The CyberWire Daily Briefing 06.04.15
news from the DC Metro Cyber Security Summit
The DC Metro Cyber Security Summit, held yesterday in McLean, Virginia, brought together business executives and security experts to discuss emerging cyber threats and the way forward to securing the enterprise. Among the themes were the importance of cooperation and information sharing, the complexity and growing seriousness of the threat, the difficulty of cyber risk estimation, the impossibility of fully effective defense (and therefore the importance of detection and response), and the significance of the human factor in cyber security. See our full account of the conference here.
It appears that Russian intelligence services were behind the recent cyber espionage campaign that targeted Germany's Bundestag. The German government isn't attributing the spying to Moscow (yet) but Spiegel's sources (and the Register's) tell them it's a slam-dunk.
Apparent Russian involvement in the recent breach at the United States' IRS raises awareness of the usefulness of personal information in recruiting agents (that is, people induced to cooperate with a foreign intelligence service). Getting and using such information is certainly a part of traditional espionage tradecraft; cyberspace is simply a newly accessible source of data.
The New York Times claims that "well-paid" Russian trolls are responsible for cyber-enabled information operations against US targets. They sometimes pose as ISIS operatives, but, says the Times, they're actually operating from St. Petersburg.
ISIS itself continues to surprise (hostile) observers with its adept use of social media. Indeed, its operations illustrate how loose inspiration can be an effective surrogate for command-and-control (a lesson the late Osama Bin Laden was belatedly learning during his years in the Pakistani wilderness).
Popular GitHub repositories are found susceptible to modification using weak SSH keys.
A fraud campaign aims at installation of malicious apps in non-jailbroken iOS devices.
A number of new products are being launched at Infosecurity Europe 2015.
Reaction to this week's passage of the USA Freedom Act — the Patriot Act's successor — continues. In general privacy advocates give the legislation a muted cheer. Others see reason for the US Intelligence Community to be modestly satisfied with the bill.
Notes.
Today's issue includes events affecting China, France, Germany, Iraq, Israel, Pakistan, Russia, Spain, Syria, and United States.
McLean, Virginia: the latest from DC Metro Cyber Security Summit
Report from the DC Metro Cyber Security Summit (The CyberWire) The DC Metro Cyber Summit brought together subject matter experts, US Government officials, and members of corporate C-suites for a discussion of matters of common interest in cyber security
DC Metro Cyber Security Summit (TechExpoUSA) The Cyber Security Summit, an exclusive C-Suite conference series, connects senior level executives responsible for protecting their companies' critical infrastructures with innovative solution providers and renowned information security experts
Cyber Attacks, Threats, and Vulnerabilities
Ruskies behind German govt cyber attack — report (Register) Source code gives the game away, Comrades
Suspected Russian IRS Hack Raises Larger Questions About Spy Recruitment, Blackmail (Homeland Security Today) Had the CIA simply pulled Aldrich Hazen Ames credit report, the agency would have immediately realized his lifestyle didn't comport with his salary
The Agency (New York Times Magazine) From a nondescript office building in St. Petersburg, Russia, an army of well-paid "trolls" has tried to wreak havoc all around the Internet — and in real-life American communities
Warnings over growing IS cyber-threat (BBC) A growing band of hacktivists is helping Islamic State spread its message by attacking media organisations and websites, a security company suggests
Intelligence officials warn of threats on "dark" Internet (CBS News) Intelligence officials are adapting their counter-terrorism strategies to respond to the growing social media presence of groups like ISIS, but there's a whole realm of "dark space" on the Internet that's inaccessible to government surveillance, officials warned Congress on Wednesday
Using Violence and Persuasion, ISIS Makes Political Gains (New York Times) Days after seizing the Syrian desert city of Palmyra, Islamic State militants blew up the notorious Tadmur Prison there, long used by the Syrian government to detain and torture political prisoners
Islamic State's command of social media called unprecedented (McClatchy) When Elton Simpson drove from Phoenix to Garland, Texas, last month to gun down attendees at a Prophet Muhammad cartoon contest, he also fired off a series of tweets
Boston's Wannabe Beheader 'Liked' ISIS Enough to Kill (Daily Beast) Before he was shot and killed by police on Tuesday, Usaama Rahim "liked" the Islamic State of Iraq and allegedly planned to murder cops
Terror plot against Boston police officer alarms Capitol Hill lawmakers (Washington Times) A terror plot to behead a Boston police officer has lawmakers questioning the reach of the Islamic State to the U.S. interior and what the Department of Homeland Security is doing to stop it
What Bin Laden Taught Us About Jihad in Pakistan (War on the Rocks) Western authors, most notably journalist Carlotta Gall in her early 2014 book, The Wrong Enemy, and more recently, Seymour Hersh in a much ballyhooed article, "The Killing of Osama bin Laden," have written that senior Pakistani intelligence and military figures knowingly hid bin Laden and actively worked to sustain his organization, al Qaeda, within Pakistan
Users with weak SSH keys had access to GitHub repositories for popular projects (IDG via CSO) A number of high-profile source-code repositories hosted on GitHub could have been modified using weak SSH authentication keys, a security researcher has warned
Fraud campaign installs rogue app on non-jailbroken iPhones (CSO) Cybercriminals in Japan are targeting iPhone users with an online scam that tricks them into installing a malicious application when they attempt to view porn videos
Gourmet sandwich cyber-hack leaves FBI in a pickle (SC Magazine) POS malware hits US retailers including Jimmy John's 'gourmet sandwich' chain
3 out of 4 four engines on the crashed Airbus military plane were 'power frozen' (Business Insider) Airbus said Wednesday that three of the four engines on an A400M military plane failed before it crashed near Seville, Spain last month, killing four people
Attackers targeting medical devices to bypass hospital security (CSO) Other important devices remain neglected on the hospital's network
Wireless network is the weakest security link in enterprise IT infrastructure: Fortinet (ARN) Claims 92 per cent of CIOs have identified insufficient wireless security as a concern
'Adversary Intelligence' Finds Criminals Not As Smart As Their Code (Dark Reading) The adversary using the stealthy Rombertik malware, wasn't nearly as stealthy. ThreatConnect tracked him down
Check Point reports explosion in unrecognizeable malware (CSO) The average large enterprise saw 106 previously-unknown pieces of malware an hour last year
Security Patches, Mitigations, and Software Updates
Skype can no longer be crashed with these eight characters (Naked Security) Skype issues fix for "http://:" bug that crashes (and recrashes!) app
Cyber Trends
Financial firms trail other industries in cyber threat remediation, study shows (FierceFinancialIT) Is the financial industry's strict culture of compliance to regulatory procedures slowing its capacity to remediate cyber threats?
Data breaches worry retailers, but only 44% will be ready for EMV (FierceRetailIT) A recent study suggests that 75 percent of independent retailers are worried about being victims of a security breach, while 44 percent of U.S. retailers will not be ready for the EMV liability switch deadline in October — and 5 percent of companies have already experienced a security breach
TeleSign Consumer Account Security Report (TeleSign) This study, commissioned by TeleSign, quantifies consumers' concerns about online security and their exposure to breaches, describes the actions they are taking — or not taking — to protect themselves, and reveals how poor password management and single-factor authentication create the potential for widespread security incidents due to data breaches and other issues in today's threat landscape
May 2015 Global Threat Intelligence Report (Krypt3ia) In the month of May 2015 we saw the advent of "stunt hacking" with the claims of one researcher being able to hack a plane's engines while in flight. While this event was the talk of all the media the real point of the thing was that nothing is secure, not planes, not trains, not automobiles, and certainly not your networks
Moore's Law Drives Future Security Industry Predictions (SourceSecurity) The greatest trend in history will continue to change the world, and the physical security market. It's called Moore's Law
Canadian CSOs need to share more threat information, say experts (IT World Canada) Few organizations like to share information unless it's non-competitive with competitors for obvious reasons. But with the encouragement of Public Safety Canada, critical infrastructure firms have been setting up forums for the exchange of security information
Marketplace
For better or worse, Romanians rule on Europe's cyberspace (New Europe) Exceedingly poor, exceedingly capable
Israeli Cyber Exports Double in a Year (Defense News) At US $6B, cyber exceeded total defense contracts in 2014
Cybersecurity stocks keep rallying; IRS breach hearings get attention (Seeking Alpha) The PureFunds ISE Cyber Security ETF (NYSEARCA:HACK) rose 2.5% today to $31.13, making new highs in the process. The media attention given to a Tuesday Senate hearing about a recent IRS breach, along with the IRS' promise to upgrade its security systems in response, may have helped
How to profit from the cyber-threat (Motley Fool) Cyber security is the first-world challenge of our age
HideMyAss Sold to AVG Technologies (VPN Creative) The company behind our favorite Virtual Private Network (VPN) provider HideMyAss Pro VPN, Privax has been acquired by AVG Technologies
Bromium Releases Its Enterprise Controller — Unlocking The Sales Pipeline? (Forbes) One of the more interesting recent startups in the security area is Bromium
CIT and MACH37 Cyber Accelerator Hold Demo Day for Cyber Startups (Benzinga) Cybersecurity startup CEOs presented to investors, industry leaders
Guggenheim: Barracuda Networks, Palo Alto Better Cybersecurity Picks Than FireEye, Fortinet And Imperva (Benzinga) In a report published Tuesday, Guggenheim analyst Ryan Hutchinson initiated coverage of five companies in the Cyber Security domain, saying that security had become the #1 priority in IT budgets
Intercede falls after slip into losses but Android app service offers opportunity (ShareCast) Shares in digital security group Intercede were sent lower after full-year revenues fell and it slipped into losses, although its new MyTAM secure android app delivery service has been well received after its recent launch
Symantec lays off 175 in Springfield (Oregon Live) Software security company Symantec is eliminating 175 jobs at its big customer service center in Springfield
Accuvant and FishNet Security Continue Transformation; Unveil New Logo (BusinessWire) Accuvant and FishNet Security, which recently joined together to create the nation's premier cyber security solutions provider, today unveiled a new logo as part of their ongoing transformation into Optiv
New Raytheon Cyber Hub to House Research, Test Collaborations (ExecutiveBiz) Raytheon has opened a new research and demonstration center in Sterling, Va. to work with corporate and government customers on the defense of computing environments from cyber threats
Fortinet's Krissy Kelley, Jennifer McDonald and Michelle Patterson Named to 2015 CRN Women of the Channel List (MarketWathc) Fortinet FTNT, -1.62% the global leader in high-performance cyber security solutions, today announced that three of its channel marketing leaders: Krissy Kelley, senior director of Partner Programs, Jennifer McDonald, director of Partner Marketing, and Michelle Patterson, director of Field and Channel Marketing, have been named to The Channel Company's prestigious 2015 CRN® Women of the Channel
Cylance Hires Chief Information Security Officer From Intel (Wall Street Journal) Cybersecurity startup Cylance Inc. has named longtime former Intel Corp.INTC -1.31% executive Malcolm Harkins as its first chief information security officer, the company told VentureWire
Proofpoint Poaches Fortinet Marketing Head Luanne Tierney (CRN) Fortinet Vice President of Marketing Luanne Tierney is leaving the company for rival security vendor Proofpoint, CRN has learned
Discovia Hires Trio of Forensics Specialists Led by Prominent Cyber Security and Discovery Expert Dr. Bruce Hartley (Nasdaq) Discovia, a leading global provider of eDiscovery services to corporations, law firms and government entities, announced today that it has expanded its senior data forensics and cyber security team with the additions of Dr. Bruce Hartley, Anthony Locke, and Vladimir Kamenev
Products, Services, and Solutions
Cyber Warfare Comes to Main Street: WatchGuard Introduces New Firewalls to Arm Small Businesses with Industry's Most Powerful Protection (WatchGuard) Small companies are the new big target: SMBs represent the majority of businesses and nearly 44 percent have already been attacked
Startup Niara aims to catch stealthy attacks (NetworkWorld) Platform helps filter out the noise from security alerts, provide forensics to figure out what happened
Contrast Security delivers knockout blow to app hackers (Software Development Times) Contrast Security today announced Contrast Enterprise, the first application security product to integrate defenses across development and operations, unifying vulnerability assessment, security visibility and attack protection throughout the application lifecycle
Rapid7 brings its advisory services to EMEA, introduces threat modeling (Help Net Security) At Infosecurity Europe 2015 Rapid7 announced it will offer its Strategic Advisory Services in EMEA to help security executives and teams solve pressing cyber security challenges
Israeli cyber-security solution helps take the reins at Dropbox (Times of Israel) Adallom, which keeps documents safe enough to gain the trust of enterprise firms, is the security tech of choice for Dropbox for Business
Intel and VMware team up to provide advanced threat protection (Help Net Security) At Infosecurity Europe 2015 Intel Security and VMware announced an integrated solution that leverages a Software-Defined Data Centre approach and the VMware NSX network virtualisation platform to automate the distribution and enforcement of Intel Security's McAfee Network Security Platform (NSP)
Visa teams with FireEye for cyber-threat sharing program (ZDNet) The companies plan to use shared threat intelligence as part of a cybersecurity offering geared toward retailers and card issuers
Endpoint Protector gets integration with cloud storage apps (Help Net Security) At Infosecurity Europe 2015, CoSoSys announced the development of Endpoint Protector 4 to include new integrations with Dropbox for Business and Box to strengthen data security policies and prevent data losses and theft through employee's data transfers made to cloud-based storage applications
CipherCloud offers compliance advice regarding EU privacy laws (Help Net Security) As the EU moves towards stricter data privacy rules, companies operating in the region are grappling with translating legal policy into business practices. In light of this transition, CipherCloud has expanded its Global Compliance Resource Center to help organisations navigate the changing data privacy landscape
ERPScan Security Monitoring Suite Now Supports Integration with IBM QRadar SIEM to Provide SAP Security for Enterprises (ERPScan) ERPScan, leading ERP and SAP Security provider, has entered into a partnership program with IBM, as ERPScan solution has been certified to work with IBM QRadar. It has been officially titled "Ready for IBM Security Intelligence and Analytics"
Technologies, Techniques, and Standards
DoD adopts guidelines for securing mobile apps (C4ISR & Networks) The Mobile Technology Tiger Team — a group formed under the Federal CIO Council — has released a standardized protection profile for mobile application development, providing a baseline of security controls for agencies building their own mobile apps
Elliptic Curve Cryptography: If Only It Didn't Use Advanced Maths (Tripwire: the State of Security) The recent 'Logjam' attack shows that a well-funded intelligence agency might be able to crack 1024-bit Diffie Hellman keys (at least if the same group is used by many systems). When using RSA, cracking 1024-bit keys may not be beyond the most powerful adversaries either
Do departed employees haunt your networks? (CSO) Many companies have ghosts in their systems, employees who've gone on to a better place
Zo krijg je softwarekorting van een crimineel (Webwereld) Als je data wordt gegijzeld, loont het soms om af te dingen
How to raise users' expectations about security and privacy? (Help Net Security) Users do not seem to care much about privacy and security
Securing SAP Systems from XSS vulnerabilities Part 1: Introduction (ERPScan) With this article we are starting new series of posts giving a review of one of the most frequent vulnerability which affects a lot of SAP modules: cross-site scripting, or XSS
Air gaps still a cheap and effective defence for critical networks: Kaspersky (ZDNet) Physically-separate networks aren't always the rule for industrial networks these days, said Eugene Kaspersky, but they should be
IT Security: Evolving to a Risk-Based Approach (Tripwire: the State of Security) As news of information breaches and personal data theft become more prevalent and popular in the press, technologists are witnessing and taking part in the rapid evolution of the once neglected realm of cybersecurity
Cloud Security: 6 Steps for Keeping Your Data Safe (CIO) Like alligators in the sewers of New York, cloud security concerns are an urban legend that just won't go away
Research and Development
BlackBerry Bringing Cryptography to Auto Industry (N4BB) BlackBerry today announced that its subsidiaries QNX and Certicom are working jointly to bring strong cryptography and entity authentication to the automotive industry
Inside the casino, the house is always watching (Christian Science Monitor Passcode) Cultural anthropologist Natasha Dow Schüll explains how casinos use surveillance technology and algorithms to monitor and manipulate players and convince them to wager more
Academia
Finjan Announces "Mobile Defense Challenge 2015" for College Students (MarketWatch) $40,000 grant awarded to develop winning app
Legislation, Policy, and Regulation
China's Military Strategy: A Cyber Perspective (Real Clear Strategy) The Chinese Ministry of National Defense recently released its first-ever white paper on military strategy
USA Freedom Act Passes: What We Celebrate, What We Mourn, and Where We Go From Here (Electronic Frontier Foundation) The Senate passed the USA Freedom Act today by 67-32, marking the first time in over thirty years that both houses of Congress have approved a bill placing real restrictions and oversight on the National Security Agency's surveillance powers
Victory: Passage of USA FREEDOM Act Reins in NSA Surveillance (Center for Democracy and Technology) Today the US Senate passed the USA FREEDOM Act without amendment, and the bill is now set to be signed into law by the President
For privacy advocates, USA Freedom doesn't end push for surveillance reform (Christian Science Monitor Passcode) Proponents of reforming National Security Agency practices are now turning their attention to other controversial programs that USA Freedom didn't address
Opinion: How USA Freedom is a victory for American spy agencies (Christian Science Monitor Passcode) USA Freedom is an important first step in reforming government surveillance powers put in place after 9/11, but it does not curtail some of the National Security Agency's most controversial activities
Obama Admin Seeks Revival of Lapsed NSA Spying Program (National Journal) The NSA halted its domestic phone surveillance program earlier this week, but the bulk collection is expected to soon be reinstalled, despite passage this week of the USA Freedom
Rand Paul allies plan new surveillance reforms to follow USA Freedom Act (Guardian) Representative Thomas Massie has authored an amendment to block the NSA from undermining encryption and stop other agencies collecting US data in bulk
States flex cyber leadership muscle (GCN) New Jersey recently joined the list of states addressing statewide cyber threat protection through educational and readiness initiatives that aim to protect infrastructure, networks and businesses, as well as state government itself
Litigation, Investigation, and Law Enforcement
DoD falling short in insider threat efforts: GAO (C4ISR & Networks) The Defense Department is instituting some efforts to curb insider threats, but those policies don't go far enough beyond the bare-minimum standards, according to a new report from the Government Accountability Office
The Dark Web Drug Lords Who Got Away (Wired) When Ross Ulbricht was sentenced to life in prison without parole last Friday, the judge in his case made clear that her severe punishment wasn't only about Ulbricht's personal actions in creating the Silk Road's billion-dollar drug market
Russian Twins Social-Engineer Victims for One-Time Bank Codes, Get Arrested (Softpedia) Authorities spent three years collecting evidence
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Infosecurity Europe 2015 (London, England, UK, Jun 2 - 4, 2015) Infosecurity Europe is the largest and most attended information security event in Europe. It is a free exhibition featuring not only over 325 exhibitors and the most diverse range of new products and services but also an unrivaled free education program with over 13,000 unique visitors from every segment of the industry
NSA SIGINT Development Conference 2015 (Fort Meade, Maryland, USA, Jun 2 - 3, 2015) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference
Cyber Security Summit: DC Metro Area (Tysons Corner, Virginia, USA, Jun 3, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
7th Annual Southeastern Cyber Security Summit (Huntsville, Alabama, USA, Jun 3 - 4, 2015) Cyber training, education, and workforce development for the evolving threat
Seventh Annual Information Security Summit (Los Angeles, California, USA, Jun 4 - 5, 2015) Information Security has become top of mind for companies and this conference is a must for IT staff, CISOs, Board members and CEOs. The Seventh Annual Information Security Summit offers comprehensive, cutting-edge educational sessions presented by a world-class line up of keynote and featured presenters. There will be three forums to choose from: Healthcare Privacy and Security Forum, Executive Forum, CISO Executive Forum
ShowMeCon (St. Louis, Missouri, USA, Jun 8 - 9, 2015) This highly technical forum showcases eye-opening presentations from world-renown ethical hackers and security experts that will leave you amazed and frightened at the same time. By giving you access into the mind of a hacker, you will better understand how to protect your networks and critical data. ShowMeCon pulls back the curtain and exposes how hackers are winning the war on physical and cyber security. Whether you're a large corporation or a small business, you should attend this mind-blowing event as you witness the cream of the crop unveil the latest attacks, techniques, tactics and practices of today's hackers. Plus, gain insight and understanding into ways to effectively protect yourself and your business
Cloud Identity Summit 2015 (La Jolla, California, USA, Jun 8 - 11, 2015) Enterprises large and small are looking to the cloud to replace legacy applications and virtualize their existing data center environments. In each case, security technology vendors need to manage the unique requirements of multi-tenant SaaS applications as well as the infrastructure requirements of complex deployments that rely on public and private cloud requirements. Unlike broad-based conferences or hacking conventions, CIS is focused and intense with three days of content-packed tracks in an environment deliberately structured to maintain the face-to-face interactions that often lead to big moments. The conference offers sessions that will benefit beginners in the industry, as well as those seeking to expand their skill set as an experienced user
NSA Mobile Technologies Forum (MTF) 2015 (Fort Meade, Maryland, USA, Jun 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom interested in mobile technologies, both current and future features and equipment. Those who are developing or have efforts that benefit NSA's efforts should participate as a government attendee or commercial vendor
Cybergamut Tech Tuesday: Using EMET to Defend Against Targeted Attacks (Elkridge, Maryland, USA, Jun 9, 2015) 0-day vulnerabilities that are able to bypass platform level exploit mitigation technologies such as DEP and ASLR are becoming increasingly common. Knowledge workers are being increasingly targeted by adversaries seeking to gain a foothold in your enterprise via spear-phishing and watering hole style attacks leveraging 0-day vulnerabilities in commonly used applications such as Internet Explorer, Adobe Reader and Oracle's Java. Many organizations are still running Windows XP which no longer receives security updates as of April 2014. This presentation discusses a free exploit mitigation toolkit called EMET that can be installed on all currently supported versions of Windows to significantly raise the bar for attackers by offering new and novel exploit mitigation techniques that have been pioneered by the Microsoft Trustworthy Computing division and independent security researchers from around the world. Presented by: Robert Hensing of Microsoft
Fraud Summit Boston (Boston, Massachusetts, USA, Jun 10, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Boston event include the 2015 faces of fraud, science and insider fraud detection, EVM and pay card security, mobile banking risks and their mitigation, the deep web and fraud-as-a-service, and threat information exchange
CyBit: the Computer Forensics Show (IT Security and Cyber Security) (New York, New York, USA, Jun 11 - 12, 2015) Cyber Security: The interdependent network of information technology infrastructures, including the internet, telecommunications networks (satellite communications), computer systems, embedded processors and controllers in critical industries. Government officials, corporations and institutions involved in military, intelligence, and national security matters. IT Security: Information security applications and processes including: securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics
19th Colloquium for Information Security Education (CISSE) (Las Vegas, Nevada, USA, Jun 15 - 17, 2015) The Colloquium for Information System Security Education (CISSE) has represented the constant in the changing field of cybersecurity education. CISSE was established in 1996. Its mission was (and still is) to provide the single authoritative forum for conducting meaningful dialogue between the wide range of government, industry, and academic entities, which are involved in the protection of our nation's information and its information and communication technology assets. All of the communities of interest who participate in CISSE's workshops, academic and roundtable presentations receive direct advice from government, industry and other experienced educators about how to develop and deploy effective cybersecurity curricula. The Community meets every year at CISSE in order to learn about and further discuss the most effective means of maintaining a high standard of excellence in practice in cybersecurity education
Information Management Conference 2015 (Nashville, Tennessee, USA, Jun 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy
Cornerstones of Trust 2015 (San Mateo, California, USA, Jun 16, 2015) The World Ahead: Ending The Insanity In Information Security. Insanity is often defined as repeatedly doing the same while expecting different results. Year after year our cyber security success has been inadequate yet we keep doing the same things over and over. The breaches are getting worse by the day. Cornerstones of Trust 2015 will bring security visionaries, operational experts, and seasoned professionals together so they can share ideas on how to build trustworthy and predictable security solutions that address the problems of today and the issues we see on the horizon
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, Jun 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways
Portland Secure World (Portland, Oregon, USA, Jun 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, Jun 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome
Suits and Spooks All Stars 2015 (New York, New York, USA, Jun 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues — Soho House NYC — on Friday June 19 and Saturday June 20th. It will be our last event there because they're converting the library to a member-only space starting July 1st. So think of this as your exclusive invitation to spend 8 to 16 hours talking security, multi-disciplinary problem-solving, and out-of-the-box thinking with some of our best game changers
REcon 2015 (Montréal, Québec, Canada, Jun 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days
Nuit du Hack 2015 (Paris, France, Jun 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?
Cyber Security for Defense (Augusta, Georgia, USA, Jun 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution
Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, Jun 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects
Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, Jun 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational, roundtable environment moderated by the editor of Potomac Tech Wire and the founder of Billington CyberSecurity. The panel will focus on the overall outlook for cybersecurity, including technology trends, business issues, start-up issues, government needs and predictions
NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented
US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, Jun 29 - Jul 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow
Information Assurance Symposium (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia
Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, Jun 29 - Jul 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework
Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, Jun 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole