The CyberWire Daily Briefing 03.30.15
news from the Women in Cybersecurity conference
The 2015 annual Women in Cybersecurity conference, organized by Tennessee Technology University and the National Science Foundation, met Friday and Saturday in Atlanta, Georgia, USA. The CyberWire is pleased to summarize its highlights below.
Debunking myths about security engineers. Facebook's Jenn Lesser Henley shared her personal history to encourage those attending the conference to expand their notion of who might become a security engineer. She came to security from an academic background in communications, but as someone who had a strong, longstanding love for mathematics. After working for PayPal earlier in her career, she moved to Facebook, where she's now Director of Security Operations. She characterizes this move as risky, but retrospectively and at the time a risk worth taking. She finds her strategic responsibility for security across Facebook "fast-moving, challenging work." "The Internet is our shared space, and for it to be strong, it must be secure," Henley said. She predicts that there will be 1.4 million jobs in information security by 2020, and these jobs will be hard to fill. Given that diverse teams demonstrably perform better, she asks, why then don't more people — especially young women, go into security? Women have said they think the field lacks glamor, creativity, and the opportunity for collaborative work. But in fact, Henley argued, security offers all three. She encouraged people to think of security in terms of protectors and defenders, all of whom need empathy to do their work effectively. Empathy enables us to place problem-solving in context. Henley sees encouraging signs we're headed in the right direction. Find a cheerleader, she advised, and said there are plenty of them out there. She closed by challenging all to bring empathy to innovation.
In response to a question about how one might enter cyber security without being an engineer, Henley noted her own background and reminded all that cyber security is "a vast, multi-disciplinary field, with room for all." She offered some tips on communicating: have an ally, define your own response, and ask people how they handle difficult situations.
Security must be user-friendly by design. Google's Dr. Iulia Ion introduced the evening program. She noted the importance of making security easy to use, lest users simply bypass it. About a third of respondents to a Google survey reported a compromise, with the most common attack being password theft. Two-factor authentication, she noted, is one obviously important measure we should take, but we must also address account recovery. Google tries to contact users through multiple channels, and supports authentication with a risk analysis engine. She concluded with some common-sense (if counter-intuitive) observations on using physical devices in authentication: your phone, she said, is harder to steal than your password.
Cyber security is all about the numbers. Sherri Ramsay (of CyberPoint International) delivered a keynote on the state of the industry, and about the role that women can, do, and should play in it. In the 1970s when she was an undergraduate, there were few computer science programs, and few women majored in science, technology, engineering or mathematics (STEM). She reviewed the history of ARPANET, the early 1970s precursor of the Internet, pointing out that it was emphatically not designed for security. We all take advantage of the Internet's convenience as an open network of networks. The Internet, pervasive in daily (and economic) life and central to national security, drives the growth of cyber security as a career field. Our intellectual property is our greatest national asset, and it's easily exposed and stolen. There are now 2.2 billion Internet users, and some 200 thousand new pieces of malware appeared last year. The FBI, Ramsay commented, says it costs companies about $8.9m to remediate an intrusion, and a compromised company needs on average 243 days to clean up its networks. More than 1 billion pages of intellectual property were stolen last year. "So what more important job can there be," she asked students, "than protecting the Internet?" She challenged colleges to offer more cyber-relevant majors, and she challenged women to increase their participation in STEM fields. She closed with advice to students and those just beginning their careers: learn every day, have three mentors (and these will change over the course of one's career), "be hard to manage" (that is, challenge and question), and remember, "it's always right to do the right thing."
National Science Foundation opportunities. Victor Piotrowski of the National Science Foundation (NSF), en route to introducing Saturday's morning keynote , took the opportunity to draw students' attention to three major NSF cyber programs: Secure and Trusted Cyberspace (SaTC), CyberCorps Scholarships for Service (SFS), and Advanced Technological Education (ATE). (We include links to these programs in the "Dateline: Atlanta" section below.)
DHS cyber vision: industry, technology, and trust. Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity and Communications for the National Protection and Programs Directorate (NPPD) at the US Department of Homeland Security (DHS), delivered the morning keynote. After expressing her gratification and "amazement" at seeing hundreds of women interested in cyber security gathered in one place, she described DHS's vision for infrastructure cyber protection, with particular emphasis on the Department's National Cybersecurity and Communications Integration Center (NCCIC). The NCCIC is the Government's 24/7 cyber watch center, with connections to other agencies and the private sector. She emphasized the importance of avoiding surprise, and the need to look at cyber challenges holistically, while balancing security with privacy and civil liberties. Her vision for the future is the development of a security system in which machines can see attacks coming (the way meteorologists see storms approaching) and enable a response as fast and effective at the human immune system's response to disease. We need, she said, to build trust, share and communicate for situational awareness, and then let the machines operate at speed.
Dr. Schneck encouraged students to pursue cyber security as a career, and described her own career arc as an example of the various paths one might take in such a career. Interagency partnership, she said, is fun and important as is public-private partnership. She counseled against the all-too-common fear of trying a technical career. "It's always helpful to have a specific hard-core expertise, whether technical or policy, and it's important to keep up your technical chops." Keep learning. don't be afraid to experiment, and make decisions that are good for you.
In response to a question, she said she thought the biggest research and development gaps in the NIST Framework probably lie in risk assessment, because of its subjectivity. When another questioner asked whether women have to become comfortable with being uncomfortable, Schneck said yes — they should say what they think, and move on.
Lightning Talks. The morning continued with short presentations on various topics.
• Stripe's Karla Burnett described the value of capture-the-flag exercises in developing security skills. These tend to encourage teamwork, and many can be done in a short period of time.
• Tamara Shoemaker of the Colloquium for Information System Security Education (CISSE) described CISSE's role in promoting cyber security education.
