The CyberWire Daily Briefing 06.15.15
The convergence of cyber operations and traditional espionage dominates the news as the week opens.
The Sunday Times and BBC report that Russian and Chinese services "cracked" encrypted files delivered to them by Edward Snowden, thereby gaining insight into highly sensitive UK and US intelligence operations. The story's been met with a mixture of skepticism and grim alarm. On the one hand it seems to answer the cui bono questions circulating around Snowden since he absconded with NSA files. On the other hand, how were files decrypted? Technically? Or because they were given the key, in which case why did it take so long? And why so much HUMINT in the stolen files?
German Chancellor Merkel's legislative office was apparently compromised in the recent Bundestag hack (credited to Russia).
Iran reacts with OPSEC moves to the Duqu 2.0 campaign Kaspersky revealed last week.
The US Office of Personnel Management (OPM) breach looks worse as it ages. Consensus holds that Chinese intelligence services (the apparent hackers) got away with at least a decade's worth of extremely sensitive information, including completed SF-86 security clearance records. The information contained therein could be used to recruit spies. The incident has damaged the US Government's reputation as a trustworthy information repository, especially since (the Wall Street Journal and Ars Technica report) the breach was discovered not by OPM, but by CyTech Services during a sales demo of their CyFIR forensic product.
ISIS continues its winning information campaign, displacing the increasingly stodgy and irrelevant al Qaeda.
Notes.
Today's issue includes events affecting China, Germany, Iran, Iraq, Republic of Korea, Russia, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
British spies betrayed to Russians and Chinese (Sunday Times) Russia and China have cracked the top-secret cache of files stolen by the fugitive US whistleblower Edward Snowden, forcing MI6 to pull agents out of live operations in hostile countries, according to senior officials in Downing Street, the Home Office and the security services
Sunday Times drops claim that Miranda met Snowden before UK detention (Guardian) Allegation repeated one made in Daily Mail in September 2014, which was removed on Monday pending inquiries
UK under pressure to respond to latest Edward Snowden claims (Guardian) Sunday Times says Downing Street believes Russia and China have hacked into American whistleblower’s files, endangering US and British agents
British spies 'moved after Snowden files read' (BBC) UK intelligence agents have been moved because Russia and China have access to classified information which reveals how they operate, a senior government source has told the BBC
The Sunday Times' Snowden Story is Journalism at Its Worst and Filled with Falsehoods (Intercept) Western journalists claim that the big lesson they learned from their key role in selling the Iraq War to the public is that it’s hideous, corrupt and often dangerous journalism to give anonymity to government officials to let them propagandize the public, then uncritically accept those anonymously voiced claims as Truth
Snowden may have some clarifying to do after bombshell reports that Russia and China accessed NSA files (Business Insider) The Sunday Times reports that Russia and China decrypted files stolen by former NSA contractor Edward Snowden, forcing the UK intelligence service, MI6, to pull officers out of live operations in hostile countries
You're right to be skeptical over Sunday Times Snowden story (Graham Cluley) The Sunday Times published an alarming story in the UK this weekend, suggesting that the lives of British and American spies have been put at risk after Russian and Chinese authorities gained access to over a million documents taken by NSA whistleblower Edward Snowden
Five reasons the MI6 story is a lie (Graham Cluley) Human rights activist and former ambassador Craig Murray doesn't believe the story published this weekend in the UK's Sunday Times. After his own website suffered a denial-of-service attack, he has granted permission for other sites to carry his article in full
Success in marketing propels Islamic State to top of terrorism biz (Register Guard) First, the good news: It turns out President Obama was right. Al-Qaeda is being destroyed. One could even say he deserves some credit for this happy turn of events. Which brings us to the bad news: Al-Qaeda is dying out because it's being replaced by something far worse
Computer in Merkel's office hit by cyber attack: report (AFP va Yahoo! News) A computer in German Chancellor Angela Merkel's legislative office was hit by a cyber attack that targeted the country's lower house of parliament in May, the Bild newspaper reported on Sunday
Emails blamed for Bundestag cyberattack (Deutsche Welle) The cyberattack on Germany's parliament has been traced to a link contained in at least two emails, according to a newspaper report. Parliamentarians left unaware of the breach for three weeks have slammed the delay
BIG READ: Russia leading the way in the cyber arms race (Irish Examiner) Russia is leading the way, as new technology is combined with old spying techniques
Iran expresses concern over cyber security of upcoming nuclear talks (Malay Mail) Iran expressed concern yesterday over cyber-security of nuclear talks with six world powers after reported cyber-attacks on venues linked to the negotiations on its disputed nuclear programme, the semi-official Fars news agency reported
Spying fears prompt smartphone ban for Iran officials (Phys.org) Iranian officials with access to classified information will be forbidden from using smartphones in connection with their work because of fears of espionage, a security official said Saturday
Chinese hack of federal personnel files included security-clearance database (Washington Post) The massive data breach into the records of current and former federal employees is believed to be worse than first thought
OPM Breach Just Put America's Spies 'At High Risk' (Defense One) Hackers may now have detailed biographical information and a virtual phonebook of every United States intelligence asset
Report: Hack of government employee records discovered by product demo (Ars Technica) Security tools vendor found breach, active over a year, at OPM during sales pitch
US data breach is intelligence coup for China (Phys.org) The hacking of millions of US government employees is likely part of an effort by Chinese intelligence for long-term profiling — and possibly more nefarious things
Ex-NSA Officer: OPM Hack Is Serious Breach Of Worker Trust (NPR) Former National Security Agency officer John Schindler tells NPR's Scott Simon the data hacked from the Office of Personnel Management includes personal information that could be used for blackmail
Whose Job Is On the Line After the OPM Hack? (National Journal) There are questions about who is liable for security lapses that ultimately laid bare private details on current and past federal employees
Watering holes exploiting JSONP hijacking to track users in China (AlienVault Blogs) Imagine if an authoritarian state had a tool to get private information about users visiting certain websites, including real names, mail addresses, sex, birthdays, phone numbers, etc. Imagine that even users that run TOR or VPN connections to bypass the tools that the authoritarian government uses to block and monitor these websites were exposed to this technique
Trojanized Sberbank mobile app lurking on third-party stores (Help Net Security) A Trojanized Android version of the Sberbank online banking mobile application is being distributed via third-party online stores and file-sharing sites, warns Russian AV maker Dr. Web
Cyber rogues taking advantage of MERS to spread malware (Indian Express) Symantec has revealed that cyber criminals are taking advantage of the outbreak of MERS to spread Trojan.Swort through spam emails
Cyber attackers spread MERS-related smishing in Korea (Korea Times) According to a security solution company Symantec which collected and analyzed the samples of malignant codes, the attached file is stated as ".exe" with a fil name "List of MERS hospital and patients.docx.exe"
Even with a VPN, open Wi-Fi exposes users (Ars Technica) Those moments between Wi-Fi connect and VPN launch can give away a lot
#ColumbianChemicals Hoax: Trolling the Gulf Coast for Predictive Patterns (Recorded Future) Recorded Future analyzed a politically-motivated online hoax, #ColumbianChemicals. Our goal was to find communication patterns which reliably indicate hoaxes. Analysts can triage future incidents by assessing these communication patterns
Multiple security issues discovered in Concrete5 — Part 1 (Minded Security) About a month ago we performed a Secure Code Review of Concrete5 version 5.7.3.1, the latest stable release at that time, and discovered multiple security issues within it
Pop-Under Malvertising Spreads CryptoWall Via Magnitude Exploit Kit (Softpedia) Exploit kit operator can distribute different malware pieces
DD4BC Group Targets Companies with Ransom-Driven DDoS Attacks (Tripwire: the State of Security) According to the 2015 Information Security Breaches Survey, a PwC study that I recently analyzed in an article for The State of Security, the number of denial of service (DoS) attacks has either dropped or remained stagnant for most UK corporations over the past year
EHR vendor Medical Information Engineering suffers cyberattack (FierceEMR) Cloud EHR vendor Medical Information Engineering (MIE) has revealed that it suffered a data breach affecting the electronic medical records of some of its clients' patients
Discount Chain Fred's Inc. Probes Card Breach (KrebsOnSecurity) Fred's Inc., a discount general merchandise and pharmacy chain that operates 650 stores in more than a dozen states, disclosed today that it is investigating a potential credit card breach
Hacker Targets Pedophiles with TOX Ransomware (HackRead) Tox is yet another example of cyber justice that has been meted out by cyber criminals
Windows Server 2003 End of Life: You Can't RIP (TrendLabs Security Intelligence Blog) Windows XP reached end of support last year and now it's time for another end of life — Windows Server 2003. On July 14, 2015, this widely deployed Microsoft operating system will reach its end of life — a long run since its launch in April 2003. Estimates on the number of still-active Windows Server 2003 users vary from 2.6 to 11 million
Bulletin (SB15-166) Vulnerability Summary for the Week of June 8, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Microsoft swings security patch stick to keep customers up-to-date on Windows 10 (Computerworld) Businesses that adopt Current Branch for Business update track must deploy within 8 months or face patch stoppage
Microsoft to introduce Antimalware Scan Interface (AMSI) in Windows 10 (TWCN) Here is a reason why Windows 10 users would have added security from malware
Cyber Trends
Security Defenses Are No Match for Cyber-Crooks (CIO) Organizations are falling behind the security curve, and security defenses that were at least somewhat effective a decade ago no longer cut it
Hacking and the Future of Warfare (Nextgov) It's not like government officials didn't see the attack coming. The Office of Personnel Management has faced repeated hacking attempts
CircleCityCon: Protecting the supply chain (CSO) On Saturday, during an early morning session at CircleCityCon in Indianapolis, Akamai's Dave Lewis addressed the topic of supply chain security with the conference's early risers
The Phobia for the Internet of Things (TechCabal) What if we took all the data coming out of our everyday devices and connect them? This means we can cook at home using our mobile phones while working at the office, turn on the heater before we get home, watch our children in playpens while we shop
Why the Internet of Things isn't the same as the new hardware movement (Radar) Cheap, accessible, open hardware is driving the IoT
A flaw in the design (Washington Post) The Internet's founders saw its promise but didn't foresee users attacking one another
On ethics in information technology (BoingBoing) Our field requires ethical frameworks we accept, instead of rules that remain technically unbroken while we hackers violate their spirit with as much ingenuity as we can muster
Measurement of Cyber Crime, Royal Holloway University, London (Team Cymru Blog) This weekend I was preparing for panel session at Royal Holloway University, London, for today, Monday 15th June. The session was on measuring the size scale of cyber crime and standardisation across the EU. "What gets measured gets done: and cybercrime is no different from anything else"
Marketplace
Cashing in on banks' security compliance obligations (Channelnomics) It's not without its challenges, but solution providers find opportunity in making banks' security compliant
Growing cyber threats challenging cost reduction as reason to use managed services (ComputerWeekly) Mid-sized companies plan to use more managed services and many see it as improving security
2 Stocks to Watch in Cyber Security (Motley Fool) Unfortunately, cyber crime isn't going away. The number and intensity of attacks has increased in recent years, and a recent Pew survey found that the majority of experts believe it will only get worse
Report: Struggling BlackBerry may start making Android smartphones (FierceMobileIT) Frustrated by the uptake of its BlackBerry 10 phones, struggling BlackBerry is mulling making a smartphone that runs the Android operating system for the first time
Are Facebook's Moves in Artificial Intelligence Less Scary Than Google's? (Motley Fool) Facebook (NASDAQ: FB) is assembling a new artificial intelligence research team in Paris. The new group will work with Facebook's existing Facebook AI Research (FAIR) teams in Menlo Park, Calif., and New York
Tanium Takes on Public Sector with New DC-area Office & Federal Government Contract Win (Medium) Government agencies are under more pressure than ever to do more with less? — ?smaller budgets, fewer resources
Trash-Talking Rival CEO Vows to Beat IBM on Cybersecurity Deals (BloombergBusiness) A year ago, Imperva Inc. executives were in no position to trash-talk
Raytheon Rethinks Cyber, Trademarks C5I Concept (Aviation Week) The defense industry loves acronyms, but it's rare that one given to a trade space is trademarked. Yet by adding "cyber" to the widely used C4I (command, control, communications, computers and intelligence), Raytheon has taken that step with C5I
Damballa Wins 2015 Red Herring Top 100 North America Award (Sys-Con Media) Damballa, a leader in advanced threat detection and containment, was named a winner of Red Herring's 2015 Top 100 North America award, recognizing the most promising private technology companies
Accuvant and FishNet Security Ranked No. 26 on CRN Solution Provider 500 (Sys-Con Media) Accuvant and FishNet Security, which recently joined together to create the nation's premier cyber security solutions provider, today announced the combined company has ranked at number 26 on The Channel Company's 2015 CRN Solution Provider 500 (SP500), making it the only holistic pure-play security company listed in the top 50
Products, Services, and Solutions
Airbus's New Cyber Service Tracks Threats (Aviation Week) It is difficult to make a cyber-security product stand out
Security Watch: Tenable Network Security Extends Monitoring Capability (CSO) Tenable Network Security has extended OS support for their Nessus Agents to Mac OS X and Red Hat/CentOS Linux
Exabeam Advances User Intelligence Security Efforts (eSecurity Planet) Exabeam 1.7 makes use of stateful user tracking to keep user credentials in line
Catbird to Deliver Secure OpenStack Deployments in the Enterprise on HP Helion (Sys-Con Media) Catbird, a leader in software-defined security, today announced that Catbird's security suite is now fully certified for HP Helion OpenStack
Verizon Delivers Secure Cloud Interconnect to CoreSite (Converge!) CoreSite has joined Verizon Enterprise Solutions' Secure Cloud Interconnect (SCI) service ecosystem
Digital Shadows partners with Malformity Labs to enable greater mining and visualization of threat data via Maltego platform (SourceWire) Partnership further empowers customers to achieve cyber situational awareness and better analyze the 'attacker's eye view' of an organization
Technologies, Techniques, and Standards
Companies Should Heed DOJ's New Cybersecurity Guidance to Minimize Liability (Bloomberg BNA) The Department of Justice (DOJ) has released new guidance on cyber preparedness and incident response, becoming the latest federal agency to do so in recent months
3 Ways To Recover From Hacking (Susiness2Community) Agencies are hired to do a multitude of services for companies across the globe and sometimes that means the exchange of passwords and servicing software accounts from social networks to CRMs. We can (and will) tell you that good and strong passwords, while difficult to remember, are the key to keeping your accounts safe
Five Steps to WordPress Security (with a Sixth Thrown in for Good Luck) (Spyre Studios) Being an incredibly popular content management system, WordPress is one of the main platforms designers and devs have to work on
Offended by Offensive Security (Dark Matters) The commonly held belief in the realm of digital security (cyber security for the new folks and media) is the methods employed are strictly defensive in nature
Most Security Depts Blindly Trust Certificates and Keys (Infosecurity Magazine) Most IT security professionals acknowledge they don't know how to detect or remediate quickly from compromised cryptographic keys and digital certificates
Avoid Malware by Regular Employee Training About Suspicious Emails (Internet, Information Technology & e-Discovery Blog) Here is some basic advice for all employees — "Don't open email attachments from strangers or seem strange, and don't open links in emails that seems suspicious" …which should be part of the mindset of everyone reading email, but often employees fail to heed this advice or just forget
Research and Development
Efficient and Secure ECC ImplementaRon of Curve P-256 (NIST ECC Workshop) Border Gateway Protocol is vulnerable to malicious attacks that target the control plane
Legislation, Policy, and Regulation
White House pushes '30-day Cybersecurity Sprint' after massive breaches (Washington Times) Following two major breaches of federal networks, the White House late Friday tried to fight back by launching a 30-day program designed to beef up cybersecurity protocol across the the government
One Lawmaker Wants to Conduct a Study of the OPM Cyber Attack (FedSmith) Congressman Joe Wilson (R-SC) has introduced legislation to conduct a study of the recent cybersecurity breach on the Office of Personnel Management's computer systems in order to determine an appropriate response to the government's apparent security problems
Opinion: After OPM hack, 3 steps to improve government cybersecurity (Christian Science Monitor Passcode) The Office of Personnel Management breach returns the spotlight to the insecurity of federal networks, which can be strengthened if Washington starts acting a bit more like Silicon Valley
What if Pearl Harbor happened and nobody noticed? (USA Today) Last week, while people were going on about the white woman who posed as black to get an NAACP job, Hillary Clinton's (latest) campaign relaunch and President Obama's trade-bill debacle in the House, a much bigger story slipped by with much less hoopla: the successful seizure of a vast trove of federal personnel records, reportedly by the Chinese
Security pros: Cyberthreat info-sharing won't be as effective as Congress thinks (Christian Science Monitor Passcode) Though there's renewed momentum in Congress to finally pass a cybersecurity information-sharing bill, technology industry professionals say the proposals will primarily help government and won't aid the private sector
Army Reserves train the next generation's cyber force (Federal Times) As the Defense Department fills out its ranks with troops that will operate in the digital domain, the military services are working ardently to train up and supply the U.S. Cyber Command with cyber operators
The US Navy wants to buy unpatched security flaws (Engadget) It won't surprise you to hear that governments are eager to buy unpatched security exploits for the sake of cyberdefense or surveillance, but they're rarely overt about it
CIA Reorganizes to Target Islamic State (Wall Street Journal) Top officials create new teams of spies, analysts and scientists in fight against global threats
Litigation, Investigation, and Law Enforcement
Megaweirdness: FBI-seized domains still in limbo after DNS hijacking (Ars Technica) Frozen sites' name servers were changed to a domain registered through Chinese company
Germany Ends Probe of NSA Monitoring (Voice of America) German federal prosecutors say they have closed a year-long probe into the alleged wiretapping of Chancellor Angela Merkel's cell phone by the U.S. National Security Agency
CIA Releases Declassified Documents Related to 9/11 Attacks (IC on the Record) Today, CIA has released to the public declassified versions of five internal documents related to the Agency's performance in the lead-up to the attacks of September 11, 2001
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
AFCEA PNC Tech & Cyber Day (Tacoma, Washington, USA, Jun 25, 2015) The Armed Forces Communications & Electronics Association (AFCEA) - Pacific Northwest Chapter (PNC) will once again host the 5th Annual Information Technology & Cyber Day at Joint Base Lewis-McChord (JBLM) on Thursday, June 25, 2015. The purpose of this annual event is to allow JBLM personnel the opportunity to evaluate the latest Information Technology advancements, as well as to learn more about Cyber Security best practices and remediation strategies
AFCEA OKC Technology & Cyber Security Day (Oklahoma City, Oklahoma, USA, Aug 27, 2015) FBC and the Armed Forces Communications & Electronics Association (AFCEA) Oklahoma City Chapter will be partnering once again to host the annual Technology Day & "Scholarship" Golf Tournament at Tinker AFB. This is the only Technology Day held at Tinker AFB each year. The annual Technology Day allows exhibitors the opportunity to have access to information technology, communications, cyber, engineering, and contracting personnel at Tinker AFB. Over 300 attendees participated in the 2014 Technology Day and we expect the same level of attendance in 2015
AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, Oct 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers' at Hill AFB
NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), Oct 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location
Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, Oct 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Technology & Cyber Awareness Day (Aurora, Colorado, USA, Oct 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel
CyberMaryland 2015 (Baltimore, Maryland, USA, Oct 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"
Enterprise Security and Risk Management (London, England, UK, Dec 2, 2015) Whitehall Media's 4th ESRM conference will bring together hundreds of leading InfoSec, cyber security and risk management professionals to discuss the latest industry developments and identify the most pressing security risks of tomorrow. The event offers unrivalled networking opportunities and insights on how to design, implement and embed
ICISSP 2016 (Rome, Italy, Feb 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, that concerns to organizations and individuals, thus creating new research opportunities
International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, Mar 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce. Despite the increasing demand for cybersecurity professionals globally it remains an area where there is a significant shortage of skilled security professionals. The conference will facilitate a national dialogue toward enhancing opportunities in cybersecurity education and increase employment opportunities for minorities
Upcoming Events
NSA Mobile Technologies Forum (MTF) 2015 (Fort Meade, Maryland, USA, Jun 8 - 12, 2015) The Mobile Technologies Forum is an annual event that attracts SIGINT, Information Assurance, HUMINT, Federal Law Enforcement, Counterintelligence and Government personnel from the United States, Australia, Canada, New Zealand, and United Kingdom interested in mobile technologies, both current and future features and equipment. Those who are developing or have efforts that benefit NSA's efforts should participate as a government attendee or commercial vendor
19th Colloquium for Information Security Education (CISSE) (Las Vegas, Nevada, USA, Jun 15 - 17, 2015) The Colloquium for Information System Security Education (CISSE) has represented the constant in the changing field of cybersecurity education. CISSE was established in 1996. Its mission was (and still is) to provide the single authoritative forum for conducting meaningful dialogue between the wide range of government, industry, and academic entities, which are involved in the protection of our nation's information and its information and communication technology assets. All of the communities of interest who participate in CISSE's workshops, academic and roundtable presentations receive direct advice from government, industry and other experienced educators about how to develop and deploy effective cybersecurity curricula. The Community meets every year at CISSE in order to learn about and further discuss the most effective means of maintaining a high standard of excellence in practice in cybersecurity education
Information Management Conference 2015 (Nashville, Tennessee, USA, Jun 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy
Cornerstones of Trust 2015 (San Mateo, California, USA, Jun 16, 2015) The World Ahead: Ending The Insanity In Information Security. Insanity is often defined as repeatedly doing the same while expecting different results. Year after year our cyber security success has been inadequate yet we keep doing the same things over and over. The breaches are getting worse by the day. Cornerstones of Trust 2015 will bring security visionaries, operational experts, and seasoned professionals together so they can share ideas on how to build trustworthy and predictable security solutions that address the problems of today and the issues we see on the horizon
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, Jun 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways
Portland Secure World (Portland, Oregon, USA, Jun 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, Jun 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome
Suits and Spooks All Stars 2015 (New York, New York, USA, Jun 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues — Soho House NYC — on Friday June 19 and Saturday June 20th. It will be our last event there because they're converting the library to a member-only space starting July 1st. So think of this as your exclusive invitation to spend 8 to 16 hours talking security, multi-disciplinary problem-solving, and out-of-the-box thinking with some of our best game changers
REcon 2015 (Montréal, Québec, Canada, Jun 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days
Nuit du Hack 2015 (Paris, France, Jun 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?
Fifth Annual International Cybersecurity Conference (Tel Aviv, Israel, Jun 22 - 25, 2015) The conference, held jointly this year by the Yuval Ne'eman Workshop for Science, Technology and Security, the National Cyber Bureau, the Prime Minister's Office, the Blavatnik Interdisciplinary Cyber Research Center (ICRC) and Tel Aviv University, will bring together leading international cyber experts, policymakers, researchers, security officials, and diplomats for an exchange of knowledge, methods and ideas concerning evolving cyber technologies
Cyber Security for Defense (Augusta, Georgia, USA, Jun 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution
Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, Jun 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects
Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, Jun 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational, roundtable environment moderated by the editor of Potomac Tech Wire and the founder of Billington CyberSecurity. The panel will focus on the overall outlook for cybersecurity, including technology trends, business issues, start-up issues, government needs and predictions
NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented
US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, Jun 29 - Jul 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow
Information Assurance Symposium (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia
Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, Jun 29 - Jul 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework
Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, Jun 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole