The CyberWire Daily Briefing 06.25.15
news from the SINET Innovation Summit
SINET's Innovation Summit is underway in New York as we go to press. We'll publish a full account of the conference tomorrow, but a few articles linked below may be of interest. US Securities and Exchange Commissioner Luis A. Aguilar delivered the morning keynote. If interested in background on his account of current regulatory initiatives, see the Commission's filing of its Regulatory Systems Compliance and Integrity initiative, linked below. More tomorrow after the Summit wraps up.
Israeli officials (as they cautiously mull unification of their national cyber assets, not wishing to disrupt Unit 8200) describe what they characterize as recent Iranian–led and –supported attacks on Israeli networks.
Effects of the US Office of Personnel Management (OPM) breach continue to ripple outward, affecting the rest of the Government both directly and by drawing critical scrutiny to other agencies' cyber practices: "Login creds for US agencies found scrawled on web's toilet walls," as the Register spins Recorded Future's findings. Concerns focus on compromise of security-clearance-related data. (That's the unsurprising story Newsweek reports concerning the FBI: the Bureau wasn't hacked, as the headline somewhat misleadingly suggests, but of course its personnel data passed through OPM.) OPM has released an account of what it's doing to clean up the problem, leading with an ill-timed paean to its current director's security leadership — Congress is unlikely to be mollified. NSA Director Rogers sounds a prim note of caution over attribution.
The Bundestag winces as it prepares to pay for cleaning up its surprisingly stubborn spyware infestation.
Researchers disclose significant vulnerabilities in Adobe Reader, Windows, and Android's Instapaper. The Dyre banking Trojan is proving newly troublesome. Symantec has an analysis.
US Defense Secretary Ashton Carter wants NATO to upgrade cyber defensive capabilities before it works on offense.
Spectrum management will have significant implications for the Internet-of-things, and manufacturers want the US Federal Communications Commission to get allocation policies right.
The US SEC hunts "FIN4," a criminal group believed responsible for cyber-enabled insider trading.
Notes.
Today's issue includes events affecting Australia, Canada, China, Czech Republic, Estonia, Finland, France, Germany, Iran, Israel, NATO, Romania, Russia, Slovakia, and United States.
New York: the latest from the SINET Innovation Summit
SINET Innovation Summit 2015: "Connecting Wall Street, Silicon Valley and the Beltway" (SINET) SINET Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental cybersecurity challenges is critical to the advancement of innovation in the cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on cybersecurity research projects
Regulation Systems Compliance and Integrity (US Securities and Exchange Commission) The Securities and Exchange Commission ("Commission" is adopting new Regulation Systems Compliance and Integrity ("Regulation SCI") under the Securities Exchange Act of 1934 ("Exchange Act") and conforming amendments to Regulation ATS under the Exchange Act. Regulation SCI will apply to certain self-regulatory organizations (including registered clearing agencies), alternative trading systems ("ATSs"), plan processors, and exempt clearing agencies (collectively, "SCI entities"), and will require these SCI entities to comply with requirements with respect to the automated systems central to the performance of their regulated activities
SINET Innovation Summit Connects Nation's Top Leaders from Government, Industry & Investment Communities to Advance Cybersecurity Solutions (VentureBeat) U.S. Department of Homeland Security Deputy Secretary Alejandro Mayorkas and SEC Commissioner Luis A. Aguilar to Keynot
In Wake of Recent Breaches, Onapsis Sponsors SINET Innovation Summit to Raise Awareness for SAP Cybersecurity (Nasdaq) Onapsis, the global experts in business-critical application security and SAP cybersecurity solutions, today announced they are sponsors of the SINET Innovation Summit, June 25th 2015, the TimesCenter, New York
Comilion CEO to discuss collaborative security at SINET Innovation Summit 2015 (Government Security News) Kobi Freedman is Co-Founder and CEO of Comilion, which is developing security intelligence sharing and collaboration networks for regulated and highly sensitive industries
Cyber Attacks, Threats, and Vulnerabilities
Israel Confirms It Was Cyber Attack Target (DefenseNews) Defense Minister Moshe Ya'alon confirmed Wednesday that Israel was the target of cyber attacks by Iran during last summer's Gaza war and by Hezbollah, which reportedly ran an operation going back three years
Assessing The Computer Network Operation (CNO) Capabilities Of The Islamic Republic Of Iran (MEMRI) Iran's interest In further developing its asymmetric warfare potential has never been more vigorous
Israel's Cyber Threats — Not Just from Terrorists (Arutz Sheva) Chairman of cybersecurity conference tells Arutz Sheva Israel's cyber enemies can come from anywhere — even private individuals
Exclusive: Chinese Cyber-Thieves Hack FBI in Dangerous Breach (Newsweek) Chinese hackers have in recent months penetrated an untold number of FBI agents? personnel files, Newsweek has learned, in a breach with potentially dangerous national security implications
Login creds for US agencies found scrawled on the web's toilet walls (Register) Poor security practices and lack of 2FA responsible for leakiness, says report
More fed security woes, more DHS bills and a wait-and-see approach to EAGLE II (FCW) Report: 47 agencies face possible login credential exposure
OPM 'not comfortable' yet admitting 18 million had data stolen (Washington Examiner) Office of Personnel Management Director Katherine Archuleta said that she "is not comfortable" corroborating anonymous reports circulating that sensitive information from as many as 18 million current, former and potential federal employees and their families is in the hands of hackers, after they twice attacked OPM's files last year
Price tag for OPM breach at least $19 million (Christian Science Monitor Passcode) The beleaguered head of the Office of Personnel Management returned to Capitol Hill on Tuesday for the first in a trio of hearings this week over the hack that exposed millions of personal files
NSA Chief Casts Doubt on China as Main Suspect in OPM Data Theft (National Defense) China may not have been responsible for the massive data breach at the Office of Personnel Management that resulted in the theft of millions of government worker records, according to the director of the National Security Agency. Director of the NSA and head of U.S. Cyber Command Adm. Mike Rogers said the process of attributing the OPM data breach is ongoing, and that he does not accept the "assumption" that the breach has been attributed to China, in response to a question during a speech at the GeoInt 2015 conference
Why the OPM Data Breach is Unlike Any Other (Center for Democracy and Technology) The scope of the recent hack of the Office of Personnel Management (OPM), in which the records of millions of current and former federal employees were breached, is exponentially greater than the many other recent headline-generating breaches in the private sector. This breach not only impacts government employees but countless of their partners, associates, and confidantes, and the stolen information includes some of the most intimate personal details about the individuals affected. It also raises real questions about the government?s ability to safeguard the data in its possession, and makes somewhat disingenuous the government?s call to strengthen and enforce private-sector security systems
Official Warns of DoD's Sloppy Cyber Hygiene (Defense News) The Defense Department is struggling to apply software patches for known vulnerabilities in a timely way, leaving systems open to hackers, a senior Pentagon official said Wednesday
Less than one-third of weaknesses in gov't web and mobile apps fixed, new industry report says (FierceGovernmentIT) Only 27 percent of vulnerabilities found in government web and mobile applications are corrected — the worst rate among seven markets that were assessed in a new software security report released June 23
Revelations NSA spied on French presidents called more smoke than fire (McClatchy) Twice since late 2013, President Barack Obama privately assured French President Francois Hollande that the United States had stopped monitoring his communications
Edward Snowden Files Reveal NSA And GCHQ Operated To Subvert Antivirus And Security Software To Spy On Users (TechTimes) The National Security Agency (NSA) and its British counterpart Government Communications Headquarters (GCHQ) are not just infiltrating cell phone networks. They are hacking into the very thing that protects us from surveillance too
Critical flaw in ESET products shows why spy groups are interested in antivirus programs (PCWorld) The flaw could allow attackers to fully compromise systems via websites, email, USB drives and other methods
German Bundestag to rebuild IT systems as cyber attack continues (Global Government Forum) The German lower house of Parliament is working to re-build its IT systems as a cyber attack which has lasted almost two months, is still ongoing
Security researcher casually drops Adobe Reader, Windows critical vulnerability bomb (ZDNet) A Google Project Zero researcher has revealed the existence of 15 vulnerabilities in the software, including critical issues and one exploit which may completely bypass all system defense
Deadly Windows, Reader font bugs can lead to full system compromise (Help Net Security) "Even in 2015 — the era of high-quality mitigations and security mechanisms - one good bug still suffices for a complete system compromise," Mateusz Jurczyk, an infosec engineer with Google Project Zero, noted in a recent talk at the REcon security conference in Montreal
Instapaper for Android vulnerable to man-in-the-middle attacks (Help Net Security) Bitdefender researchers have discovered that Android app Instapaper is vulnerable to man-in-the-middle attacks that could expose users? signup/login credentials when logging into their accounts
