The CyberWire Daily Briefing for 4.8.2014
news from SINET ITSEF 2014
SINET ITSEF 2014 gets underway this afternoon in Mountain View, California. We'll report news from the conference as it develops. We're looking forward with particular interest to hearing the contributions of Alejandro Mayorkas (Deputy Secretary, US Department of Homeland Security), Kjetil Nilsen (Director General, Norway's Nasjonal Sikkerhetsmyndighet), and Philip Quade (Chief Operating Officer, Information Assurance Directorate, National Security Agency).
The conference's participants plan to take up such issues as identity management, automation for cyber security, the Internet-of-things (and the "hyperconnectivity" the IoT implies), and the challenges enterprises face—security, regulatory, and legal—managing mobile devices in the cloud.
Tomorrow's sessions will be of particular interest to entrepreneurs. We particularly invite any of our readers who jump into the "Cybersecurity Shark Tank"—the name of one of the table sessions—to let us know how they fared delivering their two-minute elevator pitch to experienced industry and venture capital hands.
India worries it will be caught in a coming Russo-American cyber "crossfire" triggered by tension over Russian incursions into Ukraine.
Europe Online notes a level of nuisance achieved by OpIsrael, but on balance calls the action a fizzle. An Indian vigilante hacktivist appears to have downed a major Pakistani Taliban site.
Such regional tensions aside, the major news today is the disclosure of "Heartbleed," a vulnerability in the OpenSSL cryptographic software library. Heartbleed exposes information normally protected by SSL/TLS encryption, rendering it vulnerable to snooping. Among the data particularly at risk are private keys, usernames, and passwords. Some of the more famous sites known to be leaky are Yahoo Mail, Lastpass, OpenSSL, and the principal FBI site. Information at SecureDrop (a service popular with journalists) is also at risk. A fix is out: OpenSSL 1.0.1g.
Google has removed a bogus (and malicious) security app, "Virus Shield," from its Google Play store, but not before Virus Shield achieved best-seller status.
Trend Micro has an interesting overview on cyber criminals' infestation of the Dark Web.
It's Patch Tuesday, and Microsoft Windows XP officially enters the afterlife, its passing marked by advice on how to mitigate the risks its expiration brings.
Yahoo closes a Flickr privacy hole.
The US and China cyber talks are under way, and Forbes thinks their purpose (from the US point-of-view) is as much deterrence as reassurance.
The US Supreme Court declines to fast-track a surveillance review: SCOTUS will let the issue work its way up through lower courts.
Notes.
Today's issue includes events affecting Canada, China, European Union, Germany, India, Israel, Pakistan, Palestinian Territories, Russia, Ukraine, United Kingdom, and United States..
Mountain View: the latest from SINET ITSEF 2014
IT Security Entrepreneurs Forum (ITSEF) 2014: Workshops (SINET) Workshops begin this afternoon in Mountain View. Session topics include: "What Are Our Top Ten Needs and Priorities in 2014?" "Cybersecurity — A Big Data Problem — What Are We Doing About It?" "Federal Spending: What's the Real Market for the Private Sector?" "Guidance For Startups: Evaluating and Working With Enterprise Prospects," "Hyperconnectivity: The Promise and Peril of a Fully Connected World," "Convergence of Physical and Cyber: Identity, Access and Compliance: Where are we Headed?" "Cybersecurity Automation and Capability Re-Orientation," and "Mobile and Smart Devices Relationship to the Cloud — What are the Regulatory, Legal and Security Challenges?"
IT Security Entrepreneurs Forum (ITSEF) 2014: Forum (SINET) SINET ITSEF's Forum continues all day tomorrow, April 9, with keynote addresses by Alejandro Mayorkas, Deputy Secretary, US Department of Homeland Security, who will give us a perspective from DHS, and Kjetil Nilsen, Director General, Nasjonal Sikkerhetsmyndighet (NSM - Norway's National Security Authority) who will speak on the "Nordic Cybersecurity Model of Trust."
97% of U.S. Enterprises Fear Insider Security Threats (MSPmentor) Vormetric, an enterprise data security technology provider, described some of the biggest IT and security threats for enterprises in its latest Insider Threat report, released last week. Researchers revealed that only 3 percent of U.S. organizations felt safe against insider threats, versus 9 percent for European organizations. In addition, researchers noted that 47 percent of U.S. organizations felt vulnerable against these threats, versus 25 percent for European organizations. "[Chief security officers] and enterprises are struggling today to cope with the massive increase in risks from insider threats that include both traditional insiders and privileged users as well as outside attacks that compromise their credentials in order to steal critical data," Security Innovations Network (SINET) founder Robert Rodriguez said in a press release. "Comparisons of European and U.S. organizations within the report show Europeans feeling more secure, but that all need to rethink the mix of their investments in security controls, and focus more strongly on protecting data"
ZL Technologies CEO Joins CIA and Department of Homeland Security in Panel to Discuss Maintaining Privacy While Leveraging Big Data for New Purposes in Government (MarketWired) ZL Technologies, Inc. (ZL), the leader in total information governance for the large enterprise, today announced the company's CEO, Kon Leong, will participate on a panel with representatives from the CIA and the Department of Homeland Security at the IT Security Entrepreneurs Forum (ITSEF 2014), taking place April 8-9 at the Computer History Museum in Mountain View, Calif. Leong will join Dawn Meyerriecks, deputy director for Directorate of Science and Technology of the CIA; Donna Roy, executive director of Information Sharing Environment for the Department of Homeland Security; and moderator L. William Varner, president of ManTech Mission, Cyber and Intelligence Solutions Group, to discuss the growing privacy challenge of Big Data and how to leverage data for new purposes in government
CSG Invotas to Participate in SINET ITSEF 2014 (MarketWatch) CSG Invotas , the new enterprise security business from CSG International, Inc., today announced its participation at the eighth annual 2014 SINET IT Security Entrepreneurs Forum (ITSEF)
Cyber Attacks, Threats, and Vulnerabilities
Is India Caught In the US-Russia Cyber Warfare Crossfire? (Defense World) There could be more to it than meets the eye in the recent downpour of leaked information on the Indian Air Force's Su-30MKIs. Anti-Russia hackers, either acting independently or working for the US NSA and other western powers may have targeted Moscow because of the latter's reunion with Crimea and due to Edward Snowden's asylum in Russia
Cyber attacks on Israeli websites cause minimal damage (DPA via Europe Online) Pro-Palestinian activists on Monday staged a series of cyber attacks against Israeli websites, but experts said no serious damage was caused
Indian hacker Takes Down Official website of terrorist organization Tehreek e Taliban Pakistan (HackRead) The official website of terrorist organization Tehreek e Taliban Pakistan (TTP) has been targeted and successfully taken down by famous Indian hacker Godziila. Godziila hacker who has been in news for targeting high profile websites, including the official website of Pakistan army; took down the TTP's website earlier today. It has been observed that the same website was
The Heartbleed Bug (Codenomicon) The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs)
Vulnerability Note VU#720951: OpenSSL heartbeat information disclosure (Vulnerability Notes Database) OpenSSL 1.0.1 contains a vulnerability that could disclose private information to an attacker
Seriousness of OpenSSL Heartbleed Bug Sets In (Threatpost) Site operators and software vendors are scrambling to fix the OpenSSL heartbleed bug revealed Monday, a vulnerability that enables an attacker to extract 64 KB of memory per request from a server. Attacks can leak private keys, usernames and passwords and other sensitive data, and some large sites, including Yahoo Mail and others, are vulnerable
Google Removes Top App: 'Virus Shield' Scams Thousands, Exposes Flaw In Android Ecosystem (International Business Times) Until Sunday night, the top new paid app on the Google Play store was a complete scam. Google Inc. (NASDAQ: GOOG) quickly removed "Virus Shield" from the Google Play store, but not before thousands of people downloaded the fake anti-malware app, exposing a major flaw in the open strategy Google has taken with its mobile app marketplace
Bogus Android anti-virus app dupes thousands, including Google itself, and makes it to #1 in the charts (Graham Cluley) If you need further evidence that Google has a slip-shod approach to policing the official Android app store, then take a look at this
How a website flaw turned 22,000 visitors into a botnet of DDoS zombies (Ars Technica) Everyday browsers are unwittingly conscripted into powerful attack platform
Researchers demo iOS banking app hack (SC Magazine) Mobile banking transactions may be on the rise, but banks may face an uphill struggle to keep them secure from cyber-criminals
Cyber Shakedown: Hackers Unleash Mafia-Style Extortion Tactics (Fox Business) Scott Heiferman received a disturbing email one recent Thursday morning that he quickly realized would have ripple effects for his company's 16 million users. The author of the message offered to stop a looming cyber attack on social networking site Meetup.com in exchange for $300. Instantaneously, the Meetup.com's servers were bombarded with enormous levels of traffic that brought its services down
Meet the New School; Same as the Old School (Trend Micro: Simply Security) The Dark Web has been very firmly colonised by criminals looking for a safer marketplace to ply their various trades. Are the vendors and buyers in these forums the same or different to those that work in the older and more established underground forums on the open Internet?
Malware writers turn to ancient craft to hide viruses (CRN) Using art of steganography to get up to no good
Trio of health data breaches rocks California patients (FierceHealthIT) Three major data breaches rocking the state of California made headlines recently--one involving a computer infected with malicious software, one involving a former employee's illegal access and one involving theft of medical data from a contractor's office
German Users Can Check If They're Among the 3 Million Whose Credentials Have Been Stolen (Softpedia) Last week, authorities in Germany uncovered a total of 18 million credentials stolen by cybercriminals. The country's Federal Office for Online Security (BSI) has set up a service that allows users to check if they're impacted
Triathlon camera drone falls out of the sky, owner claims it was hacked (Naked Security) A drone that was supposed to be filming an Australian triathlon fell out of the air and struck a triathlete in the head, sending her to hospital on Sunday
DCMS Twitter 'hack' targets Maria Miller MP (CSO) The Department for Culture, Media and Sport had its Twitter account 'hacked' on Saturday, with rogue tweets targeting secretary of state Maria Miller
Match.com Lothario cons woman out of her retirement savings (Naked Security) A New Jersey woman lost her retirement savings after she fell for a phony Match.com cutie
Security Patches, Mitigations, and Software Updates
OpenSSL CVE-2014-0160 Fixed (Internet Storm Center) OpenSSL 1.0.1g has been released to fix "A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client or server. This issue did not affect versions of OpenSSL prior to 1.0.1"
The Heartbleed bug: serious vulnerability found in OpenSSL cryptographic software library (Graham Cluley) System administrators, I hope you weren't planning to have an easy day today?
SecureDrop and the OpenSSL Vulnerability (Press Freedom Foundation) Today a serious vulnerability was reported on OpenSSL versions 1.0.1 through 1.0.1f: CVE-2014-0160, or Heartbleed. SecureDrop runs as a Tor Hidden Service, which we also know is affected. As such, this affects all properly configured instances of SecureDrop, and steps should be taken immediately to mitigate disruption of SecureDrop running services
The Muddy Waters of XP End-of-Life and Public Disclosures (Threatpost) Windows XP security support ends Tuesday and until now, most of the public hand-wringing over XP's end-of-life has been about the potential for malware outbreaks against unpatched vulnerabilities that have been stockpiled by hackers anxiously awaiting April 8, 2014
Microsoft ends XP support — what should users do next? (ComputerWeekly) April 8 2014 — the day that Microsoft no longer supports Windows XP — is upon us, and for organisations that still have a significant XP user base, it's no surprise there is rising concern over what to do next
Yahoo shows cavalier attitude to info-leaking Flickr vulnerability, but finally plugs privacy hole (Hot for Security) I have long believed that for security to succeed inside a company, it really needs to be part of their DNA. You need to live-and-breathe security every day to have a proper chance of protecting your computers and sensitive data (and that of your customers and partners) from hackers and privacy breaches
The 'Privacy Dinosaur' urges Facebook users to check their privacy settings (Naked Security) Facebook has introduced a blue cartoon Zuckersaurus-Rex, or some other type of dinosaur, to warn users when they are about to post something publicly
Cyber Trends
Windows XP only the latest example of risky software, argues KPMG (TechWorld) The fact that millions of PCs and embedded systems will continue to run Windows XP beyond this week's End of Life (EOL) deadline is only the latest example of obsolete, risky software that shouldn't be used to stoke up unnecessary fear, KPMG analyst Stephen Bonner has argued
2013 dubbed year of mega data breaches as attacks soar (Irish Times) New study shows a 62 per cent increase in data breaches last year
Sometimes the Best Big Data Questions Raise the Biggest Privacy Concerns (Nextgov) One useful definition for the unstructured data that underlies most existing and theoretical big data projects is that it was often collected for some purpose other than what the researchers are using it for
Berkeley professor: We've had big data privacy issues since 1970s (FierceBigData) Last week UC Berkeley held a daylong workshop on "Big Data: Values and Governance." It was yet one more example of how discussions pertaining to big data use and related privacy issues are increasingly being held publicly rather than behind closed doors. And this is as it should be
Security holes in power grid have federal officials scrambling (Los Angeles Times) In Congress, the vulnerability of the power grid has emerged as among the most pressing domestic security concerns
Marketplace
Silicon Valley scares Americans (USA Today) After the NSA spying scandal, many don't trust the techies of Google and Facebook
Defense Information Systems Agency Selects BAE Systems' XTS Guard for Enterprise-Wide Information Assurance (MarketWatch) BAE Systems' XTS® Guard has been selected by the U.S. Defense Information Systems Agency (DISA) as an enterprise-wide security standard. It is being utilized by DISA's Cross Domain Enterprise Services (CDES) to ensure the agency's ability to securely share information among authorized users within the Department of Defense (DoD) and across the Global Information Grid
Invincea Announces 54 New Enterprise Customers for Its Flagship Enterprise Solution, $8.1M in Advanced Research Contracts for Its Labs Division (MarketWatch) Invincea, Inc., the market leader in the use of secure virtual containers for user protection against advanced cybersecurity threats, today announced accelerated momentum and major milestones
Axiom Housing Association Chooses Panda Cloud Fusion to Protect and Manage Their IT Systems (PR Urgent) Axiom Housing Association realizes significant cost savings and improved performance after implementing Panda Cloud Fusion to secure and manage their network. Panda offers calculator to check how much you can save annually
Products, Services, and Solutions
Android security suites compared (ZDNet) AV-Test.org's latest comparison of security suites for Android have many products with very high scores. Among the best, the difference is in a comparison of features and capabilities for the enterprise
IBM boosts portfolio of mobile tools for firms' security, device and network needs (V3) IBM has outlined a raft of new mobile tools and services to help firms tackle the growth of mobility within their organisations
EventTracker Cloud First to Offer Free Early Warning System (Reuters) EventTracker, a leading provider of comprehensive SIEM solutions, today announced the general availability of EventTracker Cloud, a SaaS solution for networks, systems, and applications. EventTracker Cloud offers simple, secure and scalable SIEM and log management functionality in the cloud. A free tier allows real-time alerting by text or email from up to 25 systems, network devices and applications, providing customers with the most cost-effective way to monitor any potential security breaches, threats, or availability
Technologies, Techniques, and Standards
Does IP convergence open you up to hackers? (Help Net Security) Recent reports indicate that unauthorized persons gained access to Target's network using credentials stolen from a company that worked on the company's refrigeration, heating, ventilation and air conditioning. The ongoing investigation will have to determine whether this was the root cause of the Point-of-Sale (POS) malware, or was a parallel attack. Whichever it turns out to be, it is clear that you should take steps to assure that any access you provide for vendors not be abused or misused
Why earwax & kittens are no recipe for successful IT security (IT Pro) Security researchers claims the unique properties of people's earwax could make it a password killer. Davey Winder's not convinced
BYOD and security: Five tips to keep boundaries between work and home (TechTarget) Bring your own device, also known as BYOD, has taken off in corporate America. Corporations are now offering stipends to their employees to cover the full or partial cost of their personal mobile devices, such as a smartphone or tablet. The end result of BYOD is that employees are now using their personal mobile devices to manage their personal livesand their work lives. While it is easy to see the huge cost savings to corporations with a BYOD policy, this merging of work apps onto employees' personal mobile devices can have a negative impact on their work productivity and time off. In this article, I offer five quick tips to help managers assist employees to establish healthy boundaries between their work life and personal life so that both companies and employees can receive the full benefits of BYOD
Social Media Monitoring and Compliance: Five Best Ways to Navigate Complexity in the Workplace, Part II (Cyveillance) In this blog series on social media and online monitoring, we'll discuss five best ways for companies to address compliance regulations — and protect their organizations — while respecting employee and third-party privacy concerns. In our previous post, we discussed why it's important to have a clear understanding of what you are looking for and what your objectives. In today's post, we'll examine why you need to set boundaries
Social Engineering Grows Up (Dark Reading) Fifth annual DEF CON Social Engineering Capture the Flag Contest kicks off today with new "tag team" rules to reflect realities of the threat
If Mother Nature Were A CISO (Dark Reading) There are many defensive patterns in nature that also apply to information security. Here's how to defeat your predators in the high-stakes game of corporate survival and resiliency
We Are the Perimeter (Dark Reading) End users, not technology, define the boundaries of the enterprise. Security strategies must protect this new perimeter
Operation Stop the Exfiltration (Dark Reading) Determined cybercriminals and cyberspies will find their way to the data they want, but there are ways to trip them up as they try to make their way out
Research and Development
The Great Hash Bakeoff: Infosec bods cook up next-gen crypto (The Register) Take a serverful of hash, add salt, hold the rainbow
Open Source Intelligence Offers Crystal Ball Capability (SIGNAL Magazine) Researchers working on behalf of the U.S. intelligence agencies can use reams of open source, anonymous data to foretell social turmoil such as disease outbreaks or international political unrest. Once fully developed, the capability to predict coming events may allow U.S. officials to more effectively respond to public health threats; to improve embassy security before an imminent attack; or to more quickly and effectively respond to humanitarian crises. Both Google and Yahoo have proved they can detect major flu outbreaks based on Web search results, but the intelligence community may be able to out-Google Google. Researchers at the Intelligence Advanced Research Projects Activity (IARPA) intend to push the capability further, predicting events before they hit the news. Three teams—led by Virginia Tech, BBN Technologies and Hughes Research Laboratory—continually compete to see who can best predict events that create social disruptions
Academia
Cyber warfare research institute to open at West Point (Army Times) The Army's academy has established a cyber warfare research institute to groom elite cyber troops and solve thorny problems for the Army and the nation in this new warfighting domain
School for spies: UK creates 'university degrees' in cyber security (Russia Today) GCHQ, Britain's intelligence agency for information assurance, will approve UK postgraduate courses in cyber security — effectively endorsing a Masters in spying, recent reports claim. This might come in useful for the agency's own employees
Legislation, Policy, and Regulation
What Briefing Chinese Officials On Cyber Really Accomplishes (Forbes) In the New York Times, David Sanger has an interesting article about Washington's efforts to prevent escalating cyber attacks with Beijing. According to Sanger, U.S. officials have tried to allay the concerns of their Chinese counterparts about the build up of Pentagon capabilities through greater transparency. They have briefed them on the "emerging doctrine for defending against cyberattacks against the United States — and for using its cybertechnology against adversaries, including the Chinese." We should, however, be clear about their real purpose. These briefings have more to do with deterring China than assuring it
Why The Conversation Should Be Required Viewing at the NSA (The Atlantic) Francis Ford Coppola's psychological thriller, which turns 40 today, may be the best exploration of the dangers of surveillance that pop culture has ever produced
5 Privacy Laws I Would Put on the Books Right Now (Popular Mechanics) As we hear more and more about government spying at the federal, state, and local levels, it's time to start thinking about what to do if we want to protect our privacy
Senate Confirms Two Key Department Of Homeland Security Nominees (Homeland Security Today ) The Senate Monday confirmed the nomination of Dr. Reggie Brothers to be the Department of Homeland Security (DHS) Under Secretary for Science and Technology and retired Air Force Brig. Gen. Frank Taylor to be DHS Under Secretary for Intelligence and Analysis
Chemical plant security measure moves forward in the House (Homeland Security Newswire) The House Homeland Security Committee and the House Energy and Commerce Committee are making progress on legislation meant to extend DHS's Chemical Facility Anti-Terrorism Standards program, which helps secure commercial chemical plants from terrorist attacks. Several attempts by the House Homeland Security Committee to extend the program have failed due to disagreements with the House Energy and Commerce Committee, which also oversees the matter
Seeking a Role in Marine Corps Cyber (SIGNAL Magazine) A tactical technology support organization that has been serving the U.S. Marines for decades is beginning to find a role in the cyber domain. The group offers a broad range of services, including test and evaluation, engineering and network integration. It also supports users across the Defense Department, U.S. government and allies. No definitive cyber role has yet been carved out for the Marine Corps Tactical Systems Support Activity (MCTSSA), Camp Pendleton, California, but the team has skills to offer, says Michael Canterbury, MCTSSA technical director
As gov't discusses expanding digital searches, ACLU sounds caution (Ars Technica) Proposed changes not "minor"—"it is a major reorganization of judicial power"
Litigation, Investigation, and Law Enforcement
Sen. Feinstein Calls Former CIA Director's 'Emotional' Comment 'Nonsense' (National Journal) The senator rebuked the former intelligence director's remarks on her personal feelings about a CIA report
Supreme Court Declines Review of NSA Phone Spying (National Journal) The Supreme Court on Monday opted to not take up the constitutionality of the National Security Agency's surveillance program that collects bulk telephone data of millions of Americans, a decision that arrives as the other two branches of government are moving forward with reforms to the controversial practice
EU data retention directive thrown out by European Court of Justice (ZDNet) Opponents of Europe's data retention directive now have the legal standing to challenge it at a national level
Canadian eavesdropping agency fretted about staff safety following U.S. leaks (Canadian Press via the Vancouver Sun) Canada's secret eavesdropping agency feared for the personal safety of staff following the leak of sensitive intelligence by a former U.S. spy contractor, newly declassified memos show
33 lawsuits against Target over data breach will be heard by one Minnesota judge (FierceITSecurity) 33 lawsuits across 18 districts filed against Target over its massive data breach last fall will be consolidated in the retailer's home state of Minnesota, the U.S. Judicial Panel on Multidistrict Litigation ruled last week
FBI says Russians out to steal technology from Boston firms, but evidence is thin (Beta Boston) It sounds like a scare from 1970s Cold War propaganda or a subplot from the popular TV series "The Americans," but the FBI says the threat is real: Russian investment firms may be looking to steal high-tech intelligence from Boston-area companies to give to their country's military
8 charged in AT&T ID theft fraud case, including outsourced contractor (Naked Security) Eight people have been indicted by a Florida court, accused of stealing personal info from files at US telecomms giant AT&T and using the data to defraud tens of thousands of dollars from credit and debit cards
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
InfoSec World Conference & Expo 2014 (, Jan 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
NIST IT Security Day (Gaithersburg, Maryland, USA, Apr 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security and networking at home and in the office. This event's objective is to educate users on IT security and related topics. The event will feature guest speakers on general and technical IT security topics and tutorials on internal services and products.
IT Security Entrepreneurs Forum (ITSEF) 2014 (, Jan 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community by providing a venue where entrepreneurs can meet and interact directly with top government agency and industry officials in an open and collaborative environment. This SINET community of interest and trust facilitates broadened awareness of the government's challenges, needs, and its future direction regarding Cybersecurity, while shining a spotlight on the entrepreneurs and their innovative technologies that are helping to address and solve today and tomorrow's security challenges.
Defensive Cyberspace Operations & Intelligence Conference (, Jan 1, 1970) Two days of presentations, workshops, training, and networking on defensive operations and intelligence activities in cyberspace. Speakers from government, universities, and industry will share their insights with participants.
SOURCE (, Jan 1, 1970) The purpose of SOURCE Conference is to bridge the gap between technical excellence and business acumen within the security industry. SOURCE fosters a community of learning where business and security professionals come together to gain knowledge and skills, network with peers, and advance their careers and professional development. SOURCE enables individuals, teams, and organizations to leverage information to improve decision-making, optimize performance, and achieve business objectives.
2014 GovCon Cyber Summit (McLean, Virginia, USA, Apr 9, 2014) The U.S. Computer Emergency Readiness Team (US-CERT) noted that last year federal networks saw a substantial increase in hacking incidents, with 48,000 attacks reported by agencies. In recognition of this fact, and to help emphasize the importance of a secure framework, the Obama administration released the Cybersecurity Cross-Agency Priority (CAP) Goal to help agencies improve secure performance through network consolidation, strong identity management, and continuous monitoring. Agencies are implementing new procedures and technologies to shore up defenses before it's too late, and it's clear that the federal government is not going to stop in their increased efforts to minimize and prevent cyber security attacks. Bottom line, the federal government will continue to place significant focus on securing the nation's cyber infrastructure and it's having an impact on the entire GovCon community.
2014 Computer Security Day (Eugene, Oregon, USA, Apr 11, 2014) The Fourth Computer Security Day at the University of Oregon will feature a slate of distinguished speakers from academia, industry, and government, discussing current challenges and future opportunities in cybersecurity. The range of topics will be broad and diverse, ranging from examining future trends in computer security, to understanding cybersecurity within the federal government, to exciting new research in authentication mechanisms and securing systems and data. There will be plenty of opportunities to engage with the speakers and other attendees.
Women in Cybersecurity Conference (, Jan 1, 1970) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in recruitment/retention of women in this field and/or diversification of their cybersecurity workforce is especially encouraged to get involved.
NSA Procurement in today's business arena (Elkridge, Maryland, USA, Apr 16, 2014) An opportunity to gain inside perspective on market trends in NSA Procurement. The guest speaker will be William Reybold, National Security Agency's Deputy Senior Acquisition Executive (SAE), who manages all Agency procurements, from off-the -shelf supplies to developing and deploying large, highly technical, and complex new system. He is directly accountable for delivery of all major systems acquisitions and includes as part of the organization, the NSA Contacting Group.
Suits and Spooks San Francisco (, Jan 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. CFP is now open. If you're interested in being a speaker at Suits and Spooks San Francisco, please send an email with your topic title, short abstract, and your bio by February 15th.
US News STEM Solutions: National Leadership Conference (, Jan 1, 1970) The STEM crisis in the United States demands solutions—and nowhere is the search more concentrated than at U.S. News STEM Solutions. Now in its third year, this premier national leadership conference is an outcome-focused forum for the entire network of experts, advocates and change-makers who are proactively working to fill jobs now and advance the future of the STEM workforce. More than a broad-based discussion of the issues, this year's conference will zero in on tangible results, real successes and collaborative strategies that are already moving the needle. If you have a vested interest in the development of the STEM pipeline, make your voice heard where it will have the most impact.
East Africa Banking and ICT Summit (Kampala, Uganda, Apr 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations, and unique networking opportunities.
National Collegiate Defense Cyber Competition (, Jan 1, 1970) Registration for the 2014 CCDC season is underway! Visit your region's website or contact your regional for registration and competition information.
InfoSecIndy (Indianapolis, Indiana, USA, Apr 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.
United States Cyber Crime Conference 2014 (, Jan 1, 1970) This is the only event of its kind that provides both hands-on digital forensics training and an interactive forum for cyber professionals to network. The conference covers the full spectrum of topics facing defenders as well as law enforcement responders. All aspects of computer crime will be covered, including intrusion investigations, cyber crime law, digital forensics, information assurance, along with research and development, and testing of digital forensic tools.
Infosecurity Europe 2014 (, Jan 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.