The CyberWire Daily Briefing for 3.13.2014
Cyber operations continue to be regarded as a hostile action short of war—more espionage than combat—or so is the upshot of a Christian Science Monitor overview of the Crimean crisis. In this case espionage does appear the right classification, since the most prominent tool deployed (or at disclosed) so far is the cyber-spying framework Snake.
Kaspersky thinks Snake emerged from Agent.btz, whose employment against US Central Command was discovered in 2008. The Register reports Agent.btz's other progeny may include Red October, Turla, Flame and Gaus. US authorities have said they "strongly suspect" Russia's FSB (and so does just about everyone else).
Turkish hacktivists resume protest of a death during Instanbul's Gezi demonstrations with defacement of a key Prime Ministerial advisor's official Twitter account.
Flight MH370's disappearance remains mysterious, and speculation inevitably turns to the possibility that a cyber attack brought the aircraft down. ITProPortal admits, properly, that such speculation is at best based on a priori possibility (at worst on paranoia), but then gives a useful lay summary of commercial air's attack surfaces.
Azimuth Security reports that Apple iOS 7 suffers from a weak random number generator that "threatens kernel exploit mitigations."
A researcher believes he's found a backdoor in Samsung Galaxy devices.
WhatsApp dismisses reports of vulnerabilities as overblown.
Lockheed Martin acquires Industrial Defender, a commercial cyber play.
US Senator Feinstein's sharp accusations of CIA finagling with Senate networks (including claims of Presidential involvement) await the Administration's answer. Bills to restrict surveillance gain in the US House.
Notes.
Today's issue includes events affecting Canada, China, Germany, Italy, Kazakhstan, Latvia, Lithuania, Malaysia, Netherlands, Poland, Romania, Russia, Spain, Turkey, Ukraine, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Russia's cyber weapons hit Ukraine: How to declare war without declaring war (Christian Science Monitor) By targeting the Ukrainian government with a cyber weapon, the Russians are able to effectively engage in an aggressive, kinetic act without actually declaring war, or other countries reacting like it is an act of war. This will not last forever
Ukraine was bitten by sophisticated cyber virus Snake during Crimea tension: Did Russia set it loose? (TechTimes) Aside from protesters who wanted to kick out President Viktor Yanukovych of Ukraine, there was also turmoil in its corner of cyberspace. A new report has revealed that computer networks in the country were attacked by a Snake malware
Agent.BTZ Malware May Have Served as Starting Point for Red October, Turla (Threatpost) Researchers looking into the recently uncovered Turla, or Snake, cyber espionage campaign have discovered some similarities connecting it to older pieces of malware such as Agent.btz, the worm that several years ago infected U.S. military networks and eventually caused the Department of Defense to ban the use of USB drives. However, there is not enough evidence to suggest that the two pieces of malware were created by the same authors, researchers say
Agent.BTZ spyware hit Europe hard after U.S. military attack: security firm (Reuters) A mysterious computer virus believed to be from Russia infected hundreds of thousands of PCs around the globe after attacking the U.S. military's Central Command in an unprecedented breach uncovered in 2008, according to the details of new research released on Wednesday
New fear: Worm that ransacked US military PCs was blueprint for spies' super-malware (The Register) Secret stealer spawned spooks' snoop stooge, it seems. A mystery worm that burrowed into US military computers to steal secrets six years ago may have inspired the development of subsequent government-grade malware Red October, Turla, Flame and Gaus
Twitter account of Turkish PM's top adviser hacked, messages left against Berkin Elvan's death (HackRead) A group of Turkish hackers have hacked the official Twitter account of Mustafa Varank, who is a top political advisers of Prime Minister Recep Tayyip Erdoğan. Hackers defaced the Twitter account, posting messages and images in solidarity with the protests in memory of Berkin Elvan, a 15-year-old teenager who died March 11 after being in
Could a cyber attack have brought down Malaysia Airlines Flight MH370? (ITProPortal) Malaysia Airlines Flight MH370, a Boeing 777 with 239 passengers and crew on board, departed Kuala Lumpur in Malaysia on 8 March at 12:21am local time en route to Beijing
Weak Random Number Generator Threatens iOS 7 Kernel Exploit Mitigations (Threatpost) The Early Random Pseudo-Random Number Generator in Apple iOS 7 returns predictable outcomes threatening kernel exploit mitigations native to the mobile operating system
Samsung Galaxy backdoor discovered that enables remote read/write access (Neowin) One of the major issues with closed source operating systems is that there is no independent code review: you can never truly tell what is happening. Backdoors that have been placed in a device, maliciously or otherwise, could allow an attacker to have the power to wreak havoc on an unsuspecting victim
Malicious Messages Foray Facebook (Malwarebytes Unpacked) In yet another method for cyber criminals to utilize the world's most popular social networks for their own nefarious purposes, it appears a trojan is circulating through Facebook, stealing accounts and (probably) taking creds
Account-hijacking Trojan spreads via Facebook messages (Help Net Security) Private messages delivering what seems to be an image are spreading like wildfire on Facebook, as the file in question triggers the download of a Trojan that compromises the victims' computer and Facebook account to spread the malware further
Facebook security and privacy pitfalls (Help Net Security) In this interview, Andrei Serbanoiu, Online Threats Researcher at Bitdefender, discusses Facebook security and privacy pitfalls, the dangers of sharing on the social network, and offers insight for CISOs
WhatsApp Says Reports Of Security Flaw Are 'Overstated' And Not Accurate (TechCrunch) WhatsApp — the popular messaging app with 465 million users acquired by Facebook for $19 billion last month — came under fire earlier this week after tech consultant Bas Bosschert published a blog post explaining how malicious developers can access your messages via the microSD card, and the post went viral
Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It (BloombergBusinessWeek) The biggest retail hack in U.S. history wasn't particularly inventive, nor did it appear destined for success. In the days prior to Thanksgiving 2013, someone installed malware in Target's (TGT) security and payments system designed to steal every credit card used at the company's 1,797 U.S. stores. At the critical moment—when the Christmas gifts had been scanned and bagged and the cashier asked for a swipe—the malware would step in, capture the shopper's credit card number, and store it on a Target server commandeered by the hackers
What Justin Bieber's Twitter Hack Teaches Us About Social Media Security (Forbes) Justin Bieber's 50 million follower strong Twitter account was hijacked briefly a couple of days ago and now that the dust has settled it seems like a good opportunity to review how these attacks happen and what all of us (pop stars included) should learn about Twitter security. I'll briefly recount the attack, but if you just want the advice skip to the later section of this article for the top Twitter (and general social media) security tips
UM data breach slightly smaller than thought (Baltimore Sun) A cyber attack at the University of Maryland, College Park, affected 21,499 fewer people than originally thought after an analysis revealed the database contained some incomplete and inaccurate data, university officials said Wednesday
Harvard Law National Security Journal Hacked, Abused to Promote Rogue Pharmacies (Softpedia) The website of the Harvard Law School National Security Journal has been compromised. The attackers are abusing the site to promote various rogue pharmacies
Ethical hacker backer hacked, warns of email ransack (The Register) Switches registrars, tightens security after 'upsetting' incident. The IT security certification body that runs the Certified Ethical Hacker programme has itself been hacked
Police Ransomware threat of huge Fine forced Family to Commit Suicide (The Hacker News) Till Now we all have heard about the Ransomware Malware that encrypts your files or lock down your computer and ask for a random amount to be paid in a specified duration of time to unlock it, but this cyber threat has forced somebody for the terrible murder and suicide. It's true! This could be an extent of Ransomware that has marked its history by someone's blood
Anatomy of a Control Panel Malware Attack, Part 1 (TrendLabs Security Intelligence Blog) Recently we've discussed how Control Panel (CPL) malware has been spreading in Latin America. In the past, we've analyzed in some detail how CPL malware works as well as the overall picture of how this threat spreads. In this post, we shall examine in detail how they spread, and how they relate with other malicious sites and components
Deep Web to further challenge law enforcement: Trend Micro (Zee News) The 'Deep Web' community will further challenge the authority of law enforcement agencies around the globe this year, cyber security solutions firm Trend Micro said today
Criminal attacks on healthcare increase 100 percent (Help Net Security) As millions of new patients enter the U.S. healthcare system under the Affordable Care Act, patient records have become a smorgasbord for criminals
Security Patches, Mitigations, and Software Updates
IE zero-day flaw shows kinks in Microsoft patching (CSO via NetworkWorld) The speed at which cybercriminals exploited an Internet Explorer vulnerability discovered in mid-February and finally patched Tuesday demonstrates the snags in Microsoft's security update system
Windows XP Security Issues: Fact Vs. Fiction (InformationWeek) Are you prepared for the end of Microsoft support for Windows XP next month
Chrome Releases (Google Chrome Team) Stable Channel Update: The Stable Channel has been updated to 33.0.1750.149 for Windows, Mac, and Linux
About the security content of Apple TV 6.1 (Apple Support) This document describes the security content of Apple TV 6.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website
About the security content of iOS 7.1 (Apple Support) This document describes the security content of iOS 7.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website
Yahoo Mail Security Strengthened on iOS 7.1 Devices (Softpedia) Internet giant Yahoo is offering an updated version of its Mail app for iPhone and iPad customers who downloaded the latest firmware version from Apple this week. The security-centric update deals with image blocking, according to the release notes
Cyber Trends
Internet in 2025: 5 Intriguing Predictions (InformationWeek) How will the Web evolve over the next decade? Technology experts weigh in
Why You Should Embrace Surveillance, Not Fight It (Wired) I once worked with Steven Spielberg on the development of Minority Report, derived from the short story by Philip K. Dick featuring a future society that uses surveillance to arrest criminals before they commit a crime. I have to admit I thought Dick's idea of "pre-crime" to be unrealistic back then. I don't anymore
Is Hollywood the next hacking target for China? (Los Angeles Times) As the movie industry becomes a growing economic force in China, a new report predicts that Hollywood may become the next target for state-sponsored hacking efforts by that country's government
Marketplace
European security firms capitalise on paranoia post surveillance debacle (AFP via NDTV) European IT security firms have flocked to the world's biggest high-tech fair with hopes of benefiting from the fallout from shock revelations of mass US and British spying
Experts: Filling CISO role just first step for Target security program (TechTarget) Veteran industry chief information security officers said Target Corp.'s decision to create a dedicated CISO role is a good move in the wake of its massive 2013 holiday data breach, but cautioned that filling that role is only the first step toward improving its beleaguered security program
To Streamline Defense Acquisition Process, Position Government as Integrator, Says New Survey (MarketWatch) Reform would bring services that better meet warfighter needs, greater interoperability among systems
Cyber Insurance: 6 Facts You Should Know (eSecurity Planet) Protecting your data is one thing, but what about insuring it? If you are considering cyber insurance, here are some facts you need to know
Marillyn Hewson: Lockheed to Buy Industrial Defender for Commercial Cyber Push (GovConWire) Lockheed Martin (NYSE: LMT) has moved to expand its cybersecurity business by agreeing to buy Foxborough, Mass.-based Industrial Defender for an undisclosed amount
Palantir's in no hurry to go public (Silicon Valley Business Journal) Don't hold your breath waiting for intelligence Big Data analytics specialist Palantir to go public
Simpson Snags More Blackstone Work, as Cybersecurity Stays Hot (American Lawyer) The latest noteworthy deal in the expanding cybersecurity sector finds Simpson Thacher & Bartlett advising longtime private equity client The Blackstone Group on its purchase of a majority stake in Denver-based Accuvant from Sverica International, which are being advised, respectively, by lawyers from Holland & Hart and Cooley
KEYW Announces Award of $8 Million Prime Contract to Provide Software Development and Open Source Data Management Support (MarketWatch) The KEYW Holding Corporation KEYW -1.79% announced today it has received a prime contract to provide software development support for a content management platform, providing collection, processing and analytics of open source data for a U.S. based customer. The single-award contract comprises a base period of performance with 1 option year with an initial value of $8 million
Vupen cashes in four times at Pwn2Own (Threatpost) It's become a familiar walk for Chaouki Bekrar. Year after year at the Pwn2Own contest, the controversial Vupen founder is scurried from a small room in the basement of the Sheraton hotel to a suite several floors above. It's a short journey from where a string of zero-day exploits are executed to where formal disclosure is made to the vendor in question. It's also where payment is arranged, and on this day, exclusivity is promised to HP's Zero Day Initiative
Frost & Sullivan Recognizes FireEye With 2014 Global Web & E-mail Content Security Customer Value Enhancement Award (Wall Street Journal) FireEye, Inc. (Nasdaq:FEYE), the leader in stopping today's advanced cyber attacks, has been recognized by Frost & Sullivan with the 2014 Global Web & E-mail Content Security Customer Value Enhancement Award. The award, based on the findings of Frost & Sullivan's Global Research Platform and TEAM research methodology, recognizes how the FireEye virtual machine-based security platform has excelled in addressing the needs of customers looking for protection against advanced cyber attacks
How St. Louis is solving the programmer shortage (ITWorld) Dozens of companies in St. Louis can't hire good programmers. It isn't from lack of trying, or resources: they have the money, the open positions, and the need. The problem in the past has been explained that either they can't find them or don't know where to look. But there is a third possibility: the coders exist, they just need some training to get started. That is where an effort called LaunchCode comes into play
Steve Harris Appointed Dell Federal VP, GM (GovConWire) Steve Harris, a 16-year sales veteran at Dell and an executive in the company's public business group, has been appointed vice president and general manager of the technology maker's federal government organization
Bruce Schoemer Named Chief Technology Officer of Camber Corporation (IT Business Net) Camber Corporation announced today that Bruce Schoemer has been promoted to Executive Vice President and Chief Technology Officer
Products, Services, and Solutions
Compliance, video portals could shake SharePoint partners (FierceContentManagement) Enterprises have enjoyed a mutually beneficial relationship between developer partners and Microsoft's SharePoint for some time—allowing the nearly ubiquitous software to jive with legacy systems and business-specific tools. But compliance and video updates unveiled at last week's SharePoint Conference in Las Vegas, could unnerve some of the partners on which Microsoft relies
CSG Invotas Offers CISOs A Revolutionary Approach To Threat Mitigation (Information Security Buzz) CSG Invotas offers CIOs and CISOs a revolutionary approach to threat mitigation and eradication. Instead of simply detecting and analyzing intrusions, Invotas provides proven automation and orchestration solutions that respond in real time to cyber attacks. Invotas taps decades of CSG's deep domain expertise in complex automated workflow technologies to dramatically reduce the time it takes to identify an intrusion and take immediate action to protect against attack proliferation
du Partners With Procera Networks to Deliver Enhanced Customer Experience and Network Optimisation (IT Business Net) Procera Networks, Inc. (NASDAQ: PKT), the world's leading provider of network
Netwrix releases six new auditing solutions (Help Net Security) Netwrix released six new Netwrix Auditor solutions, each offered with up to five times more features than before
Multi-layered DDoS protection for Russia during Olympic event (ProSecurityZone) Russia's Rostelecom protected its web services during the Sochi winter Olympic games with the use of DDoS threat mitigation services from Arbor Networks
Technologies, Techniques, and Standards
Think Deleted Text Messages Are Gone Forever? Think Again (ComputerWorld) Last month, National Football League special investigator Ted Wells delivered a shocking report about Miami Dolphins player Richie Incognito's bullying tactics aimed at teammate Jonathan Martin. At the heart of the report: More than 1,000 text messages, many of them outrageously explicit, that Incognito and Martin swapped between October 2012 and November 2013
Why Client-Side Encryption Is Critical For Cloud Privacy (Network Computing) The old tale "The Emperor's New Clothes" can be applied to the current state of cloud security. Like the gullible emperor, people rely on cloud services to live their online lives and are too trusting in what companies try to sell. Big cloud companies often market fancy-sounding security and encryption features — like the invisible fabric the emperor could not see but was made to believe was there
How to lock down data in use — and in the cloud (GCN) Security best practices traditionally call for encrypting data in transit, as it moves from one storage locale to another, and data at rest, when it resides in an organization's storage systems
How to protect against unauthorized spying (Help Net Security) In this podcast recorded at RSA Conference 2014, Wayne Thayer, the General Manager of Security Products at GoDaddy and a member of the CA Security Council, discusses how Edward Snowden exposed intelligence operations that have performed unauthorized spying
IT more than capable of deterring cyber attackers (Acumin) Two tech experts have delivered a presentation on the ability of IT to fend off cyber-attackers at San Francisco's RSA Conference
Contracting Cybersecurity Efforts: Who Is Responsible? (Huffington Post) Siobhan Gorman penned an excellent article in Friday's The Wall Street Journal, discussing how alleged contracting omissions led to a successful cyber attack by Iranian hackers. According to her article, the Navy failed to "require it to provide specific security for a set of Navy Department databases, and as a result, no one regularly maintained security for them"
Quand le RSSI doit s'imposer (Qualys) La mésaventure survenue récemment à la société RSA illustre probablement la difficulté que peuvent rencontrer les RSSI à être mis dans la boucle de certains projets, notamment ceux initiés par le marketing et la communication
How to Keep the NSA From Spying Through Your Webcam (Wired) You already know that laptops, desktop computers, tablets and mobile phones are all at risk of being hacked. But did you know that intruders might use the built-in camera to take surreptitious pictures and videos of you and your surroundings or hijack your microphone to eavesdrop on conversations
Design and Innovation
Big Data's Fading Bloom (Forbes) Nobody would deny that Big Data was one of the most talked about areas in tech last year. And while Big Data was once viewed as the golden child of tech, its bloom is fading in terms of the value that it is able to deliver all on its own. There was a time not that long ago when the focus was on finding, capturing and storing data. But today, the shift in everyone's focus is how to unlock the value from each and every piece of data we can uncover
Bitcoin, Meet Darwin: Crypto Currency's Future (Dark Reading) First-movers rarely survive, but some experts see a real future for government-issued crypto currency
Research and Development
Quantum physics secures new cryptography scheme (Phys.org) The way we secure digital transactions could soon change. An international team has demonstrated a form of quantum cryptography that can protect people doing business with others they may not know or trust — a situation encountered often on the internet and in everyday life, for example at a bank's ATM
Legislation, Policy, and Regulation
CIA Hack Scandal Turns Senate's Defender of Spying Into a Critic (Wired) It's refreshing to hear Dianne Feinstein express outrage over warrantless and illegal government spying, But sadly to say, there's some dark humor of sorts here, too. Feinstein is perhaps the biggest congressional cheerleader of domestic surveillance, including the telephone snooping
The Senate and the CIA at War (Slate) Even Sen. Dianne Feinstein has lost faith in America's intelligence community
How ferocious is Feinstein's bark? (Fresno Bee) "It is abundantly clear that a total review of all intelligence programs is necessary so that members of the Senate Intelligence Committee are fully informed as to what is actually being carried out by the intelligence community." That was Sen. Dianne Feinstein, D-Calif., the chair of the Senate Intelligence Committee, blasting U.S. spies for not fully informing congressional overseers about one of the more contentious intelligence programs in recent memory. But that wasn't Feinstein talking about CIA interrogations, which was the subject of a blistering tirade on Tuesday that accused the CIA of violating the Constitution
A new, disturbing intelligence target (Charlotte Observer) After revelations that the National Security Agency monitored Americans' phone and Internet use, and that the NSA also spied on close allies like Germany and France, it probably shouldn't be surprising that our intelligence agencies have found another frontier to violate. But it appears our government is spying on itself
House Intelligence Committee's top Democrat seeks to end NSA bulk phone-data collection (Washington Post) The top Democrat on the House Intelligence Committee said Wednesday that he favors ending the National Security Agency's widespread collection of U.S. citizens' phone data, making him the first of the four leaders of the congressional intelligence panels to do so
Federal Website Security Bill Moves Forward in House (Nextgov) Legislation approved by the House Oversight Committee on Wednesday would require agency chief information officers to vouch to Congress for the security of any new government websites that gather citizens' personal information
Likely next Cyber Command head calls for 'proactive' cyber operations (FierceGovIT) The likely next head of Cyber Command and the National Security Agency told Senators during a Tuesday confirmation hearing that the United States military posture in cyberspace has been reactive, rather that proactive
The political science of cybersecurity IV: How Edward Snowden helps U.S. deterrence (Washington Post) As Adam Segal pointed out Tuesday, Vice Admiral Michael Rogers, the Obama administration's nominee for head of Cyber Command, seems to have told the Senate that the Edward Snowden revelations have helped U.S. deterrence policy
NSA has 'industrial scale' malware for spying (Phys.org) The National Security Agency has developed malware that allows it to collect data automatically from millions of computers worldwide, a report based on leaked documents showed Wednesday
TrustyCon: U.S. data privacy laws offer little protection from FBI seizures (TechTarget) According to one of the nation's top digital civil liberties attorneys, U.S. companies have little legal recourse when powerful law enforcement agencies like the FBI make overreaching demands for their customers' sensitive data
Snowden, Bitcoin, Data Breaches Foretell New Regulations (InformationWeek) It's inevitable that more businesses will be penalized for breaking customer trust. Is your enterprise prepared for new security laws
FICAM to be applied to the secret network (FierceGovIT) Identity management standards designed for federal unclassfied systems will be tailored for use on secret networks, with full implementation planned for September 2018
Streufert: Agencies aren't dropping out of DHS continuous monitoring program (FierceGovIT) Reports that major federal departments are refusing to participate in a Homeland Security Department-led contract for continuous monitoring tools are untrue, said a DHS official Tuesday
DHS Databases Still Not Integrated And Hard To Navigate, Report Says (HSToday) The existing architecture of the Department of Homeland Security's (DHS) myriad databases — known as the DHS Data Framework — which are crucial for the department's many disparate components to perform their primary mission — were found to not be conducive to effective implementation of the "One DHS" policy. This policy was implemented to provide DHS personnel timely access to the relevant and necessary homeland security information they need to successfully perform their duties in protecting the homeland
FEMA's new CISO comes aboard (FCW) Donna Bennett, the Federal Emergency Management Agency's new chief information security officer, started her job on March 10
Canada's military squeezed out of cyber-defence, emails warn (O Canada) Military advisers working on the cyber-security file warned a year ago that the Canadian Forces were on the verge of being pushed entirely out of the realm of cyber-defence, according to internal emails from the military's cyber task force
Litigation, Investigation, and Law Enforcement
Dutch intelligence illegally shared data with foreign services, says report (ITWorld) Dutch intelligence services illegally shared data with foreign services and hacked Web forums without ministerial approval, according to a report made at the request of the Dutch House of Representatives
Human Rights Watch and the Electronic Frontier Foundation Supplemental Submission to the Human Rights Committee During its Consideration of the Fourth Periodic Report of the United States (Human Rights Watch) The United Nations Human Rights Committee should conclude that US electronic surveillance and intelligence gathering violate fundamental civil and political rights, including the right to privacy
Army reservist to plead guilty to giving secrets to Chinese girlfriend (Navy Times) A civilian defense contractor accused of giving military secrets to a Chinese girlfriend half his age will be entering a guilty plea, his attorney said Tuesday
Selectmen said they were kept in dark about $600,000 ORR hacking (South Coast Today) Town officials say they were kept in the dark for nearly three years about $600,000 stolen from an Old Rochester Regional School District bank account in a cyber attack
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Financial Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, Mar 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credit) and the latest details on the Maryland Small Business Financing Authority's newest program for small businesses looking for investment dollars.
CanSecWest (, Jan 1, 1970) CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.
Nuclear Regulatory Commission ISSO Security Workshop (, Jan 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce are encouraged to exhibit at this one-day expo. Topics of the workshop and of high interest to attendees include: computer security policy, standards and guidance, cybersecurity, FISMA compliance, and training updates.
ICS Summit 2014 (Lake Buena Vista, Florida, US, Mar 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security.
27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference (, Jan 1, 1970) The 27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference will be held at the National Institute of Standards and Technology on March 18-20, 2014, exhibits will be on display March 19 only. This year's theme "Partners in Performance: Shaping the Future of Cybersecurity Awareness, Education, and Training" will focus on developing a better understanding of current information systems/cybersecurity projects, emerging trends, and initiatives. Through numerous high quality sessions, approximately 200 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals.
Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change (Chantilly, Virginia, USA, Mar 20, 2014) Join INSA's Security Policy Reform Council for Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change at the SI Organization in Chantilly, VA. This unclassified, but sensitive Symposium will be off the record, and will bring together stakeholders from the executive and legislative branches as well as their counterparts in the private sector. Following unprecedented attention on the security clearance process in 2013, 2014 promises to be a year of consequence to a fundamental aspect of how the IC carries out its mission. This Symposium will provide attendees an opportunity to participate in the current debate and learn about future technologies that will influence security policies and procedures.
Suits and Spooks Singapore (, Jan 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate in a globally hostile environment that consists of foreign intelligence collection, mercenary hacker crews, insider threats, and supply chain/vendor vulnerabilities. Our international list of speakers will discuss who the threat actors are, what they're after, and best practices to mitigate the risks.
MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, Mar 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have on the clinical research process.
Cyber Security for Energy & Utilities (, Jan 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the 3rd Edition of Cyber Security for Energy & Utilities conference taking place from 23 -26 March 2014 at The Westin Golf Resort in Abu Dhabi, UAE.
Veritas 2014 (, Jan 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy.
Black Hat Asia (, Jan 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.
SEC Cybersecurity Roundtable (Washington, DC, USA, Mar 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies, and how they are addressing those concerns.
Cyber Security Management for Oil and Gas (, Jan 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security breaches while ensuring your employees, social media and mobile devices operate effectively. Implementing best practices in order to achieve and maintain SCADA and other key systems security. How a "critical infrastructure" designation would impact different aspects of oil and gas cyber security management.
ISSA Colorado Springs — Cyber Focus Day (Colorado Springs, Colorado, USA, Mar 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
CyberBiz Summit (Linthicum, Maryland, USA, Mar 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday, March 28th.
Corporate Counter-Terrorism: the Role of Private Companies in National Security (Washington, DC, USA, Mar 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance initiatives. John Carlin, Assistant Attorney General for National Security, will deliver the keynote. Other speakers will include current and senior officials from the Justice Department, National Security Agency, Office of the Director of National Intelligence, FBI, DHS, Google, and Microsoft.
SyScan 2014 (Singapore, Mar 31 - Apr 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.
Interop Conference (, Jan 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.