Malware attacks leave 1,000 banks in Dyre straits (V3) Hackers are using the Dyre malware to target customers of over 1,000 banks, according to experts at Symantec
Don't Cry Wolf: Tracking Dyre Wolf's Evolution (OPSWAT Blog) Banking Trojans are nothing new to security experts and citizens around the globe. Many banking Trojans seem to come and go, while others leave a reputation that will forever be burned into the psyche of security analysts, such as Carberp, Citadel, Spyeye and of course, Zeus
Bad Actors behind the Dyre botnet operates like a business (Security Affairs) Experts at Symantec observed a significant upsurge in activity over the past year for the Dyre financial Trojan used to target banking customers worldwide
Elusive HanJuan EK Drops New Tinba Version (updated) (MalwareBytes Unpacked) Update: Dutch security firm Fox-IT has identified the payload as a new version of Tinba, a well-known banking piece of malware.In this post, we describe a malvertising attack spread via a URL shortener leading to HanJuan EK, a rather elusive exploit kit which in the past was used to deliver a Flash Player zero-day
Fraud Alert — Business E-mail Compromise Continues to Swindle and Defraud U.S. Businesses (FS-ISAC) FS-ISAC members and federal law enforcement agencies continue to report an increase in wire transfer fraud against U.S. businesses through a scam referred to as "Business E-mail Compromise" (BEC).a BEC is a type of payment fraud that involves the compromise of legitimate business e-mail accounts for the purpose of conducting an unauthorized wire transfer. After a business e-mail account is compromised, actors use the compromised account or a spoofed account to send wire transfer instructions. The funds are primarily sent to Asia, but funds have also been sent to other countries all over the world
UPDATE: City's IT department investigating cyber attack (NewsTalk1010) Mayor John Tory says that there are "very active discussions" taking place between city hall, other levels of government and financial institutions on cyber security
Florida telemarketer, under FTC watch, suffers data breach (IDG via CSO) A Florida-based computer tech support call center has suffered a data breach, with customer records being abused by fraudsters trying to get access to online bank accounts
Hershey Park Investigates Card Fraud Pattern (KrebsOnSecurity) Hershey Park, a popular resort and amusement park in Hershey, Pa. has hired a security firm to investigate reports from multiple financial institutions about a possible credit card breach, KrebsOnSecurity has learned
Six key facts about malicious macros and the cybercrime economy (Help Net Security) Cybercrime is big business and criminals are increasingly exploiting people to circumvent automated protection systems. Cybercriminals have, in the last nine months, increasingly returned to cost-effective macros to reach more targets and see a greater return on their financial investment
Cyber risks in the palm of your hand (Zurich) Employees rely heavily on mobile devices in their work, but do they understand the risks?
U.S. Power Grid Being Hit With ?Increasing? Hacking Attacks, Government Warns (Washington Free Beacon) Potential to 'take down' U.S. power grids, water systems and other critical infrastructure
Security Patches, Mitigations, and Software Updates
iOS 9, Android M Place New Focus On Security, Privacy (InformationWeek) Google and Apple have publicly challenged calls from law enforcement agencies to weaken encryption on consumer devices. In turn, iOS 9 and Android M will sport a string of new security and privacy features for users
Docker To Defang Root Privilege Access (InformationWeek) Docker's upcoming 1.8 release will answer security concerns by separating a running container's root privilege from that of its owner to avoid the owner becoming a "Superuser"
Cyber Trends
Peter Singer: How a future World War III could be a cyberconflict (Christian Science Monitor Passcode) Peter Singer, strategist at New America think tank, is coauthor of forthcoming novel 'Ghost Fleet,' which explores what would happen if digital warfare erupts between nations
Common cybersecurity myths debunked (CSO) One of the greatest challenges for organizations attempting to address cybersecurity risks is the number of fundamental security myths that cause organizations to incorrectly assess threats, misallocate resources, and set inappropriate goals. Dispelling those myths is key to developing a sophisticated, appropriate approach to information security
IT: Forget the device, secure the data (CSO) Last June, Wisegate, a crowd sourced IT research company, surveyed hundreds of its senior-level IT professional members to assess the current state of security risks and controls in business today. The respondents considered malware and breaches of sensitive data to be the primary security risks/threats, followed by malicious outsider risk
Hackers can't wait for consumers to connect fridges and other appliances to the Internet, warns a top security expert (Business Insider) Eugene Kaspersky is the founder of one of the world's most prominent anti-virus companies, known for uncovering some of the biggest digital threats
'Rogue IT' less threatening than thought, and decline may be a good thing (FierceCIO) The term "rogue IT" doesn't seem to grab tech headlines quite the same way as it used to. And for good reason: the practice is on the decline and seen as less threatening
Marketplace
C-Suite Execs Both Confident, And Confused, About Strategic Cyber Defense (Homeland Security Today) RedSeal, a security analytics company, recently conducted a comprehensive study revealing nearly 60 percent of the 350 C-Suite level US executives surveyed believe they can "truthfully assure the board beyond a reasonable doubt" that their organization is secure
Security now top executive priority across all key IT areas: IDC (CSO) Australian business executives have become so concerned about data security that the topic has surpassed all other priorities in all four of IDC's key technology pillars, the research firm has found
How Businesses Can Reduce Cyber Risk: Pre and Post Incident: Businesses Need to Take a More Proactive Approach to Reducing What Is a Fast-Increasing and High-Profile Area of Risk (JDSupra) As the volume of sensitive data that businesses store ever increases, the use of mobile devices continues to grow and cyber villains become ever more sophisticated, it is perhaps of no surprise that we hear about new instances of information theft and data loss on a daily basis
Cybersecurity stocks sell off following Fortinet downgrade (Seeking Alpha) Baird has downgraded Fortinet in response to a healthy 2015 run-up, and many security tech peers have joined the company in seeing profit-taking (HACK -1.3%). The Nasdaq is down just 0.1%. Decliners include FireEye (FEYE -2.3%), Qualys (QLYS -6.7%), KEYW (KEYW -5.1%), Check Point (CHKP -1.9%), Barracuda (CUDA -2.5%), Vasco (VDSI -2.5%), and Proofpoint (PFPT -1.8%). UBS downgraded FireEye to Neutral two days ago while citing valuation, and also cut Symantec to Sell. RBC has hiked its Qualys target by $6 to $44 today, while reiterating a Sector Perform
FireEye Inc (FEYE) Is Well-Positioned To Gain From Differentiated Products: Wunderlich (Bidness Etc.) FireEye challenges the traditional firewall setup, by providing an innovative cyber security package
HP Gets Focused on Split, Promises 'No Business Interruption' for Partners (Channel Partners) HP will begin operating as two separate businesses on Aug. 1, a split that the company?s channel leaders say won?t negatively impact partners
Why Light Point Security is all about 'isolation' (Technical.ly Baltimore) CEO Zuly Gonzalez explains the thinking behind her cybersecurity company's products. Light Point recently signed a pair of deals with other firms to grow its customer base
Global Technology Executive Michael Capellas Appointed to Tenable Network Security Board of Directors (Tenable Network Security) Capellas brings decades of technology business experience as lead director for the world?s leading continuous network monitoring company
Facebook just got a security upgrade - let's hope it works out (Graham Cluley) Facebook has a new Chief Security Officer, replacing Joe Sullivan who left (presumably in a cab) for Uber three months ago
Technologies, Techniques, and Standards
Practical guidance for CISOs from former federal security adviser (CSO) In this edition of the Irari Report, Ira Winkler and Araceli Treu Gomes interview Howard Schmidt, who served as the cybersecurity adviser to both President George W. Bush and President Barrack Obama, Chief Information Security Officer of Microsoft and eBay, among other senior and operational roles in industry and government. Schmidt provides extremely practical guidance for security practitioners and executives, as well as business executives as to how they can create more effective security programs and advance in their careers
How To Avoid Collateral Damage In Cybercrime Takedowns (Dark Reading) Internet pioneer and DNS expert Paul Vixie says 'passive DNS' is way to shut down malicious servers and infrastructure without affecting innocent users
Securing SAP Systems from XSS vulnerabilities Part 2: Defense for SAP NetWeaver ABAP (ERPScan) We continue our series of posts giving a review of one of the most frequent vulnerability which affects a lot of SAP modules: cross-site scripting, or XSS. Today's post describes how to protect SAP NetWeaver ABAP from XSS
Websense's Carl Leonard: Attack Pattern Analysis Can Help Financial Services Firms Protect Data (ExecutiveBiz) A Raytheon?Vista Equity Partners joint venture has published a report that says the financial services industry encounters cyber attacks about 300 percent more often than other business sectors
Confidence is lacking everywhere when it comes to IT security (FierceCIO) When it comes to IT security, one of the greatest vulnerabilities continues to be a lack of confidence — by pretty much everyone
Research and Development
Georgia Tech Receives Nearly $2 Million for Naval Research to Bolster Cyber Defense (Newswise) Researchers from the College of Computing at Georgia Institute of Technology in Atlanta have been awarded nearly $2 million from the Department of the Navy, Office of Naval Research (ONR) and the Assistant Secretary of Defense for Research and Engineering (ASD R&E) to fund projects that will bolster defense and other large-scale systems against cyber attack
Nothing cryptic: Israeli scientist works to simplify information security (JNS) You want to send a PDF to your colleague, but the information is sensitive. You password-protect the document (encryption) and store it on your flash drive. To read the PDF, you share that password with your colleague, who uses it to gain access to the file (decryption). The goal is to ensure that someone who does not know the password cannot decrypt the PDF
Academia
Nation?s Elite Hackers Validate Skills in Cybersecurity Competition (US Cyber Challenge) US Cyber Challenge & Virginia Tech host cybersecurity competition & award ceremony at Eastern Regional Cyber Camp
Utica College Unveils New Masters in Cyber Policy and Risk Analysis (gnomes) Utica College's new online degree, Master of Professional Studies in Cyber Policy and Risk Analysis, will educate and prepare cybersecurity professionals to understand and deal with the unique policy-related challenges that are present in the dynamic field of cybersecurity
Legislation, Policy, and Regulation
Spectrum Management, IoT Security, and Economic Growth (The CyberWire) Spectrum management is an issue for both Internet-of-Things security and technological innovation. We spoke with Brian Raymond of the National Association of Manufacturers on the implications spectrum policy will have for both security and economic growth
Obama raises cyber, maritime concerns with Chinese (Military Times) President Obama closed out two days of talks between U.S. and Chinese officials on Wednesday by raising concerns about Chinese cyber behavior and tensions over disputed seas of East Asia. He urged China to take action to reduce the tensions, the White House said
OPM releases report outlining 'concrete steps' to bolster security, modernize IT systems in wake of breaches (FierceGovernmentIT) Facing heat for a massive cyber breach that exposed the personal information of millions of government employees, the Office of Personnel and Management released a report June 24 saying that the agency has taken ? and is taking ? "concrete steps" to strengthen security and modernize IT systems
Actions to Strengthen Cybersecurity and Protect Critical IT Systems (US Office of Personnel Management) The recent intrusions into U.S. Office of Personnel Management (OPM) systems that house personnel and background investigation data for Federal employees and other individuals have raised questions about the security of OPM data and the integrity of its Information Technology (IT) assets. Since Director Archuleta arrived at OPM, she has led the agency in taking significant strides to enhance cybersecurity and modernize its IT systems ? strides that are in many ways forging new territory and laying groundwork for the rest of government. But recently discovered incidents have underscored the fact that there is clearly more that can and must be done. Government and non-government entities are under constant attack by evolving, advanced, and persistent threats and criminal actors. These adversaries are sophisticated, well-funded, and focused. For that reason, efforts to combat them and improve Federal IT and data security must be constantly improving as well
McCaul says OPM hack should push Senate to act on cyber (FCW) The recently disclosed theft of information on federal employees from government systems should provide the Senate with the necessary urgency to pass cybersecurity legislation, according to one of bill's key sponsor in the House
Senate spy panel approves annual policy bill (The Hill) The Senate Intelligence Committee unanimously approved the fiscal 2016 Intelligence Authorization Act on Wednesday, advancing the annual policy bill to the chamber floor
Cybersecurity and the Need for Information Sharing (Institutional Investor) The U.S. Congress is having another one of its less-than-fine hours on the matter of cybersecurity
Counterterrorism, Backdoors, and the Risk of "Going Dark" (War on the Rocks) The terrorist threat to the United States is evolving rapidly, especially in terms of the methods by which extremists communicate. Counterterrorism analysts and operators face a variety of technical challenges to their efforts. In Oct. 2014, Federal Bureau of Investigation (FBI) Director James Comey warned of the growing risk of "going dark," whereby intelligence and law enforcement agencies "have the legal authority to intercept and access communications and information pursuant to court order," but "lack the technical ability to do so." European Police Chief Rob Wainwright has warned that terrorists are using secure communications in their operations more frequently, a technique the Islamic State of Iraq and the Levant (ISIL) is apparently pioneering. The emergence of secure messaging applications with nearly unbreakable end-to-end encryption capabilities such as surespot, Wickr, Telegram, Threema, and kik highlights how rapid technological change presents a powerful challenge to security and counterterrorism agencies
