The CyberWire Daily Briefing for 3.20.2014
All quiet on the cyber front (apparently) between Russia and Ukraine as Vladimir Putin digests Crimea, but some useful overviews of recent activity and the provenance of Turla/Snake appear.
Linux server campaigns prove difficult to eradicate.
Mozilla patches Firefox vulnerabilities exposed in Pwn2Own. Java 8 is out.
The hacking of Flight 370 is a matter of speculative, a priori possibility without positive evidence, but a consideration of cyber risks facing commercial aviation remains instructive. Israeli Defense offers a rundown of coverage that includes comparison with 2008's Spanair flight 5022 crash, an accident in which malware was implicated.
Less speculative, however, are analyses that point to the glare-of-war in which too much information blinds watchstanders. Tripwire notes that, whatever happened aboard Flight 370, glare hindering responders and security officers is one feature the disappearance shares with the Target breach. Many companies offer palliatives for glare, but any comprehensive solution would seem to require machine-learning and automated reverse engineering. (Which would also help keep pace with swiftly evolving malware: ZBOT, for example, has just acquired aggressive clickbot functionality.)
Many call for more effective risk-based security approaches (on the sensible grounds that they who defend everything probably defend nothing). Such approaches require, as lawyers and insurers note, a rigorous way of determining value-at-risk.
NSA Director Alexander calls for more threat information sharing. It's a tough problem: privacy, anonymity (especially), and regulation are all in tension with collaborative security, even among Federal agencies.
Surveillance surprises Google; NSA counsel says companies knew all about it.
Notes.
Today's issue includes events affecting Brazil, China, France, Japan, Malaysia, Russia, Spain, Switzerland, Thailand, Ukraine, United Arab Emirates, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Massive cyberattacks slam official sites in Russia, Ukraine (Christian Science Monitor via Yahoo! News) After Sunday's disputed Crimea vote, Russian government sites were hit with a powerful wave of denial-of-service attacks, apparently in response to cyberattacks on official Ukrainian sites
Spyware Targets U.S. and Europe (Top Tech News) Malware known as Turla may be the work of the Russian government and could be linked to a massive breach on the U.S. military in 2008, security researchers say. The Turla spyware is used to establish a hidden foothold in infected networks from which they can search other computers, store stolen data, then transmit data back to their servers
Hacking a Boeing 777 (GovInfoSecurity) Can a Cyber-Attack Bring Down an Airliner? Speculation surrounding the cause of the disappearance of Malaysia Airlines Flight 370 hasn't included the possibility of a cyber-attack, until now. A cybersecurity expert contends hacking an airliner is feasible
Was Malaysia Flight MH370 Cyber-Hijacked? (Israel Defense) The aviation industry faces major risks on all of its fronts. Could the answer to the missing plane be that this is "the world's first cyber hijack"
How the Target Breach and the Malaysian Flight Mh370 Mystery are Related (Tripwire: The State of Security) While there has been at least one article suggesting that hackers could have diverted the Malaysian jet which mysteriously disappeared over the South Pacific, what really unites the jet mystery with the Target breach is the topic of "alarm overload." Numerous public safety incidents have, over the years, been linked to alarm systems that failed to provide the necessary alert it was designed to produce
Linux worm Darlloz targets Intel architecture to mine digital currency (ZDNet) A new variant of the Darlloz worm focuses on manipulating home systems to mine for digital currency beyond Bitcoin
Linux Takeover Artists Fling 35M Spam Messages Daily (Dark Reading) "Operation Windigo" server takeover campaign controls 10,000 hacked servers, launches millions of spam, malware, and drive-by exploit kit attacks per day
Tor warns of malicious Tor browser offered on the App Store (Help Net Security) A public plea made on Twitter by Runa A. Sandvik, a (former?) developer with The Tor Project has turned the spotlight on a still unresolved issue of an apparently fake Tor Browser app equipped with spyware being offered for download on Apple's App Store
Hackers besiege PHP sites with 30,000 attacks hitting patched exploit (V3) The number of cyber attacks targeting PHP sites using a known vulnerability has skyrocketed over the past six months, despite the availability of a patch fix for the exploit
EA hacked to steal your Apple ID (C/Net) Hackers have targeted EA, the people behind Titanfall, FIFA 14 and Battlefield 4, to try and steal your Apple ID and credit card details
ZBOT Adds Clickbot Routine To Arsenal (TrendLabs Security Intelligence Blog) The ZeuS/ZBOT malware family is probably one of the most well-known malware families today. It is normally known for stealing credentials associated with online banking accounts. However, ZBOT is no one-trick pony. Some ZBOT variants perform other routines like downloading or dropping other threats like ransomware
Research Finds MAC Address Hashing Not a Fix for Privacy Problems (Threatpost) A quick research project done by a graduate student at Stanford on the security of hashed MAC addresses in retail analytics software has shown that time and the inevitable advancement of technology have are the greatest enemies of cryptography
Healthcare.gov: Proceed at your own risk (CSO) The government insists the Obamacare site is secure. But most experts disagree
IRS Acknowledges Insider Data Breach (eSecurity Planet) Approximately 20,000 current and former employees' names, addresses and Social Security numbers may have been exposed
Aversion to new Facebook News Feed could lead to scams (Help Net Security) Facebook has been gradually rolling out a new, more simplified design for users' News Feed for a while now
A history of Bitcoin hacks (The Guardian) The alternative currency has been plagued by hacks, ponzi schemes and increasingly professional thefts since 2011
Secunia Vulnerability Report Questioned by Experts (CSO) The team at the OSVDB (Open Sourced Vulnerability Database) project have taken issue with Secunia's latest vulnerability report, noting it uses flawed methodology and provides little benefit to organizations
Socks4/Socks5 enabled hosts as a service introduces affiliate network based revenue sharing scheme (Webroot Threat Blog) Thanks to the commercial and public availability of DIY (do-it-yourself) modular malware/botnet generating tools, the diverse market segment for Web malware exploitating kits, as well as traffic acquiring/distributing cybercrime-friendly traffic exchanges, cybercriminals continue populating the cybercrime ecosystem with newly launched services offering API-enabled access to Socks4/Socks5 compromised/hacked hosts
A Cybercrime Gang-Software Pirate Mash-Up (Dark Reading) New report illustrates lucrative market for malware-riddled, pirated software — and the cost to enterprises
Security Patches, Mitigations, and Software Updates
Mozilla Patches Pwn2Own Zero Days in Firefox 28 (Threatpost) Mozilla released Firefox 28 yesterday, patching four zero-day vulnerabilities disclosed during last week's Pwn2Own contest
For the Adventurous, Java 8 is out (Internet Storm Center) Looks like JAVA 8 is out (thanks Rob)
Cyber Trends
The Goldilocks Dilemma: Too Much Cybersecurity Or Too Little? (Forbes) Cybersecurity continues to be a hot topic these days, but it's unclear whether CIOs are doing too much or too little to tackle the problem. Sometimes it seems as though enterprises are developing the same attitude about breaches that Californians have about earthquakes — sure, we're vulnerable, but what are the chances of it shaking really, really bad right where I'm standing
91% of video surveillance deployments involve IT departments (Help Net Security) ESG research found that among organizations currently using video surveillance technology, 91% indicate that IT manages or supports these deployments. Of the final survey pool of IT professionals involved with video surveillance at mid- to enterprise-sized organizations, 47% claim their department is the group most responsible for setting surveillance strategy and making final infrastructure purchasing decisions
There are real and present dangers around the Internet of Things (The Guardian) Despite plenty of scaremongering, there are reasons to be worried about the emergence of a hyper-connected world
Security, M&A among hospital CIO frustrations for 2014 (FierceHealthIT) As 2014 kicks into full gear, what topics elicit fear and frustration among health CIOs? Bonnie Siegel, a healthcare IT recruiter for Witt/Kieffer, shared some of her takeaways from discussions with CIOs at the College of Healthcare Information Management Executives' CIO Forum in Orlando
Hacks of Ages (Juniper Networks) From the click-clack of the Enigma machine that stumped so many for so long to the Anonymous "Million Mask March" on the White House to protest against corporate and government corruption, we've assembled an illustrative timeline of the cyber world
