Reports from the Intelligence and National Security Summit. US voting security. NSO Group's export license for Pegasus spyware. M&A action in the cyber sector. The OPM breach dissected.
news from the Intelligence & National Security Summit
The Intelligence and National Security Summit wraps up today. We'll have full coverage posted tomorrow and Monday. Today we offer accounts of US Director of National Intelligence James Clapper's keynote address, as well as accounts of panels on cyber risk management and deterrence in cyberspace. The Summit is hosted by AFCEA International and the Intelligence and National Security Alliance (INSA).
As concerns about alleged (and apparent) Russian attempts to influence US elections continue, the Secretary of Homeland Security seeks to reassure voters that the election will be conducted without the vote being hacked. Both Presidential candidates say cyber security will be important to their prospective administrations.
There's controversy in Israel as it's reported that that country's government gave NSO Group permission to export the Pegasus tools found on an Emirati dissident's iPhone.
Rapid7 reports discovering a new threat to Network Management Systems (NMSs)—they can be exploited using the Simple Network Management Protocol (SNMP). Both cross-site scripting and SQL injection attacks are possible.
Kaspersky describes "Mokes," a backdoor built for Macs.
Honor among thieves grows more threadbare, at least in the ransomware racket. Increasingly, you don't get your data back after you pay the ransom, which suggest that this particular black market may be killing its own business model. In the meantime, back up your data.
More Pokémon-themed nasties are circulating in social media. Catch 'em all with caution.
Google is turning its marketing prowess toward information operations. The company is working on, and believes it has, a promising approach to reaching and turning youths undergoing radicalization.
In industry news, St. Jude Medical is suing both Muddy Waters and MedSec over device bug allegations. Intel spins off its cybersecurity unit, McAfee. Dell completes its acquisition of RSA. Investors look askance at the founder's resignation from FireEye's board.
Observers continue to assess the Congressional report on the OPM breach. It's ugly.
Today's issue includes events affecting Austria, Germany, Ireland, Israel, NATO/OTAN, New Zealand, Russia, Turkey, United Arab Emirates, United Kingdom, and United States.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from the University of Maryland's Jonathan Katz on a potential weakness in homomorphic encryption. Our guest is Amos Stern from Siemplify, who'll talk to us about next-generation security operations centers. If you enjoy the podcast, please consider giving it an iTunes review.
Washington, DC: the latest from the Intelligence & National Security Summit
Jim Clapper: Ave atque Vale (The CyberWire) US Director of National Intelligence James Clapper opened the Intelligence and National Security Summit with a keynote that served also as a kind of valediction delivered as he nears the end of his tenure as DNI
Clapper: Spy agencies doing 'pretty well' on acquisition reform (FedScoop) "People are really starting to see the virtue of ICITE. It's actually not about an IT upgrade, it's a fundamental change in the way we do our business," he said
Blog: DNI Warns of Continued Troubled Cyber Wars (SIGNAL) Cybersecurity will remain as much of a challenge for the next administration as it has been for the current White House, especially in light of the constant barrage of cyber attacks from nation states, Director of National Intelligence James Clapper said Wednesday
Transcript Director of National Intelligence James Clapper (Intelligence and National Security Summit) CLAPPER: When I was president of SASA, the predecessor to INSA in the 1990s, I tried to promote a combined symposium with AFCEA, but I could never pull it off. This event now marks the third year in a row for this joint summit. So I want to congratulate everyone who is involved in both organizations, AFCEA and INSA, in putting these things on, and now they're becoming a custom
Managing Cyber Risk (The CyberWire) A panel with representation from both Government and industry offered their perspective on cyber risk. In sum, as the moderator put it, it's time to stop chasing the latest threat vector and to start setting priorities within a sound risk framework