• Cigital's Apoorva Phadke advocated application security as an exciting career, saying that, while ethical hacking for a living is cool, coming up with remediation solutions is even cooler.
• Facebook's Meagan Kruman described non-technical paths into cyber security — many of these run through geopolitics. She herself works on tracking threats to users, and her own background lies in languages and international affairs. She offered a brief, compelling case study of tracking Hong Kong's umbrella protests.
• Key Bank's Kathy Peters, an application security veteran, explained how to debrief development teams after you've subjected their work to security testing. Understand, she said, that development teams typically go through the five stages of grief when you confront them with security testing results: denial, anger, bargaining, depression, and acceptance. So you need to make sure technical and management teams are on same page. Stick to the facts. Keep emotions and prejudices out of the report. Avoid trigger words, like poor, weak, etc., and make your recommendations clear, concise, and above all actionable.
• Priya Jain, a Georgia Tech freshman delivered an enthusiastic stem-winder on why freshman make great cyber interns. "Our minds are basically empty," she exclaimed to widespread approval, and so they're moldable — companies who pass up offering freshmen internships are passing up a terrific opportunity to educate the kind of workforce they need. She urged first-year students to take a shot at internships — what have they got to lose?
• Desiree Reagan, a student in the University of Maryland University College, described OWASP's most wanted. Noting that even minor SQL injection attacks often cost about $200 thousand to remediate, and that they're rising in frequency, she reported the results of an experimental SQLITE injection attack on EMR/EHR systems.
• Deanne Wesley, a member of the faculty at Forsyth Technical Community College, described the use of mock crime scenes used in the computer forensics classroom, and how instructors can effectively use them to teach the full cycle of forensic investigation, from getting a warrant to doing the examination to finishing the report.
• The Michigan State Police's Kelley Goldblatt noted that almost every crime committed today has a cyber component. She described actual cases, highlighting the difference between state and Federal law enforcement, and emphasized the importance of information sharing.
Student poster sessions. The conference featured twenty-seven poster presentations, all worthy of the symposiasts' attention. Four of them were singled out for special recognition.
• Top poster, graduate division: "Investigating the Factors Influencing Health Information Sharing on Online Social Networks," by Victoria Kisekka and Bich Vu, of the University at Buffalo. Vu and Kisekka isolated and defined seven key factors: information privacy concerns, information trust, access to personal health records, mobile device usage, health status, quality of physician-to-patient interaction, and online health information utilization.
• Runner-up, graduate division: "Teaching Logic Flaws Using a Case Study on Cashier-as-a-Service Attacks," by Lindsay Simpkins, North Carolina A&T State University. Simpkins described an approach to teaching logic flaws—testing for which is challenging because such flaws are resistant to detection by automated means — that uses real-world examples to introduce the field to undergraduates. Her module has been made available to other universities, and is readily adaptable to various curricula.
• Top poster, undergraduate division: "Decision Times for Energy Fraud Detection in Smart Meters," by Christa Cody, Tennessee Technological University. Her research explored the use of decision trees to classify energy consumption data in ways that allow detection of potentially fraudulent activity.
• Runner-up, undergraduate division: "Securing Embedded Systems with Spintronics," by Karolina Alvarez, Karen Lamb, Kenneth Jabon, and Wesley Brooks, the University of Illinois at Urbana Champaign. Random-number generation is always a challenge for cryptographic applications. The researchers describe their use of spintronics to provide both a true random number generator and a physically unclonable function.
The adaptive individual. Microsoft's Angela McKay delivered the conference's closing keynote. She described her own career and life arc to illustrated the challenges of embracing individuality and adaptability. She went from communications modeling to cyber security, from Washington, DC, to Redmond, Washington. These moves involved dramatic cultural changes, but she found that properly understood, her skills were transferable across corporate cultures. The biggest cyber security challenge is people. We need a large, diverse, creative workforce. Looking at trends, she noted that Internet users in emerging nations now outnumber those from North America and Western Europe. We're seeing, she said, a future in which the global North is device-rich, the global South user-rich, and in which every company will be an IT company.
To engage that future, she urged students to "Own your uniqueness." You should be self-aware about your goals. You should cultivate the ability to see other people's distinctive individuality. Recognizing individuality is essential to building and leading teams. "And adaptability comes down to recognizing opportunities, and recognizing that skills are transferable. Be agile enough to change state rapidly," because cyber security inherently demands agility.
The pro-Assad Syrian Electronic Army reappears with show-the-flag defacements of Endurance Group hosting companies. Pro-ISIS hackers continue their campaign against small-town-America targets-of-opportunity. Their messaging in this Wisconsin cycle is less fluent and more violent than other sympathizers' cyber vandalism has tended to be. Saudi hackers strike the website of the US Army's Picatinny Arsenal; they appear to have no political sponsors and no motive beyond the lulz.
Nigeria has succeeded in holding elections, despite hacking and widespread bugs in the country's (reportedly untested) biometric identification system, perhaps offering a case study in resilience.
GitHub copes with a large denial-of-service attack. It appears to originate in China, and seems to target anti-censorship tools.
Interpol and Kaspersky identify a threat to the block chain on which cryptocurrencies depend.
Uber logins are appearing for sale on the black market, going price $1 each.
Optus, Australia's second largest telecom, agrees to undergo an independent audit after sustaining three privacy breaches.
Chat-based collaboration platform Slack discloses it was hacked last month, and describes remediation it's undertaking on behalf of its users.
The iOS and OS X library AFNetwork has been patched to fix a man-in-the-middle vulnerability.
A new domain, .bank, expected to appear this summer, is said to be designed to bring more security to financial transactions.
University of Alabama Birmingham researchers announce development of a gesture-based mobile security approach.
Students of globalization paradoxically call for IT autarky in the service of national security.
Europol and the FBI are both really uncomfortable with widespread crypto.
Notes.
Today's issue includes events affecting Brazil, Canada, China, European Union, Germany, Iran, Israel, New Zealand, Nigeria, Oman, Russia, Saudi Arabia, Syria, United Kingdom, United Nations, United States, and and Vietnam.
Atlanta: the latest from Women in Cybersecurity
Women in Cybersecurity 2015 (WiCyS) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally. Even worse, women's representation in this male-dominated field of security is alarmingly low. Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option
Secure and Trustworthy Cyberspace (SaTC) (National Science Foundation) Cyberspace has transformed the daily lives of people for the better. The rush to adopt cyberspace, however, has exposed its fragility and vulnerabilities: corporations, agencies, national infrastructure and individuals have been victims of cyber-attacks. In December 2011, the National Science and Technology Council (NSTC) with the cooperation of NSF issued a broad, coordinated Federal strategic plan for cybersecurity research and development to "change the game," minimize the misuses of cyber technology, bolster education and training in cybersecurity, establish a science of cybersecurity, and transition promising cybersecurity research into practice
CyberCorps: Scholarship for Service (SFS) (National Science Foundation) The CyberCorps: Scholarship for Service (SFS) program seeks proposals that address cybersecurity education and workforce development. The Scholarship Track provides funding to award scholarships to students in cybersecurity. In return for their scholarships, recipients will work after graduation for a Federal, State, Local, or Tribal Government organization in a position related to cybersecurity for a period equal to the length of the scholarship. The Capacity Track seeks innovative proposals leading to an increase in the ability of the United States higher education enterprise to produce cybersecurity professionals
Advanced Technological Education (ATE) (National Science Foundation) With an emphasis on two-year colleges, the Advanced Technological Education (ATE) program focuses on the education of technicians for the high-technology fields that drive our nation's economy. The program involves partnerships between academic institutions and industry to promote improvement in the education of science and engineering technicians at the undergraduate and secondary school levels
Cyber Attacks, Threats, and Vulnerabilities
Syrian Electronic Army hacks Bluehost, Justhost, Hostgator, Fastdomain and Hostmonster (TechWorm) Endurance Group's Hosting Companies BlueHost, Hostgator, Justhost, FastDomain and HostMonstor Hacked By Syrian Electronic Army
Pro-ISIS hackers hack Richland County (Wisconsin) Sheriffs Dept. Website (HackRead) On March 21st, a group of pro-ISIS hackers from Morocco, going with the handle of Team System DZ hacked into the server of Wisconsin's Richland County, defacing several high-profile websites including the country's Sheriffs department website
U.S. Army Picatinny Arsenal Website Hacked by Saudi Hackers (HackRead) Saudi hackers from Team Bad Dream have hacked and defaced the official website of U.S. Army Picatinny Arsenal earlier today
Violence, hacking, and technology fails didn't keep Nigerian voters from the polls (Quartz) Nigerian voters turned out in the millions this weekend to make their choice of president, not put off by threats of violence or hours-long waits at many polling stations, due partly to untested biometric voter card technology which failed even the president
Hackers shutdown police website for third time in one week (HackRead) The DDoS attack on Finnish Police website forced the servers to remain offline for hours
GitHub battles "largest DDoS" in site's history, targeted at anti-censorship tools (Ars Technica) HTTP hijacking is being used to redirect Baidu search engine traffic into a massive DDoS
As GitHub is hit hard, experts disagree whether DDoS attacks are becoming more or less frequent (Graham Clulely) GitHub has been hit by a massive DDoS (distributed denial-of-service) attack in the last day or so, intermittently resulting in outages for developers attempting to access source code stored on the site
More concerns arise over DDoS threats facing enterprises and service providers (AppsTechNews) According to data released by distributed denial of service (DDoS) security provider Black Lotus, average packet volume for DDoS attacks increased 340% and average bit volume shot up 245% in the final quarter of 2014
Sign Up at irs.gov Before Crooks Do It For You (KrebsOnSecuirty) If you're an American and haven't yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process
Researchers identify malware threat to virtual currencies (Help Net Security) INTERPOL and Kaspersky Lab have identified a threat to the blockchain in virtual transactions that could result in them being embedded with malware or other illegal data
Dark Web vendors offer up "thousands" of Uber logins starting at $1 each (Ars Technica) "Bloody hell," man tells Motherboard, who read his Uber password over the phone
Famous Adult website Xtube hacked, delivering malware to viewers (HackRead) The viewers at pornographic website XTube should now be aware of using the website as it holds malware, says Malwarebytes Labs. The users are redirected to Neutrino Exploit Kit which contains a Flash vulnerability. The malware is known to be Trojan.MSIL.ED
Malicious XML: Matryoshka Edition (Internet Storm Center) A couple of days ago I received another malicious document (078409755.doc B28EF236D901A96CFEFF9A70562C9155). Unlike the XML file I wrote about before, this one does not contain VBA macros
Nearly 90 Vietnamese websites get Shellshocked: security firm (Thanh Nien News) A global hacking scheme which exploited the computer bug "Shellshock" has affected at least 89 websites based on Linux operating system in Vietnam for the past few days
Optus Agrees to Security Systems Review Following Three Privacy Breaches (Tripwire: the State of Security) Optus, the second largest telecommunications company in Australia, has agreed to an independent audit of its information security systems following three separate privacy breaches
Symantec Says Malware Could Be Inflating Twitch Viewership (Gameinformer) Online streaming is experiencing a boom period, in terms of audience size and the number of hours those viewers spend watching their fellow gamers play, talk, and entertain. According to a report from antivirus company Symantec, there's more going on with those numbers than you might think
Puush accidentally infects Windows users with password-stealing malware (Hot for Security) Puush describes itself as a "quick and simple way to share screenshots"
Android users exposed to malware by installer hijacking vulnerability (Lumension Blog) Security researchers have warned about a widespread vulnerability in Android devices, that could see attackers sneakily modify or entirely replace seemingly benign apps with malware, without users becoming aware
Slack Announced It Got Hacked Sometime In February (Apex Tribune) Slack, the company responsible for developing the eponymous chat-based work platform, announced through a blog update on Friday that it has been the victim of a cyber-attack in February, during which hackers could access user profile information in one of their databases
Slack Confirms App Was Hacked, But Don't Worry, They've Got Your Back (Inquisitr) Slack is a team communication tool that was launched in 2013 by Stewart Butterfield, co-founder of the popular picture-sharing site Flickr. The Slack software was first created by Butterfield's company, Tiny Speck, for use within the company as it worked on the creation of their MMO (massively multiplayer online game) Glitch, but although the game itself is now defunct, the Slack software has become a must-have for businesses, with a reported 8,000 user signups within the first 24 hours of its launch, and 120,000 daily Slack users within its first week
Slack Hack Underlines The Importance Of Adding Extra Security Layers (ST Gist) Team messaging platform Slack confirmed a security breach. Shortly after detecting the hack, the fast-growing email replacement service said it had updated its system to include the two factor authentication feature
Github is defending itself from a massive cyber attack (Reuters via Business Insider) US coding site GitHub said on Sunday that it was deflecting most of the traffic from a days-long cyber attack that had caused intermittent outages for the social coding site, with the Wall Street Journal citing China as the source of the attack
British Airways Executive Club members warned of hacked accounts ( Graham Cluley) Members of British Airways Executive Club are reporting that their accounts appear to have been hacked, and emptied of their Avios reward points
British Airways rewards scheme hack highlights password problem (ComputerWeekly) The hacking of British Airways' executive club frequent flyer accounts highlights the importance of using strong, unique passwords for all online accounts
BandarChor: New ransomware based on old malware family emerges (TechTarget) Antivirus vendor F-Secure discovered BandarChor, a type of ransomware based on an existing malware family
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks (Dark Reading) A flaw in a popular router product may have exposed millions of hotel guests, says Cylance
RadioShack to auction off customer data, violating own privacy policy (Naked Security) Retail chain RadioShack is looking to cash in the information it holds on its customers as part of its bankruptcy sale
Anthem To Mail Last Batch Of Letters In Wake Of Data Heist (Hartford Courant) Anthem Inc. expects to mail the last batch of letters to customers by Monday informing them they are among the 80 million people whose personal data could have been nabbed in a cyber heist
Premera breach: Are hackers targeting more health records as credit card companies improve security? (Puget Sound Business Journal) Could the recent cyber attack on massive Puget Sound-area health insurance company Premera Blue Cross be a warning sign of more attacks on health care companies in the future?
This New Service Pinpoints Every Fake Cell Tower Spying On You (HackRead) All of the mysterious cell phone towers in the U.S. can now be pinpointed — But most of them are not the U.S. government's
Indiana's website taken out by DDoS in response to 'religious freedom' law (CSO) The state's website was up and down for most of the early afternoon on Friday
Cyber attack hits Rutgers network, causes service interruptions (NJ.com) An attack against the Rutgers University computer network was responsible for weekend interruptions in internet service, the school said Sunday
Hijacked school Twitter account turns head teacher into a porn star (Naked Security) A UK head teacher was demoted was promoted unknowingly switched jobs to become a porn star, courtesy of a bit of Twitter account hacking and a liberal dose of Photoshopping
Security Patches, Mitigations, and Software Updates
iOS, OS X Library AFNetwork Patches MTM Vulnerability (Threatpost) Until yesterday, a popular networking library for iOS and OS X used in apps such as Pinterest and Simple was susceptible to SSL man-in-the-middle (MiTM) attacks
UPDATE: '.bank' domains, which should be more secure, are coming this summer (MarketWatch via Morningstar) As soon as this summer, you may type ".bank" at the end of your financial institution's URL instead of ".com"
Cyber Trends
'Bolted on' cybersecurity: Not enough for healthcare providers (FierceHealthIT) Shahid Shah: Built-in privacy a 'competitive differentiator' for developers
Security for Healthcare 'Internet of Things' Must Be Addressed Upfront (Health Daa Management) The explosion of networked medical devices and sensors that connect, communicate or transmit information through the Internet hold tremendous promise if security is built into the infrastructure from the outset, according to a new report
Securing the Identity of Things (IDoT) for the Internet of Things (M2M Now) In its recent report, The Identity of Things (IDoT) for the Internet of Things, Gartner lays out how it believes the Internet of Things (IoT), or what is often now referred to as the Internet of Everything (IoE), cannot and will not prosper unless organisations knuckle down and come to grips with how to manage multiple identities
Right Now, the Internet of Things is Like ohe Internet of the 1990s (Fast Company) A world of connected devices are starting to come online. Don't mistake what they do now for what they'll accomplish in the future
Security and the Internet of Things: what you need to know (Memeburn) The Internet of Things — objects and appliances with embedded sensors and chips capable of communicating online — will result in 50 billion devices being connected to the internet by 2020, according to Gartner. From fridges and bathroom scales, to fitness bands and home thermostats, the amount of 'things' connected to the internet is really taking off and it's a very exciting time for everyone. However, for many enterprises and consumers, the excitement of this new realm of connectivity is clouding the fact that, with more devices connected to the network, there comes a new array of security implications
Social engineering techniques are becoming harder to stop, experts say (TechTarget) Social engineering techniques have become increasingly sophisticated as more personal and corporate data is shared on the Internet, and traditional training techniques may not be enough to keep enterprises safe
One-in-Six Advocate Prison for CEOs and Board Members After Breaches (Dark Matters) In a recent survey of security professionals conducted at the e-Crime Congress, 16% of respondents said they support laws that would result prison sentences for executives and Boards of Directors for any negligence on their part following a major data breach
How much do data breaches cost big companies? Shockingly little (Fortune) From Sony to Target, big companies that were hacked felt barely a dent to their bottom line, an analysis reveals
Half of enterprises have no budget at all for mobile security, survey finds (ZDNet) Study finds companies gung-ho about mobility and mobile apps, but only throw pennies out to secure them
Executive Success: Hacking attacks need new tactics (New Zealand Herald) Breaches are almost unavoidable, so focus on your response, advises cyber expert
Crossing the Cybersecurity Trust Chasm (TechCrunch) Kudos to the President for visiting Silicon Valley last month and drawing the attention of the nation to a new world of continuous cyber attacks
Data Breach Lessons for Security in Human Resources (Dark Matters) The Anthem breach has brought forth class action lawsuits in at least 3 states (Alabama, Georgia, and California), and has spurred employee concerns and demands for a response from Anthem as well as the employer
Ignorance could be bliss for next generations of business (ZDNet) The conditions are ripe for businesses and services to do away with wanting to get their hands on as much of their users' information as possible
100% of UK Organisations Surveyed Suffer Multiple Attacks on Keys and Certificates According to Venafi and Ponemon Institute Research (Information Security Buzz) The Ponemon Institute and Venafi today released the UK results of the 2015 Cost of Failed Trust Report, the only research of its kind to examine the Internet system of trust
Marketplace
Firms can't afford to fail at cybersecurity (Crain's Clevelend Business) Several major data breaches made national headlines last year in the bank sector, but it's not the only segment within the overall financial services industry seeing costs mount for cybersecurity
Secrecy on the Set: Hollywood Embraces Digital Security (New York Times) For years, Lulu Zezza has played one of the toughest roles in Hollywood
What types of companies are seeking IT security training, and why? (IT Security Guru) It's a common belief that security training is one of the largest bugbears for CISOs. Why do you think this is, and how can it be resolved? I must step back a couple of decades to argue who needs IT security training and why
Security Innovation raises $4M to expand Internet of Things software business (Boston Business Journal) Security Innovation, a Wilmington-based security software firm, said Friday that it raised $4 million in funding to expand its software offerings focusing on the burgeoning connected devices industry
This Baltimore company wants to protect your children on social media (Baltimore Business Journal) Scott Winn and Karl MacMillan spent most of their careers building the intelligence systems that protect the federal government, its agencies and military from predators
Lockheed Martin: Increasing Presence In The Promising Cybersecurity Sector (Seeking Alpha) Lockheed Martin is wisely taking advantage of society's increasing cybersecurity needs by bolstering its own cybersecurity segment
Hoh crosses from Symantec to FireEye (IT Wire) Security vendor FireEye has appointed former Symantec senior sales executive Eric Hoh as the first president of its Asia Pacific Japan business
Infoblox Appoints Alan Conley as Chief Technology Officer (BusinessWire) Infoblox Inc. (NYSE:BLOX), the network control company, today announced that Alan Conley has joined Infoblox as executive vice president and chief technology officer, effective immediately. Conley is responsible for technology strategy and initiatives at Infoblox
Products, Services, and Solutions
Car hacking made cheaper and easier (Help Net Security) Fiddling with your car's innards will soon become easier and cheaper than ever before, as Eric Evenchick has created and made available hardware and software design files for CANtact, an open source CAN bus tool that can be manufactured for less than $100
Bitdefender Wins Perfect Score from AV-TEST for Both Consumer and Business Solutions (NewsWire Today) Bitdefender, the creator of innovative antivirus software solutions, obtained a perfect score in all categories in the latest round of independent testing for both business and consumer solutions
KPMG Announces New Strategic Collaboration with Microsoft (CNW) Strategic collaboration to deliver new generation of data and analytics, cloud and business solutions
Technologies, Techniques, and Standards
Protecting Critical Infrastructure from Threats (Process and Control Today) According to research performed by Lloyd's of London insurer, Aegis London, "in the first half of the 2013 fiscal year, the US Department of Homeland Security's Industrial Control Systems-Computer Emergency Readiness Team responded to more than 200 incidents, 53% of which were in the energy and utility sector, and many of them sponsored by states such as China"
Retail, Financial Sectors Team Up on Formal Info-Sharing (Infosecurity Magazine) Retailers are throwing their cyber-hats in with the financial services community when it comes to information-sharing, with the establishment of an intelligence-sharing portal that will link the two industries? key players
The multiple benefits of IT auditing (Help Net Security) Regulatory compliance requirements provide instructions for organizations on how to protect the data of their employees, business operations, and customers that are stored on their servers. The process of satisfying compliance requirements starts with IT auditing, performed either by an internal or external professional auditor using specialized software
Using Web Session Analysis to Prevent Fraud (RSA: Speaking of Security) Every organization that relies on websites and web applications to do business is a potential target for hackers. According to ePayment management company CyberSource, total revenue loss to eCommerce merchants in North America in 2012 amounted to $3.5 billion, up $100 million from the previous year
Mitigating the Consequences of Data Loss with Service Automation (Information Security Buzz) In today's digital age, companies increasingly utilize various external platforms to store and access corporate data. In fact, according to Forbes magazine more than half of all companies in the United States now use some form of Cloud Computing to conduct daily operations
Cyber Hunting: 5 Tips To Bag Your Prey (Dark Reading) Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm
How secure is your Wi-Fi? 3 things small businesses need to know (Naked Security) If you don't have a wireless network in your business, you might as well be in the dark ages — or that's what your employees, customers and guests will tell you
Don't buy insurance after the fire: Protecting your business against DDoS attacks (IT Pro Portal) The threat of cyber-attacks has been brought to the attention of the public with the activity of cyber-criminals such as the Lizard Squad, which has used DDoS attacks to bring down the networks of corporate giants such as: Sony Playstation, Microsoft Xbox and Malaysian Airlines in recent months
Crowdsourcing your bug bounty program (Help Net Security) In this interview, David Levin, Director of Information Security at Western Union, talks about crowdsourcing their bug bounty program and the lessons learned along the way
Hadoop Security Still Evolving (eSecurity Planet) While organizations' use of Hadoop has become more sophisticated, associated security practices have not kept pace
10 practical security tips for DevOps (Help Net Security) More organizations are embracing DevOps and automation to realize compelling business benefits, such as more frequent feature releases, increased application stability, and more productive resource utilization. However, many security and compliance monitoring tools have not kept up. In fact, they often represent the largest single remaining barrier to continuous delivery
The 7 Deadly Sins of Security Policy Change Management (Virtualizaion Review) Committing one or more of them could significantly damage your IT environment
3 Bad Security Habits that Make CISOs Crazy (eSecurity Planet) Every CISO can relate to these bad security habits found in most organizations. But what can CISOs do to change them?
Making the Business Case for Advanced Threat Protection: Resource (SecurityWeek) We know you get it. Today's cyber threats require advanced security. Our traditional network and endpoint defenses are clearly outmatched and don't stand a chance at preventing, investigating, or remediating today's targeted attacks
5 simple internet safety tips from one of Google's information security engineers (Business Insider) Justin Schuh knows a thing or two about internet security best practices
On the Frontlines of Cyber War (Augusta Magazine) By the time you finish this sentence, computer hackers from around the globe will have made at least 1,000 attempts to breach the Pentagon?s electronic wall
Cyber Shield 2015 tests Ohio's Computer Network Defense Team (DVIDS) In March members of the Ohio National Guard Computer Network Defense Team joined other National Guard states? cyber defenders here for Cyber Shield 2015, an exercise designed to develop the defensive skills of the Soldiers and Airmen tasked with securing their organizations? computer networks
Design and Innovation
"Look at me" — forget fingerprints, here comes a Samsung tablet with iris recognition (Naked Security) A press release just issued by SRI International suggests that future Samsung mobile devices may be moving towards iris recognition for biometric authentication
Single-use Yahoo Passwords — Good or Bad? (TrendLabs Security Intelligence Blog) Yahoo recently rolled out a new way for users to access their services without entering a password. Their new system uses a cellphone to authenticate the user. Instead of entering a password, the user receives a verification code via text message on their phone. (The user would have provided their phone number to Yahoo when setting this option up.) Once the user receives this code, they enter it on the Yahoo login page and voilà!, they’re logged in
Research and Development
New mobile-malware detection technique uses gestures (IDG via CSO) Mobile malware is a growing problem, but researchers from University of Alabama at Birmingham have figured out a new way of detecting when shady mobile apps get up to no good, such as trying to call premium-rate numbers unbeknowst to a phone's owner
Mathematicians adapt Knapsack Code to take on Quantum-level Cyber Attacks (Scientific Computing) Mathematicians have designed an encryption code capable of fending off the phenomenal hacking power of a quantum computer. Using high-level number theory and cryptography, the researchers reworked an infamous old cipher called the knapsack code to create an online security system better prepared for future demands
Username, password combo may be biggest data breach problem (Fosters) Researchers at the Dartmouth College's Institute for Security, Technology, and Society (ISTS) are exploring the weak links, vulnerabilities and economies of scale that have led to the data breach epidemic, and researchers are urging organizations to eliminate the use of vulnerable legacy identity schemes based on username and passwords combinations as a method of authenticating employees and customers, replacing them with stronger identity technologies opaque to attackers
Goodbye GPS? DARPA preparing alternative position-tracking technology (ITWorld) Finding GPS unreliable in certain situations, the U.S. government is placing a high priority on developing a more reliable real-time position tracking technology whose signals won't disappear in blind spots and can't be jammed
HARES: Hardened Anti-Reverse Engineering (Assured Information Security, Inc.) This paper provides a technical overview of the HARES software protection research effort performed by Assured Information Security. HARES is an anti reverse-engineering technique that uses on-CPU encryption [6] in conjunction with Intel x86 TLBsplitting in order to significantly increase the effort required to obtain the clear-text assembly instructions that comprise the target x86 application
Academia
Israel Partners With Lockheed Martin on National Cybersecurity Curriculum (JNS via Allgemeiner) The Israeli Ministry of Education announced a partnership with the U.S. defense firm Lockheed Martin to enrich Israel?s cybersecurity curriculum for high school students
Rutgers receives federal grant for homeland security studies program (NJ.com) Rutgers University has been awarded a $1.95 million federal grant to fund its newly established department of homeland security studies
Legislation, Policy, and Regulation
ICT users must be encouraged to protect data, network integrity: Information Technology Authority CEO (Times of Oman) Cooperation between governments and the private sector and all users of ICT must be encouraged in order to determine the best way to protect data and network integrity, considering the current and potential dangers that threaten information and communication technology, said Dr. Salim Sultan Al Ruzaiqi, CEO of the Information Technology Authority (ITA)
NSA Spy Agency Behind "Malware" Infection of Computer Hardware Used by "Enemies" of the U.S.? (Global Research) IT independence is national security
US Used Zero-Day Exploits Before It Had Policies for Them (Wired) Around the same time the US and Israel were already developing and unleashing Stuxnet on computers in Iran, using five zero-day exploits to get the digital weapon onto machines there, the government realized it needed a policy for how it should handle zero-day vulnerabilities, according to a new document obtained by the Electronic Frontier Foundation
Cyberspying under attack from all sides as ECJ and UN lose patience (Silicon Republic) A day after the European Court of Justice (ECJ) revealed Safe Harbour for what it is — ridiculous — the UN has agreed to appoint a special investigator to look into digital spying and violations of online privacy
Leave Facebook if you value your privacy, says EU (Naked Security) Citizens within the European Union (EU) have been advised to close their Facebook accounts if they wish to keep their private information away from the prying eyes of the US security services
Security Clash Grows In U.S., Eases In U.K. (Seeking Alpha) Bottom line: Washington's raising of Beijing's foreign technology restrictions to the WTO and London's acceptance of Huawei equipment could add to pressure on all parties to soften their restrictive actions over use of foreign technology
Before leak, NSA mulled ending phone program (Military Times) The National Security Agency considered abandoning its secret program to collect and store American calling records in the months before leaker Edward Snowden revealed the practice, current and former intelligence officials say, because some officials believed the costs outweighed the meager counterterrorism benefits
Why Doesn?t the Intelligence Community Care Whether Its Surveillance Programs Work? (Defense One) The new cybersecurity bill joins a long list of efforts launched without adequate thought
Amending Patriot Act would secure citizens' liberty: Editorial (MassLive) The USA Patriot Act was signed into law on Oct. 26, 2001, just a bit more than six weeks after the terrorist attacks of Sept. 11
The evolving U.S. cybersecurity landscape: what firms want to know (Lexology) Following a year of high-profile data breaches, the Securities and Exchange Commission (SEC) announced on January 13, 2015 that, for the second consecutive year, its Office of Compliance Inspections and Examinations (OCIE) priorities would include a focus on cybersecurity controls.1 The same day, the Obama Administration (Administration) announced two cybersecurity legislative proposals of importance to the financial services industry. Given this expanding focus on cybersecurity, this article: (i) addresses the results of OCIE?s 2014 cybersecurity examination sweep and discusses OCIE?s second wave of cybersecurity exams; (ii) summarizes the Administration's recent legislative proposals; and (iii) suggests questions firms may wish to consider in response to these important developments
Russell Slifer Named Commerce Deputy Undersecretary for Intellectual Property (ExecutiveGov) Russell Slifer, formerly director of the U.S. Patent and Trademark Office's Rocky Mountain regional office in Denver, has been named the Commerce Department's deputy undersecretary for intellectual property and USPTO deputy director
Litigation, Investigation, and Law Enforcement
How Lloyd's joined the war on global terror (Telegraph) Expertise won from IRA attacks in the Nineties is helping address threats from Islamic States and others
Socom tracking money that funds violent extremists (Tampa Tribune) The issue of how violent extremist organizations get their money can't get enough attention. Especially with the growing nexus between groups like the Iranian-backed Hizballah and drug trafficking organizations, who operate in the same shadowy spaces
Europol chief warns on computer encryption (BBC) A European police chief says the sophisticated online communications are the biggest problem for security agencies tackling terrorism
FBI Pleads for Crypto Subversion in Congressional Budget Hearing (Threatpost) In a House Appropriations subcommittee hearing this morning on the FBI budget for the upcoming fiscal year, FBI Director James Comey was again critical of new encryption features from Apple and Google that he claims would make it impossible for law enforcement to access the contents of mobile device communications
Law-Enforcement Requests for Microsoft Data Drop in 2014 (eWeek) While the number of requests is down since last year, Microsoft renewed its call for more transparency in government efforts to obtain customer data
Chairman Wheeler Predicts FCC Will Beat Legal Challenge To Net Neutrality (TehcCrunch) Now that the FCC is the subject of several lawsuits, and its leader, Chairman Tom Wheeler, was dragged in front of Congress repeatedly to answer the same battery of inanity, it's worth checking in to see how the agency is feeling. Is it confident that its recent vote to reclassify broadband under Title II of the Telecommunications Act will hold?
Safari users win right to sue Google over secret cookies (Naked Security) In a landmark case that could determine if Google can be held accountable in the UK, Google has lost an appeal to stop the country's consumers from being able to sue over alleged misuse of privacy settings in Apple's Safari browser
PayPal in trouble over Weapons of Mass Destruction (sort of) (Naked Security) When you think of "detection" in the context of computer security, you probably think of dodgy data such as spam emails and malware downloads
Plenty Of Fish hooked by Canada's anti-spam laws, faces 48k penalty (Naked Security) Canada's strict anti-spam laws have come down hard on another offender, with the operators of dating website Plenty Of Fish paying a $48,000 penalty for failing to provide proper unsubscribe options in emails sent to its users
We're All In This Together: Share Your Cybercrime Stories (CMSWire) What's the best defense against cybercrime? Surprisingly, it might be a big mouth
Darknet Sheep Marketplace website owner arrested (Security Affairs) Thomas Jiřikovský suspected of owning the black marketplace Sheep Marketplace, an alternative for Silk Road, was arrested while trying to buy a luxury house
13-year-old Minecraft player confesses to swatting, police say (Ars Technica) "There were 20-plus officers there… We basically surrounded the house"
Prisoner escapes by faking an email ordering his release (BoingBoing) Neil Moore was locked up in England's notorious Wandsworth Prison when he used a smuggled cellphone to send an email to the prison that appeared to come from a court clerk who was ordering his release on parole
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cyber Risk Wednesday: The future of Iranian cyber threat (Washington, DC, USA, Apr 8, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on April 8, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the Iranian cyber threat and the potential for a drastic escalation of cyber conflicts between Iran and the West. Few other events have so far dominated 2015 as the P5+1 negotiations to limit Iranian nuclear capabilities. Against the backdrop of the negotiations, it is likely that Iran, Israel, and the United States are gathering their strength for a renewal of cyber conflict of the past several years. The confrontations include attacks both from Iran, such as disruption of the US banking sector and against Gulf energy companies, and against Iran, such as Stuxnet and the Wiper worm. Should the talks fail, what are the chances of an escalating cyber conflict?
SCADA Nexus 2015 (Houston, Texas, USA, Sep 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton Americas Convention Center. Our 2015 event is from September 2-4 with extended training from September 7-11.
Upcoming Events
Automotive Cyber Security Summit (Detroit, Michigan, USA, Mar 30 - Apr 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel discussions and networking sessions
Insider Threat Symposium & Expo (Laurel, Maryland, USA, Mar 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively focused on insider threat awareness, insider threat program development and implementation and insider threat risk mitigation.The ITS&E will provide attendees with access to a broad network of security professionals to collaborate with on insider threat risks, insider threat detection, insider threat risk mitigation strategies and insider threat program development, implementation and management. The expo will include vendors that have proven technologies and services for insider threat risk mitigation
Kansas City Secure World (Kansas City, Missouri, USA, Apr 1, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. James Beeson (CISO, GE Capital Americas) will deliver the keynote
Cyber Insurance and Corporate Governance: Facing New Threats (Brooklyn, New York, USA, Apr 2, 2015) Peter D. Hancock, president and CEO of AIG, will lead a discussion of the ways in which the insurance industry is adapting to account for threats to the most valuable — and vulnerable — assets companies around the world possess: intellectual property and, in many cases, the sensitive personal information of millions
Coast Guard Intelligence Industry Day (Chantilly, Virginia, USA, Apr 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners and stakeholders in support of mission of execution. This event will be Coast Guard Intelligence's most significant and inclusive outreach event of the year.
Centers for Medicare and Medicaid Services (CMS) CISO Security & Privacy Forum (Woodlawn, Maryland, USA, Apr 7, 2015) The CISO Security & Privacy Forum is hosted by the Information Security Privacy Group (ISPG) at CMS. The Vision for ISPG is to provide leadership to CMS in managing information security and privacy risks appropriate for evolving cyber threats. The Mission is to enable the safe use of sensitive and privacy data while servicing the healthcare needs of the nation. The format for this event will include briefings from government and industry. Our featured speaker is from the Interagency OPSEC Support Staff and will present on "TRASHINT: Dumpster Diving", a very popular topic which teaches attendees how one person's trash can be another person's treasure
10th Annual Cyber and Information Security Research Conference (Oak Ridge, Tennessee, USA, Apr 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are able to properly balance the risks and rewards, understand and communicate threats to security and privacy, and rapidly adapt any resulting approach to a changing adversarial environment. The 10th Annual Cyber and Information Security Research Conference at Oak Ridge National Laboratory in Oak Ridge, Tennessee will bring together cyber security researchers, program managers, decision makers, security vendors, and practitioners to discuss many challenging tasks and novel solutions pertaining to cyber security
Cyber Threats Masterclass (Turin, Italy, Apr 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge of specific issues such as cyber crimes and crimes against the environment. The courses are tailored to journalists and chief information officers, as well as those who want to specialize in this area, offering a unique opportunity to network with renowned international experts
InfoSec Southwest 2015 (Austin, Texas, USA, Apr 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter, InfoSec Southwest is intended to both provide a comprehensive and valuable forum to all participants as well as fill a gap for our local attendees left by the other few conferences held here in Texas which are all focused on a narrower scope of subject matter or a narrower slice of audience demographic
Cybergamut Tech Tuesday: Tor and the Deep Dark Web (Elkridge, Maryland, USA, Apr 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external threat data can be helpful in evaluating intelligence but how do you identify relevance? Created as a means of protecting the privacy and anonymity of its users, Tor — the managed network of private computers leveraged by criminal elements to minimize the risk of surveillance and capture — is being exploited by the most technically proficient, aggressive, and organized of criminal syndicates
NIST IT Security Day (Gaithersburg, Maryland, USA, Apr 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security and networking at home and in the office. This event's objective is to educate users on IT security and related topics. The event will feature guest speakers on general and technical IT security topics and tutorials on internal services and products.
Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, Apr 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored cyber-attacks and SCADA Security Assessment
Cyber Security Summit: Financial Services (Prague, Czech Republic, Apr 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective strategies and solutions to effectively mitigate them
INTERPOL World 2015 (Singapore, Apr 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from around the world to identify future challenges and propose and build innovative solutions
Mid-Atlantic ISSA Security Conference 2015 (Gaithersburg, Maryland, USA, Apr 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current state of various information security topics. The cost is $150 per person, including breakfast and lunch; pre-registration is required in order to get onto the NIST campus
Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, Apr 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges facing today's government leaders. This year, former FBI Director Robert Mueller will deliver the keynote address, and the program will also feature sessions on CDM, risk management, security intelligence, secure app management, cyber legislative priorities, and much more. The theme of the 2015 Symposium is "Secure Government: Manage, Mitigate, Mobilize"
Proposer's Day Conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program (Washington, DC, area, Apr 16, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program, in anticipation of the release of a new solicitation in support of the program. The purpose of the conference will be to provide introductory information on SCITE and the research problems that the program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners
IIT Cyber Forensics and Security Conference and Expo (Wheaton, Illinois, USA, Apr 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes discussion and debate over forensics, security, data/information governance, cyber crime and security, ethical hacking, eDiscovery, cloud forensics, steganography, policy and compliance, privacy, wireless security, cloud computing, identity theft, and more
RSA Conference 2015 (San Francisco, California, USA, Apr 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015
Australian Cyber Security Centre Conference (Canberra, Australia, Apr 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise. This will be your first chance to experience the unique collaboration of the ACSC. Over 700 attendees from the national and international ICT community are expected to attend
Security Forum 2015 (Hagenberg im Mühlkreis, Austria, Apr 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives of business, research and public service
CyberTexas / CyberIOT (San Antonio, Texas, USA, Apr 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection of cyber security and the internet of things'
Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, Apr 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University
INTEROP Las Vegas (Las Vegas, Nevada, USA, Apr 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan