The CyberWire Daily Briefing 03.19.15

Summary

By The CyberWire Staff

Observers discern weaknesses in the Caliphate's social media presence, and suggest ways of countering it. Of particular note are their characterization of ISIS's online sympathizers as clustering "D-listers" and their advice to treat such sympathizers as a dense network. They also advise that governments outsource social media information operations (which tend to require close attention and a high rate of engagement) to credible third parties.

The Premera data breach post mortems continue as expected. Insurers and healthcare providers are increasingly attractive hacking targets for familiar Willie-Suttonesque reasons: that's where the data (and therefore the money) are.

Security professionals await the expected OpenSSL patch with interest and trepidation.

Snowden-approved OS Tails appears more vulnerable to attack than generally assumed.

Experts offer an antidote to much fear about IoT hacking — without minimizing the real risks, there's more heat than light in evidence concerning remote carjacking, rogue refrigerators, etc.

In industry news, KPMG Australia boosts its cyber security business by acquiring First Point Global. KEYW picks up two smaller firms: Ponte Technologies, LLC and Milestone Intelligence Group.

Enterprise security managers discuss the importance of knowing one's own network, and the benefits of well-crafted policies. Dark Matters grumps about threat intelligence, and their bloggers have a point: general warnings make enterprises uneasy without giving them anything they can act on.

The Chinese government lifts the curtain (a bit) offering an acknowledgement of its offensive cyber capabilities. There's some talk in the US Defense Department of creating a fifth military service dedicated to cyber operations.

Notes.

Today's issue includes events affecting Australia, China, France, Iraq, Syria, United Arab Emirates, United Kingdom, and United States.

Selected Reading

Cyber Trends

Not all data breaches are created equal — do you know the difference? (CSO) Impact to a company during and after a breach varies greatly depending on the type of data, quantity and applicable regulations

Predicting Future Security Threats is a Risky Business (Colaborista) Events cast shadows before them, but the huger shadows creep over us unseen

What we learned about security and privacy at SXSW (Christian Science Monitor: Passcode) Passcode went on the road to South By Southwest Interactive, the annual gathering of digerati in Austin, Texas

The Healthcare Internet of Things: Rewards and Risks (Atlantic Council) The Internet of Things of digital, networked technology is quickly moving to the forefront of society, the global economy, and the human experience

New Research Shows Businesses Not Prioritizing Growing Insider Security Threat (BusinessWire) Clearswift survey shows 73 percent of breaches in last 12 months attributed to internal sources

New Research Finds Lack of Confidence Amongst UK Firms in Data Security Measures (BusinessWire) Less than a third of organisations are very confident in current security measures

UAE users more vulnerable to cyber-attacks, study shows (Gulf News) Country targeted intensely because of high internet penetration and access

It's time you protected your children from cyber-bullying (Khaleej Times) Research shows 40% of the UAE parents reported being worried about cyber-bullying, with 21% having been forced to intervene to protect their children

Legislation, Policy and Regulation

China (Finally) Admits to Hacking (The Diplomat) An updated military document for the first time admits that the Chinese government sponsors offensive cyber units

Lawmakers, policy experts blast barriers to EHR interoperability at Senate hearing (FierceEMR) Epic takes a swipe at CommonWell; Cerner calls it 'a slap in the face' to those working on problem

SecDef say Cyber domain presents profound challenges (Fort Hood Sentinel) Defense Secretary Ash Carter gave his first domestic troop talk as secretary to the cyber warriors assigned to U.S. Cyber Command Friday at Fort Meade, Maryland

We need a cyber corps as a 5th service (Foreign Policy) At U.S. Cyber Command at Fort Meade last week, newly appointed Secretary of Defense Ashton Carter said that a new, independent branch is "one of the futures cyber might have." He is right. We need a new branch of military service. We need a U.S. Cyber Corps

A 'reasonable' view of privacy, security (Washington Times) I recently debated Fox News commentator Judge Andrew Napolitano on the National Security Agency's 215 program, the massive metadata trove of American calling records used to quickly detect if suspected terrorists have contacted anyone inside this country

The FCC Net Neutrality Order: How Does the Open Internet Order Affect You? (Venable Client Alert) On March 12, 2015, the Federal Communications Commission (FCC) released the full text of its Open Internet Order (Order), which they adopted on February 26, 2015. Notwithstanding likely petitions and reconsideration and appellate review, absent a "stay" of the Order, these new regulatory requirements will become effective in the coming weeks

Revisiting the Navy's blueprint for cyber operations (FCW) The Navy's cyber commander recently told Congress how important an operation launched in August 2013 to drive Iranian hackers from a Navy network is to the future of U.S. cyber operations

Outgoing NSA lawyer helped preserve controversial programs (Stars and Stripes) When news of secret National Security Agency surveillance programs began breaking in June 2013, even government insiders had questions. Often, Raj De was the man with the answers

Dimension Data security GM becomes first Australian Children's e-Safety Commissioner (ARN) Government to establish a complaints system, backed by legislation

Dateline

IT Security Entrepreneurs Forum (ITSEF) 2015: Bridging the Gap Between Silicon Valley and the Beltway (SINET) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge

Products, Services, and Solutions

SSL Labs unveils free open source tool, new APIs (Help Net Security) Qualys SSL Labs now includes free assessment APIs, accompanied by a free open source tool that can be used for bulk and automated testing of websites

OPSWAT Brings Multi-Anti-Malware Scanning to Exchange Server (IT Business Net) OPSWAT, provider of solutions to secure and manage IT infrastructure, today announced the release of the new Mail Agent for Microsoft Exchange Server for their multi-anti-malware scanning and threat prevention product Metascan®. The Mail Agent is a result of OPSWATs recent acquisition of Red Earth Software, developer of email security solutions for Exchange Server. The new Mail Agent now extends OPSWATs advanced threat protection technology to email-borne threats

Covata and NSC Global launch Safe Share into the T-Systems Deutsche Telekom global marketplace at CEBIT in Hannover, Germany (Covata) Data security company Covata, industry partner NSC Global and leading telecommunications company T-Systems today teamed up at CeBIT Germany to launch Safe Share™ to the European market

Barracuda Updates MDM Platform to Support Android Devices (eWeek) The platform is part of the Total Threat Protection initiative, aimed at providing integrated security protection across multiple threat vectors

China-made smartphones speak in forked Android (EET Asia) A forked version of the Android operating system seems to be spreading across China, proving the growing fragmentation of Android devices

Technologies, Techniques, and Standards

Native Hadoop security tools are not enough (Help Net Security) While an overwhelming majority of Hadoop users agree that data security is a critical requirement, most disagree or are not sure that its native security tools provide enough protection for their sensitive data

Do your attackers know your network better than you? (Help Net Security) Cyber crime is a lucrative business. In fact, to make the cyber attack as profitable as possible and to minimize the risk of getting caught, attackers and black hat hackers take their time and will in most cases investigate their potential target before they go in for the steal. They comprehensively study the network with the aim to find weak spots which could be exploited, and they could even go as far as to spy on key personnel and study their behavior on the corporate network to find loopholes and thus a way in

Corporate Security Policies: Their Effect on Security, and the Real Reason to Have Them (Tripwire: the State of Security) Sarah Clarke and a few others were running a discussion on Twitter trying to hash out if security policies have any value. The discussion was started by a person critically stating that as far as he was concerned, they have no value at all

Why senior managers need to be involved in data security (Help Net Security) The networking environment has changed radically in recent times. In today's world of increasing wireless use, widespread BYOD, more home working, more remote access, more consumer devices and the huge popularity of social media, the network is becoming ever more distributed. In this situation, security breaches are inevitable, as is evidenced by the regular reporting of breaches at major organizations

Pseudo Threat Intelligence — All I Want You to Know (Dark Matters) We Need to Talk About Attribution was an interesting article — the author is a well known and respected professional named Jack Daniels, who I have followed throughout the years

Celebrity nude cyber attacks can teach small businesses a lesson (Guardian) The big online breaches show smaller firms where to focus their security efforts

Marketplace

Investment in cyber security boosts revenue (Link2) Businesses that invest in cyber security see more growth, according to recent statistics

Business will have to embrace security as a service, says Gartner (ComputerWeekly) Businesses will increasingly be forced to adopt cloud-based security services to take care of the basics so they can concentrate on more complex threats, says Gartner

Don't overlook your biggest security flaw — your talent (CIO) What's your best line of defense against cybersecurity threats? Skilled, experienced, highly trained IT talent. Don't skimp on hiring, training and retention, or your business may suffer the consequences

FireEye Ranks as Top Cybersecurity Pick on Risk/Reward Basis (CHKP, PANW, FEYE) (Small Cap Network) Check Point Software Technologies Ltd. (NASDAQ:CHKP) and Palo Alto Networks Inc. (NYSE:PANW) are good companies, but FireEye Inc. (NASDAQ:FEYE) is the better investment right now

KPMG Australia to acquire First Point Global and expand cyber security business (CNW) KPMG Australia will acquire Asia Pacific cyber security technology solutions business, First Point Global, as part of a global strategy to expand the firm's cyber capabilities. Today's announcement marks the fourth cyber acquisition by the KPMG international network in the past five months

KEYW Acquires Ponte Technologies and Milestone Intelligence Group (Seeking Alpha) The KEYW Holding Corporation (Nasdaq:KEYW) announced today it has acquired Ponte Technologies, LLC (PonteTec) and Milestone Intelligence Group, Inc. (Milestone), significantly increasing its cyber capabilities for both government and commercial customers

KEYW buys 2 Baltimore-area cyber firms (Baltimore Business Journal) KEYW Holding Corp. purchased two small cyber security firms since the beginning of the year and will move to create a new business group focused on emerging markets and technologies, it said Wednesday

$18M investment in Darktrace paves the way for women in cybersecurity (Upstart Business Journal ) The UpTake: This $18 million cash infusion in a woman-led cybersecurity company with a history of hiring women IT specialists could help pave the way for a more equally representative industry

Blackstone Group Invests in RedOwl Analytics (FINalternatives) Blackstone Group has closed a strategic investment with RedOwl Analytics, a developer of risk detection platforms and IP loss detection capabilities

Interset Closes $10M in Funding to Expand Advanced Threat Detection Platform (BusinessWire) Advanced threat detection innovator Interset has closed a $10M round to expand the capabilities and accelerate adoption of its advanced threat detection platform, the company announced today. Interset's platform enables IP driven companies to deliver an effective defense against targeted attacks and data breaches in industries such as manufacturing, defense, technology, energy and pharmaceuticals. New investors include lead investor Toba Capital, and Informatica, (Nasdaq:INFA), the world's number one independent provider of data integration software. Continued support from existing investors Anthem Venture Partners and Telesystem Ltd. completed the round

Why BlackBerry Ltd. and IBM Corp. Rebuilt Samsung's Galaxy Tab S (Motley Fool) BlackBerry (NASDAQ: BBRY) just made a surprising return to the tablet market with the SecuTABLET, a high-security version of Samsung's (NASDAQOTH: SSNLF) Galaxy Tab S 10.5 developed by BlackBerry subsidiary Secusmart, Samsung, and IBM (NYSE: IBM)

Integrata CEO Michael Geppi stepping down after Larry Hogan appointment (Baltimore Business Journal) Integrata Security CEO Michael Geppi has been named an under secretary in the state health department and the Columbia cyber firm is bringing on a new president

TrapX lures former FireEye exec to take the helm (ZDNet) The former FireEye executive will lead the company in developing ways to combat APTs, Zero days and new, advanced threats

Security Patches, Mitigations, and Software Updates

Android Security Gets Better with Lollipop (InformationWeek) It's reassuring to see Google deploying new and improved security features as its mobile OS matures

Cyber Attacks, Threats, and Vulnerabilities

Three Steps To Destroy ISIS on Twitter (Defense One) Data scientists say Twitter has done much to thwart ISIS, but offer these simple steps to degrade the group and its massive online following

FBI probes hacking of Christian school website (Christian Today) The FBI has joined the probe into the hacking of a Christian school website in Virginia, the third organisation in the area to be victimised this year

Premera Blue Cross Cyberattack Exposed Millions Of Customer Records (NPR) Another big health insurance company has revealed it has been the target of a massive cyberattack

Why Are Health Insurers Hacker Targets? (GovInfoSecurity) 'Treasure trove' of personal information has high appeal

Could a new OpenSSL defect be worse than Heartbleed? (TechRadar) Fix coming on Thursday

'Voodoo' Hackers: Stealing Secrets From Snowden's Favorite OS Is Easier Than You'd Think (Forbes) The Snowden leaks have taught us much about the tactics employed by the NSA and GCHQ, from brazen malware attacks to more esoteric dark arts, such as infecting low-level pieces of computer code. Correspondingly, research into more surreptitious activities targeting the guts of modern systems is often overshadowed by studies of the more obvious attacks. Yet such high-tech techniques pose a more severe risk. They can, for instance, allow agencies to spy on Tails, the Linux-based secure operating system favoured by Snowden. And they're not as difficult to exercise as many would imagine. They can totally obliterate the privacy of even the most careful computer user

Microsoft takes 4 years to recover privileged TLS certificate addresses (Ars Technica) Addresses allowed holder to acquire certs that enabled man-in-the-middle attacks

Kaspersky Lab provides updates on 'Crouching Yeti' threat group (SC Magazine) Kaspersky Lab has released new information on the threat group referred to as "Crouching Yeti" that it initially wrote about in July 2014

Hillary Clinton's E-Mail Was Vulnerable to 'Spoofing' (Bloomberg View) Hillary Clinton didn't take a basic precaution with her personal e-mail system to prevent hackers from impersonating or "spoofing" her identity in messages to close associates, according to former U.S. officials familiar with her e-mail system and other cyber-security experts

Beware of the latest tech support scam (WTOP) When I searched Google for the tech support number for Norton Antivirus, the person that answered sounded extremely foreign and wanted my credit card number, so I hung up. How can I get the real number?

OKC.gov undergoes cyberattack for second straight day (KOCO) Targeted yet again, Wednesday morning's message on OKC.gov said it all: Nothing to display, in a frustrating bit of deja vu

Security Think Tank: People and process remain the soft underbelly of banks (ComputerWeekly) The Carbanak attack shows the fundamental cyber security flaw in the banking sector is not technology but people and processes

Is Car Hacking Much Ado About Nothing? (Texas Lawyer) First, it was phone tapping, then computer hacking and identity theft. Now, the electronic fear du jour is car hacking. As our cars are powered by ever-increasing numbers of computers and software programs, and as automakers promote connectivity (from traffic-monitoring apps to mobile phone synchronization and collision avoidance systems), alarms have been raised about the possibility of hackers obtaining access to a car's computers. One particularly bleak scenario involves hackers wreaking havoc on self-driving cars, whose hapless passengers won't even have time to grab the steering wheel before their four-wheeled mobile devices engage rampage mode

Security risks of networked medical devices (Help Net Security) Networked medical devices linked to the Internet of Things (IoT) hold tremendous promise if security is built in from the outset, according to a new report by Intel Security and the Atlantic Council

Internet of things: Sillier and scarier and coming your way (ZDNet) How many software updates does it take to change a light bulb? What happens when a blast furnace gets hacked? Seriously: Security looms as the elephant in all of our IoT rooms

Academia

Northeast Collegiate Cyber Defense Competition: Preparing The Next Generation Of Cyber Professionals (HS Today) Although predictions indicate cybersecurity is going to be the fastest growing homeland security market, as positions in the cybersecurity field open up employers will find there is a major shortage of professionals with the skills necessary to fill the positions

£38m cyber security centre boost (Belfast Telegraph) A multi million pound expansion of Queen's University's cyber security centre in Belfast could create 25 new jobs

Litigation, Investigation, and Enforcement

France steps up monitoring of cash payments to fight 'low-cost terrorism' (Reuters) France will step up monitoring of cash payments, withdrawals and small bank accounts to better fight against the financing of terrorism, Finance Minister Michel Sapin said on Wednesday

'Traitor' Snowden endangered spies with NSA leaks, claim UK security chiefs (Russia Today) Edward Snowden's National Security Agency (NSA) leaks damaged national security, exposed spies to danger, aided terrorists and cost the UK taxpayer money, according to senior British security officials

FBI probes possible China military link in cyber attack: FT (Reuters) The FBI is looking into whether the Chinese military was involved in a cyber attack on Register.com, a unit of Web.com, the Financial Times reported Wednesday, citing sources familiar with the probe

Design and Innovation

The need for information security innovation (Help Net Security) The increasing number of connected devices is multiplying the probability of cyberattacks on companies across sectors. This is compelling organizations to adopt cybersecurity solutions in order to secure computing resources, information, networks and applications. As such, innovations will be directed towards fortifying sophisticated technologies such as cloud computing, big data, wireless communication, and the Internet of Things (IoT)

CIO Journal: Microsoft Tackles Some Security Issues (Wall Street Journal) Microsoft Corp. has made changes to its Windows software to address security challenges inherent in prior versions. Although still in the early stages of adoption, Windows 8 and the coming Windows 10 include technology that could help chief information officers shield the operating system from malicious code

Google aims to make Play Store safer, sets up human app review team (Help Net Security) The time has come for Google to add some more hoops for Android app developers to jumpt through in order to get their offering accepted to the Google Play store

Meaningful Human Control in Weapon Systems: a Primer (Center for a New American Security) Information technology is driving rapid increases in the autonomous capabilities of unmanned systems, from self-driving cars to factory robots, and increasingly autonomous unmanned systems will play a significant role in future conflicts as well

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cloud Security Alliance Federal Summit (Washington, DC, USA, May 5, 2015) The Cloud Security Alliance Federal Summit, is a one day free-for-government event taking place at the Ronald Reagan Building and International Trade Center and is expected to draw 250 information security professionals from civilian and defense agencies to share experiences and lessons learned about best practices for securing cloud computing and emerging security topics

upcoming Events

IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge

Philadelphia SecureWorld (Philadelphia, Pennsylvania, USA, March 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynote speakers will be Larry Ponemon (of the Ponemon Institute) and Christopher Pierson (General Counsel & Chief Security Officer, Viewpost)

2015 Cyber Security Summit (McLean, Virginia, USA, March 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China for exploitation and theft. This results in huge losses of valuable trade secrets and sensitive customer information. This rampant industrial espionage costs American jobs." Join us for our annual Cyber Summit where thought-leaders from across the public and private sectors who have real-world experience effectively managing large scale policies and programs will provide information and updates to the POC attendees

B-Sides Salt Lake City (Salt Lake City, Utah, USA, March 20 - 21, 2015) B-Sides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

CarolinaCon-11 (Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event. If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-11, we cordially invite you to submit your proposal

Cyber Security Conference 2015 (Bolton, UK, March 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North West Cyber Security Conference. From large corporations to micro businesses the importance of protecting personal and commercial information has become much more important with the introduction of the smart phone and other portable device's. When it comes to Information Security Systems small businesses and large corporations believe they are doing all they need to secure themselves and their clients

Fraud Summit Altanta (Atlanta, Georgia, USA, March 24, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Atlanta event include presentations on the insider cyber threat, threat intelligence, fraud-as-a-service, POS security, fraud detection through big data, and mobile banking fraud

CyberTech Israel 2015 (Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems they rely on every day. For this purpose, it is essential to maintain a direct, on-going contact with the latest developments and changes in the cyber defense market. To this end, we are pleased to invite you to Cybertech 2015, the International Conference & Exhibition for Cyber Solutions, taking place on March 24th-25th, 2015 in Tel Aviv, Israel. Cybertech Conference and Exhibition, an initiative of Israel Defense, is the largest exhibition and conference of cyber technologies outside of the US

Global APT Defense Summit (Atlanta, Georgia, USA, March 25, 2015) This event will lay out a defense framework, which describes the appropriate phases, from establishing a resilient security baseline, through gathering threat intelligence, zero-day malware detection, security analytics to how an appropriate, measured response capability can be established. Each of these defense phases are described in lock step with those of the attack. We will also provide detailed examples of the "Fail Chain," where we dissect a number of high-profile breaches and show where the opportunities to defeat them were missed. The market is currently awash with fragmented and contradictory messaging. This unique, intense day of sequential attack- and defend-based sessions will clarify both the problem and describe the end-to-end solution, delivering an actionable framework for attendees to integrate into their existing security strategies

2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado Springs (UCCS). The theme for CFD 2015 will "Cybercrime". Industry experts will be on hand to brief attendees on the latest trends, and best practices, in cybersecurity. This one-day forum will offer IT, business, law enforcement, government, military, academic, training, and other professionals a unique, local opportunity to get up-to-date information on rapidly evolving cybersecurity challenges

28th Annual FISSEA Expo (Gaithersburg, Maryland, USA, March 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals

Conference on Cyber Defence in Europe (Berlin, Germany, March 25 - 26, 2015) The conference aims to address these and other issues of cyber defense in a broad audience of policy-makers, senior officials and experts from EU institutions and Member States, representatives of industry and academia. Thus the conference aims at discussing EU cyber defence matters among an audience of approximately one hundred policy-makers, senior officials from EU entities and from EU Member States as well as other interested officials in four panels: Implications of the EU's Cyber Defence Policy Framework; the EU's Mutual Defence and Solidarity Clause in the Cyber Context; Cyber Defence in EU Military Operations; and Civil-Military Cooperation in Cyber Defence

CYBERWEST (Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic, legal, regulatory and insurance impacts. Discuss cybersecurity issues and to focus on applied cybersecurity (i.e. implementing the NIST framework, R&D, legal and regulatory perspectives, state and local approaches). Present content that attendees can take back and use in their organizations

Fraud Summit Dubai (Dubai, United Arab Emirates, March 26, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Dubai event include the threat of insider fraud, ATM security, mobile banking risks and their mitigation, the role of law enforcement agencies, digital forensics, and threat information exchange for actionable intelligence

Women in Cyber Security (Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally. Even worse, women's representation in this male-dominated field of security is alarmingly low. Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option

Automotive Cyber Security Summit (Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel discussions and networking sessions

Insider Threat Symposium & Expo (Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively focused on insider threat awareness, insider threat program development and implementation and insider threat risk mitigation.The ITS&E will provide attendees with access to a broad network of security professionals to collaborate with on insider threat risks, insider threat detection, insider threat risk mitigation strategies and insider threat program development, implementation and management. The expo will include vendors that have proven technologies and services for insider threat risk mitigation

Kansas City Secure World (Kansas City, Missouri, USA, April 1, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. James Beeson (CISO, GE Capital Americas) will deliver the keynote

Coast Guard Intelligence Industry Day (Chantilly, Virginia, USA, April 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners and stakeholders in support of mission of execution. This event will be Coast Guard Intelligence's most significant and inclusive outreach event of the year.

Centers for Medicare and Medicaid Services (CMS) CISO Security & Privacy Forum (Woodlawn, Maryland, USA, April 7, 2015) The CISO Security & Privacy Forum is hosted by the Information Security Privacy Group (ISPG) at CMS. The Vision for ISPG is to provide leadership to CMS in managing information security and privacy risks appropriate for evolving cyber threats. The Mission is to enable the safe use of sensitive and privacy data while servicing the healthcare needs of the nation. The format for this event will include briefings from government and industry. Our featured speaker is from the Interagency OPSEC Support Staff and will present on "TRASHINT: Dumpster Diving", a very popular topic which teaches attendees how one person's trash can be another person's treasure

10th Annual Cyber and Information Security Research Conference (Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are able to properly balance the risks and rewards, understand and communicate threats to security and privacy, and rapidly adapt any resulting approach to a changing adversarial environment. The 10th Annual Cyber and Information Security Research Conference at Oak Ridge National Laboratory in Oak Ridge, Tennessee will bring together cyber security researchers, program managers, decision makers, security vendors, and practitioners to discuss many challenging tasks and novel solutions pertaining to cyber security

Cyber Threats Masterclass (Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge of specific issues such as cyber crimes and crimes against the environment. The courses are tailored to journalists and chief information officers, as well as those who want to specialize in this area, offering a unique opportunity to network with renowned international experts

InfoSec Southwest 2015 (Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter, InfoSec Southwest is intended to both provide a comprehensive and valuable forum to all participants as well as fill a gap for our local attendees left by the other few conferences held here in Texas which are all focused on a narrower scope of subject matter or a narrower slice of audience demographic

Cybergamut Tech Tuesday: Tor and the Deep Dark Web (Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external threat data can be helpful in evaluating intelligence but how do you identify relevance? Created as a means of protecting the privacy and anonymity of its users, Tor — the managed network of private computers leveraged by criminal elements to minimize the risk of surveillance and capture — is being exploited by the most technically proficient, aggressive, and organized of criminal syndicates

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security and networking at home and in the office. This event's objective is to educate users on IT security and related topics. The event will feature guest speakers on general and technical IT security topics and tutorials on internal services and products.

Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored cyber-attacks and SCADA Security Assessment

Cyber Security Summit: Financial Services (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective strategies and solutions to effectively mitigate them

INTERPOL World 2015 (Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from around the world to identify future challenges and propose and build innovative solutions

Mid-Atlantic ISSA Security Conference 2015 (Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current state of various information security topics. The cost is $150 per person, including breakfast and lunch; pre-registration is required in order to get onto the NIST campus

Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, April 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges facing today's government leaders. This year, former FBI Director Robert Mueller will deliver the keynote address, and the program will also feature sessions on CDM, risk management, security intelligence, secure app management, cyber legislative priorities, and much more. The theme of the 2015 Symposium is "Secure Government: Manage, Mitigate, Mobilize"

IIT Cyber Forensics and Security Conference and Expo (Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes discussion and debate over forensics, security, data/information governance, cyber crime and security, ethical hacking, eDiscovery, cloud forensics, steganography, policy and compliance, privacy, wireless security, cloud computing, identity theft, and more

RSA Conference 2015 (San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015

Australian Cyber Security Centre Conference (Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise. This will be your first chance to experience the unique collaboration of the ACSC. Over 700 attendees from the national and international ICT community are expected to attend

Security Forum 2015 (Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives of business, research and public service

CyberTexas / CyberIOT (San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection of cyber security and the internet of things'

Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, April 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University

INTEROP Las Vegas (Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.