The CyberWire Daily Briefing 03.18.15

Special Section

news from SINET ITSEF 2015

Tuesday's workshops at ITSEF included tracks on the next-generation security operations center, venture capitalists' look at the cyber market, the impact of the software-defined perimeter, CISOs and the risks they take to mitigate risk, the speed of cyber innovation (and its frontiers), and advice on breaking into the Federal marketplace. Here are a few highlights.

What big commercial enterprises are looking for in security solutions. Facebook's CSO, Joe Sullivan, described his company's search for out-of-the-box solutions, and would rather work with startups than established companies. Usability and non-signature-based detection are of particular interest. HP's CISO Brett Wahlin described needing mature products on their network. They're less receptive to new, high-risk products, and anything they adopt needs to integrate well with their existing products stack. Analysis of data, not mere collection and sharing, is critical.

The irreducible human element of cyber defense. Blackstone's Jay Leek argued that security has an irreducible human element, focused on changes, patterns, anomalies, correlations. Recognizing this leads naturally to an approach that focuses on visibilty, intelligence, and response (which Leek noted was equally applicable to insider threats). Adobe's Brad Arkin described taking a DevOps approach to build servers — rebuilding pristine environments every few hours — as a way of enhancing security. Doing this changes attackers' cost equation, particularly in the way it reduces low-hanging fruit. CISOs on the panel generally agreed that traditional layered security will not keep up with swiftly advancing threats.

Next-generation SOCs: automation, information-sharing, and anonymity. Panelists thought that barriers to SOC success tend to lie outside the control of the SOCs themselves. Executive clarity with respect to goals and direction is necessary to effective SOC operation (and often missing), but all SOCs face the challenge of finding adequately skilled staff: here, too, the human dimension is crucial. Automation could relieve SOC watchstanders' routine workloads, freeing them to concentrate on analysis and anomaly recognition: information sharing at machine speed should, panelists thought, be the goal. Dell's Russell Murrell framed the SOC's well-known false alarm problems as essetially a big data analysis issue. But whatever automation emerges, recruiting staff will continue to remain a challenge. Stronger differentiation of roles and better defined career paths would help. The panel concluded with observations about anonymity, which they agreed had to be the default position in information sharing. The Secret Service's Eduardo Cabrera argued that only anonymity would allow information sharing to scale. Homeland Security Deputy Assistant Secretary Greg Touhill called anonymity essential. He also hoped for legislation that would remove liability barriers to information sharing.

SINET continues today. The CyberWire will be live-tweeting from the workshops and general sessions.

Summary

By The CyberWire Staff

France's government reaches for more expansive surveillance powers, but doesn't wait for legislation to shutter five websites for "condoning terrorism."

Premera, a large American health insurance company, discloses that it was the victim last year of a data breach exposing some 11 million people's personally identifiable information. The attack began in May 2014 and was discovered in January of this year. Premera has posted advice to affected customers. Observers note similarities between this incident and the Anthem case (attackers spoofed a company website in both cases.

LifeWise, another US health insurance provider, also discloses a breach. It's offering identity-theft protection to a quarter million customers, most of them in Washington, Oregon, and Arizona. Both Premera and LifeWise announce they've retained FireEye's Mandiant unit to investigate and assist with remediation. To round up today's healthcare and insurance sector breaches, Oregon-based Advantage Dental (not an insurer, but a care provider) warns 151,000 patients that a hacker has accessed their HIPAA-protected data.

The Andromeda botnet returns, and expands.

Dark web black market "Evolution" suddenly vanishes, and buyers of the contraband traded there are surprised and aggrieved to learn that a criminal market's proprietors would abscond with their funds: about $12 million in Bitcoin.

University researchers report a new way of de-anonymizing Tor users.

Synack says it's found a way around Apple's Gatekeeper.

Fresh concerns surface about airliner avionics' possible vulnerability to hacking.

D-Link patches firmware in wireless range extenders and WiFi cameras.

Raytheon appears closer to buying Websense for a reported $1 billion.

Notes.

Today's issue includes events affecting Australia, Canada, France, Germany, Iran, Ireland, New Zealand, Norway, United Kingdom, and United States.

Selected Reading

Mountain View: the latest from SINET ITSEF 2015

IT Security Entrepreneurs Forum (ITSEF) 2015: Bridging the Gap Between Silicon Valley and the Beltway (SINET) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge

Cyber Attacks, Threats, and Vulnerabilities

Kaspersky Lab provides updates on 'Crouching Yeti' threat group (SC Magazine) Kaspersky Lab has released new information on the threat group referred to as "Crouching Yeti" that it initially wrote about in July 2014

Hillary Clinton's E-Mail Was Vulnerable to 'Spoofing' (Bloomberg View) Hillary Clinton didn't take a basic precaution with her personal e-mail system to prevent hackers from impersonating or "spoofing" her identity in messages to close associates, according to former U.S. officials familiar with her e-mail system and other cyber-security experts

Cyber Trends

The Healthcare Internet of Things: Rewards and Risks (Atlantic Council) The Internet of Things of digital, networked technology is quickly moving to the forefront of society, the global economy, and the human experience

Marketplace

KEYW Acquires Ponte Technologies and Milestone Intelligence Group (Seeking Alpha) The KEYW Holding Corporation (Nasdaq:KEYW) announced today it has acquired Ponte Technologies, LLC (PonteTec) and Milestone Intelligence Group, Inc. (Milestone), significantly increasing its cyber capabilities for both government and commercial customers

Products, Services, and Solutions

Covata and NSC Global launch Safe Share into the T-Systems Deutsche Telekom global marketplace at CEBIT in Hannover, Germany (Covata) Data security company Covata, industry partner NSC Global and leading telecommunications company T-Systems today teamed up at CeBIT Germany to launch Safe Share™ to the European market

Technologies, Techniques, and Standards

Pseudo Threat Intelligence — All I Want You to Know (Dark Matters) We Need to Talk About Attribution was an interesting article — the author is a well known and respected professional named Jack Daniels, who I have followed throughout the years

Design and Innovation

Meaningful Human Control in Weapon Systems: a Primer (Center for a New American Security) Information technology is driving rapid increases in the autonomous capabilities of unmanned systems, from self-driving cars to factory robots, and increasingly autonomous unmanned systems will play a significant role in future conflicts as well

Legislation, Policy, and Regulation

Lawmakers, policy experts blast barriers to EHR interoperability at Senate hearing (FierceEMR) Epic takes a swipe at CommonWell; Cerner calls it 'a slap in the face' to those working on problem

Industry Events

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, Mar 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge

Philadelphia SecureWorld (Philadelphia, Pennsylvania, USA, Mar 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynote speakers will be Larry Ponemon (of the Ponemon Institute) and Christopher Pierson (General Counsel & Chief Security Officer, Viewpost)

2015 Cyber Security Summit (McLean, Virginia, USA, Mar 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China for exploitation and theft. This results in huge losses of valuable trade secrets and sensitive customer information. This rampant industrial espionage costs American jobs." Join us for our annual Cyber Summit where thought-leaders from across the public and private sectors who have real-world experience effectively managing large scale policies and programs will provide information and updates to the POC attendees

BSides Salt Lake City (Salt Lake City, Utah, USA, Mar 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

B-Sides Salt Lake City (Salt Lake City, Utah, USA, Mar 20 - 21, 2015) B-Sides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

CarolinaCon-11 (Raleigh, North Carolina, USA, Mar 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event. If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-11, we cordially invite you to submit your proposal

Cyber Security Conference 2015 (Bolton, UK, Mar 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North West Cyber Security Conference. From large corporations to micro businesses the importance of protecting personal and commercial information has become much more important with the introduction of the smart phone and other portable device's. When it comes to Information Security Systems small businesses and large corporations believe they are doing all they need to secure themselves and their clients

Fraud Summit Altanta (Atlanta, Georgia, USA, Mar 24, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Atlanta event include presentations on the insider cyber threat, threat intelligence, fraud-as-a-service, POS security, fraud detection through big data, and mobile banking fraud

CyberTech Israel 2015 (Tel Aviv, Israel, Mar 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems they rely on every day. For this purpose, it is essential to maintain a direct, on-going contact with the latest developments and changes in the cyber defense market. To this end, we are pleased to invite you to Cybertech 2015, the International Conference & Exhibition for Cyber Solutions, taking place on March 24th-25th, 2015 in Tel Aviv, Israel. Cybertech Conference and Exhibition, an initiative of Israel Defense, is the largest exhibition and conference of cyber technologies outside of the US

2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, Mar 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado Springs (UCCS). The theme for CFD 2015 will "Cybercrime". Industry experts will be on hand to brief attendees on the latest trends, and best practices, in cybersecurity. This one-day forum will offer IT, business, law enforcement, government, military, academic, training, and other professionals a unique, local opportunity to get up-to-date information on rapidly evolving cybersecurity challenges

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.