The CyberWire Daily Briefing 10.31.14

Special Section

news from CyberMaryland

CyberMaryland 2014 wrapped up yesterday with sessions devoted to technology transition, infrastructure security, business development and entrepreneurship, leadership roles for women and veterans in cyber security, cyber insurance and risk mitigation, cyber education and work force development, and, of course, perspectives on the cyber threat.

The conference closed with recognition of Maryland CyberChallenge's High School Division winners. A Perseverance Award was shared by Marshall Academy (Falls Church, Virginia) and Loyola Blakefield Blue Team (Baltimore, Maryland). Each team member received, from the University of Maryland Baltimore County, either a complimentary security certification course (if they're 18 or older) or a complimentary summer development course (if they're under 18). Second place was taken by Harford Technical High School (Bel Air, Maryland). Harford Tech's team members will each receive a $2000 education grant from NSA. And this year's first-place winners were the students in Loyola Blakefield's Gold Team — they'll each receive a $5000 education grant from NSA. Congratulations and well done to them all.

The National Cyber Security Hall of Fame inducted its class of 2014 yesterday evening. NSA and Cybercom chief Admiral Michael Rogers delivered a keynote in which he again called for new forms of partnership across worlds that ordinarily have little to do with one another, but that can share their passion and achieve a sense of common purpose. "You don't," he reminded the gathering, "have to wear a uniform to serve." Cyber, while a matter of paramount importance to national security, is paradoxically a domain that knows no boundaries, and this paradox should summon a new dialogue that moves beyond simplistic and ill-informed dog-whistling about either liberty or security. He concluded with a call for mutual trust on the part of all cyber stakeholders, and reiterated his organizations' commitment to accountability, the rule of law, acknowledgement of mistakes, and a determination never to cut corners.

The five members of the class of 2014 all spoke briefly and gracefully.

Paul Kocher (designer of SSL 3) warned of three challenging trends: coding is faster, devices are proliferating rapidly, and data are assuming dramatically greater value. These give rise to exponentially larger problems, but to larger opportunities as well.

Vint Cerf (co-designer of TCP/IP, who spoke in absentia) — after confessing feelings of unworthiness of the award — counseled all to "think twice when we roam around the Web," and to always remember that our failures in cyberspace place others at risk.

Phillip Zimmermann (creator of PGP email encryption and developer of VOIP encryption protocols) noted that the law firm Venable was a sponsor of the evening's ceremonies, and recalled his own defense (pro bono) by a Venable attorney in the 1990s, when Zimmermann was under threat of indictment for his crypto work. When he asked why the lawyer had taken his case, the answer was, "I believe you should be able to whisper in someone's ear from a thousand miles away," and those words have stayed with him ever since. In the 1990s, Zimmermann reflected, you had to explain yourself if you were using strong crypto. Now you have to explain yourself if you aren't, and that, he said, "is at it should be."

Steven Bellovin (professor of computer science at Columbia University and a major contributor to encryption and network security) described his realization that insecurity arose from increased system complexity, and that security must be understood and approached as a system problem.

Richard Clarke (former US National Coordinator for Security, Infrastructure Protection, and Counter-terrorism, principally responsible for the first National Plan for Cyber Security) said he agreed with the current Chairman of the Joint Chiefs of Staff that the US needs a new strategy for cyberspace. He also urged those present to accept the invitation of Admiral Rogers to help explain the work of NSA, and to foster the dialogue the Admiral called for.

Summary

By The CyberWire Staff

The US White House continues to remediate the recent intrusion into an Executive Office of the President unclassified network — "suppressing abnormal behavior," is how reports describe the remediation. Network outages, the White House says, were the result of remediation, not hacking. Officials remain coy about attribution, but with much rumbling about "state-sponsorship." (Observers use the event as an opportunity to note that breach detection is at least as important as perimeter defense.)

South Sudan's official accusations that Huawei was engaged in malicious activity on some of their networks continue to receive attention. Other reports suggest that Sony Xperia phones are collecting user data and reporting them to servers located in China. India's concerns about the security of Xiaomi phones are compounded by a Taiwanese researcher's claims that Xiaomi servers are vulnerable to a recently discovered zero-day.

The US Department of Homeland Security amplifies warnings of malware targeting industrial control systems: apparently GE and Siemens systems (unsurprisingly, given their market share) are in the attackers' crosshairs.

As feared, Brazilian criminals have begun to hit US banks with bogus chip-and-PIN transactions.

Criminal carders are using a new, automated platform — "Voxis" — to monetize their haul by sending stolen charges to gateway processors.

CSO has a useful Drupal roundup. Dark Reading says patching seems unable to keep up with Shellshock exploits.

As banks push law firms to improve their cyber security, retailers increase cyber attack information sharing (and woof at credit unions over data breaches).

NIST releases SP800-150 (Cyber Threat Information Sharing) for comment.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, China, Colombia, Denmark, Estonia, European Union, NATO, Russia, Taiwan, United Kingdom, and United States.

Next week the CyberWire will be covering the National Initiative for Cybersecurity Education Conference and Expo, running November 5 and 6.

Selected Reading

Baltimore: the latest from CyberMaryland 2014

CyberMaryland Conference (Federal Business Council) See the CyberMaryland 2014 agenda here

How NSA Director Wants to Build an IoT Security Coalition (eWeek) Admiral Michael Rogers is preparing a coalition of government, military and commercial interests to fight a global cyber war if necessary

Maryland's cyber security strategy: Avoid boneheaded mistakes (Baltimore Business Journal) State and local governments can't prevent hackers from trying to break into its systems. But they can make sure employees don't make the task any easier for attackers

Why startups shouldn't just take money from anyone who's offering it (Baltimore Business Journal) Raising money is an important step to getting any startup off the ground — but it's not the most important

DBED inks cyber partnership with Dutch security cluster (Technical.ly Baltimore) The Hague Security Delta includes more than 400 Dutch companies

Cyber Attacks, Threats, and Vulnerabilities

Are the White House Hackers Gone? (Nextgov) Efforts to suppress abnormal behavior on an unclassified White House network continue, according to Obama administration officials

White House Hack: A Lesson Learned (GovInfoSecurity) Breach detection just as important as perimeter defense

Huawei accused of hacking and forging government documents in South Sudan, raises security concerns (Telecomtiger) Chinese telecom major Huawei is again in trouble for breaching cyber security on International level. This time it is accused of forging government documents and hacking government emails in South Sudan, according to a report published in Epoch Times

Xiaomi servers allegedly prone to zero-day attack that steals confidential data (Tech 2) Following reports of the security loophole in Xiaomi phones that causes them to send user data, including the user's IMEI, phone number, and phonebook contacts to remote servers, now a Taiwanese security expert has raised another security alarm against Xiaomi devices. According to the expert, Xiaomi devices are vulnerable to zero-day attacks which can compromise attacked systems or steal confidential data

Sony Xperia Smartphones Spying On Users, Sending Data in China (HackRead) Sony Xperia devices are found to be spying on its users and believed to be sending all the user data to their servers in China

Computer Spies Target Control Systems Made by GE, Siemens (Wall Street Journal) Disclosure underscores risk of connecting public utilities to Internet to make them more efficient

What you need to know about the Drupal vulnerability CVE-2014-3704 (CSO) Do you use Drupal for your personal website? Does your company use Drupal? Can't recall the last time it was patched? It is a safe bet to assume that you've already been compromised. Here's what to do next

Shellshock Attacks Stack Up (Dark Reading) Organizations are unable to keep up with patching processes and find incident response practices lag in wake of Bash bug

Brazilian Fraudsters Hit US Banks with Fake EMV Card Transactions (Infosecurity Magazine) A concerning pattern of credit- and debit-card fraud from Brazil is targeting US financial institutions, with big implications for banks implementing the smart-card approach to card security known as EMV, or chip-and-PIN

Free government-penned crypto can swipe identities (The Register) Beware of Australians bearing gifts

Cyber crime tool automates monetization of stolen payment cards (Help Net Security) Cyber criminals who have acquired stolen payment card information and wish to make the most of them can now simply buy professional-looking software that will automate the sending of stolen card charges to multiple gateway processors

How bots and zombies work, and why you should care (Naked Security) We regularly write about "bots", or "zombies," malicious programs that let cybercriminals take over your computer from afar

Beware of the malware walking dead (SC Magazine) It's Halloween — goblins, ghouls and ghosts gather in haunted houses and corporate offices alike. In security, while we've spent a good portion of 2014 focused on trick-or-treaters of the "advanced persistent threat" and "cybercrime" varieties, this Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly. By zombies, I mean recycled tools and techniques from years gone by that have come back from the dead and are increasingly used in modern attacks

Smart meter hacking risk (Electronics Weekly) Auditing firm KPMG warned of smart meter security risks at the Westminster Energy, Environment and Transport Forum

You May Have Opened the Door to Your Biggest Business Threats (CMS Wire) The challenges you'll face when integrating video into your CMS

Hackers Probing the Financial System Show Reason to Worry (Bloomberg) Hackers are testing the financial system's cyber defenses, and they can boast of some alarming success

Epidemic of medical data breaches leaking our most sensitive information (Naked Security) We're all sick of data breaches and privacy intrusions, with just about every new day bringing new stories of shops, banks and restaurants leaking epic amounts of customer information and celebrities having their intimate snaps spread around the internet

Bulletin (SB14-300) Vulnerability Summary for the Week of October 20, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Security Patches, Mitigations, and Software Updates

Vulnerabilities found in more command-line tools, wget and tnftp get patches (CSO) The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities

Microsoft patches GroupMe 'full account' hijack hole (The Register) Researcher rates Redmond after rapid responds to rathole reveal in Group TXTing app

Microsoft releases stopgap POODLE protection for Internet Explorer (CSO) Next Patch Tuesday is Nov. 11, but a Fixit tool disables SSL 3.0 in the meantime

Android 5.0 Lollipop Upgrades Encryption, Application Control (Threatpost) Google, like most technology companies in this climate, is fighting for the security and privacy of its users' data on several fronts. With a mobile application ecosystem that invites trouble and government demands for user content and information continuing to rise

Cyber Trends

Cyber-Attackers Speeding Up Exploits of Known Software Flaws (eWeek) Increasing evidence suggests that the time between the public disclosure of a security flaw and its widespread exploitation is shrinking

Amid High-Profile Breaches and Shellshock Disclosure, Solutionary SERT Q3 Threat Intelligence Report Reveals Inadequate Levels of Incident Response Preparedness (Marketwired) 67 percent of Shellshock signatures tied to known malicious sources; top ISPs continue to be used as malware hosts

Emerging Cyber Threats Report 2015 (Georgia Institute of Technology) Over the last year, information and technology have become more tightly intertwined in our lives

Welcome To My Cyber Security Nightmare (Dark Reading) Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night

Digital Life in 2025: Cyber Attacks Likely to Increase (Pew Research Center) Experts believe nations, rogue groups, and malicious individuals will step up their assaults on communications networks, targeting institutions, financial services agencies, utilities, and consumers over the next decade. Although most expect there will be more attacks, many predict effective counter moves will generally contain the damage. Some say there is now and will continue to be a 'Cold War' dynamic that limits severe harm due to the threat of mutually assured disruption. Some say the threat is 'exaggerated'

Futurology: The Cyber Attack Might Be Coming (US News and World Report) In 2004, experts predicted a devastating attack by 2014. It hasn't happened, but are we in the clear?

Major cyberattack coming, experts warn (The Hill) Cybercrime costs the global economy an estimated $400 billion a year, and as it grows in scale and sophistication, law enforcement is having to do the same

How Y2K Changed the Field of Cybersecurity Technology (Security Magazine) When looking at the cyber technology market over the past 15 years, it is evident that the catalyst for cyber evolution was Y2K. Prior to the Y2K frenzy, "cybersecurity" was masked in the systems engineering function, and external threats consisted of hackers looking to leverage free computing capabilities with very little focus on information/data access or network destruction

CurrentC Scuffle With Apple Pay Highlights Consumers' Security Concerns (Forbes) This week's skirmish over digital wallet turf brought out the real apprehension shoppers feel over data security

The security threat of unsanctioned file sharing (Help Net Security) Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies and place company data in jeopardy, say the results of the "Breaking Bad: The Risk of Unsecure File Sharing" report by Intralinks Holdings and Ponemon Institute

Marketplace

Company boards 'not prepared' for cyber attacks (Financial Times) Cyber attacks are a growing threat to businesses but board-level executives do not have a grip on the problem, according to investors and industry experts

Why Big Banks Are Cracking Down on Law Firm Security Gaps (Cyveillance Blog) Even before this summer's spate of breach announcements by some of the country's biggest institutions, financial industry regulators had begun urging banks — and their vendors — to step up their cyber security programs. Various regulatory bodies, including the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority, are now seeing increasing urgency in examining the preparedness of brokerages, banks, and credit unions for dealing with cyber threats, according to an article last week in the New York Times

Retailers Now Actively Sharing Cyberthreat Intelligence (Dark Reading) The retail industry's R-CISC has been up and running for four months now and is looking for more retailers to sign up

Retailers accuse credit unions of talking smack about card breaches (Ars Technica) Letter calls out credit unions for spreading "misleading" info to media, Congress

The Bill for Cybersecurity: $57,600 a Year (Bloomberg BusinessWeek) Hackers have made the Internet a scary place to do business, as recent headlines attest. Big companies have been hacked. Small companies have been hacked. As the Pew Research Internet Project reported earlier this week, cyberattacks are likely to get worse

Motorola is now officially part of Lenovo (Ars Technica) Lenovo and Motorola say they will continue to ship stock Android devices

Lockheed plans new health IT acquisition (Washington Technology) Lockheed Martin is acquiring Systems Made Simple, a health IT company that just cracked the Washington Technology Top 100 for the first time this year

Endgame Reports Record Growth for 2014; Adds Two New Executives (PRNewswire) Endgame, Inc., a leading provider of security intelligence and analytics solutions that give enterprises real-time visibility and actionable insight across their digital domains, today announced record growth for 2014. In the first three quarters of 2014

Fortscale Joins McAfee Security Innovation Alliance (Fort Mill Times) Company is showcasing Its User Behavior Analytics Solution at FOCUS14 McAfee Security Conference in Las Vegas

Products, Services, and Solutions

Facebook announced it is now providing direct access to its service over the TOR network (VentureBeat) In an early morning blog post, no doubt targeted at overseas users, Facebook is experimenting with providing direct access to it social network over TOR network

Petition targets Apple over 'spyware' in OS X Yosemite (CSO) Spotlight results spark privacy concerns

McAfee security products to gain integrated threat intelligence feeds (TechTarget) Customers and partners like the new effort by the Intel-owned security vendor to integrate threat intelligence feeds with all of its existing products, but analysts are leery of lacking threat intelligence standards

Top 10 Municipal Government Selects HawkEye G for Advanced Threat Protection (Nasdaq) Hexis Cyber Solutions (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (Nasdaq:KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, today announced that HawkEye G has been selected by a top 10 U.S. municipal government for advanced threat detection and automated malware removal. This municipal government will also deploy HawkEye AP to collect, store, and analyze mass quantities of event data

CBTS Advanced Cyber Security Earns the NSA's Prestigious Cyber Incident Response Accreditation (BusinessWire) CBTS, a leading technology solutions provider, today announced that its Advanced Cyber Security division has earned the National Security Agency's (NSA) Cyber Incident Response Assistance (CIRA) certification. The NSA uses this new accreditation to show that they have vetted the people, policies, and procedures of an organization and declared them to be the state-of-the-art capabilities needed for rapid cyber security support to high-level government agencies

Policy Patrol 10 Boosts Email Security And Threat Prevention For Exchange (Business Solutions) Red Earth Software, developers of email management solutions, recently released Policy Patrol version 10, the latest version of their email security software for Microsoft Exchange Server. Policy Patrol 10 offers increased protection from email security risks with improved anti-phishing and integrated multi anti-malware scanning, along with an improved user interface and new dashboard

Technologies, Techniques, and Standards

NIST Guide to Cyber Threat Information Sharing open for comments (Help Net Security) NIST has announced the public comment release of Draft Special Publication (SP) 800-150, Guide to Cyber Threat Information Sharing

Biggest ever cyber security exercise in Europe is underway (Help Net Security) More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA)

Chip & PIN vs. Chip & Signature (KrebsOnSecurity) The Obama administration recently issued an executive order requiring that federal agencies migrate to more secure chip-and-PIN based credit cards for all federal employees that are issued payment cards. The move marks a departure from the far more prevalent "chip-and-signature" standard, an approach that has been overwhelmingly adopted by a majority of U.S. banks that are currently issuing chip-based cards. This post seeks to explore some of the possible reasons for the disparity

Next-generation malware: Think like the enemy and avoid the car alarm problem (SC Magazine) When it comes to enterprise security, one rule remains constant — attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses. Next-generation malware attacks are VM evasive, can come via social engineering or physical delivery (a USB drive), and be targeted to a specific folder, or application, that a business is known to use regularly. Some attacks have the ability to hide in plain sight, lulling sandboxing technologies into thinking that they are benign until a pre-programmed date. Multi-state and multi-vector attacks, coming from different places, are an increasingly common tactic of next-gen malware

Anything You Post Can and Will Be Used Against You (Tripwire: The State of Security) Undoubtedly, we've all found ourselves surfing the web for answers when we stumble upon someone we know, posting something that piques our curiosity on social media. After all, isn't that one of its purposes?

CSAM Month of False Postives — False Positives from Management (Internet Storm Center) Often the start of a problem and its solution is receiving a call from a manger, project manager or other non-technical decision maker. You'll know going in that the problem is absolutely real, but the information going in might be a total red herring

3 ways to make your Gmail account safer (Naked Security) Following on from our detailed guide to securing your webmail, here's a quick breakdown of how to make the most important fixes, for users of Google's Gmail

Design and Innovation

Changing the Way We Fight Malware (Security Watch) Microsoft is sitting on an absolute gold mine of information. The Malicious Software Removal Tool (MSRT) running on billions of computers worldwide and every Windows Update process sends a ton of non-personal telemetry back to Microsoft Central. This data could help antivirus companies and academic researchers develop better ways to fight malware. In a keynote speech for the 9th IEEE International Conference on Malicious and Unwanted Software (Malware 2014 for short), Microsoft's Dennis Batchelder explained just what the software giant plans to do with all that data and it's not what you might expect

Hacker Dreams Up Crypto Passport Using the Tech Behind Bitcoin (Wired) If bitcoin's true believers ever found their tax-free libertarian utopia, Christopher Ellis could be in charge of the passport office

My Fascination with Daniel Krawisz and his Negative Stance on Altcoins (Bitcoin Magazine) Daniel Krawisz has made a name for himself as the philosophical opponent to competing currencies. He takes issue specifically with competing crypto currencies such as Litecoin, Dogecoin, and other alternatives to Bitcoin

10 open source tools to make Docker even more powerful (IT World) Better management, Web front ends, improved visibility into container apps — the Docker ecosystem is evolving quickly, thanks to its vibrant open source community

Research and Development

Cars, toasters, medical devices add to DHS's cyber headaches (Federal News Radio) Cars, medical devices and even toasters are among the facets of life that are quickly becoming Internet based. This is why the Homeland Security Department already is working on cybersecurity technologies for these and many other everyday devices

Experts warn that using big data to predict terrorist threats won't work (FierceHomelandSecurity) Canada is considering beefing up surveillance laws to collect more information about its citizens, who travel abroad, and share it with international partners as a way to spot and prevent home-grown terrorism. But experts say there's no evidence that such methods can actually work

Academia

IBM Boosts Cyber Security Education Efforts (eSecurity Planet) IBM is investing in outreach to universities in a bid to better educate future security professionals

Students Attend CSI CyberSeed Challenge (Syracuse University iSchool Newsroom) Last week, four students from the School of Information Studies (iSchool) ) traveled to the University of Connecticut to compete in the CSI CyberSeed Capture the Flag Challenge

Legislation, Policy, and Regulation

Nato frontline in life-or-death war on cyber-terrorists (Guardian) From attackers trying to bring down planes to criminals targeting banks, the danger is growing

Proposed bill calls for more oversight and accountability for Canada's electronic spy agency (Ottawa Citizen) There will be a second reading of the CSEC Accountability and Transparency Act this afternoon in the House of Commons (as this is being posted)

U.S. Chamber Warns Cyberattack Disclosures Could Hurt Corporate Profits (Wall Street Journal) Chamber tells SEC mandatory disclosures could 'paint a target' on companies' backs

US military to secure cyberspace (Mybroadband) The US military is looking to flex its muscles in cyberspace as a "deterrence" to hackers eyeing American targets

VA Buckles Down On Cyber Security, Program Management (InformationWeek) Agency refocuses IT priorities on data protection, on-time project delivery to overcome past poor performance

Litigation, Investigation, and Law Enforcement

Rogers downplays NSA moonlighting controversy (Fedscoop) One of the first things Adm. Mike Rogers did when he took the helm as the 17th director of the National Security Agency was ask his staff to find ways to, in his words, "create a more permeable membrane" between the private sector and the agency so stronger partnerships could be developed. Now, just six months later, it seems that membrane may have some holes that allowed a couple of senior agency officials to keep one foot in the NSA and its secrets, and the other foot in private enterprise with all of its monetary temptations

'Whistleblowers do incredible damage to US intelligence' (Russia Today) When it comes to dealing with terrorism US intelligence community feels like it operates with one hand tied behind their back because of whistleblowers like Snowden and Manning, intelligence analyst Glenmore Trenear-Harvey told RT

Colombian Senate to Examine Peace Process Sabotaging Attempts PDF Imprimir E-Mail (Prensa Latina) Colombian senator Iván Cepeda assured he will promote a debate on the attempts to jeopardize the peace process in Havana between the government and the guerrilla FARC-EP

AOL Releases Transparency Report, Lobbies for USA Freedom Act (Threatpost) Noting that Saturday was the 13th anniversary of the passage of the USA PATRIOT Act, the Web giant AOL this week released its latest transparency report, detailing estimations of how many Foreign Intelligence Surveillance Act (FISA) orders and National Security Letters (NSLs) it's received in the last six months

Police vs cartels in the high-tech battle to stop cybercrime (CNN) Cybercrime costs the global economy an estimated $400 billion a year, and as it grows in scale and sophistication, law enforcement is having to do the same

What cops need to know about Apple's iOS 8 lockout (Forensic Focus) In mid-September, Apple rolled out iOS 8 for users of the more recent models of the iPhone, iPad, and Mac computers

NYPD Commissioner vows to push against Apple, Google smartphone encryption (HackRead) NYPD Commissioner Bill Bratton has vowed to push for legislation against the two tech giants after they announced new operating systems that come with encryption, preventing access to law enforcement officers

Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide (Intercept) When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn't be able to unlock evidence on criminals' digital devices. What they didn't say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept

Pirate Bay co-founder faces up to six years in jail (ComputerWeekly) Pirate Bay co-founder Gottfrid Svartholm Warg faces up to six years in jail after being convicted of hacking computers in Denmark

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

National Initiative for Cybersecurity Education Conference and Expo (Columbia, Maryland, USA, Nov 5 - 6, 2014) The NICE 2014 Conference and Expo features thought leaders from education, government, industry and non-profits to address the future cybersecurity education needs of the nation

Cyber Threats to Critical Infrastructure: A Discussion of Challenges, Responses and Next Steps (Herndon, Virginia, USA, Nov 18, 2014) The vulnerability of the nation's critical infrastructure to cyber attack or disruption, whether from nation-states, non-state actors, hackers or disgruntled insiders, is of increasing concern to both the government and the private sector. INSA's Homeland Security Intelligence Council and Cyber Council are bringing together a panel of nationally-recognized experts to respond to a fictional scenario involving a cyber attack on critical infrastructure in the energy sector

BSidesToronto (Toronto, Ontario, Canada, Nov 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"

Tax Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, Dec 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the latest details on the Maryland Small Business Financing Authority's newest program for small businesses looking for investment dollars

Cyber 6.0 (Laurel, Maryland, USA, Jun 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure. While locally sponsored and organized, the conference has national reach

Upcoming Events

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, Oct 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, Oct 30 - Nov 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America

FS-ISAC EU Summit 2014 (London, England, UK, Nov 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its EU Summit will feature sessions of interest to both security professionals and the financial sector

POC2014 (Seoul, Republic of Korea, Nov 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer.

Bay Area SecureWorld (Santa Clara, California, Nov 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, Nov 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users in attendance, and this is a unique opportunity to learn about new tools and provide feedback

Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, Nov 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges and set the precautions framework, but most importantly to provide the necessary tools, insights and methodological steps for constructing a successful mobility policy. These policies will fulfill the BYOD prophecy of increased productivity, employee satisfaction, cost savings and corporate competitive advantage

NICE 2014 Conference and Expo (Columbia, Maryland, USA, Nov 5 - 6, 2014) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. An ecosystem of technology providers, policy makers, legal expertise, banking, insurance, devices, educational programs and devices have emerged to deal with the cyber security issues that have become commonplace. In turn, the marketplace has responded by demanding a new workforce capable of taking on this challenge

Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, Nov 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the current threat of cyber security and how it is affecting US corporations. CLE credit is available on certain panels

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.