The CyberWire Daily Briefing 06.17.15
A hacker defaces a Lithuanian army site to announce (falsely, obviously, but it needs to be said) that NATO was preparing an incursion into Russia's Kaliningrad enclave, a minor episode that should nonetheless inspire thought about cyber Tokin Gulf Incidents (as opposed to cyber Pearl Harbors).
Al Qaeda and ISIS are reported to have adopted various encryption tools to defeat the cyber surveillance the groups are under. Pakistan's government announces its intention to take on jihadist information operators, but observers doubt they've got the wherewithal to do so effectively.
The US Congress gives the Office of Personnel Management a very uncomfortable ritual grilling (its director was offered the opportunity to apologize and resign; she declined) as lessons continue to be drawn from OPM's breach. China's government still denies involvement, albeit in the context of general condemnations of hacking as such, but US investigators say they've got "high confidence" China was involved.
Received an email from Angela Merkel? It's unlikely the German chancellor is using a Polish domain.
New phone exploits are discussed. Typosquatting facilitates scareware distribution. Small businesses are being disrupted with low-tech scams.
Cyber threats to aircraft draw attention at the Paris Airshow.
Adobe patches Adobe Photoshop Creative Cloud (CC) and Bridge CC.
Practitioners share incident response and recovery advice.
Former US Department of Homeland Security Assistant Secretary for Policy Baker debunks surveillance myths, indelicately desiring their purveyors to render backdoor obeisance.
The FBI investigates the St. Louis Cardinals baseball club for alleged intrusion into non-rival Houston Astros' systems.
Notes.
Today's issue includes events affecting Australia, China, France, Germany, Indonesia, Iraq, Israel, Lithuania, Nigeria, Pakistan, Philippines, Poland, Russia, Syria, Taiwan, United Arab Emirates, United Kingdom, United States, and and Vietnam.
Cyber Attacks, Threats, and Vulnerabilities
Lithuanian Armed Forces Website Hacked, Defaced with False Information (HackRead) Someone hacked the official website of Lithuanian Armed Forces and posted false information about NATO ready to attack Kaliningrad Oblast
Encryption Technology Embraced By ISIS, Al-Qaeda, Other Jihadis Reaches New Level With Increased Dependence On Apps, Software (MEMRI) Anyone can now communicate securely via an untraceable throwaway smartphone, purchased online, including on Amazon
Operation Lotus Blossom: A New Nation-State Cyberthreat? (Palo Alto Networks) Today Unit 42 published new research identifying a persistent cyber espionage campaign targeting government and military organizations in Southeast Asia. The adversary group responsible for the campaign, which we named "Lotus Blossom," is well organized and likely state-sponsored, with support from a country that has interests in Southeast Asia. The campaign has been in operation for some time; we have identified over 50 different attacks taking place over the past three years
OPM Breach Dates Back to December (Threatpost) The attack on the Office of Personnel Management that was disclosed earlier this month began as early as December 2014 and likely was the end result of a social engineering attack that enabled the hackers to gain valid user credentials and move around OPM's network
Fed agency blames giant hack on 'neglected' security system (AP via NorthJersey.com) The agency that allowed hackers linked to China to steal private information about nearly every federal employee — and detailed personal histories of military and intelligence workers with security clearances — failed for years to take basic steps to secure its computer networks, officials acknowledged to Congress on Tuesday
美国政府400万雇员资料被窃 称攻击来自中国 (中国搜索) 核心提示:“是一个具有高价值的攻击目标,我们有大量的人事信息记录,这是我们的对手需要的”
What local cyber attacks? US personnel data breach not isolated event (Mandarin) The massive cyber attack against the US government is not an unusual event. Such attacks happen all the time, but victims either don't realise or refuse to share the valuable threat intelligence that is vital to the global fight against cyber attacks
German chancellor Angela Merkel's own PC hit by malware… or was it? (Hot for Security) Poor old Angela Merkel. The German Chancellor just isn't having much luck with hackers
Merkels E-Mail und andere angebliche Hacks (Alvars Blog) Oh, eine Mail von Angela Merkel ‹noch.nicht.mal.mutti[at]irgendwo.pl›. Das hat die Merkel doch bestimmt selbst geschrieben. Oder? Nein
Botnet-based malicious spam seen this week (Internet Storm Center) Botnets continually send out malicious spam (malspam). As mentioned in previous diaries, we see botnet-based malspam delivering Dridex and Dyre malware almost every day
How to hijack MILLIONS of Samsung mobes with man-in-the-middle diddle (Register) Touchscreen keyboard update leaves handsets vulnerable to remote-code execution
Phone hacking blitz hammers UK.biz's poor VoIP handsets (Register) If I ever get my hands on those phreaking kids who hacked my phones
How a bad keystroke can lead you to SpeedUpKit 'scareware' (IDG via CSO) Dozens of misspelled domain names that spoof major brands are leading unsuspecting PC users to a questionable tune-up application called SpeedUpKit
Cybercriminal Sharpshooters: Nigerian Scammers Use HawkEye to Attack Small Businesses (TrendLabs Security Intelligence Blog) It doesn't take an advanced malware to disrupt a business operation. In fact, even a simple backdoor is enough to do it
Information-Stealing Stegoloader Malware Hides in Images (Threatpost) Malware writers aren't hesitant to do what it takes to protect a campaign and keep it hidden from detection technologies and security researchers
Finding Hacking Services and More in the Deep Web (Dark Matters) Hacking services are among the most attractive commodities in the underground market, it is possible to hire a hacker to request a "realistic" penetration test, or to pay to take over a Gmail or Facebook account for cyber espionage purpose
Reactions to the LastPass breach (Help Net Security) LastPass, the company behind the popular password management service of the same name, has announced that they have suffered a breach, and has urged users to verify their account and update their master password
Don't let the LastPass hack destroy your faith in password managers (Lumension) As has been widely reported, popular online password management service LastPass has been hacked
Study: 15-30 percent of eCommerce site visitors infected with CSIM (SC Magazine) Fifteen to 30 percent of eCommerce site visitors are infected with client side injected malware (CSIM), according to whitepaper from Namogoo, an online security firm that monitors numerous verticals throughout the U.S. and Europe
The Ever-Evolving Cyber Threat to Planes (NDTV) Hackers and cyber-terrorists present an ever-evolving threat to airlines, with experts constantly testing for new vulnerabilities, including the fear that drones could be used to throw a plane off course
Be paranoid: 10 terrifying extreme hacks (CIO) Nothing is safe, thanks to the select few hacks that push the limits of what we thought possible
Security Patches, Mitigations, and Software Updates
Adobe Releases Security Updates for Multiple Products (US-CERT) Adobe has released security updates for Adobe Photoshop Creative Cloud (CC) and Bridge CC to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system
Bing to encrypt search traffic by default this summer (Computerworld) HTTPS will become the default experience for all users of Microsoft's search engine
Bing arrives better late than never to the encryption party (Bing arrives better late than never to the encryption party) Ever-the-bridesmaid Bing will finally encrypt your search data by default
Cyber Trends
The Real Fog of Cyberwar: Operational Cyber Planning (War on the Rocks) Cyber operations and strategies are assumed to be critically important to national security strategies. The United States has gone to great lengths to implement cyber planning at the national level, as well as at the operational level in the U.S. military
Our View: Cyber attack points to brave new world (South Coast Today) News this past week that the personal and personnel records of 4 million current and former federal government employees had been hacked by an Internet-based attack that appears to have originated in China may represent a perilous change in international hacking
Blog: Defense and Industry Officials Look to the Cyber Future (SIGNAL) Quote of the Day: "Write that down, everybody. Security is the business case"
Cybersecurity Industry Blame Game at RSA Conference (Network World) Contrary to tradeshow presentations, the industry has not failed cybersecurity professionals as many speakers insinuated
How trustworthy are the world's leading websites? (Help Net Security) The Online Trust Alliance (OTA) evaluated nearly 1,000 websites, grading them based on dozens of criteria in three categories: consumer protection, privacy and security
Connected Home Threatens Service Provider Data (Infosecurity Magazine) Despite reservations surrounding the risk and vulnerabilities involved in everything being connected to the internet, the emerging market of the connected home is expanding to include connected living, which combines the connected home, workspace and city. And risk is expanding with it, given the number of service providers that are stepping up to hone in on the opportunity
Marketplace
Just 11% of UK Firms Have Cybersecurity Insurance (Infosecurity Magazine) Just 11% of large and mid-sized UK organizations currently have cyber insurance, and the vast majority simply don't understand the true nature of cyber risk because they haven't assessed third party suppliers, according to a new study from Marsh
To Improve Cybersecurity, Fire Some CEOs (EnterpriseTech) Despite the amazing number of cybersecurity breaches, so far the Target CEO appears to have been the only one to pay the price. While we hear some calls for the removal of the Anthem CEO, few are talking about the main cybersecurity threat in any enterprise — the organization chart
The Undaunted Rise of the Cyber Security ETF (ETF Trends) Monday was a lousy day for U.S. stocks, but as it has a habit of doing, the PureFunds ISE Cyber Security ETF (NYSEArca: HACK) ignored the broader market's nasty tape to close higher
Medical-device, IoT hacks spurring security software boom (USA Today) The same hospital computer networks that have helped deliver medical devices to U.S. patients are now making them more vulnerable to cyberattacks
George Pedersen: ManTech Eyes Cyber, Homeland Security Markets With KCG Acquisition (GovConWire) ManTech International (Nasdaq: MANT) has acquired Reston, Virginia-based cybersecurity advisory contractor Knowledge Consulting Group for an unspecified amount
Finjan Returns to Developing and Producing Secure Products for Mobile Apps and the Consumer Market (Marketwired) Finjan Holdings, Inc. (NASDAQ: FNJN), a cybersecurity company, announced its re-entry into the development and production of cyber secure products
Raytheon-Websense JV, Syntel Form Cybersecurity Alliance for Clients (ExecutiveBiz) A Raytheon-Websense joint venture has selected Syntel Inc. as an integration partner to implement the JV's cybersecurity and analytics products
Three months after $2-3M seed round, cyber startup enSilo raises $10M Series A (Geektime) How could Israeli enSilo have raised such a large A round so quickly? Here are a few explanations
SRC Launches FourV Systems to Address Growing Big Data Analytics Challenges (Inside Big Data) FourV_LogoSRC, Inc., a not-for-profit research and development company, announced the formation of a new wholly owned subsidiary, FourV Systems, LLC. The new company will focus on providing big data analytics products that are scalable and easily customizable to customers' unique business needs
Accuvant-FishNet: Monster Merger Will Lead To Monster Growth For Optiv Security (CRN) Although the monster merger between cybersecurity giants Accuvant and FishNet Security is sucking up most of the oxygen, the deal will not derail the sensational growth both companies have been enjoying in recent years, according to Steve Perkins, chief marketing officer at Accuvant-FishNet
Dept of the Prime Minister & Cabinet signs Kaspersky for device security (Computerworld) Department using vendor's products to protect devices
Watchful Software Adds Cisco Executive Greg Akers to Board of Directors (BloombergBusiness) Watchful Software, a leading provider of data-centric information security solutions, today announced the election of prominent industry executive Greg Akers to its Board of Directors
ForeScout Adds FireEye CEO Dave DeWalt To Board Of Directors (CRN) Former Intel Security head Mike DeCesare's first call when joining ForeScout Technologies as CEO three months ago was to FireEye CEO Dave DeWalt, asking him to join the up-and-coming network security company's board of directors
Products, Services, and Solutions
Secude Announces New Version Of Halocore For Data Protection (Tom's IT Pro) Secude, a data security company specializing in SAP software security, announced a new release of its flagship product, Halocore for Data Protection
SaaS App Adoption Creates New Blind Spots for Data Leakage in the Enterprise (Information Security Buzz) Imperva Skyfence to protect against confidential data leakage for customers
Finding the hidden image in your cyber data (Federal Times) Do you remember the short lived 3-D poster craze of the mid 1990's where posters contained computer generated hidden 3-D images that you can only see after staring at it for several minutes and focusing your eyes either in front or beyond the actual image itself?
Facebook introduces "Moments" — supposedly a safer way to share photos (Naked Security) Remember Facebook Messenger?
Technologies, Techniques, and Standards
Privacy groups walk out of US talks on facial recognition guidelines (Naked Security) A 16-month effort to set guidelines for use of facial recognition technology that satisfy consumers' expectations of privacy and meet existing state laws went up in flames on Tuesday
Time to Focus on Data Integrity (Dark Reading) Information security efforts have historically centered on data theft. But cybercriminals who alter corporate records and personal information can also cause serious harm
OPM Breach Offers Tough Lessons For CIOs (InformationWeek) While your enterprise may have a chief information security officer and a robust data governance department, CIOs and IT organizations are the ones on the front lines of protecting enterprise data. What lessons can we draw from the OPM breach?
Cybersecurity first responders give advice on data breach aftermath (CSO) Your company just got hacked. Now what?
The Regulatory Challenges of a Data Breach (Legaltech News) Lacking holistic rules, both state and federal regulators have taken up the mantle of cybersecurity regulations
Ways to Protect the U.S. Grid from Cyberattacks (Wall Street Journal: Risk and Compliance Journal) Judging by the number and type of cyber incidents reported to the U.S. Department of Homeland Security (DHS), attackers appear to be stepping up efforts to access or otherwise harm the electrical grid
Post-Malware Outbreak: Rip and Replace? (BankInfoSecurity) Zombie Attack Lessons Learned from Germany's Bundestag
Are Your Databases Secure? Think Again (eSecurity Planet) Targeting enterprise databases is a common attack tactic, as the Anthem breach showed, yet many companies neglect database security
Silver Linings to LastPass Hack (Easy Solutions Blog) Last night, password management company LastPass notified users in a blog post that it had been the target of a hack that accessed users' email addresses, encrypted master passwords, and reminder words and phrases the service asks users to create for those master passwords
Cyber Security for Startups — Practical Advice from other Founders (Heimdal Blog) How do you ensure maximum security for your users' data when you have the limited resources of a startup?
7 Development AppSec Tricks to Keep the Hackers Away — Part 1 (Tripwire: the State of Security) The mammoth rise in cybercrime has made organizations revise their application security strategy and implement new techniques to safeguard their software. This is largely because traditional security methodologies, such as Manual Testing and Web Application Firewalls (WAF), have been rendered irrelevant due to evolving hacking techniques
Q&A: EBay's security chief says collaboration key to keeping data safe from cyberattacks (AP vi Fox Business) It seems there's nowhere to hide these days from cyberattacks
Design and Innovation
Free SSL/TLS certificate project moves closer to launch (IDG via CSO) Let's Encrypt, a project aimed at increasing the use of encryption across websites by issuing free digital certificates, is planning to issue the first ones next month
A call to researchers: Mix some creation with your destruction (Help Net Security) Since I can first remember being interested in information security, my personal hacker heroes (and I'm using hacker positively here) were the researchers who discovered zero day software vulnerabilities and could create proof-of-concept exploits to demonstrate them
Legislation, Policy, and Regulation
Pakistan grapples with fighting terrorism online (UPI) Pakistan has vowed to take action against the promotion of terrorism online, but some experts say there is little the government can do about it
'Oh Kiss My Ass, That's Not True': Stewart Baker Calls Out Cyber-Surveillance Myths (Wired) In his book Skating on Stilts, former US Department of Homeland Security Assistant Secretary for Policy Stewart Baker examines the numerous ways — air travel, biotech, the Internet — that America has left itself vulnerable to threats
Edward Snowden Supports Apple's Public Stance On Privacy (TechCrunch) Edward Snowden says we should support Apple's newly stated commitment to privacy rather than a business model driven by personal data collection, whether or not Tim Cook is being genuine. Snowden spoke over video conference during the Challenge.rs conference in Barcelona today
Giving Government 'Backdoor' Access to Encrypted Data Threatens Personal Privacy and National Security (Reason) The War on Terror is providing plenty of rhetorical ammunition to anti-encryption officials, but they are dangerously wrong
A New Look at the CIA's Pre-9/11 Mindset Reveals Uncomfortable Truths About Intel (Defense One) An inspector general report shows what's gotten better in the past decade — and what's still a problem
DISA rolls out new 5-year strategy (C4ISR & Networks) The Defense Information Systems Agency has released its 2015-2020 strategic plan, laying out core agency missions and objectives in getting IT services to Defense Department users
Paul Nakasone Promoted to Major General as Commander of Cyber Mission Force (Rafu Shimpo) U.S. Army Brig. Gen. Paul M. Nakasone received a frocked promotion to major general in a ceremony that packed an auditorium at the headquarters of the National Security Agency on April 29
Litigation, Investigation, and Law Enforcement
FBI investigates Cardinals for hacking into Astros' database (ESPN) The St. Louis Cardinals are being investigated by the FBI for allegedly hacking into networks and trying to steal information about the Houston Astros, The New York Times reported Tuesday
Even Major League Baseball Teams are Hacking Each Other (Dark Matters) The Department of Justice is investigating front office staff of the the St. Louis Cardinals baseball organization for illegally accessing the networks of the Houston Astros in an attempt to obtain confidential information on the team
Dumb criminals can't keep their mouths shut on Facebook (Hot for Security) We often warn about the dangers of over-sharing information on social networking sites
Swearing on WhatsApp in UAE could result in a fine, jail time or deportation (Naked Security) Rageaholics, beware: United Arab Emirates has passed laws against swearing, be it online or in person, and that includes F-you emojis
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
19th Colloquium for Information Security Education (CISSE) (Las Vegas, Nevada, USA, Jun 15 - 17, 2015) The Colloquium for Information System Security Education (CISSE) has represented the constant in the changing field of cybersecurity education. CISSE was established in 1996. Its mission was (and still is) to provide the single authoritative forum for conducting meaningful dialogue between the wide range of government, industry, and academic entities, which are involved in the protection of our nation's information and its information and communication technology assets. All of the communities of interest who participate in CISSE's workshops, academic and roundtable presentations receive direct advice from government, industry and other experienced educators about how to develop and deploy effective cybersecurity curricula. The Community meets every year at CISSE in order to learn about and further discuss the most effective means of maintaining a high standard of excellence in practice in cybersecurity education
Information Management Conference 2015 (Nashville, Tennessee, USA, Jun 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
TRUSTe Internet of Things Privacy Summit 2015 (Menlo Park, California, USA, Jun 17, 2015) The Second IoT Privacy Summit will be held on June 17th 2015 and focus on practical solutions to the privacy challenges of the Internet of Things with multiple case studies, workshops and panel presentations bringing together the whole privacy IoT ecosystem from technologists, product engineers and data scientists to privacy practitioners, regulators, and academics for a day of discussion, insight and practical take-aways
Portland Secure World (Portland, Oregon, USA, Jun 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Larry Ponemon will deliver the keynote
2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, Jun 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome
Suits and Spooks All Stars 2015 (New York, New York, USA, Jun 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues — Soho House NYC — on Friday June 19 and Saturday June 20th. It will be our last event there because they're converting the library to a member-only space starting July 1st. So think of this as your exclusive invitation to spend 8 to 16 hours talking security, multi-disciplinary problem-solving, and out-of-the-box thinking with some of our best game changers
REcon 2015 (Montréal, Québec, Canada, Jun 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days
Nuit du Hack 2015 (Paris, France, Jun 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?
Fifth Annual International Cybersecurity Conference (Tel Aviv, Israel, Jun 22 - 25, 2015) The conference, held jointly this year by the Yuval Ne'eman Workshop for Science, Technology and Security, the National Cyber Bureau, the Prime Minister's Office, the Blavatnik Interdisciplinary Cyber Research Center (ICRC) and Tel Aviv University, will bring together leading international cyber experts, policymakers, researchers, security officials, and diplomats for an exchange of knowledge, methods and ideas concerning evolving cyber technologies
Cybersecurity Executive Roundtable (Blacksburg, Virginia, USA, Jun 23, 2015) experts from across the country will convene at Virginia Tech to meet with rising cybersecurity talent to discuss solutions for the country's cyber workforce shortage in an executive roundtable titled "The Manpower Crisis in Cyber Security: Promising Solutions." The roundtable discussion will be hosted by Richard McKinney, Chief Information Officer for the U.S. Department of Transportation, Andrew H. Turner, Vice President and Head of Global Cyber Security for Visa, and Karen Evans, National Director of the U.S. Cyber Challenge
Cyber Security for Defense (Augusta, Georgia, USA, Jun 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution
Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, Jun 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects
AFCEA PNC Tech & Cyber Day (Tacoma, Washington, USA, Jun 25, 2015) The Armed Forces Communications & Electronics Association (AFCEA) - Pacific Northwest Chapter (PNC) will once again host the 5th Annual Information Technology & Cyber Day at Joint Base Lewis-McChord (JBLM) on Thursday, June 25, 2015. The purpose of this annual event is to allow JBLM personnel the opportunity to evaluate the latest Information Technology advancements, as well as to learn more about Cyber Security best practices and remediation strategies
Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, Jun 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational, roundtable environment moderated by the editor of Potomac Tech Wire and the founder of Billington CyberSecurity. The panel will focus on the overall outlook for cybersecurity, including technology trends, business issues, start-up issues, government needs and predictions
NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented
US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, Jun 29 - Jul 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow
Information Assurance Symposium (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia
Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, Jun 29 - Jul 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework
Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, Jun 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole
TakeDownCon Rocket City (Huntsville, Alabama, USA, Jul 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry's most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks
CyberMontgomery 2015 (Rockville, Maryland, USA, Jul 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders