The CyberWire Daily Briefing 05.15.14

Summary

By The CyberWire Staff

Sino-Vietnamese maritime disputes continue to be fought in cyberspace, with China apparently playing offense. Media in other Southeast Asian countries lend a sympathetic ear to former US National Security Advisor Donilon's warnings concerning Chinese cyber threats.

Al Qaeda has apparently, as widely feared and reported, changed its communication tools after reading Snowden's leaks. But this may not be entirely a bad thing, as some observers note that a change to do-it-yourself crypto may have made the terrorist organization's communications easier to read: home-brew crypto seems, Schneier notes, to be "snake oil."

Dark Reading continues its series on Iran's "Ajax Security Team."

Polymorphic malware VOBFUS evolves into polylingual variants, the better to phish its way into targets' networks.

The cyber insurance market may be burgeoning, but it's still immature. AppRiver surveyed "security professionals" at the recent Infosecurity Europe expo and found them skeptical: coverage is expensive and they doubt claims would be paid. This suggests compliance-heavy clauses in policies and lack of consensus over risk management more than it does widespread experience of claims being denied.

That the business risk of cyber incidents is real none would deny. A study of consumer attitudes finds data breaches very damaging to brand reputation. Retailers take note and form R-CISC, the Retail Cyber Intelligence Sharing Center.

Some "anonymous" services hedge their promises: they'll reveal your identity to police, in response to subpoenas, etc., which shows the shakiness of anonymity secured by third parties.

The FBI hints major arrests in cyber cases are coming soon.

Notes.

Today's issue includes events affecting Bangladesh, Belgium, China, Germany, Iran, Netherlands, New Zealand, Spain, United Kingdom, United States and Vietnam.

Selected Reading

Cyber Trends

Cyber Crooks Are Winning Tech War, And Silicon Valley Is Losing (Wall Street Journal) The area between San Jose and San Francisco is "one of the most attacked areas of the world"

Selling Your Bulk Online Data Really Means Selling Your Autonomy (New Republic) In March, a Dutch student called Shawn Buckles placed his personal data on the market. He offered to hand over all of his most intimate electronic matter—e-mails, health records, calendars, geolocational data—to the highest bidder. By mid-April, Buckles had received 53 offers. The winner of the auction was The Next Web, a popular site for technology news. It shelled out $480 for his data soul

Shadow IT: Honey Badger Better Care (InformationWeek) Use of Dropbox and other consumer services is exploding in enterprises, yet companies turn a blind eye to the security risks. This sends the wrong message to cloud service providers

Dispelling The Myths Of Cyber Security (Dark Reading) Perfect security that focuses on eliminating threats is too expensive and impossible to achieve. Better to think about consequence management

REUTERS SUMMIT-Lockheed says cyber attacks quadrupled since 2007 (Reuters) Lockheed Martin Corp, the No. 1 provider of information technology to the U.S. government and the top Pentagon supplier, said on Wednesday the number of sophisticated cyber campaigns aimed at its computer networks had more than quadrupled since 2007

New NSA Chief expects attacks attempting to damage, destroy critical infrastructure (Network World) Officials and experts talk privacy, security and cyberattacks at Reuters Cybersecurity Summit

U.S. must crack down on China's cyber threats (ComputerWorld) Donilon, speaking at the annual FOSE government IT conference, warned that continued "cyber-enabled economic theft" on the part of the Chinese imperils the half a trillion-dollar economic relationship between the two superpowers

Legislation, Policy and Regulation

Condoleezza Rice defends NSA spying at tech conference (San Jose Mercury News) Hundreds of venture capitalists and entrepreneurs heard a rousing defense of the National Security Agency from former Secretary of State Condoleezza Rice, who on Wednesday vigorously worked to justify the security complex created during her tenure in the White House and lambasted recent whistle-blowing efforts to expose the agency's spying programs

It's sometimes okay for democracies to pretend that leaks do not happen (Washington Post) In recent days a storm has been brewing over the Office of Director of National Intelligence's (ODNI's) update to the regulations (more formally, the 'pre-publication review standard') its employees must follow prior to disclosing intelligence-related information

Internet NZ: PM needs to front up about GCSB links (New Zealand Herald) John Key needs to front up about the involvement of the GCSB in the National Security Agency's international spies' club, says the internet lobby group

Halvorsen Named Acting Defense Department CIO (SIGNAL) Terry Halvorsen, currently the U.S. Navy's chief information officer (CIO), will take over as the Defense Department's acting CIO in a week, a position vacated somewhat abruptly by Teri Takai when she announced at the end of April that she would be leaving the post by May 2

Products, Services, and Solutions

Whistleblowers Beware: Apps Like Whisper and Secret Will Rat You Out (Wired) Anonymously spilling personal gossip and corporate secrets online is all fun and games—until someone gets a subpoena

HOSTING Expands Security Offering With Latest Alert Logic Threat Manager Solution (MarketWatch) HOSTING, the leading managed cloud hosting provider for mid-sized enterprises, today announced availability of a new security offering delivered by longtime partner, Alert Logic, the leading provider of security-as-a-service solutions for the cloud

Is Comodo Antivirus better then Avast, Norton and BitDefender software? (Alpha Wired) Today we will discuss whether Comodo antivirus is better then the big dogs out there, such as avast, norton and bitdefender. We primarily picked the big 3 seeing as they rank the highest in the antivirus department

Fortinet Unveils FortiOS 5.2 to Fight APTs (ComputerWorld) This release incorporates numerous innovations that strengthen Fortinet's Advanced Threat Protection Framework, providing enterprises with a cohesive and coordinated way to combat Advanced Persistent Threats (APTs), zero-day attacks and other sophisticated malware

Qubitekk Unveils First Plug-And-Play Quantum Source For Emerging Quantum Computing And Quantum Cryptography Marketplace (MarketWatch) Device can significantly reduce the development time associated with emerging quantum computer designs. Can be used to produce quantum repeaters and quantum memory devices. First application is quantum encryption to protect critical infrastructure from cyber attack. Future applications unlimited. Developed by Dept. of Energy quantum entanglement scientist

LanGuard 2014 R2 comes with enhanced vulnerability assessment, patch management (Help Net Security) GFI Software released GFI LanGuard 2014 R2, the latest version of the company's comprehensive network vulnerability scanning and patch management solution

Technologies, Techniques, and Standards

NIST launches post-NSA review into crypto guidance (IT News) The United States National Institute of Standards and Technology (NIST) today said it has commenced a review of its cryptographic standards, following recent claims the country's National Security Agency deliberately weakened some of the encryption schemes it helped develop

NIST's dream: Integrating security into design (FCW) The National Institute of Standards and Technology hopes its new guidelines for IT security will beget a systems engineering process in which security is intrinsic to product design rather than an afterthought

Ron Ross dissects NIST's newest guidance — what it means for agencies (FierceGovernmentIT) The National Institute of Standards and Technology issued a new draft publication May 13, which aims to help agencies build or acquire IT systems with better security baked in from the start, by outlining best practices and recognized software engineering principals

Reining in out-of-control security alerts (CSO) Enterprises overwhelmed with security alerts have several options to reduce the noise, while improving network defenses

For protection against the next Heartbleed, look no further than FedRAMP (FierceGovernmentIT) Depending on where you stand, FedRAMP is a lot of things — a cloud certification process, a vetting tool for acquisition, but for agencies it could be a dependable line of defense against the next Heartbleed-like vulnerability

AusCERT 2014: 45 year-old Internet protocols need "re-programming", says Verizon VP (ComputerWorld) US national security policy vice president Marcus Sachs says the protocols were never designed for cyber threats

Locating ICS and SCADA Systems on .edu Networks with Shodan (Tripwire: The State of Security) I wrestled with a myself for a long time about whether or not to publish this article, but the time has come for education and action regarding exposed SCADA/ICS in the .edu sector. The goal of this post is to encourage security teams at .edus to proactively discover, enumerate, inventory and classify SCADA/ICS devices on their networks in order to mitigate risk. I assume no responsibility for misuse or impact arising from this sharing of information

Privacy, National Security and Mass Surveillance: the Role of Crypto (Tripwire: The State of Security) In the first article in this three-part series, we examined some of the contradictory elements regarding the government's "ability to use cyberspace" and how privacy concerns may hinder government's national security objectives, and in the second installment we discussed feedback from the CSFI membership regarding the conflict between security and privacy demands. In this final article in the series we will examine the role cryptography plays in the security vs. privacy debate

How to Catch a Hacker in the Act (Motherboard) "As today 25 March 2014, PayPal is launching a new survey program. All customers are welcome to participate this survey. The survey will take 5 minutes and for your effort and understanding PayPal will select most of the customers that takes this survey and reward them with £25.00." This is the usual sort of ungrammatical nonsense that pours into our email inboxes every day, asking the recipient to click on a malware-containing attachment that, hopefully, most of us know to ignore

DISA's push toward a mobility ecosystem (Federal Times) The organisms in an ecosystem coexist in a community that is a careful balance, inextricably linked to each other for their survival. In technology the use of "ecosystem" is a common metaphor, and while it's a little bit different, some of the central tenets are the same: a harmonious, shared environment that is sustainable, scalable and controlled

Marketplace

Cyber liability insurance isn't worth the cost (Microscope) Cyber liability insurance isn't worth the paper it's written on according to the majority of security professionals canvassed at this year's Infosecurity Europe exhibition

Security Think Tank: Cyber insurance is a two-way street (ComputerWeekly) The idea of insurance is not to ensure that something happens, but to ensure that if something does happen, then the insured company will receive compensation to help remediate the situation. This pertains to physical health insurance or security health insurance

No Silver Bullets: Insuring Against Cyber Threats (Cyveillance) The information age has long outgrown its infancy, and the widespread adoption of new technologies and products mark a stronger developed environment today. Fittingly, this more mature landscape presents more seasoned solutions for challenges along the way. Cyber threats are one of the biggest challenges; they are here to stay, and they come in many different forms: from careless employees leaking information, technical failures, brand reputation issues, and online activism, to deliberate hacking attacks and industrial or state-sponsored espionage

Study: Data Breaches Make Huge Impact On Brand Reputation (Dark Reading) Consumers rank data breaches and poor customer service high in their effects on brand perception

Retailers Launch Cyber Info-Sharing Center (BankInfoSecurity) In the wake of large-scale data breaches against retailers such as Target, Neiman Marcus and Michaels, the Retail Industry Leaders Association has launched the Retail Cyber Intelligence Sharing Center in an effort to strengthen defenses against cyber-attacks and protect consumers

Hortonworks Buys Big Data Security Specialist, Will Donate IP to Apache (CIO) In an effort to provide a single-pane-of-glass view of data security, authorization, auditing and overall governance for Hadoop, Hortonworks has acquired big data security specialist XA Secure. The vendor says it plans to donate XA Secure's intellectual property to the open source community

Bad news for Cryptocat as it debuts Encrypted Facebook Chat (Help Net Security) Mere days after Cryptocat creator Nadim Kobeissi announced that the latest update of the popular software will allow Facebook users to use encrypted chat, the social network has made known its intention of shutting down its Chat API/XMPP Services by April 30th 2015

Battered Security Software Stocks That May Have 70% Upside (24/7 Wall Street) Sometimes despite good earnings and outlooks, great stocks get caught up in sell-offs like the one we experienced from late February through much of April. What started as biotech sell-off turned into an "anything momentum and rich" sell-off, which in some cases threw the proverbial baby out with the bath water. In a new report, the analysts at Oppenheimer point out that for most of the top security software stocks first-quarter earnings were very good. Their field checks and conversations with chief information officers suggest security remains a top spending priority, driven by complex network attacks and an increased regulatory environment

Scooplet: A New Cyberalliance (Politico) The Chertoff Group and Edelman are announcing a cybersecurity partnership later today for their financial services, energy, technology, health care and retail clients. Among a long list of services, the security consulting shop helmed by the former Homeland Security chief and the PR firm will team up to offer physical and cyber risk assessments, scenario planning and exercises, media training and vendor risk management assessments

OpenDNS Raises $35M From Cisco For Its Cloud-Based Enterprise Network Security As A Service (TechCrunch) Cloud-based enterprise network security company OpenDNS has raised $35 million in Series C funding from Greylock Partners, Sequoia Capital, Sutter Hill Ventures, Glynn Capital, Cisco, Evolution Equity, Lumia Capital, Mohr Davidow Ventures, and Northgate Capital. This brings the company's total funding to $53 million

Netskope Brings In $35 Million More As Cloud Security Competition Heats Up (TechCrunch) When it comes to understanding the profusion of applications employees are using to conduct business, IT departments are increasingly lost in the cloud

How much do cyberprofessionals rake in? (Washington Business Journal) Cyberprofessionals don't have it bad. But not all of them have it as good as some expected either

Research and Development

DARPA Sets Cyber Foundations with 'Plan X' (Defense Tech) Defense Advanced Research Project Agency leaders told lawmakers the agency is making progress with an ongoing cyber security project known as Plan X to increase cyber visibility and provide a new foundation for the fast-developing world of cyber warfare moving into the future

Security Patches, Mitigations, and Software Updates

PayPal Fixes Vulnerabilities In MultiOrder Shipping Application (SecurityWeek) PayPal has fixed a filter bypass flaw and a persistent input validation vulnerability affecting its MultiOrder Shipping application

Cyber Attacks, Threats, and Vulnerabilities

Vietnam Government Sites Defaced by Chinese Hackers as Sea Tension Ignite (Nextgov) About 220 local Vietnamese sites were apparently affected

China Increases Cyber Attacks On Vietnam During South China Sea Dispute — Vietnam Fears All-Out Cyber War (Peace and Freedom) Vietnam's Internet system runs the risk of being paralyzed when Chinese hackers launch bigger attacks

Al-Qaeda's new homebrew crypto apps may make US intel-gathering easier (Ars Technica) NSA spying revelations led to development of three new encryption apps

On The Trail of An Iranian Hacking Operation (Dark Reading) The Iranian Ajax Security Team of hackers went from high-profile hacktivists posturing on Facebook to cyberspies encrypting stolen information from defense contractors

FCC Employees, is your Internet running sluggish today? (Nextgov) Some website operators are slowing down Federal Communications Commission employees' access to their sites in protest of potential paid Internet fast lane regulations. On Thursday, FCC Chairman Tom Wheeler is expected to release a proposal that would let broadband providers charge sites for bandwidth-heavy content

VOBFUS Evolves, Adds Multiple Languages (Security Intelligence Blog) VOBFUS malware is known for its polymorphic abilities, which allow for easy generation of new variants. We recently came across one variant that replaces these abilities for one never seen in VOBFUS malware before—the ability to "speak" several languages

Phishing campaigns target diverse webmail users at once (Help Net Security) Every now and then, phishers mount campaigns that simultaneously target users of different online services

Email Attackers Switch to 'Blitzkrieg' Tactics to Maximize Impact (Infosecurity Magazine) Agari TrustIndex reports cyber gangs are increasingly 'weaponizing' their malicious emails with sophisticated threats

New browser hijacker/click fraud malware threatens Windows users (Help Net Security) In its latest Security Intelligence Report, Microsoft has noted that malware designed to make money for the attacker via click fraud, performing Bitcoin mining, and redirecting search results, has been plentiful in the last quarter of 2014

Is Elderwood the digital arms dealer that fuelled attacks on Google? (The Guardian) Researchers believe group may have been selling attack code to cyber espionage hackers since 2009

Student who exposed Covert Redirect deflects findings away from ID protocols (ZDNet) What started out as hunting bug bounties eventually turned into Internet scare

Bangladesh Internet Domain '.bd' is vulnerable to Hacking, using outdated software (Hackers News Bulletin) Experts say that Bangladesh's own internet country code top-level domain ".bd" is one of the worst managed domains in the world

Antiwar.com Servers Hacked by Industrial Strength Malware (HackRead) Antiwar.com, a libertarian website known for its non-interventionism and war opposing views has its server hacked just few hours after launching its fundraising drive

Point DNS blitzed by mystery DDoS assault (The Register) DNS flood washes over company servers

DNS Flood of 1.5 Billion Requests a Minute, Fueled by DDoS Protection Services (Incapsula) Several days ago one of our clients became the target of a massive DNS DDoS attack, peaking at approximately 25Mpps (Million packets per second)

Social Science Site Using Azure Loses Data (InformationWeek) Dedoose, a data analytics system, suffered a failure on Azure that may mean three weeks of lost data for customers

The Emerging Threat to Satellite Communications (Threatpost) When new technologies or platforms emerge, they tend to follow a familiar trajectory in terms of security. The evolution typically goes through something like the following stages: Hey, look what we built; huh, no, we didn't think about that problem; we're very serious about security; ok, now we're actually serious about security

Academia

Landover pilot program teaches elementary students programming fundamentals (Gazette.net) William Paca sixth-graders design games, learn math concepts

American college students still aren't flocking to computer science (IT World) Despite the hot job market and competitive salaries, the share of Computer Science degrees as a percentage of BA degrees has remained essentially unchanged since 1981, according to data from the National Center for Educational Statistics' Digest of Educational Statistics. If history is any indication, it will take a cultural phenomenon to shift the percentage higher

Litigation, Investigation, and Enforcement

ODNI and DOJ release additional declassified FISC filings and orders related to Section 215 of the USA Patriot Act (IC on the Record) Today the Office of the Director of National Intelligence and the Department of Justice released, in redacted form, a previously classified series of Foreign Intelligence Surveillance Court filings and orders from 2009-2010 concerning the collection of bulk telephony metadata under Section 215 of the USA Patriot Act. These documents relate to a robust interaction that occurred between the Department of Justice and a telecommunications service provider that included the provider's review of prior FISC applications, orders and opinions, regarding lawful compliance with those orders

U.S. revealed secret legal basis for NSA program to Sprint, documents show (Washington Post) Under threat of a court challenge, the Obama administration in 2010 revealed to Sprint the secret legal basis of a then-classified program that collected Americans' phone records by the billions for counterterrorism purposes, according to newly declassified documents and interviews

FBI plans cyber crime crackdown, arrests coming in weeks (Reuters) The FBI is getting more aggressive in pursuing cyber criminals and expects to announce searches, indictments and multiple arrests over the next several weeks, the agency's official in charge of combating cyber crime said on Wednesday

The Future of Crime: 8 Cyber-Crimes to Expect in Next 20 Years (Fox Business) Forget everything you think you know about crime. In the next 20 years, "traditional" crime as we know it today will be largely replaced by cyber-crime

Google and Facebook join forces to take down fake tech support scammers (Naked Security) Web giants Google and Facebook have announced that they recently took down 4,000 suspicious advertiser accounts linked to more than 2,400 tech support websites

Surprise! Google chairman blasts EU's privacy ruling (The Register) Press slavishly reports that take-down requests will engulf ad giant

Google Gets New Requests To Be 'Forgotten' Following Ruling, Plans Request Mechanism For Germany (TechCrunch) Google has already started to see a stream of new requests to be digitally "forgotten," following a ruling by the European Court of Justice on a complaint by a Spanish man seeking to have results related to his name and a property closure removed from the search engine were successful. It's not a good sign for Mountain View; these requests could quickly become a big new headache for the search provider to deal with, especially if these initial requests are representative of what's to follow

Arrests in international voice-phishing case (Help Net Security) Belgian and Dutch judicial and law enforcement authorities, supported by the European Cybercrime Centre (EC3) at Europol and Eurojust, have concluded an operation resulting in the arrest of 12 members of an organized crime group and the seizure of EUR 15,000 in cash and important digital evidence in a voice-phishing case

Hacker Sabu's Sentencing Delayed for Seventh Time (eSecurity Planet) Hector Xaxier Monsegur is now due to be sentenced on May 27, 2014

Police didn't publicise scale of hacking to protect victims, says NoW reporter (Guardian) Clive Goodman tells court names including Kate Middleton have only emerged now because they were not disclosed in 2006-7

Former Subway sandwich franchisee cops to $40,000 gift-card hack scheme (Ars Technica) Man used LogMeIn to access point-of-sale terminals of other shops, feds say

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Eurocrypt 2014 (, January 1, 1970) Eurocrypt 2014 is the 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. It is devoted to all aspects of cryptology.

SANS Security West (, January 1, 1970) SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information security skill set by learning innovative ideas and techniques to fend off today's most challenging cyber threats as well as emerging threats.

INFILTRATE (, January 1, 1970) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere. INFILTRATE is the single-most important event for those who are focused on the technical aspects of offensive security issues, for example, computer and network exploitation, vulnerability discovery, and rootkit and trojan covert protocols. INFILTRATE eschews policy and high-level presentations in favor of just hard-core thought-provoking technical meat.

Security BSides Denver 2014 (Denver, Colorado, USA, May 16, 2014) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

Security Start-up Speed Lunch NYC (New York, New York, USA, May 19, 2014) Our goal for this inaugural event is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology and transportation sector companies in a novel way: the speed lunch.

CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions on acquiring evidence from mobile devices to international e-discovery to cyber security intelligence, there's simply no other training or seminar series available that packs so much relevant and practical information from so many expert speakers into a single four-day period.

The Device Developers' Conference: Bristol (Bristol, England, UK, May 20, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.

Mobile Network Security in Europe (London, England, UK, May 21, 2014) Following on from two successful events in the United States, this first Light Reading conference on Mobile Network Security in Europe will again focus on the key role of the network in safeguarding the mobile carrier's network assets while protecting its customers from security attacks. The conference will also consider the case for distributing and coordinating security strategies across the end-user device, the mobile network, and the cloud as carriers look to prevent attackers from triggering outages and degradations or from stealing sensitive customer information.

Positive Hack Days (, January 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright eyes, the atmosphere of a huge research ground, communication between people sharing the same views and their opponents, minimum formalities and maximum practice.

Georgetown Law: Cybersecurity Law Institute (, January 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels of American companies. Last year's inaugural Cybersecurity Law Institute received positive reviews for its unique simulation approach that prepared attendees on actions to take if their company faced a cyber-attack.

NSA Mobile Technology Forum (MTF) 2014 (, January 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom focused in mobile technologies. Those companies who specialize in both current and future mobile features and equipment or have efforts that benefit NSA's efforts should participate as a commercial vendor; conference attendance is limited to government employees.

CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. CyberMontgomery Forum events will provide clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in MoCo and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders.

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.

The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.

Fort Meade Technology Expo (, January 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable.

3 Day Startup (San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed with an emphasis on learning by doing. The idea is simple: start tech companies over the course of three days.

CANSEC (, January 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display. This tradeshow targets a wide audience of customers that includes Government agencies and departments with an interest in the defence sector.

Hack in The Box Security Conference (HITBSecConf) Amsterdam (, January 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not an event you come to for 'security 101' talks or marketing hype. We cover stuff that hasn't made it into the news — yet. Potential security issues coming our way in the next 12 months.

Area41 (, January 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.

The Device Developers' Conference: Manchester (Manchester, England, UK, June 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.

NSA SIGINT Development Conference 2014 (, January 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference.

The Device Developers' Conference: Scotland (Uphall, Scotland, UK, June 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.

The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, June 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.

MIT Technology Review Digital Summit (, January 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies at the heart of the next wave of the digital revolution.

Cyber 5.0 Conference (Laurel, Maryland, USA, June 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure.

Global Summit on Computer and Information Technology (, January 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer and information technology promising multidisciplinary exchanges in computer and information technology. We are attracting many high quality research papers spanning over the various aspects of information technology, computing science and computer engineering. Such research highlights foundational work that strives to push beyond limits of existing computer technologies, including experimental efforts, innovative systems, and investigations that identify weaknesses in existing IT services.

NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates. The event will be promoted agency-wide. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel. A complete agenda will be posted once all speakers are confirmed.

2014 Spring National SBIR Conference (Washington, DC, USA, June 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs that encourage small businesses to engage in Federal Research/Research and Development (R/R&D) and to commercialize your technological innovations.

18th Annual Colloquium for Information Systems Security Education (, January 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.

MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.

SANSFIRE (Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.

26th Annual FIRST Conference (Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.

Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.

United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, June 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.