The CyberWire Daily Briefing for 3.17.2014
As the EU this morning announces a sanction list of Russian interventionists and Crimean separatists, Crimea's breakaway parliament accuses the US of waging cyber warfare against the peninsula. Elsewhere, apparent hacktivists attacked various NATO sites over the weekend, citing allegations of NATO interference in Ukrainian affairs. This hacktivist group goes by "CyberBerkut," professes loyalty to deposed, pro-Russian president Viktor Yanukovych, and accuses the "Kiev Junta" of having hired Estonian-based NATO cyber operators to "suppress the truth" about Ukraine. It would be rash to regard CyberBerkut as operating independently of Russia's FSB.
Moscow has, probably correctly, attributed recent anti-Russian DDoS campaigns to Anonymous Caucasus, and not to Ukrainian hacktivists or government operators.
In the Middle East, the Syrian Electronic Army downs sites belonging to anti-Assad forces. The SEA also claims to have compromised US Central Command networks, but CENTCOM calls hogwash on this.
Flight MH370's disappearance remains mysterious. The incident has three cyber angles: the (far-fetched) possibility that the aircraft had been hijacked with the aid of hacking (lent currency by British security experts), the (real, extensive) importance digital forensics plays in the search, and the (depressing) uses the tragedy is finding as criminal phishbait.
LightsOut malware targeting electrical distribution is being distributed via energy sector watering holes.
In the US, Senator Feinstein's animadversions concerning CIA cyber operations draw analysis as a political pivot (and are described by former DCI Hayden as "a bit of a reach"). Representative Ruppersberger's newfound surveillance skepticism also attracts notice.
Investigators probe Communications Security Establishment Canada.
Notes.
Today's issue includes events affecting Canada, China, Estonia, Germany, Israel, Japan, Malaysia, Russia, Singapore, Syria, Ukraine, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Crimean govt: Referendum website downed by cyber-attack from US (Russia Today) The official website of the Crimean referendum is down due to a cyber-attack that originated from the US, Crimean authorities say
UPDATE 3—NATO websites hit in cyber attack linked to Crimea tension (Reuters) Hackers brought down several public NATO websites, the alliance said on Sunday, in what appeared to be the latest escalation in cyberspace over growing tensions over Crimea
Kremlin says DDoS-attack unrelated to events in Ukraine (ITAR TASS) Earlier, the Kremlin's press service has confirmed that the official website of the Russian president became target of a cyber attack
Why There's No Real Cyberwar in the Ukraine Conflict (IEEE Spectrum) Warnings of a cyberwar between Ukraine and Russia over the recent Crimean crisis have been greatly exaggerated. From the start, Russia seems to have relied upon traditional military force and a barrage of old-fashioned "information war" propaganda in its swift takeover of Crimea. Whatever cyber attacks that have occurred so far probably represent the work of Russian or Ukrainian "hacktivists" rather than strategic military strikes, experts say
Syrian Electronic Army Hacks Website of Syrian National Coalition (Softpedia) The Syrian Electronic Army has breached and defaced the official website of the National Coalition for Syrian Revolutionary and Opposition Forces. A number of other sites related to the organization have also been targeted
Syrian Electronic Army claims they hacked U.S. Central Command (Albawaba News) Hackers loyal to Syrian President Bashar al Assad say they have accessed US military documents after penetrating the network of US Central Command (CENTCOM)
Centcom denies claims its computers were hacked (Tampa Tribune) U.S. Central Command is denying a claim made today by a pro Assad hacking group that it penetrated the command's computer system
New theory of 'Cyber Hijack' emerges (The Nation) A British anti-terrorism expert claimed cyber terrorists could have used a series of "codes" to hack the in-flight entertainment system and infiltrate the security software of the missing Malaysia Airlines MH 370 flight, reported International Business Times online on Monday
"Malaysian Airlines flight MH370 found" video is a scam (Help Net Security) Cyber scammers are misusing the public's interest in the fate of the recently disappeared plane on Malaysia Airlines flight MH370 to lure users into filling in online surveys and downloading malware
Multiple spamvertised bogus online casino themed campaigns intercepted in the wild (Webroot Threat Blog) Regular readers of Webroot's Threat Blog are familiar with our series of posts detailing the proliferation of social engineering driven, privacy-violating campaigns serving W32/Casino variants. Relying on affiliate based revenue sharing schemes and spamvertised campaigns as the primary distribution vectors, the rogue operators behind them continue tricking tens of thousands of gullible users into installing the malicious applications
Oracle VirtualBox Memory Corruption Vulnerabilities Uncovered (SecurityWeek) Researchers at Core Security uncovered a set of serious vulnerabilities affecting Oracle VirtualBox that can be targeted to remotely execute code
LightOut is Latest Cyber Threat to Target Energy Sector (InfoSecurity Magazine) What happens when the energy grid goes down? Well the lights, of course, go out. A fresh advanced persistent threat (APT) targeting the energy sector is thus aptly named LightsOut, and like previous attacks, it used a watering hole method to start its system compromise
SCADA Vulnerabilities Identified in Power, Petrochemical Plants (Threatpost) More than 7,600 different power, chemical and petrochemical plants may still be vulnerable to a handful of SCADA vulnerabilities made public this week
Invitations for Grand Theft Auto 5 PC Beta Testing Hide Malware (Softpedia) The PC version of Grand Theft Auto (GTA) 5 might become available at some point, but for the time being, it doesn't exist, not even in Beta. If you receive an email that appears to be an invitation for Beta testing, don't click on the links and don't open the attachment
Hackers Who Hijacked Mt. Gox CEO's Blog Tricked People into Installing Bitcoin Stealer (Softpedia) Last week, hackers breached and defaced the blog of Mark Karpeles, the CEO of the Bitcoin exchange Mt. Gox. They claimed to have exposed Karpeles' lies about hundreds of thousands of customer Bitcoins being stolen. However, experts say the attackers had a different agenda
Did Target's Security Blow it or Just Get Blown Up with Noisy Alerts? (Damballa) I'm going to play devil's advocate and challenge the notion that Target's security team was an epic failure
Banking Malware: Sophistication Rises In Longtime Botnet Families (CRN) Banking Trojans have long been stealing account credentials and draining accounts, and they have been steadily increasing. The malware can blow past most two-factor authentication and password schemes
The Long Tail of ColdFusion Fail (Krebs on Security) Earlier this month, I published a story about a criminal hacking gang using Adobe ColdFusion vulnerabilities to build a botnet of hacked e-commerce sites that were milked for customer credit card data. Today's post examines the impact that this botnet has had on several businesses, as well as the important and costly lessons these companies learned from the intrusions
Cancer email scam carrying Zeus malware hits thousands (Inquirer) Sick email hoax carries a Trojan that wants to steal your credentials
HealthSource of Ohio Data Breach Exposes 8,800 Patients' Personal Info (eSecurity Planet) Names, addresses and phone numbers were exposed, along with some Social Security numbers and credit card numbers
Seattle Archdiocese Hacked (eSecurity Planet) As many as 90,000 employees and volunteers may be affected
Stolen Backup Drives Expose Silversage Advisors Data (eSecurity Planet) Customers' names, mailing addresses, Social Security numbers, driver's license numbers and account information may have been exposed
Security Patches, Mitigations, and Software Updates
Twitter enables StartTLS for Secure Emails to prevent Snooping (The Hacker News) Twitter is taking users' privacy and security very seriously and in an effort to prevent Government snooping, the company has secured your Twitter emails with with TLS (Transport Layer Security)
Cyber Trends
Making the power grid safer by planning for failure (Reuters) Simultaneous attacks on just nine substations could black out the entire United States, according to a report in the Wall Street Journal, based on a confidential study by energy regulators
A Short History of Spam (Counterpunch) Objects can talk in cartoons and fairy tales: toys tell their stories. Now our domestic appliances have begun to speak, and they would like to sell us pills and porn, and for us to give them our bank details
Marketplace
Lockheed Martin Moves To Dominate Cyber Defense Of Electric Grid & Energy Complex (Forbes) Lockheed Marin, the world's biggest defense company, did something unusual this week. It bought a commercial cybersecurity firm called Industrial Defender. The firm is a leading player in the rapidly growing business of protecting electric grids, oil pipelines and chemical plants against cyber threats. What's unusual isn't the fact that a military contractor is buying a commercial firm; Lockheed has invested extensively in commercial ventures ranging from renewable energy to aquaculture to deep-sea mining to pilot training. What's unusual is that the company is looking outside its sprawling information-technology unit for cyber expertise. Near as I can tell, this is the first time Lockheed Martin has ever bought a cybersecurity provider
Why Home Security Providers Should Feel Insecure In The Smart Home Era (Forbes) When you look for areas ripe for disruption in the smart home era, home security monitoring is near the top of the list
Cabinet Office launches Cyber Security Challenge 'masterclass' (Computing) Minister for the Cabinet Office Francis Maude today launched a masterclass in which amateur cyber defenders will compete to protect the City of London from a simulated cyber attack
We never shared client data with NSA: IBM (Dehli Daily News) In an apparent effort to distance itself from the US National Security Agency and its controversial snooping programme, US technology giant IBM on Friday released a letter claiming that the company never cooperated with the NSA
How Belfast can tap into the future of safer software (Belfast Telegraph) Northern Ireland could be a hub for the development of software to help fight cyber crime and data fraud, a global conference in Belfast has heard