Marketplace
Spying Is Bad for Business (MIT Technology Review) Can we trust an Internet that's become a weapon of governments? Following a one-day summit in Brasilia this February, negotiators from Brazil and Europe reached a deal to lay a $185 million fiber-optic cable spanning the 3,476 miles between Fortaleza and Lisbon. The cable will be built by a consortium of Spanish and Brazilian companies. According to Brazil's president, Dilma Rousseff, it will "protect freedom." No longer will South America's Internet traffic get routed through Miami, where American spies might see it
Major departments seek continuous monitoring acquisition independence from DHS (FierceGovernmentIT) Some federal agencies are choosing to buy continuous monitoring tools independently of the Homeland Security Department's Continuous Diagnostics and Mitigation Program despite forfeiting DHS procurement money for those tools when doing so
Virginia Contracting Activity Kicks Off $6B Defense IT Contract Bids (GovConWire) The Virginia Contracting Activity has started to accept bids on a potential five-year, $6 billion information technology services contract covering work for the the Defense Department and intelligence community
Yahoo's 'Mission Accomplished' Moment: Talent Retention (InformationWeek) Marissa Mayer and other tech employers should focus less on an aggressive acqui-hire strategy and more on moonshot engineering goals, current and former Yahoo employees say
Verdasys Closes $12 Million Investment (Dark Reading) Kenneth Levine joins Verdasys as CEO, replacing Jim Ricotta
Security Startups: Interview with Covertix CEO Yoran Sirkis (SecurityWeek) SecurityWeek: How did you start out in the computer field and in particular, security? Yoran: I started my journey in the cyber- and information- security fields while at the Israeli Air Force, where I served as a captain. After the military service I joined Comsec, an international information security professional services firm
Products, Services, and Solutions
Full Disclosure mailing list closure elicits mixed reactions (Help Net Security) The Full Disclosure mailing list has long been the perfect place for security researchers to disclose and discuss newly found vulnerabilities. But John Cartwright, one of its creators, has pulled the plug on the list today
Twitter gives up on encrypting direct messages, at least for now (The Verge) The company has a reputation for fighting government data collection. So why did it suddenly drop plans to protect private messages
Facebook Blocks NSA Spies — for Now (CIO) In the wake of revelations exposed in classified National Security Agency documents leaked to reporters by Edward Snowden, Facebook must show its users that their data is safe from the prying eyes of government spies
What is Kaspersky Gadget (Kaspersky Lab Daily) "Gadget" has recently become an extremely popular word. We now use a wide range of gadgets, read the latest news from this sphere in various blogs and websites, and eagerly discuss it. You can even use a gadget for your antivirus, like Kaspersky Internet Security, which has its own Kaspersky Gadget now
Blue Coat and HP collaborate to combat advanced targeted attacks (CIOL) To deliver a transformative approach that integrates defenses for each stage of the threat lifecycle and automates intelligence sharing across the security infrastructure
Enigma opens its platform for public big data search and discovery (FierceBigData) Do you live in the U.S. and need access to petabytes of public data free of charge? You're in luck. Enigma has just announced it opened its platform to the public for public data search and discovery
Parallel universes: parallel data warehouses for analytics only (FierceBigData) It's fairly common for analytics teams' abilities to go far beyond the technology function IT provides. At best, this is an untenable situation and at worst it costs such hobbled companies millions to billions in lost opportunities
Juniper Networks Partners VeriSign (Nasdaq Analyst Blog) Networking solutions provider, Juniper Networks ( JNPR ) has announced a partnership with VeriSign, Inc. ( VRSN ) to provide hybrid cloud-based security services. The combined solution can manage and protect against Distributed Denial of Service (DDoS) attacks and at the same time connect public and private clouds securely. Read more:
Arbor Unveils a Network Security 'DVR' (Light Reading) Network attacks may be increasingly inevitable, but 83% of enterprises say they are unprepared for them, according to new research from Arbor Networks
Check Point Sandboxing Technology Tops Zero-Day Malware Block Rates (Consumer Electronics Net) Check Point® Software Technologies Ltd. (NASDAQ: CHKP), the worldwide leader in securing the Internet, today announced that Check Point Threat Emulation Service, which protects organizations against new, unknown and targeted attacks before they infect a network, has the highest catch rate of malicious files. In recent benchmark testing, 600 malicious files were scanned through Check Point Threat Emulation and other competitive products. The results found that Check Point outperformed all of the others in this test, with a malicious file catch rate of 99.83%. The other competitive products detected an average of 53% of the files as malicious, with the highest competitor's catch rate at 75%
Review: KnowBe4 Compliance Manager (eSecurity Planet) While KnowBe4 Compliance Manager does not makes tasks associated with regulatory compliance enjoyable, reviewer Matt Sarrel finds the software does make them less onerous
Damballa and ForeScout Partner on Threat Protection (SecurityWeek) Damballa, a provider of threat protection and containment solutions, and ForeScout Technologies, a provider of network security solutions, have teamed up in an effort to enhance visibility and automate remediation of advanced threats within enterprise networks
Cohen's SAC taps analytics firm Palantir to monitor employees (Reuters) Billionaire investor Steven A. Cohen hired a top Silicon Valley data analytics firm to keep closer tabs on his employees just months after his hedge fund SAC Capital Advisors pleaded guilty to insider trading charges
The Pentagon Spent $2.7 Billion on an Intelligence System That Doesn't Work (The Wire) Here's another item for the (long) list of spectacular waste in the Pentagon's budget: a $2.7-billion intelligence program that's supposed to help Army troops on the ground collect and use intelligence on enemy fighters. It sounds like a good idea, but the thing is, the Army's Distributed Common Ground System doesn't actually do that, according to report from Foreign Policy. The article cites an internal assessment of the DCGS's effectiveness, long requested by Congress but kept under wraps by the Pentagon for eight months. Probably because they didn't feel like talking about such a spectacular failure
Technologies, Techniques, and Standards
Law firm drafts risk-based approach to privacy protections (Inside Cybersecurity) A privacy policy group managed by the law firm Hunton and Williams is meeting today in Paris to develop a risk-based approach to protecting personal data, which is intended to sidestep industry-government tensions over privacy protections as part of cybersecurity measures
Stop Targeted Attackers (Dark Reading) All cyber-attackers aren't equal. Focus more attention on exploits made just for you
Kick us as hard as you like, RIGHT IN THE CYBERS, says Japan (The Register) Government unleashes ethical hackers to prep for Tokyo Olympics
How do you know if an RNG is working? (A Few Thoughts on Crytographic Engineering) No matter how much cryptographers accomplish, we're always building on a questionable foundation. Last week, Edward Snowden spoke to a packed crowd at SXSW about the many problems (and limited solutions) facing those of us who want to keep our communications private. Snowden said a number of things — including a shout out to Moxie's company Whisper Systems, who certainly deserve it
Where will XP stalwarts go after the end of Windows XP support? (TechTarget) The end of official Windows XP support is not all bad news. Microsoft plans to provide signature updates for its anti-malware application for another year or so. But support for the operating system itself is going away, and enterprise desktops running it could be at significant risk. Yet budgets, timelines and legacy programs leave some organizations with little choice but to continue to support XP. If that's the case for your environment, you can take a number of steps to help mitigate at least some of the looming threats
Improving Security via Proper Network Segmentation (SecurityWeek) Recent headlines around data breaches have highlighted a common security mishap — improper network segmentation
Metadata Poses Both Risks And Rewards (Dark Reading) For companies, metadata can both be an opportunity to better secure the business and a threat that leaks sensitive data