Why We Need To Take A 'Spartacus' Approach To Data Encryption (LifeHacker) Encryption is still the most effective way to achieve data security from outside threats. However, it can also throw up a red flag that your data is worth stealing — and could even convince government agencies that you have something to hide. According to encryption expert and Silent Circle founder Phil Zimmermann, the solution is for businesses to band together, Spartacus style
Carter: NATO must bolster cyberdefense (AP via KXNews) NATO must improve its ability to defend itself against cyberattacks before it tries to build its offensive cyberwarfare capabilities, Defense Secretary Ash Carter told alliance leaders Wednesday amid rising tensions with Russia, which has proven its willingness to launch computer-based attacks against other nations
NSA Chief Wants to Watch, as Well as Listen and Read (Intercept) The National Security Agency, while primarily occupied by sweeping up billions of phone calls, emails, texts and social media messages each day, wants better visual information about the earth and its residents, too, Admiral Michael Rogers said Wednesday
Brigadier Alan Hill: Cybersecurity In The Military Domain (Cybersecurity Dojo) Brigadier Alan Hill is head of Operate and Defend, Information Systems and Services for the UK Ministry of Defence. He was previously the Army's head of Information Superiority with CIO responsibilities for the military branch. He was commanding officer of the 3rd Division Signal Regiment and the commander of the 11th Signal Brigade. It's fair to say that when it comes to running a tight IT ship, Brigadier Hill knows a thing or two
Former IDF general: We have ability to hack advanced Hezbollah rockets (Jerusalem Post) The IDF's plan to integrate its cyber-warfare units was also on the agenda, with some questioning whether it would "degrade" Israel's capabilities and others seeing it as a "natural evolution"
Proposed Change to ICANN Domain Anonymity Rule Worries Privacy Advocates (Threatpost) A proposed change to the way that registrars treat the private contact details for domain owners could make it easier for anyone to get information on people who use proxy services
Covered California's data-collection plans raise privacy concerns (FierceHealthPayer) State exchange wants to use health information to measure health plan quality
Litigation, Investigation, and Law Enforcement
Exclusive: SEC hunts hackers who stole corporate emails to trade stocks (Reuters) U.S. securities regulators are investigating a group of hackers suspected of breaking into corporate email accounts to steal information to trade on, such as confidential details about mergers, according to people familiar with the matter
Cyber crime: PSNI say hack attack almost shut NI firm (BBC) A Northern Ireland company employing 20 people was almost forced to close after its computer systems were hacked by an international crime gang, police have revealed
How the U.S. Finally Tracked Down a Hacker Kingpin (BloombergBusiness) For the U.S., the extradition of Ercan Findikoglu shows the value of patience when it comes to pursuing suspected hacker kingpins
DeWitt: If there were hackers, 'they will be held accountable' (Hacker Samurai) St. Louis Cardinals owner Bill DeWitt on Wednesday promised a thorough investigation into allegations that team officials hacked Houston Astros computer accounts
Hundreds of Australian nude images posted without women's consent (Naked Security) Two incidences of non-consensual porn have hit Australian headlines recently, along with sneers and jibes at police and the women whose photos were stolen or shared without their approval
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cargo Logistics America (San Diego, California, USA, Dec 2 - 3, 2015) Cargo Logistics America (CLA) connects freight owners with freight movers, fostering multimodal synergy between diverse stakeholders in import, export and domestic supply chains. This year's conference will have a heavy cyber security component
Upcoming Events
Fifth Annual International Cybersecurity Conference (Tel Aviv, Israel, Jun 22 - 25, 2015) The conference, held jointly this year by the Yuval Ne'eman Workshop for Science, Technology and Security, the National Cyber Bureau, the Prime Minister's Office, the Blavatnik Interdisciplinary Cyber Research Center (ICRC) and Tel Aviv University, will bring together leading international cyber experts, policymakers, researchers, security officials, and diplomats for an exchange of knowledge, methods and ideas concerning evolving cyber technologies
Cyber Security for Defense (Augusta, Georgia, USA, Jun 24 - 26, 2015) This conference serves as an opportunity for solution providers to break through the background noise and present their unique ideas and products in an environment specifically tailored to highlighting them, while simultaneously learning about the future requirements of the Military and a variety of other topics. Meanwhile the Department of Defense gets a first hand look at some of the solutions they may have not originally considered, all in pursuit of that best value solution
Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, Jun 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring practitioners and theory together to discuss fundamental Cybersecurity challenges is critical to the advancement of innovation in the Cybersecurity domain. This summit is designed to reinvigorate public-private partnership efforts and increase relationships that foster the sharing of information and joint collaboration on Cybersecurity research projects
AFCEA PNC Tech & Cyber Day (Tacoma, Washington, USA, Jun 25, 2015) The Armed Forces Communications & Electronics Association (AFCEA) - Pacific Northwest Chapter (PNC) will once again host the 5th Annual Information Technology & Cyber Day at Joint Base Lewis-McChord (JBLM) on Thursday, June 25, 2015. The purpose of this annual event is to allow JBLM personnel the opportunity to evaluate the latest Information Technology advancements, as well as to learn more about Cyber Security best practices and remediation strategies
Cybersecurity Outlook 2016 (Tysons Corner, Virginia, USA, Jun 26, 2015) Cybersecurity Outlook 2016 is a breakfast event by Potomac Tech Wire and Billington CyberSecurity that brings together senior executives in the Mid-Atlantic to discuss technology issues in a conversational, roundtable environment moderated by the editor of Potomac Tech Wire and the founder of Billington CyberSecurity. The panel will focus on the overall outlook for cybersecurity, including technology trends, business issues, start-up issues, government needs and predictions
NSA Information Assurance Symposium (IAS) 2015 (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia. Upwards of 2,000 IA professionals area expected to attend with ample opportunities for cross-community collaboration to address the community's most challenging IA concerns. Presentations, training, and demonstrations pertinent to today's work and work planned for the future will be shared during this event. U.S. Government, U.S. Government sponsored contractors, 2nd Party Government, 2nd Party Government sponsored contractors, Academia, and Industry participants will be represented
US News STEM Solutions: the National Leadership Conference (San Diego, California, USA, Jun 29 - Jul 1, 2015) San Diego offers the perfect backdrop for the 4th annual U.S. News STEM Solutions National Leadership Conference, June 29 — July 1, 2015 in San Diego, CA. Please make your plans now to join fellow leaders from business, education and government to maintain our hard-won momentum and forge the STEM workforce of tomorrow
Information Assurance Symposium (Washington, DC, USA, Jun 29 - Jul 1, 2015) The NSA Information Assurance Directorate (IAD)'s Information Assurance Symposium (IAS) is a biannual forum hosted by the National Security Agency (NSA). IAS events of the past have proven to be the preferred Information Assurance event of the year. Leaders and practitioners will deliver vital and relevant answers, direction, and best practice advice for carrying out the Information Assurance mission. The IAS brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry, and academia
Cyber Security for Healthcare Summit (Philadelphia, Pennsylvania, USA, Jun 29 - Jul 1, 2015) Our IQPC Cyber Security for Healthcare Summit will help Hospitals and Medical Device manufacturers to prepare and manage risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital's existing governance, risk management and business continuity framework
Cybergamut Tech Tuesday: The Truth About Security Your System (Elkridge, Maryland, USA, Jun 30, 2015) What does it take to secure a system? What is the logical approach to successfully achieve this endeavor? First, an understanding of who wants access and why is a necessary baseline to form a strategic approach. Next, an understanding of the critical assets in the organization is a must. Finally, an understanding of how to implement a risk-based approach sums up the discussion. Presented by: Dr. Susan Cole
National Cybersecurity Center of Excellence (NCCoE) Speaker Series: Janet Levesque, Chief Information Security Officer at RSA (Rockville, Maryland, USA, Jul 16, 2015) Traditional security models are failing. While the idea of a shift from prevention to detection has gained traction, most current approaches to detection rely heavily on the same techniques that have rendered preventative tools ineffective. The ultimate goal — disrupting and stopping attacks — has continued to elude security experts. The next stage in the industry's evolution is to move to a stance of "dynamic defense," which combines the ability to detect an attack and fully understand its scope and potential impact on the business, and then use the information to disrupt the attack before adversaries can accomplish their goals
TakeDownCon Rocket City (Huntsville, Alabama, USA, Jul 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry's most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks
CyberMontgomery 2015 (Rockville, Maryland, USA, Jul 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders