSA contractor Edward Snowden a "traitor" for leaking government secrets

Tech Industry Keeps Pressure on Congress for NSA Surveillance Changes (Associations Now) A year after Edward Snowden revealed the U.S. spy agency's bulk collection of phone and internet user data, Congress is working on legislation to rein in those practices. Tech groups are focusing their lobbying efforts on the Senate, saying a measure the House passed is too watered down

Post-Snowden, Silicon Valley Execs Give U.S. Cyberpolicy a D-minus (IEEE Spectrum) Ten years from now, Edward Snowden's disclosures about NSA surveillance programs will be looked upon as 2013's single most important event with respect to the information technology industry. At least that's the view expressed by Pat Gelsinger, CEO of VMWare, who spoke at a panel on the "Silicon Valley State of the State" held last week on VMWare's Palo Alto, California, campus

Here's How The NSA Plans To Prevent Another Snowden (VentureBeat via Business Insider) The National Security Agency is working overtime to make sure another Edward Snowden doesn't happen again

If The NSA Can't Keep Call Records, Should Phone Companies Do It? (NPR) Perhaps the most controversial spying program revealed by former National Security Agency contractor Edward Snowden was the agency's hoarding of Americans' phone records

Remarks as Delivered by Stephanie O'Sullivan, Principal Deputy Director of National Intelligence, Open Hearing: USA FREEDOM Act (H.R. 3361) (IC on the Record) Chairman Feinstein, Vice Chairman Chambliss, and distinguished members of the Committee we are very pleased to appear before you to express the Administration's strong support for the USA Freedom Act, H.R. 3361, as recently passed by the House of Representatives. The Deputy Attorney General has provided an in-depth overview of the USA Freedom Act passed by the House last month, but I wanted to touch on a few key points in my remarks

Senators demand more accountability at NSA (The Hill) A bipartisan group of senators introduced legislation Thursday that aims to strengthen accountability at the National Security Agency by allowing the president to appoint the inspector general

Refinery security bill passes House (Martinez News-Gazette) Legislation authored by U.S. Rep. Mike Thompson (CA-5) to enhance rail and refinery security passed the U.S. House of Representatives as part of H.R. 4681, the Intelligence Authorization Act for Fiscal Years 2014 and 2015. Thompson's legislation requires the Department of Homeland Security Office of Intelligence and Analysis (DHS I&A) to conduct an intelligence assessment of the security of domestic oil refineries and related rail infrastructure, and to make any recommendations it deems appropriate to protect surrounding communities or the infrastructure itself from potential harm

FDA beefs up cybersecurity efforts to ensure safety standards (FierceMedicalDevices) Amid growing concerns over the hackability of medical devices, the FDA is beefing up its cybersecurity efforts to rally devicemakers and ensure new safety standards

Content of Premarket Submissions for Management of Cybersecurity in Medical Devices (US FDA via FierceMarkets) This guidance has been developed by the FDA to assist industry by identifying issues related to cybersecurity that manufacturers should consider in preparing premarket submissions for medical devices. The need for effective cybersecurity to assure medical device functionality has become more important with the increasing use of wireless, Internet- and network-connected devices, and the frequent electronic exchange of medical device-related health information

Nato move a sign of security issues (Acumin) Nato has led the largest global cyber manoeuvre of all-time, demonstrating the increasing significance of cyber warfare today

State gets millions in homeland security grants, but where does it go? (Rapid City Journal) After the Sept. 11, 2001 terrorist attacks, the American government opened its wallet wide to fight terrorism

Megadata: What happens when politicians can't pronounce 'metadata' (Washington Post) It's no secret that there can be a disconnect between the technical literacy of some lawmakers and the programs they are charged with overseeing. But the disclosures about government surveillance from documents leaked by former National Security Agency contractor Edward Snowden made a few obscure tech terms more popular on the hill

Government Advances Continuous Security Monitoring (InformationWeek) DOD, DHS expect smart technologies will defend networks against common attacks, free IT personnel to deal with more dangerous threats