Lookout Names Former Akamai Exec Jim Dolce as CEO (SecurityWeek) Mobile security firm Lookout, Inc. announced on Thursday that Jim Dolce has taken the role as the CEO of the company, replacing Founder John Hering
Products, Services, and Solutions
AlienVault Unified Security Management: Real-Time Threat Detection Starting on Day 1 (The Hacker News) IT Infrastructure of organizations is growing ever more distributed, complex and difficult to manage. To manage such networks, a log management solution is not enough
Raytheon cross domain product awarded top honors at Info Security's Global Excellence Awards (Wall Street Journal) Trusted Thin Client® recognized as a gold winner in "Security Products and Solutions for Government"
Technologies, Techniques, and Standards
Who is winning the 'crypto-war'? (BBC) In the war over encryption between the NSA and privacy activists, who is winning? Ladar Levison sits exhausted, slumped on a sofa with his dog Princess on his lap. He is surrounded by boxes after he moved into a new house in the suburbs of Dallas, Texas, the previous day
Fred Cohen on Simplifying Security Assessments for Critical Infrastructure (Tripwire: The State of Security) "In order to know what's going on in an enterprise you need to do a study that takes 6 months and costs $250,000," said Fred Cohen of Fearless Security in conversation with Chris Blask, Chair of the Industrial Control System Information Sharing and Analysis Center (ICS-ISAC), at the 2014 RSA Conference in San Francisco
Mastering 4 Stages of Malware Analysis (Lenny Zeltser on Security) Examining malicious software involves a variety of tasks, some simpler than others. These efforts can be grouped into stages based on the nature of the associated malware analysis techniques. Layered on top of each other, these stages form a pyramid that grows upwards in complexity. The closer you get to the top, the more burdensome the effort and the less common the skill set
Gone phishing: Army uses Thrift Savings Plan in fake e-mail to test cybersecurity awareness (Washington Post) An ominous e-mail message landed in the inboxes of a small group of U.S. Army employees last month, warning of a security breach in their federal retirement plans and urging them to log in and check their accounts
Social engineering attacks: Is security focused on the wrong problem? (TechTarget) Malicious social-engineering attacks are on the rise and branching out far beyond simply targeting the financial sector. While some organizations develop employee-awareness training or solicit pen testing, or use some combination of the two, these preventive tactics can only go so far
A risk equation unravels the cloud security paradox (TechTarget) How many times have you heard "the cloud provides better security" or "the cloud provides worse security" than your own environment? We've all witnessed this ongoing debate countless times in recent years. Usually, the proponents on both sides of the argument take a position based on a subset of information and some presumed state of affairs in today's data centers
Big data is not little data writ large — it changes everything (TechTarget) The origins of confusion … The real challenge with big data is that it is called big data. The nomenclature (thanks, marketing!) stimulates a reflexive response — an almost instantaneous, emotional and physiological need to compare the target term big data with its seemingly diminutive predecessor, simply data — or, as I now like to call it, little data
Mobile VPNs: Battered but not broken (ComputerWeekly) Security chiefs would be forgiven for worrying about their virtual private networks (VPNs), especially those sitting on employee-owned mobiles
UK holds cyberwar game in Churchill's WW2 bunker (AP via WTVM 9) Bent over their computers in a World War II-era bunker beneath London's streets, dozens of young techies have spent Friday racing to understand why Britain's banking network suddenly seems to have gone offline
Research and Development
New Authenticated Encryption Algorithm Features Robust Resistance to Multiple Misuse (MarketWatch) Nippon Telegraph and Telephone Corporation (tokyo:9432) and Mitsubishi Electric Corporation (tokyo:6503) announced today that in collaboration with the University of Fukui they have jointly developed an authenticated encryption algorithm offering robust resistance to multiple misuse. The algorithm has been entered in the Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) project, based on which the algorithm is expected to be deployed for increasingly secure and reliable information technology
Phone record surveillance can yield vast amounts of information (Imperial Valley News) The National Security Agency's mass surveillance of telephone metadata could yield detailed information about the private lives of individuals far beyond what the federal government claims, according to new Stanford research
Legislation, Policy, and Regulation
Draft EU-U.S. trade 'declaration' seeks to preserve long-standing privacy deal (Inside Cybersecurity) Trade negotiators from the European Union and the United States who have been meeting this week in Brussels have drafted a "declaration" on the progress of the talks that includes language on digital data flows intended to protect a long-standing agreement on protecting private information
China censors hit popular WeChat accounts (C/Net) Government watchdogs have scrubbed from the Web the accounts of several journalists as Beijing wraps up its annual parliament meeting
Feinstein's CIA accusation seen as possible pivot (Orange County Register) Comedian Jon Stewart skewered Sen. Dianne Feinstein this week, mocking the longtime defender of aggressive intelligence gathering for being outraged when she discovered the CIA's spying was turned, as she alleges, on her own Senate staff
Michael Hayden: Dianne Feinstein charge 'a reach' (Politico) Former Central Intelligence Agency and National Security Agency Director Michael Hayden dismissed charges made earlier this week that the CIA spied on Senate Intelligence Committee staffers, saying to call it such is "a bit of a reach"
Ruppersberger's change of heart on the NSA [Editorial] (Baltimore Sun) Our view: The Maryland congressman has been a staunch defender of U.S. intelligence practices, so his acknowledgment of the need for reform demands attention
US Cyber Moves Beyond Protection (Defense News) Arguments for boosting US cyber spending over the past couple of years have largely begun with the need to greatly improve the resilience of government networks and ended with a call to grow the cyber force
Is Snowden reshaping global privacy? (Naked Security) This week, the European Parliament met and discussed written testimony from US whistleblower Edward Snowden
It's time to let Snowden go (Slate via the Orlando Sun-Sentinel) Edward Snowden lit up the audience this week at SXSW in Austin, Texas. Speaking via webcast from Russia, he covered everything from personal encryption tactics to the future of American democracy. The encrypted interview might have had terrible audio — but the content was excellent. Whatever policy and social reforms come out of his revelations will either revitalize or discourage America's democratic progress
National Security Agency Misreads PR (O'Dwyer's) There is nothing wrong with the National Security Agency stealing or subverting encrypted material or stockpiling the data of American citizens, according to Vice Admiral Michael Rogers, who is Obama's choice to lead the spy agency
Cyber Command headed toward unified command status (Federal News Radio) Four years after its inception, the time has come to elevate U.S. Cyber Command to the status of a full unified combatant command, its outgoing chief said Wednesday
Gen. Keith Alexander: We Will Miss You (Lawfare) Throughout American history occasional strategic thinkers have transformed the way we think about new domains of warfare and security. Alfred Thayer Mahan conceived of the geostrategic role of sea power in a way that deeply influenced ideas about the role and importance of naval capabilities. General Billy Mitchell predicted the revolutionary effects of air power on 20th century warfare
Department of Defense Whistleblower Program (Department of Defense Inspector General) Inspectors General need sources. Our investigators, auditors, evaluators and inspectors rely on whistleblowers to provide information as a source of allegations and as original and corroborating evidence. Federal employees within the Executive are required to report corruption. When they do so through the Inspector General Act of 1978, the DoD IG can investigate alleged reprisal against those whistleblowers. Whistleblowing is not a 'nice to have' function; it is essential to the national security and defense mission of the Federal government
Defense Department Adopts NIST Security Standards (Dark Reading) DOD replaces longstanding information assurance process with NIST's holistic "built-in, not bolt-on," risk-focused security approach
White House exec joins DHS cyber team (Federal Times) The Department of Homeland Security has filled key roles within its Office of Cybersecurity and Communications (CS&C), the agency announced Wednesday
UK and Israel sign digital government agreement (ComputerWeekly) The UK and Israel have signed a memorandum of understanding (MoU) on digital government to benefit citizens, businesses and respective economies
James Brokenshire on the cyber role of the National Crime Agency (Computing) Immigration minister James Brokenshire, until recently security minister at Whitehall, has laid out the challenge ahead for the National Crime Agency (NCA), in an exclusive interview with Computing
This Open Source Coder Wants to be a Congressman (Wired) The patent system. Online privacy law. Bitcoin regulations. Net neutrality rules. In the coming years, policy makers may have as much influence on technology as the world's hackers do — if not more. So it should come as little surprise that a hacker is running for Congress
Singapore to Regulate Bitcoin Exchanges, Vendors (AFP via SecurityWeek) Singapore's central bank said Thursday it will regulate "intermediaries" for the Bitcoin virtual currency to prevent them from being used for money laundering and terrorist financing
In sudden announcement, US to give up control of DNS root zone (Ars Technica) In a historic decision on Friday, the United States has decided to give up control of the authoritative root zone file, which contains all names and addresses of all top-level domain names.
Congress nudged by NSA nominee to revive CISPA as intelligence reforms take shape (ZDNet) The NSA chief-in-waiting's testimony to Congress may be enough to inspire lawmakers to revive old cybersecurity legislation, which would indemnify Silicon Valley technology giants from sharing their users' data with the government
Litigation, Investigation, and Law Enforcement
Canada's electronic spy agency uncovers wrongdoing, ethics breaches (Canadian Press via the Brandon Sun) An investigation at Canada's secretive eavesdropping agency has uncovered misuse of public assets and "serious breaches" of the spy outfit's values and ethics code
Germany to probe wiretapping scandal (Turkish Press) German politicians are to invite U.S. whistleblower Edward Snowden to give evidence as part of a new investigation into the National Security Agency's phone and internet surveillance of senior German leaders, including Chancellor Angela Merkel
Don't upload health care data to Google cloud, UK groups say (TechWorld) Such sensitive data should never be uploaded to a provider outside the jurisdiction of the U.K, the groups said
NRA files 'Friend of the Court Brief' in appeal of NSA spying case (Examiner) On Friday, the National Rifle Association (NRA) announced through media communications that it has filed a brief in the United States Court of Appeals for the Second Circuit concerning the National Security Agency (NSA) spying case
Northwest Regional Computer Forensics Lab Receives Prestigious Accreditation (FBI) The American Society of Crime Laboratory Directors/Laboratory Accreditation Board (ASCLD/LAB) International recently accredited the Northwest Regional Computer Forensics Laboratory (NWRCFL) in digital and multimedia evidence
MtGox knowingly traded non-existent bitcoins for two weeks, filing shows (The Guardian) Collapsed bitcoin exchange reported loss of 'hundreds of thousands' of bitcoin two weeks before closing doors
Mind your wallet: The underworld loves Bitcoin (Indian Express) Criminals may already have made off with up to $500 million worth of Bitcoins since the virtual currency launched in 2009 — and you can double that if it turns out they emptied Mt Gox
Cyber gang behind £1.25m 'KVM' bank fraud convicted (SC Magazine) Members of a cyber crime gang that stole more than £1.25 million from Barclays Bank using a 'KVM' device have been convicted at Southwark Crown Court
What Did Weintraub Know About Madoff Ponzi Scheme? (InformationWeek) Defense attorney suggests that Liz Weintraub, Madoff's deceased former head of IT, helped devise the deceptive code that enabled Ponzi scheme
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Fourth Annual China Defense and Security Conference (Washington, DC, USA, Mar 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding China's rising military power and strategy by carefully examining Chinese-language sources. Speakers at the conference will provide an extensive overview of recent developments in military training and operations reform, and take on challenging questions in Chinese foreign policy, including considerations of the role of cyber-warfare in Chinese strategic thought.
Nuclear Regulatory Commission ISSO Security Workshop (, Jan 1, 1970) Exhibitors will have the opportunity to showcase cutting-edge products and services available in today's market. All companies specializing in products and services that would benefit the NRC workforce are encouraged to exhibit at this one-day expo. Topics of the workshop and of high interest to attendees include: computer security policy, standards and guidance, cybersecurity, FISMA compliance, and training updates.
ICS Summit 2014 (Lake Buena Vista, Florida, US, Mar 17 - 18, 2014) The 9th Annual North American ICS Security Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security.
27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference (, Jan 1, 1970) The 27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference will be held at the National Institute of Standards and Technology on March 18-20, 2014, exhibits will be on display March 19 only. This year's theme "Partners in Performance: Shaping the Future of Cybersecurity Awareness, Education, and Training" will focus on developing a better understanding of current information systems/cybersecurity projects, emerging trends, and initiatives. Through numerous high quality sessions, approximately 200 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals.
Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change (Chantilly, Virginia, USA, Mar 20, 2014) Join INSA's Security Policy Reform Council for Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change at the SI Organization in Chantilly, VA. This unclassified, but sensitive Symposium will be off the record, and will bring together stakeholders from the executive and legislative branches as well as their counterparts in the private sector. Following unprecedented attention on the security clearance process in 2013, 2014 promises to be a year of consequence to a fundamental aspect of how the IC carries out its mission. This Symposium will provide attendees an opportunity to participate in the current debate and learn about future technologies that will influence security policies and procedures.
Suits and Spooks Singapore (, Jan 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate in a globally hostile environment that consists of foreign intelligence collection, mercenary hacker crews, insider threats, and supply chain/vendor vulnerabilities. Our international list of speakers will discuss who the threat actors are, what they're after, and best practices to mitigate the risks.
MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, Mar 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have on the clinical research process.
Cyber Security for Energy & Utilities (, Jan 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the 3rd Edition of Cyber Security for Energy & Utilities conference taking place from 23 -26 March 2014 at The Westin Golf Resort in Abu Dhabi, UAE.
Veritas 2014 (, Jan 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy.
Black Hat Asia (, Jan 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.
SEC Cybersecurity Roundtable (Washington, DC, USA, Mar 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies, and how they are addressing those concerns.
Cyber Security Management for Oil and Gas (, Jan 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security breaches while ensuring your employees, social media and mobile devices operate effectively. Implementing best practices in order to achieve and maintain SCADA and other key systems security. How a "critical infrastructure" designation would impact different aspects of oil and gas cyber security management.
ISSA Colorado Springs — Cyber Focus Day (Colorado Springs, Colorado, USA, Mar 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
Financial Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, Mar 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credit) and the latest details on the Maryland Small Business Financing Authority's newest program for small businesses looking for investment dollars.
CyberBiz Summit (Linthicum, Maryland, USA, Mar 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday, March 28th.
Corporate Counter-Terrorism: the Role of Private Companies in National Security (Washington, DC, USA, Mar 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance initiatives. John Carlin, Assistant Attorney General for National Security, will deliver the keynote. Other speakers will include current and senior officials from the Justice Department, National Security Agency, Office of the Director of National Intelligence, FBI, DHS, Google, and Microsoft.
SyScan 2014 (Singapore, Mar 31 - Apr 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.
Interop Conference (, Jan 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
NSA Hawaii (, Jan 1, 1970) Be a part of the 2nd Annual Information Technology Expo set to take place at the new National Security Agency (NSA) Regional Operations Center in Wahiawa, HI. The event is being sponsored once again by the NSA Hawaii NSA/CSS Technology Directorate. The focus of this event will be Cyber Security, Big Data and Cloud Computing technologies but all interested companies are welcome to exhibit.
InfoSec World Conference & Expo 2014 (, Jan 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
NIST IT Security Day (Gaithersburg, Maryland, USA, Apr 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security and networking at home and in the office. This event's objective is to educate users on IT security and related topics. The event will feature guest speakers on general and technical IT security topics and tutorials on internal services and products.
IT Security Entrepreneurs Forum (ITSEF) 2014 (, Jan 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community by providing a venue where entrepreneurs can meet and interact directly with top government agency and industry officials in an open and collaborative environment. This SINET community of interest and trust facilitates broadened awareness of the government's challenges, needs, and its future direction regarding Cybersecurity, while shining a spotlight on the entrepreneurs and their innovative technologies that are helping to address and solve today and tomorrow's security challenges.
Women in Cybersecurity Conference (Nashville, Tennessee, USA, Apr 11 - 12, 2014) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in recruitment/retention of women in this field and/or diversification of their cybersecurity workforce is especially encouraged to get involved.
Suits and Spooks San Francisco (, Jan 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. CFP is now open. If you're interested in being a speaker at Suits and Spooks San Francisco, please send an email with your topic title, short abstract, and your bio by February 15th.
East Africa Banking and ICT Summit (Kampala, Uganda, Apr 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations, and unique networking opportunities.
National Collegiate Defense Cyber Competition (, Jan 1, 1970) Registration for the 2014 CCDC season is underway! Visit your region's website or contact your regional for registration and competition information.
InfoSecIndy (Indianapolis, Indiana, USA, Apr 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.
Infosecurity Europe 2014 (, Jan 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.