The CyberWire Daily Briefing for 5.22.2014
news from the Georgetown Cybersecurity Law Institute
Georgetown's Cybersecurity Law Institute opened yesterday with a welcome from Dean William M. Treanor. He was followed by Nuala O'Connor of the Center for Democracy and Technology, who offered an overview of "the promises and perils of cyber security in daily life."
The morning's first panel dealt with enterprise security programs, including a discussion of roles and responsibilities: General Counsel, CISO, CIO, etc. This discussion led naturally to a consideration of cyber frameworks and standards, and their legal implications. The NIST cyber security standard (developed with contributions from several thousand stakeholders) was developed as a tiered system. It is not, panelists stressed, a standard. It is, however, an excellent starting point to structure the conversations an enterprise's key players need to have in preventing, detecting, and mitigating a cyber event. A tiered system as proposed by NIST accommodates the needs of organizations with widely divergent levels of cyber maturity. It is also intended to accommodate rapidly evolving risks.
Frameworks and standards are not legislation, and the panel generally agreed that legislation would be premature. In this area the voluntary will precede law and regulation. NIST's cyber framework will help companies shape governance and prepare for emerging standards. FTC consent decrees, in contrast, were described as high-level "lagging indicators" that amount to binding cyber standards.
Increasingly, the panel observed, we find that sharing cyber information not only mitigates vulnerability, but limits liability. Information sharing appears on its way to becoming part of standards of care. Such sharing should extend outside a business to vendors and partners: a company needs to take reasonable steps to satisfy itself that vendors and partners have the wherewithal to protect what's invaluable to that company. Reasonable cyber security is a continuing process of assessing and managing risk.
Suzanne E. Spaulding, Undersecretary for the National Protection and Programs Directorate in the Department of Homeland Security, delivered the afternoon keynote. She stressed DHS's commitment to sharing information with the private sector. DHS sees itself, in fact, as an advocate for the private sector in the often difficult-to-access Intelligence Community, and DHS works to disseminate cyber intelligence as effectively as possible to stakeholders in the unclassified world. She sees the private sector as having an important role in distributing and circulating cyber intelligence: companies see much that DHS doesn't, and they can contribute to developing intelligence. An interesting note for researchers: Undersecretary Spaulding said that DHS is currently interested in developing machine-to-machine, automated, near-real-time cyber intelligence sharing.
The two afternoon panels were devoted to the role of the general counsel in cyber security, and to the state and prospects of the cyber insurance market. General counsels have come to play a useful mediating role facilitating intracompany cyber security communications. They remain deeply involved in corporate cyber security discussions. They also play a significant role in compliance, acting especially on behalf of the corporate board. Several panelists had considerable experience with the electrical power industry, long a cyber target. They offered an interesting perspective on insider threats. Not all insider risks involve nefarious actors. Consider engineers who circumvent an air-gapped system. Perhaps they put in a backdoor that enables them to troubleshoot a problem from home (say, at midnight, when they'd rather phone it in than visit the plant).
The panel on cyber insurance noted that data breach insurance is relatively more mature than business interruption insurance. The costs of a data breach are better understood than those of business interruption. Although the market for business interruption insurance is about 100 years old, today's cyber risks are sufficiently novel to present poorly understood problems. The market hasn't yet reacted to the reality of cyber business interruption, and there's a lack of credible cyber risk actuarial data. (That risk is analogous to supply chain risks.) There's a robust third-party market, but the first-party market for transferring risk (of business interruption) is still forming.
We'll wrap up our coverage of Georgetown's Cybersecurity Law Institute tomorrow. In the meantime we've included some articles below that address topics relevant to the Institute's discussions.
We hear much about the importance of information sharing, and two stories today illustrate the challenges that surround it. First, ICS-CERT releases more information on the recent attack on a US public utility's industrial control systems. The affected systems were apparently exposed to the Internet with inadequate firewalling. Utilities have so far enjoyed the sort of immunity vintage equipment can confer upon an operation—much of its plant dates to pre-Internet days—but immunity-through-obsolescence (questionably desirable anyway) is temporary.
Second, eBay confirms that it has suffered a data breach (and some journalists question the effectiveness of the company's disclosure of the breach to its customers). The compromised database held customers' names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth.
Anonymous may have been involved in another happy fizzle: reports suggest the hacktivist collective tried and failed to conduct a denial-of-service attack against the .mil domain.
The Sino-American cyber espionage squabble continues to Chinese outrage as US prosecutors hang tough. Observers find it significant that the indictment is directed against specific natural persons, not a unit of the PLA—what former FBI Director Mueller calls "the warm bodies behind the keyboards." The tu quoque issue China raises, however, appears to have legs, as journalists revisit alleged US spying on Brazil's Petrobras.
In industry news, Cisco is buying ThreatGRID to complement last year's acquisition of Sourcefire.
US surveillance reforms advance through Congress to tepid industry reviews.
Weev, for some reason, thinks he deserves compensation for time in prison.
Notes.
Today's issue includes events affecting Australia, Brazil, Canada, China, Nigeria, South Africa, United Kingdom, and United States..
Washington, DC: the latest from Georgetown
Georgetown Cybersecurity Law Institute Course Materials (Georgetown University Law Center) Some sessions from this program will be available via live webcast
Compliance teams focus on third-party relationships (FierceCFO) Almost half of compliance executives say they're boosting oversight of third parties
Internet AccessIble Control Systems at Risk (ICS-CERT Monitor) Is your control system accessible directly from the Internet? Do you use remote access features to log into your control system network? Are you unsure of the security measures that protect your remote access services? If your answer was yes to any or all these questions, you are at increased risk of cyber attacks including scanning, probes, brute force attempts and unauthorized access to your control environment
Yikes, ICS-CERT reminds public utilities about dangers of remote access without firewall (NetworkWorld) Yikes! ICS-CERT is still reminding public utilities and other industrial control and critical infrastructure system operators about the dangers of having no firewall and allowing remote access for Internet-facing devices
U.S. utility's control system was hacked, says Homeland Security (Reuters via the Baltimore Sun) A sophisticated hacking group recently attacked a U.S. public utility and compromised its control system network, but there was no evidence that the utility's operations were affected, according to the Department of Homeland Security
The electric industry still doesn't understand what sophisticated attackers are after (Control) Stuxnet and Aurora utilized design features of the system or controllers to attack physical systems. Stuxnet and Aurora are not traditional network vulnerabilities and cannot be found or mitigated by using traditional IT security techniques
Experts Say U.S. Industry Complacent About Cyber Risks (Claims Journal) After warning for years that the U.S. electric grid and other critical infrastructure are dangerously vulnerable to hacking, security experts fear it may take a major destructive attack to jolt CEOs out of their complacency
Most compliance officers play little role in cyber security (Help Net Security) Seventy-five percent of compliance officers are not involved in managing cyber security risk according to a report from Kroll and Compliance Week
Raytheon's Mike Crouse: All Org Stakeholders Have Role to Play in Data Protection (Executive Biz) All components of an organization have a role to play in helping prevent security breaches by employees whether by accident or with intent, according to Mike Crouse, director of insider threat strategies at Raytheon
Target Earnings Show Pain of Data Breach Is Far From Over (Bloomberg BusinessWeek) The only winners in the ongoing Target crisis are future business school students, who will be studying it for years. And perhaps the would-be chief executive officer, who will find a lot of room for improvement
Three Steps to Data Security (CFO) Legal bills, compliance fines, fees for forensic investigators — data breaches are expensive. Here's how your company can avoid being a victim
Cyber Attacks, Threats, and Vulnerabilities
How much damage has Chinese hacking done to the US government? (Federal News Radio) A government report indicates more than 40 Pentagon weapons programs and nearly 30 other defense technologies have been compromised by cyber intrusions from China
Anonymous attempts attack on US .mil domain (SC Magazine via ITNews) Unknown hacktivists attempted to disrupt the operation of United States armed forces webservers yesterday by launching what is thought to be a denial of service attack against hosts in the .mil top-level domain
eBay password database hacked, users asked to change passwords (Ars Technica) "Encrypted passwords and non-financial data" stolen by cyberattackers
eBay Password Hack Proves the Danger of the Human Factor (Graham Cluley) You can't fail to have missed the news today that eBay has suffered a serious security breach, meaning that personal information about users has fallen into the hands of hacker
AVG on Heartbleed: It's dangerous to go alone. Take this (an AVG tool) (The Register) Thousands of websites still spilling their crypto blood on carpets everywhere
Some industrial systems still vulnerable to Heartbleed (Help Net Security) The danger from Heartbleed has passed for most Internet users, but operators of Industrial Control Systems (ICS) are not that lucky
Vupen Discloses Details of Patched Firefox Pwn2own Zero-Day (Threatpost) Contestants at this year's Pwn2Own contest made no bones about it: they were going after browsers and as it turned out, Firefox had the biggest target on its back
eBay becomes the latest online giant to own up to a password breach (Naked Security) Do you buy and sell stuff online?
Cyber Trends
Smart or stupid: will our cities of the future be easier to hack? (Guardian) As more and more machines are entrusted with managing city infrastructure systems, the prospect of disruption — and worse — through cyber terrorism appears ever more real
Security concerns restrain mobile banking (Financier Worldwide) Consumer fears surrounding security have dampened interest in the mobile technology services of financial institutions worldwide. These are the findings of Deloitte's new report, Mobile Financial Services: Raising the Bar on Customer Engagement, based on survey data from Andrews Research Associates
When it comes to banking cyber crime, size sometimes matters (Albany Business Review) When it comes to cyber crime the size of the financial institution doesn't matter to attackers
Security's future belongs to open source (ZDNet) It's really not a debate question, it's just the way it is. The world runs on Linux and open-source software
The Cyber Marine and Information Assurance (American News Report) The term "cyber security" has become part of our lexicon
AVG expose SME internet of things fears (Microscope) SMEs are in the dark about the latest industry buzz phase the Internet of Things (IoT) and as a result are leaving themselves unsecured as more parts of their business connects to the web
Company and employee disconnect on BYOD security policies (Help Net Security) Many employees do not take adequate steps to protect company information, a weakness that could result in critical security breakdowns, according to Webroot
Cyber criminals target "vulnerable" applications (Banking Technology) Security breaches at major institutions in financial services, healthcare and other industries are going undetected for months at a time and are often caused by basic errors of security, such as weak passwords, vulnerable applications and a lack of interest in security, according to a new report by cybercrime specialist company Trustwave
Cybercrime attack targets, victims, motivations and methods (Help Net Security) Trustwave experts gathered the data from 691 breach investigations (a 54 percent increase from 2012) across 24 countries in addition to proprietary threat intelligence gleaned from the company's five global security operations centers, telemetry from security technologies and ongoing threat research
Marketplace
China snubs Microsoft for ending XP security (SC Magazine) Microsoft has paid a high price for stopping security support on Windows XP - the Chinese government has decided not to buy Windows 8 for fear that product too will be left insecure
Are Cloud Providers Facing A Backlash Over Continued NSA Revelations? (CloudTweaks) Edward Snowden, the NSA, Heartbleed — it seems every technology story at the moment is in some way linked to these topics. Whether or not you believe that the NSA was directly involved in the Heartbleed security flaw, it is apparent that cloud customers around the world have been rattled by the disclosure of mass government surveillance and security leaks
Cisco to acquire malware prevention company (NetworkWorld) ThreatGRID will enhance products obtained from last year's Sourcefire acquisition
Blue Coat, KITRI Collaborate To Boost Internet Security in Korea (Business Korea) Blue Coat Korea and the Korea Information Technology Research Institute (KITRI) announced that they are going to work together on security research on May 20
DigiCert Selected as a Red Herring Top 100 North America Winner (MarketWatch) Annual list honors North America's fast-growing, successful private technology companies
Malcovery Security Selected as a 2014 Red Herring Top 100 North America Winner (IT Business Net) Malcovery Security announced today it has been selected as a 2014 Red Herring Top 100 North America winner, a prestigious list honoring the years most promising private technology ventures from North America. Red Herring annually recognizes leading private companies from the Americas, celebrating these startups innovations and technologies across their respective industries
Judd joins LastLine as he calls time on distie venture (CRN) Heatherside to be dissolved as Paul Judd accepts role at one of its former vendor partners
Chinese government shuns Windows 8 - security, economy or politics? (Naked Security) China is banning the use of Windows 8 in government departments, with an announcement from the country's Central Government Procurement Center nicely timed to add to the sizzling diplomatic row between China and the US, the "mincing rascal" which has had the temerity to accuse Chinese military officers of involvement in industrial espionage
Products, Services, and Solutions
Watchful Software Releases Rightswatch for Individuals Bringing Enterprise-Class Information Protection to the Mass Market (Ticker Report) Watchful Software, a leading provider of data-centric information security solutions, announced today it has released RightsWATCH for Individuals, an entry version of its award winning data-centric information security solution. RightsWATCH for Individuals requires no server-side installation or management, and allows anyone to have sensitive information classified, marked, and even protected with access control rights immediately upon download and installation
Cyber Squared Inc. Announces Launch of ThreatConnect European Community (Broadway World) Cyber Squared Inc. announced today that ThreatConnect, the leading threat intelligence platform, has launched a European Community of Interest. The private industry community will bridge together public organizations and private corporations across Europe to share threat intelligence data and collaborate within a secure environment
IBM adds Java lockdown to Trusteer Apex (ZDNet) IBM said the feature is unique to Trusteer, its endpoint protection software that guards against advanced malware attacks
Cloud Front Group and Hexis Cyber Solutions Announce a Strategic Partnership to Bring Active Defense to Cyber Solutions (Digital Journal) The Cloud Front Group today announced a strategic partnership with KEYW Holding Corporation and its subsidiary Hexis Cyber Solutions, Inc. (Hexis) to bring the next-generation threat investigation and removal solution, the HawkEye G, to Cloud Front Group's portfolio of emerging technologies to aid the federal government community
Facebook introduces Bullying Prevention Centre for UK, Europe (Naked Security) Facebook safety "Report" is a word that kids just don't like
Technologies, Techniques, and Standards
How to protect your company from an eBay-like breach (CSO) Experts recommend a number of defensive tactics ranging from employee education to monitoring of credential use on the network
Why companies should seek help in malware detection (CSO) Companies have shortened the amount of time between malware infection and discovery, but too few organizations detect the breach on their own, a security report found
Academia
Code-writing clicks as kids get creative (Seattle Times) Beginner-friendly computer programming languages are making it easier for children and teens who are eager to try coding
Legislation, Policy, and Regulation
China and US up the ante in spy spat (FierceBigData) The U.S. has seriously engaged in ending foreign cyber-espionage. China doesn't like that change in focus and appears to be engaged in tit-for-tat product banning and indictment tactics. Here is the score in that battle
Chinese Newspaper Calls U.S. 'Mincing Rascal' for Hacker Claim (Bloomberg) U.S. allegations of hacking by Chinese military officers are "ridiculous," and victims of U.S. computer attacks should sue Washington, the state-run Global Times newspaper said in an editorial today
Fine Line Seen in U.S. Spying on Companies (New York Times) The National Security Agency has never said what it was seeking when it invaded the computers of Petrobras, Brazil's huge national oil company, but angry Brazilians have guesses: the company's troves of data on Brazil's offshore oil reserves, or perhaps its plans for allocating licenses for exploration to foreign companies
Obama backs new surveillance legislation, but tech companies reject (PCWorld) A tech industry group that has Facebook and Google as participants has rejected the latest draft of a U.S. legislation that aims to put curbs on surveillance by the National Security Agency
Facebook, Google Balk at Loophole in Bill to Rein in NSA (Bloomberg) A group of technology companies, including Facebook Inc. (FB), Google Inc. (GOOG) and Apple Inc. (AAPL), said the bill U.S. lawmakers plan to vote on today to limit National Security Agency spying doesn't go far enough
Honey, I Shrunk the NSA (Wall Street Journal) The House reforms will hurt national security, though much less than Snowden wants
National security journalists say it's only getting harder to report on intelligence agencies (Columbia Journalism Review) Anti-Leaks directives formalize post-Snowden secrecy
A Plurality Of Americans Say Cyber Attack From China Is Act Of War (People's Pundit Daily) In the first-ever move of its kind, the U.S. indicted five Chinese military hackers Monday and charged them with stealing intellectual property rights and other trade secrets. According to a new poll, a plurality of Americans say a cyber attack on the United States by another country is an act of war, though slightly fewer American voters says so now than in the past
Litigation, Investigation, and Law Enforcement
Q&A: China cyber espionage charges provide 'missing part of the puzzle,' says former DOJ litigator (FierceGovernmentIT) The Justice Department for the first time has charged employees of a foreign government with economic espionage. It brought charges May 19 against several individuals in China's People's Liberation Army for stealing trade secrets from American companies
Corporations hacked by Chinese didn't tell investors about data theft (Pittsburgh Business Times) United States Steel Corp., Alcoa Inc. and Allegheny Technologies Inc., identified Monday as victims of Chinese military cyber hackers, didn't report the data theft to investors
Rosenzweig: Crackdown on China spies overdue (Boston Herald) The Justice Department announced Monday that it had indicted five members of the Chinese People's Liberation Army on charges of cybertheft. According to the indictment, the five hackers systematically stole business secrets from American corporations — household names like Westinghouse, Alcoa, and U.S. Steel
Germany May Ask U.S. Tech Chiefs to Testify on NSA Activities (Wall Street Journal) Heads of Facebook, Twitter, Apple and Google on witness shortlist
Snowden's First Move Against the NSA Was a Party in Hawaii (Wired) It was December 11, 2012, and in a small art space behind a furniture store in Honolulu, NSA contractor Edward Snowden was working to subvert the machinery of global surveillance
Blackshades: The script kiddies lament (CSO) News broke this week that a massive global raid had taken place over two days which comprised of 359 coordinated searches in 16 countries and there were apparently 80+ arrests as a result. Why? Well apparently all of the aforementioned targets had a copy of the Blackshades remote access trojan or RAT
Behind Blackshades: a closer look at the latest FBI cyber crime arrests (WeLiveSecurity) The FBI made big headlines yesterday with its announcement of a high profile malware takedown related to a RAT called Blackshades (of which more in a moment). Hopefully this move, involving 97 arrests in 16 countries, will discourage the use of spyware by criminals. RAT stands for remote access tool and Blackshades is not unlike the DarkComet RAT that I wrote about in 2012
Cyber fraud: 10 arrested in SA (ioL Scitech) Sixteen people from several US states and other countries have been arrested on charges that they took part in a fraud scheme that used stolen information to get money and goods and then ship them to South Africa and Nigeria, according to documents unsealed in federal court on Tuesday
SA, US agencies crack financial fraud scam (South Africa Info) South African and United States law enforcement agents arrested 11 people in Pretoria on Tuesday on charges related to an international financial fraud scam involving cyber crime and fraudulent mass marketing schemes
AT&T hacker wants US govt to pay for the time he spent in prison (Help Net Security) In an open letter addressed to members of the New Jersey District Court, FBI, and DOJ, Andrew "weev" Auernheimer is seeking monetary restitution for the time he was confined to the jurisdiction of the New Jersey District Court and he spent in federal prison after being convicted for publishing a list of emails and AT&T authentication IDs of early iPad adopters
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
CEIC 2014 (Las Vegas, Nevada, USA, May 19 - 22, 2014) It's no exaggeration to say that CEIC is the biggest digital-investigations conference of its kind and the only one to offer hands-on lab sessions and training for practical skills development. From sessions on acquiring evidence from mobile devices to international e-discovery to cyber security intelligence, there's simply no other training or seminar series available that packs so much relevant and practical information from so many expert speakers into a single four-day period.
Mobile Network Security in Europe (London, England, UK, May 21, 2014) Following on from two successful events in the United States, this first Light Reading conference on Mobile Network Security in Europe will again focus on the key role of the network in safeguarding the mobile carrier's network assets while protecting its customers from security attacks. The conference will also consider the case for distributing and coordinating security strategies across the end-user device, the mobile network, and the cloud as carriers look to prevent attackers from triggering outages and degradations or from stealing sensitive customer information.
Positive Hack Days (, Jan 1, 1970) Positive Hack Days is the international venue for the unification of progressive forces of the IT industry. It is about innovators interested in information security problems; it is fresh blood and bright eyes, the atmosphere of a huge research ground, communication between people sharing the same views and their opponents, minimum formalities and maximum practice.
Georgetown Law: Cybersecurity Law Institute (, Jan 1, 1970) A day does not go by where cybersecurity is not in the news. In fact, according to a recent national survey conducted by FTI Consulting, cybersecurity is the number one issue on the minds of general counsels of American companies. Last year's inaugural Cybersecurity Law Institute received positive reviews for its unique simulation approach that prepared attendees on actions to take if their company faced a cyber-attack.
NSA Mobile Technology Forum (MTF) 2014 (, Jan 1, 1970) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom focused in mobile technologies. Those companies who specialize in both current and future mobile features and equipment or have efforts that benefit NSA's efforts should participate as a commercial vendor; conference attendance is limited to government employees.
CyberMontgomery Forum: Center of Gravity (Rockville, Maryland, USA, May 22, 2014) Cybersecurity will be a major growth engine in the region for many years to come. With solid federal government, industry and academic assets already in place in the region, there is still a need to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. CyberMontgomery Forum events will provide clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in MoCo and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders.
Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.
The Device Developers' Conference: Cambridge (Cambridge, England, UK, May 22, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
Fort Meade Technology Expo (, Jan 1, 1970) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable.
3 Day Startup (San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed with an emphasis on learning by doing. The idea is simple: start tech companies over the course of three days.
CANSEC (, Jan 1, 1970) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display. This tradeshow targets a wide audience of customers that includes Government agencies and departments with an interest in the defence sector.
Hack in The Box Security Conference (HITBSecConf) Amsterdam (, Jan 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not an event you come to for 'security 101' talks or marketing hype. We cover stuff that hasn't made it into the news — yet. Potential security issues coming our way in the next 12 months.
Area41 (, Jan 1, 1970) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.
The Device Developers' Conference: Manchester (Manchester, England, UK, Jun 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
NSA SIGINT Development Conference 2014 (, Jan 1, 1970) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference.
The Device Developers' Conference: Scotland (Uphall, Scotland, UK, Jun 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.
The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, Jun 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.
MIT Technology Review Digital Summit (, Jan 1, 1970) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies at the heart of the next wave of the digital revolution.
Cyber 5.0 Conference (Laurel, Maryland, USA, Jun 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure.
Global Summit on Computer and Information Technology (, Jan 1, 1970) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer and information technology promising multidisciplinary exchanges in computer and information technology. We are attracting many high quality research papers spanning over the various aspects of information technology, computing science and computer engineering. Such research highlights foundational work that strives to push beyond limits of existing computer technologies, including experimental efforts, innovative systems, and investigations that identify weaknesses in existing IT services.
NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, Jun 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates. The event will be promoted agency-wide. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel. A complete agenda will be posted once all speakers are confirmed.
2014 Spring National SBIR Conference (Washington, DC, USA, Jun 16 - 18, 2013) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs that encourage small businesses to engage in Federal Research/Research and Development (R/R&D) and to commercialize your technological innovations.
18th Annual Colloquium for Information Systems Security Education (, Jan 1, 1970) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.
MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, Jun 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.
Suits and Spooks New York (, Jan 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.
SANSFIRE (Baltimore, Maryland, USA, Jun 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.
26th Annual FIRST Conference (Boston, Massachusetts, USA, Jun 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.
Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, US, Jun 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.
United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, Jun 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.