Memorandum establishes commitment between Guard, Army Cyber Command (DVIDS) Leaders of the Army National Guard and U.S. Army Cyber Command signed a memorandum of understanding June 5 establishing a commitment toward a total force solution in cyberspace protection

Montenegro amends National Security Law (Balkans.com Business News) At yesterday's session, the Government of Montenegro approved amendments to the Law on the National Security Agency. Measures proposed by the amendments are aimed at improving the legal framework for the Agency's activities in relation to Montenegro's Euro-Atlantic commitments and meeting the requirements for joining NATO Alliance

The CIA Has Joined Facebook and Twitter (Wall Street Journal) The Central Intelligence Agency showed its hipper side Friday, launching its Twitter presence with a cheeky first tweet: "We can neither confirm nor deny that this is our first tweet"

Products, Services, and Solutions

Steps taken to bring TrueCrypt back to life (FierceCIO:TechWatch) TrueCrypt looks set to come back to life, weeks after an ominous warning was put up on its official website that warned against future use of the popular encryption program. At the same time, a new version of TrueCrypt with its ability to encrypt data hobbled was simultaneously uploaded into its official Source Force page

Will Avast or AVG Free Antivirus replace Microsoft Security Essentials on Windows XP? (Gamer Headlines) Since Microsoft have cancelled support for Windows XP and may also be seizing support for Microsoft Security Essentials, it may be time for consumers to start looking for another antivirus system such as Avast or AVG

Symantec rolls out threat-intelligence sharing with Cisco, Check Point, Palo Alto Networks (NetworkWorld) Managed security services customers get new data but have to decide whether to apply it

Trend Micro and Broadcom collaborate to provide home gateway security solution (DataQuest) Software suite provides enterprise-grade security with turnkey, user-friendly functionality

Nitro Integrates With Microsoft to Create Secure Document Workflows (ComputerWorld) Document productivity firm Nitro has launched a new integration with Microsoft RMS to provide enhanced security for document workflows

ESET Cyber Security for Mac review: Sophisticated security application with good malware detection (MacWorld) ESET is a Slovakian company, known for its Windows anti-virus software and now offering two versions for OS X — the standard Cyber Security reviewed here, and Cyber Security Pro which adds a personal firewall and parental controls

Tripwire and LifeJourney Launch Virtual Cybersecurity Education Initiative (Digital Journal) Tripwire Inc., a leading global provider of risk-based security and compliance management solutions, today announced that it will lead the Tripwire Cybersecurity Risk Manager LifeJourney Experience for the nation's youth. LifeJourney is a web-based, interactive classroom experience that allows students from middle schools, high schools and colleges to test-drive potential cybersecurity careers by enabling them to live a day in the life of one of America's cybersecurity leaders

Explaining iOS 8's extensions: Opening the platform while keeping it secure (Ars Technica) Comparisons to Android's Intents only tell part of the story

ShoreGroup Receives ISO 27001 Certification for Managed Service Security (Digital Journal) ShoreGroup today announced that it has received its ISO 27001 (ISO/IEC 27001) Certification for managed service security. The ISO 27001 Certification, published by the International Organization for Standardization, is the leading international standard for measuring information security management systems (ISMS). The certification was granted by BrightLine CPAs and Associates, an ANAB accredited Certification Body based in the United States

Technologies, Techniques, and Standards

Cryptography Is Fun, But Your Business Calls for Encryption (SmartData Collective) While it's pretty impressive that Nicolas Cage found a map on the back of the Declaration of Independence using only lemon juice and a hair dryer in "National Treasure," our 21st-century techniques for encoding and decoding information are a little more sophisticated

Identify stolen credentials to improve security intelligence (Help Net Security) Data is the heart of an organization, and IT security teams are its protectors. Businesses spend billions of dollars per year setting up fortresses to safeguard data from anyone who dare try to take it. The latest forecast from analyst firm Canalys has IT security spending increasing to $30.1 billion by 2017. Despite this investment, data breaches are on the rise

Are you prepared to manage a security incident? (Help Net Security) It's the year of the breach. Adobe, Target and eBay fell victim to cyber-attacks and 2014 has already seen the Heartbleed bug impact the majority of organizations across the globe. With attacks getting more advanced and hackers getting smarter, businesses across all sectors are potential targets. It's a case of when, not if, your company will be hit

Big Data needs a data-centric security focus (Help Net Security) CISOs should not treat big data security in isolation, but require policies that encompass all data silos if they are to avoid security chaos, according to Gartner

When you should opt-out of carrier-provided location services (CSO) Privacy advocates list protections needed in AT&T's planned location-based service to prevent credit-card fraud

Facebook Privacy: 10 Settings To Check (InformationWeek) Facebook's latest privacy changes include a number of welcome improvements. Learn how to tweak your settings for the least exposure

Gameover and CryptoLocker revisited — the important lessons we can learn (Naked Security) We recently wrote about an international takedown operation, spearheaded by US law enforcement, against the Gameover and CryptoLocker malware

How to use a cyber war exercise to improve your security program (CSO) 3 lessons learned by the participants of a recent cyber war strategic exercise that offer insights into a pathway for improvement for everyone

Marketplace

Microsoft, China clash over Windows 8, backdoor-spying charges (C/NET) Chinese state-run TV calls Windows 8 a security threat, but Microsoft denies allegations that it uses its OS to collect data from users

The backlash over Snowden could hurt US firms (Microscope) Netscape founder Marc Andreessen has hit the headlines for his comments in a recent interview with CNBC where he labelled Edward Snowden "a traitor". He went further, adding that if someone looked up 'traitor' in the encyclopaedia, they would find a picture of Ed Snowden: "Like he's a textbook traitor. They don't get much more traitor than that"

Stop snooping or face consequences: Microsoft, other tech giants warn U.S. gov't (Tech Times) Microsoft's top lawyer Brad Smith wrote a rather fiery blog post that challenged the U.S. government to "reduce the technology trust deficit it has created." Specifically, Smith wants the government to stop forcing technology companies to provide data about customers outside the U.S., end the bulk collection of phone communications data, reform the Foreign Intelligence Surveillance Court, vow to stop hacking private systems, and reinforce its efforts to increase transparency and privacy protection

Tech companies tout encryption, privacy in wake of NSA docs (Atlanta Journal-Constitution) Several high-profile tech companies are increasing security and privacy in response to the National Security Agency's data collecting practices

Google Is Making it Harder for the NSA to Grab Its Data (TIME) Google and other technology companies are strengthening their defenses against NSA intelligence gathering

Fresh responses emerging to banking security (Microscope) A couple of IT security companies, Tempest Security Intelligence of Brazil and Norwegian company Protectoria, who have ambitions to grow in this country got together at techUK's London HQ to focus on innovations targeting financial institutions

Edward Snowden threw a bucket of hot water on Scandinavia's quest to house the world's data (Quartz) Warmer summers aren't the only thing marching into the Arctic these days—more hot, server-filled data centers are on the way as well. As more companies look to take advantage of colder climates and chilly water to lower the cooling costs of running thousands of servers at full capacity, Scandinavian countries are positioning themselves as data-center locations of choice. However, the geopolitics of surveillance, data privacy and cross-border conflict are melting what were recently relatively calm relations among northern neighbors

NICE Solutions Help Secure the World's Largest Soccer Tournament, Taking Place in Brazil (Wall Street Journal) NICE Situator was chosen as the centerpiece for one of the country's Integrated Management Centers, which serves the safety and security needs of millions of citizens and tourists

FIFA World Cup: Trend Micro goes on offensive to defend fans from Cyber threats (Financial Express) Trend Micro, a global developer of security software solutions, is actively working to help defend against cyber threats related to the 2014 FIFA World Cup Brazil. As the international soccer tournament kicks off on June 12, global attention will be focused on Brazil and the pageantry and spectacle of one of the most popular sporting events

Finmeccanica Opens Cyber Defense Center (Defense News) Italy's Finmeccanica has beefed up its presence in the growing cybersecurity business by opening a cyber attack monitoring and prevention center in central Italy, using a super computer with the power of 30,000 desktop PCs

Sophos Moving Its Cyber Security Support to India (MSPNews) Sophos has confirmed it is moving the "majority of its [computer security] threat response work" to India

Duo Security to move into bigger space in downtown Ann Arbor (Crain's Detroit Business) Duo Security Inc., a fast-growing provider of highly secure, cloud-based authentication services for companies, signed a lease Thursday for much larger space in downtown Ann Arbor

Research and Development

Robots can now officially imitate humans (Quartz) A computer that has convinced humans it is a 13-year-old Ukrainian boy has potentially passed a benchmark for artificial intelligence for the first time

Security Patches, Mitigations, and Software Updates

Patch Tuesday for June 2014 — 7 bulletins, 3 RCEs, 2 critical, and 1 funky sort of hole (Naked Security) The elevator pitch for this month's Microsoft Patch Tuesday is as follows

Debian Urgin Users Patch Linux Kernel Flaw (Threatpost) Several vulnerabilities have been patched in the Linux kernel that could have led to a denial of service or privilege escalation

WordPress Promises SSL on All Domains by End of 2014 (Threatpost) The movement by technology companies to encrypt their respective corners of the Internet continues to gain steam as more and more are enabling SSL and other encryption technologies such as Perfect Forward Secrecy to ward off surveillance and enhance the privacy and security of user data

Cyber Attacks, Threats, and Vulnerabilities

Russia's Information War: Latvian Ambassador, Finnish Strategist Warn On Cyber (Breaking Defense) "We are neighbors of Russia and we have always been realists," Ambassador Andris Razans told me. "Sometimes we might be characterized as alarmists, troublemakers, etc., but I think we are realists"

Follow-up: Syrian Electronic Army responds to attack article (CSO) Earlier this week, Salted Hash published a first-hand account of an attack by the Syrian Electronic Army (SEA) against IDG Enterprise. Later that same day, one of the group's members responded

Some Governments Have Backdoor Access to Listen in on Calls, Vodafone Says (Wired) An undisclosed number of countries have direct backdoor access to the communications passing through the network of telecommunications giant Vodafone, without needing to obtain a warrant, according to a new transparency report released by the company. In these countries, the company noted, Vodafone "will not receive any form of demand for lawful interception access as the relevant agencies and authorities already have permanent access to customer communications via their own direct link"

Aadhaar Data Minefield Threatens to Blow Up in Government's Face (New Indian Express) Your biometric and biographic data collected by Unique Identification Authority of India (UIDAI) for the 12-digit unique Aadhaar number could well be at Fort Meade, the headquarters of NSA, the US spy agency. Intelligence agencies that had forewarned the government two years ago about the vulnerability of Aadhaar data due to involvement of foreign players are livid over latest NSA disclosures that reveal the US is prying on biometric database

NSA Tried to Gain Access to Pakistani Government Database (News Pakistan) The serial on the long tentacles of the National Security Agency (NSA) continues to grow. The NSA intercepts million of people face images circulating on the internet and used for facial recognition software for intelligence, as published on Sunday the New York Times from 2011 documents stolen by Edward Snowden. It is also revealed that NSA tried to access government databases in Pakistan, Iran and Saudi Arabia

More Security Flaws Discovered in OpenSSL — Patch Now! (Lumension) Remember the Heartbleed scare which had you scurrying to change your passwords and worrying about online privacy a few weeks ago? How could you forget it

AVG reveals yet another OpenSSL security flaw (Beta News) OpenSSL, which runs on the servers for many websites, has been having a rough time in recent weeks. We all learned of the near fatal flaw named Heartbleed, which affected quite a number companies and services on the web. Now a new, albeit less severe, flaw has been discovered. Security researchers at AVG have unveiled what they are calling CCS Injection, which the company terms a vulnerability, but points out that it is not easily taken advantage of

efax Spam Containing Malware (Internet Storm Center) Beware of efax that may come to your email inbox. This week I receive my first efax spam with a source address of "Fax Message […]" which contained a link to www. dropbox. com that contained malware. The link has since been removed

What to avoid in Dropbox-related phishing attack (CSO) Criminals are using malware stored in Dropbox in phishing campaign aimed at corporate employees, security researcher says

Game of Thrones cancelled? Beware bogus Java update (Graham Cluley) A message has been spread between Facebook users claiming that the hit TV series "Game of Thrones" has been cancelled

Charles Manson has NOT been granted parole. It's an internet hoax (Graham Cluley) A "news" story has been shared widely across social networks, claiming that the notorious killer Charles Manson has been granted parole

Beware fake tax refund notification emails, claiming to come from HMRC (Graham Cluley) There's a simple truth I've found during my years in computer security. Often, the oldest tricks in the book will work just fine — you don't need to make an attack sophisticated for it to dupe the unwary

TweetDeck Scammers Steal Twitter IDs Via OAuth (Dark Reading) Users who give up their TweetDeck ID are promised 20 followers for free or 100 to 5,000 new followers a day for five days

After Godzilla attack, US warns of traffic-sign hackers (Times of India) After hackers played several high-profile pranks with traffic signs, including warning San Francisco drivers of a Godzilla attack, the US government advised operators of electronic highway signs to take "defensive measures" to tighten security

Is Anonymous Dead, or Just Preparing to Rise Again? (Wired) The hacker collective Anonymous and its factions LulzSec and AntiSec drew widespread attention between 2008 and 2012 as they tore loudly through the internet ruthlessly hacking websites, raiding email spools, exposing corporate secrets and joining the fight of the 99 percent. The groups seemed unstoppable as they hit one target after another, more than 200 in all by the government's count. It seemed no one was beyond their grasp

What it's like to work for a darknet kingpin (Ars Technica) Silk Road staff describe life under Dread Pirate Roberts 2.0

U.K. Ambulance Service Acknowledges Data Breach (eSecurity Planet) The South Central Ambulance Service mistakenly published the age, sexuality and religion of each of its 2,826 staff members

iPhone users in VN safe from recent hacker attacks (VietNamNet) Millions of iPhone users in Vietnam can sigh with relief as BKAV, the best known internet security solution provider in Vietnam, has said that users were not hurt by hacking of many iPhone users in Australia and the US

Two Big Anonymous Hacktivist Pages on Facebook get Verified Badges (HackRead) While surfing Facebook, you must have seen a blue badge indicating verified pages and profiles of famous people such as celebrities, journalists and politicians etc, but looking at verified pages of Anonymous hacktivists was something totally unexpected

Bulletin (SB14-160) Vulnerability Summary for the Week of June 2, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Litigation, Investigation, and Enforcement

Thought better of it: NSA can get rid of evidence, judge says (Russia Today) A federal judge who ordered the National Security Agency to retain all records of its secret telephone surveillance related to an ongoing case has reversed the order — just a day after it was issued

Obama Administration: Preserving Evidence of NSA's Web Surveillance Would Wreck Program (Wall Street Journal) Government responds to suit from civil liberties group seeking details on how monitoring is done

What are the legal obligations to encrypt personal data? (Help Net Security) A new report by UK-based law firm FieldFisher details legal obligations for encryption of personal data resulting from both industry compliance regimes, such as PCI DSS, national laws and local regulations

Feds swoop in, snatch mobile phone tracking records away from ACLU (Naked Security) The American Civil Liberties Union (ACLU) filed a run-of-the-mill public records request about cell phone surveillance with a local police department in Florida

Snowden Explains Why He Won't Come Home in First U.S. TV Interview (Wired) In his first interview with a U.S. broadcasting company since going public with revelations about NSA surveillance last year, Edward Snowden responded to his critics on a number of topics including addressing accusations that he's working for Russia, that he failed to go through official channels to register his concerns about the NSA before going public and that he's a coward for not returning to the U.S. to face espionage charges

Jimmy Wales Blasts Europe's "Right To Be Forgotten" Ruling As A "Terrible Danger" (TechCrunch) Wikipedia founder Jimmy Wales has spoken out against a controversial ruling by the European Court of Justice that requires Google to consider information removal requests from individuals whose data its search engine has indexed

Pirate Bay Co-Founder Had His Computer Hacked, New Evidence Shows (Softpedia) Danish authorities have revealed that there is evidence to support the claims of Gottfrid Svartholm, Pirate Bay co-founder, who says that he did not hack the mainframe computers of a local IT company

Facebook stupidity leads to largest gang bust in NYC history (Naked Security) Kids can be street-smart and Facebook-stupid, to paraphrase how Vice News put it

Guccifer Hacker Who Hacked Bush and Colin Powell Sentenced to Four Years in Prison (HackRead) Guccifer, the hacker who gained notoriety for breaking into emails of the former US president George W. Bush, Gen. Colin Powell entertainment celebrities, some government officials, has been sentenced to seven years in jail by a Romanian court on Friday

Paris Hilton Hacker Heads Back to Jail (eSecurity Planet) If Cameron Lacroix's plea agreement is accepted by the court, he'll be sentenced to four years in prison

Design and Innovation

'I'd like us to move away from the dependency on passwords,' says Facebook engineer (Computerworld) In an ideal world, people would not need a password to log in to Facebook as they would use a hardware token instead, according to Facebook United States engineer Gregg Stefancik

Password dress: A frock covered in security faux pas (C/NET) How weak are your passwords? See if they show up on this unique dress designed to clue the world in to a multitude of common bad passwords

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cyber 5.0 Conference (Laurel, Maryland, USA, June 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure.

What to Consider when Preparing to Purchase Cyber Insurance Webinar (Webinar, June 11, 2014) With the many cyber/data breach insurance policies that are available today, there are important considerations that organizations need to know before purchasing cyber/data breach insurance coverage. Join Christine Marciano, Cyber Insurance Expert and President, Cyber Data Risk Managers for this informative webinar to learn what your organization needs to consider before purchasing cyber/data breach insurance coverage.

NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates. The event will be promoted agency-wide. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel. A complete agenda will be posted once all speakers are confirmed.

SC Congress Toronto (Toronto, Ontario, Canada, June 17 - 18, 2014) SC Congress Toronto is Canada's premier information security conference and expo experience. Join us for this year's SC Congress Toronto on June 17-18, 2014! The two-day gathering brings industry thought leaders together with the latest technology service solutions to provide you with the answers you need to secure your enterprise network.

MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.

SANSFIRE (Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.

26th Annual FIRST Conference (Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.

Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.

AFCEA International Cyber Symposium (Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.

United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, June 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.

INSCOM Cyber Day (Fort Belvoir, Virginia, USA, July 9, 2014) Cyber-industry vendors are invited to participate in the upcoming Cyber Day hosted by the United States Army Intelligence and Security Command (INSCOM), located at Ft. Belvoir. U.S. Army Cyber (AR Cyber) is collocated with INSCOM. This event will provide industry vendors the opportunity to showcase the latest cyber products and demos to the Fort Belvoir INSCOM community in a one-day tradeshow.

SiliconExpert Counterfeit Electronic Component Detection & Avoidance (Webinar, July 10, 2014) Join us for a free 60 minute webinar with Dr. Diganta Das from the University of Maryland's Center for Advanced Life Cycle Engineering (CALCE), which is a research leader in the area of counterfeit electronics prevention and avoidance.

2nd Annual Oil & Gas Cyber Security Conference (Houston, Texas, USA, July 15 - 17, 2014) This highly interactive, hands-on forum will break down each potential cyber threat specific to the oil and gas industry, as well as tackle key issues including managing communication between OT and IT networks and building a technologically sound incident response plan that will enhance the security and protection of ICS and SCADA networks.

Security Startup Speed Lunch DC (Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch. You'll have 6 minutes to pitch your product to a Director or higher-level executive at a private table in an exclusive setting.