Python developers are the most giving (IT World) GitHub Archive data reveals that Python repositories, on average, receive the most pull requests of any programming language
XORSearch: Finding Embedded Executables (Didier Stevens) Someone mentioned on a forum that he found a picture with an embedded, XORed executable. You can easily identify such embedded executables by xorsearching for the string "This program must be run under Win32". But if the author or compiler modifies this DOS-stub string, you will not find it
Design and Innovation
War is a Video Game, and We're Losing (War on the Rocks) It is often said that the rise of military robotics and cyber warfare is turning war into a "videogame." But this thesis—which blames technology for a supposed loss of moral seriousness about war—gets the causation wrong. It isn't bloodless technology that really makes war videogame-like. Rather, videogames are simple and deterministic in that they mirror the ways a cross-section of national security experts think about war. It seems that as hard as we try to be treat war as "tragic, inefficient, and uncertain," we end up getting our military analysis from the same mental place that's engaged by a shopping trip to GameSpot. We might as well use this to our advantage by diversifying our unconscious war(games) rather than playing the same titles over and over again
Research and Development
Finjan Holdings Subsidiary Issued New U.S. Patent For Malicious Mobile Code Protection (Dark Reading) Patent issuance relates to a proprietary malicious mobile code runtime monitoring systems and methods
Academia
Springfield High, Clark State to join forces for cybersecurity class (Springfield News-Sun) Springfield High School students will soon be given the opportunity to jump into one of the fastest-growing and in-demand careers in the nation
Here come the next generation cyber-warriors (Fortune) The wild frontier of identity theft and web terrorism has opened the door for educational programs to train teenage cyber-sleuths
Legislation, Policy, and Regulation
UAE ponders how to have big data, without big problems (The National) With one of the highest adoption rates of smartphones on the planet, the UAE is at the forefront of the global push to become a "smart nation" in which online technology is integrated into everyday life. But as the Emirates Centre for Strategic Studies and Research's annual conference heard this week, the dawning era of big data warrants care and supervision to ensure the intended benefits do not come at the price of sacrificing reasonable expectations of privacy
Espionnage : comment Orange et les services secrets coopèrent (Le Monde) On apprend souvent davantage de choses sur soi par des gens qui n'appartiennent pas à votre famille. Les Britanniques, un peu malgré eux, viennent de nous éclairer sur les liens hautement confidentiels qui existent entre les services secrets français, la Direction générale de la sécurité extérieure (DGSE) et l'opérateur historique de télécommunication France Télécom, qui a pris le nom d'Orange en février 2012
Google CEO Calls NSA Spying 'Disappointing' (Bloomberg) Google Inc. (GOOG) Chief Executive Officer Larry Page criticized the National Security Agency's surveillance activities, calling for limits on what the U.S. government can do. "It's tremendously disappointing that our government did this and didn't tell us," Page said during a presentation at a TED technology and design conference in Vancouver. "We need to know what the parameters of this are"
NSA top lawyer says tech giants knew about data collection (C/Net) Nevermind the vociferous denials from tech titans like Google, Microsoft, and Apple. They knew the government was collecting their user data, the NSA's general counsel says
Rand Paul Slams Surveillance State 'Drunk With Power' (National Journal) A harsh speech wins over the UC Berkeley crowd but the Republican senator glides past social issues
Edward Snowden: Here's how we take back the Internet (Help Net Security) Appearing by telepresence robot, Edward Snowden speaks at TED2014 about surveillance and Internet freedom
Alexander: Congress should address cyberthreat information sharing (Federal Times) Intelligence-sharing has become a higher priority following a 2013 executive order that expanded the Homeland Security Department's Enhanced Cyber Services program
DOD delays rulemaking on rapid reporting of cyber penetrations (Inside Cybersecurity) The Pentagon needs more time to develop highly anticipated draft regulations that would require defense contractors with security clearances to rapidly report penetrations of their networks and information systems
Working group kicks off process to align communications sector with cyber framework (Inside Cybersecurity) The FCC's long-awaited "working group four" on cybersecurity will be formally launched today at a meeting of the Communications Security, Reliability and Interoperability Council, beginning a yearlong process to align industry best practices with the government's new framework of cybersecurity standards
Senate Commerce panel schedules data breach hearing (Inside Cybersecurity) The Senate Commerce Committee will hold a hearing next week on "protecting personal consumer information from cyber attacks and data breaches"
NRF: 4 lies about data security (FierceRetailIT) What if a government agency held hearings on fraud protection and data security, prompted by recent data breaches at national retailers, and failed to invite a single retailer
Obama Administration Denies 'Abandoning the Internet' (Nextgov) A top Commerce Department official pushed back Wednesday against concerns that the Obama administration is opening the door to an Internet takeover by Russia, China, and other authoritarian regimes
Litigation, Investigation, and Law Enforcement
US DHS digs out 27,000-member child abuse ring buried on Tor (Naked Security) The child predators targeted children as young as 3 years old. More than 40 terabytes of data were seized, 15 men have been arrested, 251 child or teen victims have been identified
US officials don't expect terrorists to embrace Bitcoin. Here's why. (Bloomberg News via the Times Herald) The U.S. government sees no evidence of "widespread" use of virtual currencies such as Bitcoin to evade sanctions or finance terrorism, the Treasury Department's top official targeting money laundering said
Hacker Diabl0 arrested in Thailand at the request of Swiss authorities (NetworkWorld) He is wanted in connection with computer fraud and credit card information theft in Switzerland
Three indicted over $15 million identity theft spree (Naked Security) Three men have been indicted in a New Jersey court, charged with participating in an identity theft conspiracy which could have cost its victims upwards of $15 million
Class Action Suit Filed in L.A. Breach (HealthCareInfoSecurity) A class action lawsuit has been filed against Los Angeles County and a vendor that handles patient billing and payment collections for the county's departments of health services and public health in the wake of a breach last month affecting 168,500 individuals
Non-Gmail users suing Google for "wiretapping" denied class action (Ars Technica) Judge says Google is right—the problem of consent is too murky.
Microsoft uncovers mole who leaked Windows secrets, but Wzor lives on (InfoWorld) Microsoft has charged an ex-employee who leaked Windows 8 builds — but it's unlikely that Wzor, the current reigning champ of Windows leaks, will be affected
"Revenge porn" site creators hit with $385,000 judgment (Ars Technica) Lawyer hopes other revenge porn "scumbags" will remember this lesson
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change (Chantilly, Virginia, USA, Mar 20, 2014) Join INSA's Security Policy Reform Council for Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change at the SI Organization in Chantilly, VA. This unclassified, but sensitive Symposium will be off the record, and will bring together stakeholders from the executive and legislative branches as well as their counterparts in the private sector. Following unprecedented attention on the security clearance process in 2013, 2014 promises to be a year of consequence to a fundamental aspect of how the IC carries out its mission. This Symposium will provide attendees an opportunity to participate in the current debate and learn about future technologies that will influence security policies and procedures.
Suits and Spooks Singapore (, Jan 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate in a globally hostile environment that consists of foreign intelligence collection, mercenary hacker crews, insider threats, and supply chain/vendor vulnerabilities. Our international list of speakers will discuss who the threat actors are, what they're after, and best practices to mitigate the risks.
MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, Mar 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have on the clinical research process.
Cyber Security for Energy & Utilities (, Jan 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the 3rd Edition of Cyber Security for Energy & Utilities conference taking place from 23 -26 March 2014 at The Westin Golf Resort in Abu Dhabi, UAE.
Fourth Annual China Defense and Security Conference (Washington, DC, USA, Mar 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding China's rising military power and strategy by carefully examining Chinese-language sources. Speakers at the conference will provide an extensive overview of recent developments in military training and operations reform, and take on challenging questions in Chinese foreign policy, including considerations of the role of cyber-warfare in Chinese strategic thought.
Veritas 2014 (, Jan 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy.
Black Hat Asia (, Jan 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.
SEC Cybersecurity Roundtable (Washington, DC, USA, Mar 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies, and how they are addressing those concerns.
Cyber Security Management for Oil and Gas (, Jan 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security breaches while ensuring your employees, social media and mobile devices operate effectively. Implementing best practices in order to achieve and maintain SCADA and other key systems security. How a "critical infrastructure" designation would impact different aspects of oil and gas cyber security management.
ISSA Colorado Springs — Cyber Focus Day (Colorado Springs, Colorado, USA, Mar 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
Financial Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, Mar 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credit) and the latest details on the Maryland Small Business Financing Authority's newest program for small businesses looking for investment dollars.
CyberBiz Summit (Linthicum, Maryland, USA, Mar 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday, March 28th.
Corporate Counter-Terrorism: the Role of Private Companies in National Security (Washington, DC, USA, Mar 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance initiatives. John Carlin, Assistant Attorney General for National Security, will deliver the keynote. Other speakers will include current and senior officials from the Justice Department, National Security Agency, Office of the Director of National Intelligence, FBI, DHS, Google, and Microsoft.
Cyber Saturdays (Laurel, Maryland, USA, Mar 29, 2014) Are you a community college student with an interest in network security or information assurance? Would you like to test your skills in a fast-paced game environment? If so, one if Capitol College's upcoming Cyber Saturdays could be a great way to spend part of your weekend.
SyScan 2014 (Singapore, Mar 31 - Apr 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.
Interop Conference (, Jan 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
NSA Hawaii (, Jan 1, 1970) Be a part of the 2nd Annual Information Technology Expo set to take place at the new National Security Agency (NSA) Regional Operations Center in Wahiawa, HI. The event is being sponsored once again by the NSA Hawaii NSA/CSS Technology Directorate. The focus of this event will be Cyber Security, Big Data and Cloud Computing technologies but all interested companies are welcome to exhibit.
InfoSec World Conference & Expo 2014 (, Jan 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
NIST IT Security Day (Gaithersburg, Maryland, USA, Apr 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security and networking at home and in the office. This event's objective is to educate users on IT security and related topics. The event will feature guest speakers on general and technical IT security topics and tutorials on internal services and products.
IT Security Entrepreneurs Forum (ITSEF) 2014 (, Jan 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community by providing a venue where entrepreneurs can meet and interact directly with top government agency and industry officials in an open and collaborative environment. This SINET community of interest and trust facilitates broadened awareness of the government's challenges, needs, and its future direction regarding Cybersecurity, while shining a spotlight on the entrepreneurs and their innovative technologies that are helping to address and solve today and tomorrow's security challenges.
Women in Cybersecurity Conference (Nashville, Tennessee, USA, Apr 11 - 12, 2014) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in recruitment/retention of women in this field and/or diversification of their cybersecurity workforce is especially encouraged to get involved.
Suits and Spooks San Francisco (, Jan 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. CFP is now open. If you're interested in being a speaker at Suits and Spooks San Francisco, please send an email with your topic title, short abstract, and your bio by February 15th.
East Africa Banking and ICT Summit (Kampala, Uganda, Apr 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations, and unique networking opportunities.
National Collegiate Defense Cyber Competition (, Jan 1, 1970) Registration for the 2014 CCDC season is underway! Visit your region's website or contact your regional for registration and competition information.
InfoSecIndy (Indianapolis, Indiana, USA, Apr 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.
Infosecurity Europe 2014 (, Jan 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.