Cyber Deterrence: Attribution and Ambiguity (and Certainty, too) (The CyberWire) Cyber deterrence is still in its infancy, roughly where nuclear deterrence was in 1950. That said, while there may be some instructive analogies with nuclear deterrence, those analogies may be imperfect at best
Cyber commander: U.S. not drawing 'red lines' in cyberspace (FedScoop) With so much ambiguity, the cyber domain becomes a dangerous space into which conflicts can overflow, and from which conflicts can quickly escalate, because the rules of engagement are unclear
The Intelligence and National Security Summit (INSA and AFCEA) The third annual Intelligence & National Security Summit will be held September 7 - 8, 2016, at the Walter E. Washington Convention Center in Washington, D.C. Hosted by the two leading professional associations – AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) – this is the premier gathering of senior decision makers from government, military, industry and academia. In its first two years the summit drew more than 3,000 attendees, exhibitors and journalists
Cyber Attacks, Threats, and Vulnerabilities
Israeli government okayed sale of spyware that exploits iPhones (Times of Israel) Permission granted to tech firm to sell product used to track a prominent UAE rights activist; officials slam move
Half of network management systems vulnerable to injection attacks (CSO) 50% of NMS may be vulnerable to XSS and SQLi attacks
Managed to Mangled: SNMP Exploits for Network Management Systems (Rapid7) This Rapid7 report explores attacking Network Management Systems (NMSs) over the Simple Network Management Protocol (SNMP), a protocol used extensively by NMSs to manage and monitor a wide variety of networked devices. Three distinct attack vectors are explored
Sophisticated Mokes backdoor targets Mac users (Help Net Security) A new malware targeting Macs has been discovered: the Mokes backdoor
Stealing login credentials from a locked PC or Mac just got easier (Ars Technica) 20 seconds of physical access with a $50 device is all it takes
Yes, you can hack cell phones like on Mr. Robot—just not the way they did (Ars Technica) While plausible, Elliot's "crackSIM" hack took some artistic license with technology
Look The Other Way: DDoS Attacks As Diversions (Dark Reading) Joe Loveless of Neustar talks about how DDoS attacks are shifting from simple disruption to more sinister continuous threats, and advises on what the new intents are. For example, the bad guys are even now using DDoS as diversions for other attacks such as malware insertions. What should you do about it?
Katcr.to, so-called Kickass Torrents Mirror Stealing Credit Card Data (HackRead) Kickass Torrents' shut down has been a blessing for scammers — after Kat.am scamming users here's Katcr.to doing the same
All About (Concealed) Data Leakage for Users Like You and Me (Heimdal Security) Drip, drip, drip…The sound of the leaking faucet called for my attention
When you've paid the ransom but you don't get your data back (Register) Oh, British firms... you're not alone – 1 in 3 pwned firms agree
Robert Herjavec Warns of Ransomware Attacks On Hospitals And Health Care Providers (The Street) Herjavec Group CEO Robert Herjavec warned of increased ransomware attacks on hospitals that use outdated technology in an appearance on CNBC
FBI Official Explains What To Do In A Ransomware Attack (Dark Reading) Feds say even basic information can advance the agency's investigation
Can you trust Tor’s hidden service directories? (Naked Security) Researchers recently revealed a new vulnerability in the design of Tor, the world’s favourite weapons-grade privacy tool
The Limits of SMS for 2-Factor Authentication (KrebsOnSecurity) A recent ping from a reader reminded me that I’ve been meaning to blog about the security limitations of using cell phone text messages for two-factor authentication online
Record Rambler Breach Highlights Password Flaws (Infosecurity Magazine) Security experts have called once again for an end to password-based authentication systems after nearly 100 million records were leaked online from Russian online portal Rambler.ru
Shipping must not underestimate physical risk posed by cyber-attack (Hellenic Shipping News) The London P&I Club says the physical risk to ships from cyber-attack may not be as well understood by ship owners as those threats posed to traditional back-office functions such as accounting, payments and banking
Malware Fears as Pokémon Threats Go Social (Infosecurity Magazine) Cybercriminals are jumping on the huge popularity of AR app Pokemon Go to spread malware via social media scams, according to Proofpoint
Security Patches, Mitigations, and Software Updates
WordPress 4.6.1 upgrades security, fixes 15 bugs (Help Net Security) WordPress 4.6.1 is now available. This is a security release for all previous versions and all users are strongly encouraged to update their sites immediately
Sweet Security Nuggets in Android Nougat (Digital Guardian) Google has released the long-awaited 7.0 version of Android, known as Nougat, and along with the usual performance and feature improvements, this release also is chock full of security improvements, both for users and developers
Google Safe Browsing gives more details to compromised website owners (CSO) The Google Search Console will now show tailored recommendations for dealing with security issues detected by Safe Browsing
Machine learning cybercrime experts tip Monero to join Bitcoin for darknet ransomware (International Business Times) Security experts Webroot predicts Bitcoin may be replaced by privacy-centric cryptocurrency Monero
Swift admits attack is “here to stay” – so what can banks do? (Banking Technology) There’s a cultural misconception that security equals lockdown in the financial sector; disclosure runs counter to that perception. Banks are less inclined to share intimate details of attacks because they don’t want to damage market confidence and that makes cyber security a major challenge for the sector
Top network security and data privacy concerns among businesses (Help Net Secuirty) With network security top of mind, businesses are nearly two times more concerned with losing private data (47 percent) than hackers disrupting their systems (26 percent), according to a new study by Wells Fargo Insurance. Misuse of technology among employees also emerged as a new, growing threat (seven percent), while network viruses and disruption of operations fell slightly to less than 10 percent from 2015
Concerns With Application and Data Security (DZone) It’s bad and it’s going to get worse before it gets better for a number of reasons
Why quantum computing has the cybersecurity world white-knuckled (PCWorld) 'There is a pending lethal attack, and the clock is ticking,' a new report warns
Intel to spin out security unit, sell stake in business to TPG (Reuters) Intel Corp (INTC.O) said it would spin out its cyber security division, formerly known as McAfee, and sell a majority stake in it to investment firm TPG for $3.1 billion in cash
Intel Adds to its Artificial Intelligence Portfolio with Movidius Acquisition (Electronics 360) Intel Corp. has acquired another company in the realm of deep learning in order to continue its push into artificial intelligence, with its RealSense technology
Dell Gets Bigger and Hewlett Packard Gets Smaller in Separate Deals (New York Times) Michael Dell and Meg Whitman may be business competitors, but they can each claim a technology industry superlative. One has overseen one of the largest mergers in the tech industry. The other has engineered its biggest breakup
As expected, Hewlett-Packard Enterprise sold its software business in an $8.8 billion deal (Business Insider) The rumored sale of Hewlett-Packard's Enterprise's software unit was officially announced today
Micro Focus merger with HPE’s Software Business Segment worth $8.8 billion (Help Net Security) Micro Focus announced today its intent to merge with HPE’s Software Business Segment in a transaction valued at approximately $8.8 billion. The merger is subject to customary closing conditions, including anti-trust clearances and shareholder approval and is expected to close in Q3 2017
A New Beginning (RSA) Today is a new beginning for RSA as we are now a part of the collective team of Dell Technologies, the world’s largest privately controlled tech company
LogRhythm talks next-gen security, fighting ransomware and more (IT Wire) At the recent Gartner Security and Risk Management Summit, I caught up with the company’s CMO, Mike Regan, to talk about LogRhythm’s latest security solutions
SonicWALL Partner Calms Customers Amid M&A Turbulence (MSP Mentor) When cybersecurity vendor SonicWALL was acquired by Dell in the late spring of 2012, the folks at partner Stronghold Data scrambled to reassure clients that the merger would ultimately be in their best interests
Partners Concerned About Future As FireEye Founder Resigns From Board Of Directors (CRN) FireEye founder and technical visionary Ashar Aziz has resigned from the security vendor, a move one partner called “extremely disconcerting”
Better Buy: FireEye Inc vs. Fortinet (Madison.com) Judging by their relative stock price performances, there's little question in investors' minds that Fortinet (NASDAQ: FTNT) has a brighter future than FireEye (NASDAQ: FEYE) in the cybersecurity market. Its shares are down 12% in the last year compared to a near-60% dive for FireEye
Why SecureWorks Is a Little-Noticed Buy (The Street) The computer information security firm will be a secure bet for the next 18 to 24 months
BAE Co-Hosts UK National Cyber Forensics Competition; Chris Clinton Comments (Executive Biz) BAE Systems, Cyber Security Challenge UK and Her Majesty’s Government Communications Centre have partnered to facilitate a competition that challenged participants to analyze a simulated attack on a fictional payment application site
Cybersecurity firm Kaspersky to create 50 jobs at new Dublin office (RTE News) Cybersecurity firm Kaspersky Lab is to create 50 jobs through the opening of its first European research and development centre in Dublin
Leidos Nabs $395 Million DHS Cyber Support Contract (Defense Daily) The Department of Homeland Security (DHS) has awarded Leidos [LDOS] a potential seven-year, $395 million contract to provide cyber security support services to the department’s Security Operations Center (SOC).DHS posted the award notice on Wednesday
Tech Forbes Cloud 100: Meet The Private Companies Leading Cloud Computing In 2016 (Forbes) From messaging to security and accounting to construction, cloud computing is transforming how companies do business and leaving new billion-dollar categories in its wake
New Cybersecurity Alliance Continues Trend of Industry Collaboration (Xconomy) For the cybersecurity industry, 2016 is shaping up to be the year of alliances
FireMon grabs Blue Coat man to head global channels (ChannelBiz) The security vendor has seen a 100 percent increase in channel bookings
Products, Services, and Solutions
Congressional Report Concludes CylancePROTECT Played a Pivotal Role in Discovering, Stopping and Remediating Malware that Caused OPM Data Breach (BusinessWire) Report shows artificial intelligence-based security software was key to halting data breach in progress
Trusona Releases Cloud Identity Suite and Launches the #NoPasswords Revolution (MarketWired) Trusona Essential is free and designed to eliminate passwords to create a safer Internet
LIFARS Partners with BlackRidge Technology to Bring a New Level of Cybersecurity Protection and Strategic Services to Enterprise Clients (Benzinga) Partnership addresses need to adopt new cyber defense technologies and response services to address today's cyber security threats
New Connected Security Alliance Aims to Address Entire Kill Chain (VAR Guy) SecureAuth leads initiative to integrate multiple solutions from different vendors at the product level
Panda Security Announces New Multiplatform Cloud-Based Security Solutions (Broadway World) Panda security, the world's leading provider of cloud-based security solutions, today announced new range of products compatible with Windows 10 Anniversary, Android, iOs and Mac
NBN Co beefs up cyber security offense (IT News) Ramp up of rollout leads to fresh capabilities
Lloyd’s Register, QinetiQ and GasLog to collaborate on maritime cyber security (Splash 24/7) “It’s not a matter of if, it’s a matter of when.” That was the stark warning on the likelihood of ships being hacked given by Luis Benito today at the SMM fair in Hamburg. Benito, global strategic marketing manager for Lloyd’s Register (LR) was speaking as the UK classification society announced a collaboration with QinetiQ and GasLog to increase the level of security of cyber-enabled ships
Balabit's Shell Control Box Now Available in Microsoft Azure Marketplace -- Removes Key Barrier to Cloud Adoption (Finance) Balabit Inc., a leading provider of contextual security technologies, has announced that its privileged user monitoring solution, Shell Control Box (SCB), is now available in the Microsoft Azure Marketplace
Sophos is a Magic Quadrant Leader in Unified Threat Management for the fifth year running (Sophos Blog) We’re excited to announce that the new Gartner Magic Quadrant for Unified Threat Management* is out, and Sophos is positioned in the Leaders Quadrant for the fifth year running
Global Technical Systems granted status as a National Security Agency Trusted Integrator for Commercial Solutions for Classified Programs (PRNewswire) Global Technical Systems (GTS), headquartered in Virginia Beach, VA., has been granted status as a National Security Agency (NSA) Trusted Integrator for Commercial Solutions for Classified (CSfC) Programs
Swift Programmers Using Checkmarx Can Now Detect Security and Code Flaws (App Developer Magazine) Since launching publicly at Apple’s WWDC in 2014, Swift has soared in popularity amongst programmers and has caught the attention of other major technology players in the process. Google is now even considering implementing Swift as a “first class” language for Android
GenDyn to supply U.S. Air Force with new cryptographic module (UPI) The KIV-78 updates Air Identification Friend or Foe system for identifying friendly vehicles
Technologies, Techniques, and Standards
The evolution of data breach prevention practices (Help Net Security) Despite the potential costs, legal consequences and other negative outcomes of data breaches, they continue to happen. A new SANS Institute survey looks at the preventive aspect of breaches – and what security and IT practitioners actually are, or are not, implementing for prevention
Trend Micro advises firms to sandbox employees (V3) Let employees learn and make mistakes in a safe environment, says security firm
Cybersecurity expert says 'almost everything can be hacked' and endpoint protection is not enough (Healthcare IT News) Healthcare organizations need to implement high-end network monitoring and network anomaly detection, according to Core Security general manager Chris Sullivan
Design and Innovation
How Google aims to disrupt the Islamic State propaganda machine (Christian Science Monitor Passcode) A pilot program launched by Google’s technology incubator created software that pairs searches for the militant's slogans and recruitment material with antiextremist messages
Google’s Clever Plan to Stop Aspiring ISIS Recruits (Wired) Google has built a half-trillion-dollar business out of divining what people want based on a few words they type into a search field. In the process, it’s stumbled on a powerful tool for getting inside the minds of some of the least understood and most dangerous people on the Internet: potential ISIS recruits. Now one subsidiary of Google is trying not just to understand those would-be jihadis’ intentions, but to change them
Back to school: How cyber security can learn from academia (Computer Business Review) Is it time cyber security drew from fields such as psychology and social science?
High honour for head of Waikato's cyber security lab (Voxy) Head of the University of Waikato’s Cyber Security Lab Dr Ryan Ko is one of 22 people who have been made Research Fellows by the Cloud Security Alliance (CSA)
NSA Designates Forsyth Tech a Cybersecurity Regional Resource Center (Stokes News) College tapped to help address predicted global digital security workforce shortfall of 1.5 million by 2020
Legislation, Policy, and Regulation
NATO opens flagship cyber event with vision for the future (NATO Communications and Information Agency) Top NATO officials and industry representatives are discussing how to join forces and efforts to combat ever more sophisticated cyber threats at the Alliance's annual two-day cyber security conference NIAS 16 in Mons, Belgium
Ash Carter: Russia has a 'clear ambition' to degrade world order with military, cyber campaigns (Business Insider) US Defense Secretary Ash Carter is strongly criticizing Russia for what he says is Moscow's "clear ambition to erode the principled international order" through coercion and aggression
DHS chief has 'a lot of confidence' in security of US electoral infrastructure (Fox News) Homeland Security Secretary Jeh Johnson said Wednesday he has “a lot of confidence” in the security of America’s electoral infrastructure despite concerns about intrusions by cybercriminals
US must beef up its cyber muscle, Trump says (CIO) The Republican calls for increased spending on cybersecurity and more offensive weapons
Trump: ‘Hillary Clinton Has Taught Us Really How Vulnerable We Are in Cyber Hacking’ (CNSNews) In a speech at the Union League of Philadelphia, GOP presidential nominee Donald Trump said Wednesday that the Defense Department’s cyber capabilities must be improved to prevent cyber hacking and that Democratic presidential nominee Hillary Clinton has taught the nation how vulnerable it is
Clinton, Trump confront weaknesses in security forum (KLTV) Donald Trump and Hillary Clinton confronted their key weaknesses in a televised national security forum, with the Republican defending his preparedness to be commander in chief despite vague plans for tackling global challenges and the Democrat arguing that her controversial email practices did not expose questionable judgment
Podcast: Government hacking v. human rights (Christian Science Monitor Passcode) On the latest edition of The Cybersecurity Podcast, digital privacy expert Amie Stepanovich discusses government hacking from a human rights perspective
GAO: DoD Should Monitor National Guard’s Cyber Response Capabilities Through a Database (Executive Gov) The Government Accountability Office has called on the Defense Department to maintain a database to keep track of National Guard’s emergency response capabilities in support of civil agencies during a cyber attack
Litigation, Investigation, and Law Enforcement
OPM Breach: Two Waves Of Attacks Likely Connected, Congressional Probe Concludes (Dark Reading) Congressional investigation sheds more light on what went down in the massive Office of Personnel Management breach, says data theft was preventable
Congressional report highlights missed opportunities to avert OPM cyber-attack (Guardian) Personal information of more than 21 million compromised at federal agency. House report reveals details and chronology of attack some blame on China
OPM Hackers Used Marvel Superhero Nicknames to Hide Their Tracks (Motherboard) The disastrous data breach discovered last year at the US government agency that handles all federal employees data, the Office of Personnel Management, or OPM, was enabled by a seemingly endless series of mistakes by the agency itself, according to a comprehensive congressional report released on Wednesday
House GOP Slams OPM Over 2015 Breach (Infosecurity Magazine) House of Representatives Republicans have slammed the Office of Personnel Management (OPM) for multiple IT security failings which led to the unprecedented breach of over 21 million sensitive records last year, but Democrats claim their report doesn’t tell the whole story.
Turkish group responsible for failed cyber-attack on Vienna airport (SC Magazine) Austrian police are investigating a failed cyber-attack on the Vienna airport and the authenticity of a claim of responsibility from a Turkish political group
Microsoft’s Top Lawyer Becomes a Civil Rights Crusader (MIT Technology Review) The No. 2 executive at Microsoft is fighting the U.S. government in a series of cases that will shape online privacy—and the cloud business
Watchdog Finds UK Cops Snooped on Journalists' Sources Without Approval (Motherboard) UK police acquired data to identify or determine journalistic sources without seeking judicial approval four times in 2015, according to a report from an independent oversight body published on Thursday
German Federal Intelligence Service violates laws, dodges supervision (Help Net Security) The German Federal Intelligence Service (BND) has been illegally collecting data through mass surveillance tools, storing it in databases that should not exist, and has repeatedly prevented the Federal Commissioner for Data Protection and Freedom of Information (BfDI) from supervising their actions
St. Jude Sues Muddy Water Waters, MedSec (Dark Reading) Medical device vulnerability-disclosure flap intensifies
CIA-backed big data firm Palantir says secrets pinched by investor (Register) Accuses advisor of 'brazen scheme to claim highly confidential secrets as his own'
Exclusive: Our Thai prison interview with an alleged top advisor to Silk Road (Ars Technica) Is Roger Thomas Clark really the notorious "Variety Jones"?
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
escar Asia 2016 (Tokyon, Japan, Sep 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.
2016 Intelligence & National Security Summit (Washington, DC, USA, Sep 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity, policy, and enduring strategic issues
Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, Sep 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016.
Innoexcell Annual Symposium 2016 (Singapore, Sep 8, 2016) The Innoxcell Annual Symposium (IAS) is largest and most comprehensive international legal and regulatory compliance conference in Hong Kong, Beijing, Shanghai, Singapore, Australia and United States.This is the only event of its kind that will run multiple paths covering great diversity of Legal and Regulatory Compliance topics with over 20 sessions to select from and 10+ exhibitions. We aim to provide a ‘one-of-a-kind’ conference for legal and compliance executives and professionals from different industries to explore the latest best legal and business practices, catch-up with latest regulatory updates, establish networking with prominent legal professionals around the Globe, as well as visit the legal technology and solutions exhibition.
SecureWorld Cincinnati (Sharonville, Ohio, USA, Sep 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Borderless Cyber Europe (Brussels, Belgium, Sep 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness and more effectively protect your business against cyber threats. You will learn how to build communities of practice between C-level professionals and IT security practitioners, access the latest cyber threat information sharing and get actionable experiences from real-world use cases.
SANS Network Security 2016 (Las Vegas, Nevada, USA , Sep 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.
Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, Sep 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite.
Hacker Halted 2016 (Atlanta, Georgia, USA, Sep 11 - 16, 2016) This year, Hacker Halted’s theme is the Cyber Butterfly Effect: When Small Mistakes Lead to Big Disasters. The goal of the conference is to bring the IT security community together to discuss how organizations are often compromised through the smallest of mistakes and how implementing effective changes can have ripple effects throughout all departments of an organization.
(ISC)² Security Congress (Orlando, Florida, USA, Sep 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.
7th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity in the Nation’s Capital, on September 13 in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynotes Include NSA Director Admiral Michael Rogers and top U.K. and Israeli Cyber Leaders.
Privacy. Security. Risk. 2016 (San Jose, California, USA, Sep 13 - 16, 2016) Innovative since Day 1, P.S.R. brings together two related fields—privacy and security—helping you see beyond your role in order to excel in your role. Because perspective is everything. Delivering the most thought-provoking speakers, sessions led by foremost experts and invaluable opportunities to connect and share ideas, P.S.R. gives you a world of new perspective.
CISO GAS (Frankfurt, Hessen, Germany, Sep 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives must always have this in mind, as well as a host of other evolving concerns, from curbing Bring-Your-Own-Device (BYOD) risk to controlling vulnerable social media data. In order for today's leading enterprises to operate smoothly, information security must be ahead of the hackers and kept abreast of the latest IT security topics and trends. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more
ISS World Americas (Washington, DC, USA, Sep 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering and Sharing. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's Telecommunications networks, the Internet and Social Networks.
Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, Sep 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply with the increasingly complex data security laws. Data privacy and security experts will discuss practical solutions to current problems.
Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, Sep 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. The training will include "Legal Considerations & Guidance For Insider Threat Programs" (Privacy Concerns, User Activity Monitoring, Investigations, Etc.) - Provided By Co-Instructor Insider Threat Law - Licensed Attorney. Insider Threat Defense has trained over 400 organizations and has become the "leader-go to company" for insider threat program development training.
SecureWorld Detroit (Dearborn, Michigan, USA , Sep 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, Sep 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.
4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, Sep 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.
Cyber Physical Systems Summit (Newport News, Virginia, USA, Sep 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.
hardwear.io Security Conference (The Hague, the Netherlands, Sep 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.
3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, Sep 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."
New York Cyber Security Summit (New York, New York, USA, Sep 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, Sep 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.
NYIT Annual Cybersecurity Conference (New York, New York, USA, Sep 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.
GDPR Comprehensive 2016 (London, England, UK, Sep 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals for the implementation of the GPDR. Now we’re bringing the programme to London. Don’t miss this intensive, two-day guided tour of the GDPR with the industry’s most knowledgeable experts.
Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, Sep 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.
CYBERSEC (Kraków, Poland, Sep 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.
Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Sep 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf
IP EXPO Nordic 2016 (Stockholm, Sweden, Sep 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.
SecureWorld Dallas (Plano, Texas, USA , Sep 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers