The CyberWire Daily Briefing 06.18.15
A protest nominally organized by Anonymous — #OpC51 — took down a number of Canadian federal websites yesterday. The denial-of-service attack was intended to register opposition to that country's anti-terror legislation.
Duqu 2.0 remains under analysis. The incident prompts consideration of the ease with which false flags can be planted, and the attendant challenges of attribution.
ISIS continues to enjoy a propaganda advantage in the information war it's waging with the rest of the world. That advantage is difficult to characterize (Foreign Policy contents itself with "je ne sais quoi") but whatever it is, an effective counter narrative will require real, tangible content, not, as a former ambassador bitterly puts it, "magic social media or public diplomacy pixie dust."
The US OPM breach expands, and has now reached the personal information of Congressional staffers. Outrage expands, too, and most of it's directed against US Government IT security as implemented by the Office of Personnel Management. Former NSA (and CIA) director Michael Hayden states his opinion plainly: don't get mad at the Chinese services — those services were pursuing an entirely "legitimate foreign intelligence target." The OPM affair prompts some lessons to be drawn, best practices to be recommended.
Researchers demonstrate (and name) a new vulnerability in OS X and iOS, "Cored" or "Xara," affecting Keychain credential management.
Symantec warns of a new password recovery scan.
Tor Browser has been upgraded. Drupal addresses multiple security issues.
Australia and the US independently pursue regional cyber cooperation.
The FBI's still looking at the St. Louis Cardinals.
Notes.
Today's issue includes events affecting Afghanistan, Australia, Canada, China, Germany, India, Iran, Iraq, Israel, Mexico, Russia, Syria, United Arab Emirates, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Cyberattack takes down government websites; 'Anonymous' claims responsibility (CTV National News) Federal government websites were hit by a cyberattack Wednesday and the hacking group Anonymous has claimed responsibility for the attack
#OpC51 Anonymous hit systems at Canadian Government (Security Affairs) Anonymous claimed responsibility for running DDoS attacks on Canadian government systems against the approval of anti-terror law C-51
Analysis of CVE-2015-2360 — Duqu 2.0 Zero Day Vulnerability (TrendMicro Security Intelligence Blog) The recent Duqu 2.0 targeted attack used several zero-day vulnerabilities as part of its attack. One of the vulnerabilities used was CVE-2015-2360, which was fixed by MS15-061 as part of the June Patch Tuesday release. Like CVE-2015-1701, this is also in the Win32k.sys file, which is commonly targeted by attackers to bypass existing vulnerability mitigation techniques
Analysis: the unbearable ease of planting false information (i24 News) China, Israel, Iran. Fingers are pointed at them all
The Islamic State's Je Ne Sais Quoi (Foreign Policy) There's a reason why the United States is losing the propaganda war against ISIS
Where ISIS Has Directed and Inspired Attacks Around the World (New York Times) The arrest on Saturday of a Queens college student on charges of conspiring with the Islamic State is just the most recent example of the group's global strategy, which began about one year ago and has resulted in attacks or arrests in more than a dozen countries
OPM Breach Includes Congressional Staffers (Roll Call) As government officials answered questions about the recent Office of Personnel Management data breach, former and current congressional staffers processed the notices they are receiving from the agency that they, too, were affected by the breach
Michael Hayden: "Those Records are a Legitimate Foreign Intelligence Target" (Lawfare) Don't blame the Chinese for the OPM hack, says former NSA and CIA Director Michael Hayden. If Hayden had had the ability to get the equivalent Chinese records when running CIA or NSA, he says, "I would not have thought twice. I would not have asked permission. I'd have launched the star fleet. And we'd have brought those suckers home at the speed of light." The episode, he says, "is not shame on China. This is shame on us for not protecting that kind of information." The episode is "a tremendously big deal, and my deepest emotion is embarassment"
Military clearance OPM data breach 'absolute calamity' (Military Times) Anxiety is spreading among defense officials and the military community that the recent theft of federal government data linked to China may affect hundreds of thousands of service members
Feds' cyber security woes can't all be blamed on legacy systems (ZDNet) Creaky systems that can't use the latest encryption are merely one item in a cyber security mess that took decades to create
Apple OS X and iOS in the vulnerability spotlight — meet "CORED," also known as "XARA" (Naked Security) The security issue of the week has arrived, and, quelle surprise, it's attracted a funky name already
Samsung Keyboard Security Risk Disclosed: Over 600M+ Devices Worldwide Impacted (NowSecure) Over 600 million Samsung mobile device users have been affected by a significant security risk on leading Samsung models, including the recently released Galaxy S6. The risk comes from a pre-installed keyboard that allows an attacker to remotely execute code as a privileged (system) user
Cybercrims bypassing two-factor authentication with simple txt (SecurityWatch) Strong passwords and two-factor authentication are no match for simple social engineering it appears, with security vendor Symantec warning of a new password recovery scam tricking users in to handing over email account access
CVE-2014-4114: Tracing the Link (ThreatGeek) In June 2015, we published Fidelis Threat Advisory #1017 and a blog post on unrelated hostile cyber criminal activity based on the exploitation of CVE-2014-4114, using a novel technique leading to zero antivirus detections for this well-known vulnerability
Newly patched Flash Player bug exploited to deliver crypto ransomware (Help Net Security) It took less than a week for a functional exploit for a recently patched Adobe Flash Player vulnerability to be added to the Magnitude exploit kit, Trend Micro researchers warn
Vawtrak Trojan Now Increasingly Obscure by Employing Tor2Web, Finds Fortinet (Spamfighter) Creators of Vawtrak the banking Trojan, whose other names are Snifula and Neverquest, are using the Tor2Web to make their servers obscure and so more difficult for security researchers to detect the malware's activity, says Fortinet the security company
Fred's is latest chain to investigate possible security breach (FierceRetailIT) The latest sizable chain to report a potential credit card breach is Fred's (NASDAQ:FRED), a general merchandise discounter with about 650 stores and 300 pharmacies in 15 states
Microsoft's site dedicated to fighting US surveillance just got hacked (ZDNet) The site, which appears to be running an older version of WordPress, was displaying casino-related pages
MacKeeper — a(nother) reason not to use it (Graham Cluley) I've never been a fan of MacKeeper
Security Patches, Mitigations, and Software Updates
Tor Browser 4.5.2 is released (Tor) A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory
Drupal Releases Security Updates (US-CERT) Drupal has released updates to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to gain access to a system account, including an administrator's
Cyber Trends
Federal records hack underscores overconfidence in records management policies (FierceContentManagement) In light of the recent federal records data breach, a recent survey of 150 federal workers involved with records management takes on a whole new meaning. Fourteen federal organizations were surveyed, including the Department of Veteran's Affairs. While the VA itself wasn't hacked, an unknown number of files belonging to active and retired military members were stolen
Baseball, hacking, and security (Network World) Corporate espionage is commonplace, even in baseball
Report: Little Being Done to Combat Insider Threats (National Defense) Despite high profile cases of employees stealing information from intelligence agencies and the military, companies and organizations are taking few steps to thwart insider threats, a recently released report said
Why break in, if you can simply login? (Help Net Security) I was asked the other day why so many security breaches are hitting the headlines and are seemingly getting larger and more frequent. The game of cyber security has changed significantly over the years and defenders are slow to modify their playbooks and tactics
Education key to bolstering remote-access security for providers (FierceHealthIT) In his own doctor's office, cybersecurity expert Gary Glover found he could gain unauthorized access to physician practice data
Asset managers at risk from cyber-attacks (Global Investor) Asset managers, relatively protected until now, are increasingly at risk from cyber-attacks. Hannah Smithies explores what can be done to guard against new threats
Time to Embrace Cloud Security as a Service (MSPmentor) If you've heard it once, chances are, you've heard it a hundred times: organizations still hesitant to adopt to the cloud feel this way because of a perceived lack of security
Public Sector Target of Choice for Malware Attacks (The C Suite) Public sector becomes top target for malware attacks in the UK, says NTT Com Security Global Intelligence Threat Report
Sicherheitsexperten warnen vor Stromausfall im Land (Stuttgarter Nachrichten) Hacker nehmen offenbar immer häufiger auch die äffentliche Versorgung ins Visier. IT-Experten kritisieren veraltete Software und schlechten Schutz. Die Versorger dementieren
Marketplace
Hack attacks 'discourage' investment in targeted companies (IR Magazine) Fewer than 50 percent of boards have skills needed to deal with cyber-security, KPMG study shows
The Cyber Security Market Is Still Strong (In Case You Forgot) (Benzinga) A new report by Bank of America analyst Tal Liani focuses on the latest numbers from the cybersecurity space and discusses Bank of America's outlook for several of the major cybersecurity players. The report also includes several price target hikes for cybersecurity stocks
Columbia cyber firm wins federal contract worth up to $10.7M (Baltimore Business Journal) Chiron Technology Services has a won federal cybersecurity contract worth up to $10.7 million
Twitter is joining Google and Facebook in the artificial intelligence arms race (Business Insider via Yahoo! Finance) The changing of the guard in Twitter's executive suite hasn't put a halt to the company's M&A activity
Insight Venture Partners to buy Israeli co Checkmarx (Globes) Insight will buy a majority stake in the Tel Aviv based IT security firm at a company value of $100 million, according to reports
CYREN Awarded $0.93 Million Cyber Innovation Grant By Israeli Office of the Chief Scientist (PRNewswire) CYREN (NASDAQ: CYRN) today announced that it has been awarded a government grant of NIS 3.6 million (approximately USD 0.93 million) from the Office of the Chief Scientist (OCS) at the Ministry of Economy of Israel
Security software maker AVG opens R&D centre in Israel (Reuters) Security software maker AVG Technologies NV said on Wednesday it was opening a research and development centre in Israel that would focus on emerging mobile threats
Organizations Grapple With Security Talent Shortage (CIO Insight) When it comes to security, companies are trying to do the best they can with what they have and are often simply hoping they aren't targeted in a cyber-attack
Google to shell out up to $58k for new Nexus epic pwnage (Register) Remote low level attacks plus patch to be answered with cash
LinkedIn Goes Public with its Private Bug Bounty (Threatpost) Public-facing bug bounties are the shiny new bauble of computer security. And with good reason since in most cases, companies that start their own bounties or go through a third-party platform provider are able to take advantage of a pool of skilled contributors, patch products, and improve security overall
Fidelis Cybersecurity Hires Former McAfee GM; Expands Executive Team with Technology and Research Leaders (BusinessWire) Addition of global sales and HR executives and promotions of key contributors strengthens team focused on solidifying Fidelis' leading advanced threat defense market position
Resilient Systems Appoints New CFO and VP of Marketing to Support Rapid Growth (Resilient Systems) Karen Higgins joins company as CFO, Maria Battaglia as VP of Marketing as organizations turn to leading incident response platform provider to thrive in the face of cyberattacks
Key Management Reshuffle Inside Microsoft (24/7 Wall Street) Microsoft Corp. (NASDAQ: MSFT) is looking to shake things up. The company plans to shift some of its senior leaders around in an effort to address evolving trends within Microsoft's space
Bird lands executive role at Symantec (MicroScope) The moment when Symantec splits into two is moving ever closer and the vendor is finalising the excutive team thay will take the business forward
Products, Services, and Solutions
F-Secure updated security solution offers new capabilities to IT managers (Infotech Lead) F-Secure has updated its Business Suite security solution to help IT Managers control and manage risks. Business Suite combines features such as web content control and automated patch-management
Apple working with MobileIron to ship enterprise apps (FierceMobileIron) Apple has been working with MobileIron on OneTouch, a MobileIron service that packages and secures enterprise iOS apps for organizations and pushes them to their users, according to a MobileIron spokeswoman
Green Berets' efforts to take down ISIS undermined by shoddy U.S. intelligence (Washington Times) Army Green Berets planned for a wide range of actions in Iraq this year but bemoaned the sorry state of U.S. intelligence assets in the country to help the local security forces find and kill Islamic State terrorist targets, an internal Army memo says
Stale, dead apps emerging as serious mobile security risks (TechTarget) While there's plenty of information available today pertaining to enterprise cybersecurity risks and mitigation strategies, there is a lack of data specifically focused on the mobile security risks of employee devices and apps
Using Image Search Tools to Improve Your Security Program (Cyveillance Blog) Last week we discussed our expanded Global Intelligence capabilities, the first of two recent enhancements to the Cyveillance Cyber Threat Center™. Today, we will go over the second new feature, Content-based Image Retrieval (CBIR)
Review: The best password managers for PCs, Macs, and mobile devices (CSO) 10 local and cloud-based contenders make passwords stronger and online life easier for Windows, OS X, iOS, Android, BlackBerry, and Windows Phone users
Technologies, Techniques, and Standards
Encrypting data at rest is vital, but it's just not happening (ZDNet) Regulators and security strategists recommend encrypting data at rest, but few organisations do it, and most get it wrong. Good thing there are bigger problems to tackle first
Why You Might Want To Encrypt Your Syslogs Now (IT Jungle) Every day millions of IBM i server events are packaged up in the syslog standard and sent offsite for safekeeping and analysis. In many cases, the syslog files are sent in plain text across the wire because, hey, they're just boring old log files, and what could anybody ever do with those, right? Wrong
Emulating the security analyst with software (Help Net Security) This is the second installation of a two-part article discussing why static security detection methods can no longer protect enterprises from advanced hacking efforts. In this installation, the author will discuss why the security industry must begin to look at a more dynamic approach to security alerts
OPM Breach Offers Tough Lessons For CIOs (InformationWeek) While your enterprise may have a chief information security officer and a robust data governance department, CIOs and IT organizations are the ones on the front lines of protecting enterprise data. What lessons can we draw from the OPM breach?
6 breaches: Lessons, reminders, and potential ways to prevent them (CSO) No organization wants to be the next headline, but looking at those who have been breached can help keep others out of the spotlight
Is Your Security Operation Hooked On Malware? (Dark Reading) It may seem counterintuitive, but an overzealous focus on malware may be preventing you from detecting even bigger threats
Threat Intelligence Can Provide A New Level Of Cybersecurity (InformationWeek) Digital Shadows CTO James Chappell discusses how to use big data and data analytics to stay ahead of attackers
Design and Innovation
IoT is the password killer we've been waiting for (IT World via CSO) IoT, with its tiny screens & headless devices, will drive an authentication revolution. It's a short leap from the kind of two-factor authentication used on the Apple Watch to proximity-based authentication that does away with any user interaction. Passwords are just the canary in the coalmine
Academia
Cyber Citizenship Heads to Texas Public Middle Schools (Huffington Post) Ninety two percent of teens report going online daily — including 24 percent who say they go online "almost constantly," according to a new study from Pew Research Center; April, 2015. Today's tween and teens are given a powerful tool that enables them to connect with people, places and things globally with little to no Cyber Citizenship education. A lack of cyber education puts teens and tweens at a greater risk of human trafficking, identity theft and cyber bullying
Legislation, Policy, and Regulation
Foreign Groups Fear China Oversight Plan (New York Times) A remarkable assortment of foreign organizations set up shop in China in the decades after its emergence from isolation under Mao Zedong, offering good will, money and expertise that helped link the nation more closely to the rest of the world and turn it into the global powerhouse it is today
Regional security approach pays threat-intelligence dividends but sharing must be managed (CSO) Regional security approach pays threat-intelligence dividends but sharing must be managed
US seeks stronger cyber ties with North American neighbors (The Hill) After firming up its cybersecurity relations with a number of overseas allies, the Obama administration is turning its attention to its North American neighbors this week
US House Seeks Larger US-India-Israel National Security Cooperation (NDTV) The US House of Representatives has passed a bipartisan amendment to the FY2016 Intelligence Authorization Act calling for expansion of US-India-Israel national security cooperation
Industry Weighs In on Data Security, Cybersecurity Legislation (JDSupra) Members of the financial industry were able to share their positions and voice concerns at a recent hearing held by the House Committee on Financial Services. Discussing "Protecting Consumers: Financial Data Security in the Age of Computer Hackers," representatives from the Financial Services Roundtable, the Electronic Transaction Association, and the PCI Security Standards Council (as well as a voice from the retail industry and tech sector) talked about the elements of the multiple data security and privacy bills currently pending before Congress
Opinion: The reasonable expectation fallacy (Christian Science Monitor Passcode) The ability to delete yourself from the Web doesn't really matter. What really matters in the age of advanced surveillance is the right to not be correlated. Technology is always watching and capturing you, but the correlation is where the danger lies. Laws can change that, but only if enacted soon
GOP, White House clash over cyber center (The Hill) The White House is pushing back against the Republican vision for the administration's new cyber agency, claiming the GOP has bigger plans for it than the administration ever intended
Pentagon seeks to hold its IT users more accountable for cyber missteps (Federal News Radio) The Defense Department has no shortage of regulations designed to encourage and enforce good cybersecurity behavior on its own networks. But DoD's chief information officer said as of now, there are too few consequences for users who run afoul of those rules. That's about to change
Release of U.S. Coast Guard Cyber Strategy (Coast Guard Compass) For more than two centuries, the U.S. Coast Guard has harnessed innovations and leveraged new capabilities to ensure safety, security and stewardship across the maritime domain. In continuing a proud history of responding to the nation's maritime needs, the Coast Guard has fully embraced a new operating domain — cyberspace
Litigation, Investigation, and Law Enforcement
OPM: Data Breach (Full House Committee on Oversight and Government Reform) To provide Members an opportunity to gain information on the nature and extent of the recent U.S. Office of Personnel Management (OPM) data breach
Lawmakers slam OPM for 'grossly negligent' approach to data security (Christian Science Monitor Passcode) At a Congressional hearing Tuesday, Office of Personnel Management officials testified about plans to bolster digital defenses in the wake of hacks that exposed millions of sensitive records about government officials
Oversight chair wants officials fired over hack (The Hill) House Oversight Chairman Jason Chaffetz (R-Utah) called on President Obama to fire at least two top officials from the embattled Office of Personnel Management (OPM) over their role in the massive data breach that has rattled the government
Congress seeks to block U.S. intel from German NSA probe (Washington Times) President Obama wants to share U.S. secrets with a German parliamentary committee investigating the National Security Agency's spying in Germany. The move is in direct opposition to Congressional restrictions, which were added to the fiscal 2016 intelligence authorization bill that would block intelligence sharing
Opinion: Is Surespot the latest cryptowar victim? (Christian Science Monitor Passcode) The encrypted chat app has been mum since suggesting it was about to receive a government subpoena. Its silence implies that the government may be snooping on its users, which have included Islamic State militants
Navigating the Complexities of International Privacy and Data Laws (Legal News) Experts discuss the evolving regulation of privacy in the U.S. and abroad, and how international businesses should address them
Dubai authorities not scrutinising social media: Report (Emirates 24/7) Officials say they respect privacy of users
Snowden's lawyer slams Times story claiming leaks 'betrayed' British spies (Globe and Mail) A Sunday Times article stating that British spies had been "betrayed" to Russian and Chinese intelligence services as a result of Edward Snowden's mass-surveillance revelations to the press is "utter nonsense," claims the whistleblower's lawyer
Cyber hacking not as rare in sports as you might think, expert warns (Toronto Star) FBI investigating whether St. Louis Cardinals staff behind hacking of Houston Astros
Police break up romance scam gang that fleeced women of $1.5 million (Naked Security) Online romance scams are among the oldest in the conman's arsenal, but sadly we see them all too frequently
Unmasked: How Police Beat Shakespearean Cyber Thieves (Bloomberg) Shakespeare-quoting hackers targeted British banks. Police led a global operation to stop the heist, but can they catch the Shylock gang?
News sites can be held responsible for user comments (Naked Security) News site is responsible for hate-filled comments, says EU courtFreedom of expression and the often swill-filled comment sections it supports got slapped upside the head on Tuesday when the European Court of Human Rights (ECHR) ruled that an online news site can be fined for comments left by anonymous readers
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Global Cyberspace Cooperation Summit VI (New York, New York, USA, Sep 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum for building international, private-public action to foster international cooperation in cyberspace. Breakthrough groups, aligned with the initiative's objectives of economic and political development, digital security and stability, and sound governance and management, carry the program forward
Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, Sep 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack. Penetration of national and company security, criminal fraud and identity theft are now big business worldwide among a shadowy fraternity that is only growing in power and size. Recent incidents with film studios, healthcare providers and global banks continue to resonate in cabinet offices and boardrooms everywhere
Upcoming Events
Information Management Conference 2015 (Nashville, Tennessee, USA, Jun 15 - 18, 2015) This year's theme is "Mission Excellence through Innovation" and is aligned with the Information Resources Management Strategic Plan vision, which aims to collaborate as an enterprise and deliver innovative information management and technology solutions that support the Department's mission. The conference is organized and sponsored by the US Department of Energy
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability
2015 Community College Cyber Summit (3CS) (North Las Vegas, Nevada, USA, Jun 17 - 19, 2015) The second annual Community College Cyber Summit (3CS), hosted by the College of Southern Nevada, is organized and produced by the five cybersecurity-related Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF). 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend. Government, industry, and association representatives in the cybersecurity arena are likewise welcome
Suits and Spooks All Stars 2015 (New York, New York, USA, Jun 19 - 20, 2015) Unlike our typical "collision" event, our All Stars will have at least 60 minutes each for their talks. Seating will be limited because we're going to hold it in one of our most popular venues — Soho House NYC — on Friday June 19 and Saturday June 20th. It will be our last event there because they're converting the library to a member-only space starting July 1st. So think of this as your exclusive invitation to spend 8 to 16 hours talking security, multi-disciplinary problem-solving, and out-of-the-box thinking with some of our best game changers
REcon 2015 (Montréal, Québec, Canada, Jun 19 - 21, 2015) REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. The conference offers a single track of presentations over the span of three days along with technical training sessions held before the presentation dates. Technical training varies in length between two and four days
Nuit du Hack 2015 (Paris, France, Jun 20 - 21, 2015) The "Nuit Du Hack" conference was initiated in 2003 by the French hacking group: HackerZvoice. This event has been gathering people willing to learn and share their knowledge around lectures and challenges since. Originally reuniting 20 persons, the Nuit Du Hack has never stopped growing by gathering more and more people from passionate to the professional area. Since 2010, in order to improve the quality and the accessibility of this event, talks and workshops in English are possible. In 2013 and 2014, the event announced several lecturers of international reknown and rallied more than 1500 fans including more than 50 challengers fighting in teams. The 14th edition of the Nuit Du Hack will be held at the circus academy Fratellini (Acadèmie Fratellini, ècole du cirque) on June 20th, 2015. So if you're interested in Hacking, This is Le place to be if you're in Paris during the summer. Mkay?
Fifth Annual International Cybersecurity Conference (Tel Aviv, Israel, Jun 22 - 25, 2015) The conference, held jointly this year by the Yuval Ne'eman Workshop for Science, Technology and Security, the National Cyber Bureau, the Prime Minister's Office, the Blavatnik Interdisciplinary Cyber Research Center (ICRC) and Tel Aviv University, will bring together leading international cyber experts, policymakers, researchers, security officials, and diplomats for an exchange of knowledge, methods and ideas concerning evolving cyber technologies
Cybersecurity Executive Roundtable (Blacksburg, Virginia, USA, Jun 23, 2015) experts from across the country will convene at Virginia Tech to meet with rising cybersecurity talent to discuss solutions for the country's cyber workforce shortage in an executive roundtable titled "The Manpower Crisis in Cyber Security: Promising Solutions." The roundtable discussion will be hosted by Richard McKinney, Chief Information Officer for the U.S. Department of Transportation, Andrew H. Turner, Vice President and Head of Global Cyber Security for Visa, and Karen Evans, National Director of the U.S. Cyber Challenge
Cyber Security for Defense (Augusta, Georgia, USA, Jun 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution
Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, Jun 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects
AFCEA PNC Tech & Cyber Day (Tacoma, Washington, USA, Jun 25, 2015) The Armed Forces Communications & Electronics Association (AFCEA) - Pacific Northwest Chapter (PNC) will once again host the 5th Annual Information Technology & Cyber Day at Joint Base Lewis-McChord (JBLM) on Thursday, June 25, 2015. The purpose of this annual event is to allow JBLM personnel the opportunity to evaluate the latest Information Technology advancements, as well as to learn more about Cyber Security best practices and remediation strategies
Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, Jun 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational, roundtable environment moderated by the editor of Potomac Tech Wire and the founder of Billington CyberSecurity. The panel will focus on the overall outlook for cybersecurity, including technology trends, business issues, start-up issues, government needs and predictions
NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented
US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, Jun 29 - Jul 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow
Information Assurance Symposium (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia
Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, Jun 29 - Jul 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework
Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, Jun 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole
TakeDownCon Rocket City (Huntsville, Alabama, USA, Jul 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry's most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks
CyberMontgomery 2015 (Rockville, Maryland, USA, Jul 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders