Reports from the Intelligence and National Security Summit. US voting security. NSO Group's export license for Pegasus spyware. M&A action in the cyber sector. The OPM breach dissected.

Washington, DC: the latest from the Intelligence & National Security Summit

Jim Clapper: Ave atque Vale (The CyberWire) US Director of National Intelligence James Clapper opened the Intelligence and National Security Summit with a keynote that served also as a kind of valediction delivered as he nears the end of his tenure as DNI

Clapper: Spy agencies doing 'pretty well' on acquisition reform (FedScoop) "People are really starting to see the virtue of ICITE. It's actually not about an IT upgrade, it's a fundamental change in the way we do our business," he said

Blog: DNI Warns of Continued Troubled Cyber Wars (SIGNAL) Cybersecurity will remain as much of a challenge for the next administration as it has been for the current White House, especially in light of the constant barrage of cyber attacks from nation states, Director of National Intelligence James Clapper said Wednesday

Transcript Director of National Intelligence James Clapper (Intelligence and National Security Summit) CLAPPER: When I was president of SASA, the predecessor to INSA in the 1990s, I tried to promote a combined symposium with AFCEA, but I could never pull it off. This event now marks the third year in a row for this joint summit. So I want to congratulate everyone who is involved in both organizations, AFCEA and INSA, in putting these things on, and now they're becoming a custom

Managing Cyber Risk (The CyberWire) A panel with representation from both Government and industry offered their perspective on cyber risk. In sum, as the moderator put it, it's time to stop chasing the latest threat vector and to start setting priorities within a sound risk framework

Cyber Deterrence: Attribution and Ambiguity (and Certainty, too) (The CyberWire) Cyber deterrence is still in its infancy, roughly where nuclear deterrence was in 1950. That said, while there may be some instructive analogies with nuclear deterrence, those analogies may be imperfect at best

Cyber commander: U.S. not drawing 'red lines' in cyberspace (FedScoop) With so much ambiguity, the cyber domain becomes a dangerous space into which conflicts can overflow, and from which conflicts can quickly escalate, because the rules of engagement are unclear

The Intelligence and National Security Summit (INSA and AFCEA) The third annual Intelligence & National Security Summit will be held September 7 - 8, 2016, at the Walter E. Washington Convention Center in Washington, D.C. Hosted by the two leading professional associations – AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) – this is the premier gathering of senior decision makers from government, military, industry and academia. In its first two years the summit drew more than 3,000 attendees, exhibitors and journalists

Cyber Attacks, Threats, and Vulnerabilities

Israeli government okayed sale of spyware that exploits iPhones (Times of Israel) Permission granted to tech firm to sell product used to track a prominent UAE rights activist; officials slam move

Half of network management systems vulnerable to injection attacks (CSO) 50% of NMS may be vulnerable to XSS and SQLi attacks

Managed to Mangled: SNMP Exploits for Network Management Systems (Rapid7) This Rapid7 report explores attacking Network Management Systems (NMSs) over the Simple Network Management Protocol (SNMP), a protocol used extensively by NMSs to manage and monitor a wide variety of networked devices. Three distinct attack vectors are explored

Sophisticated Mokes backdoor targets Mac users (Help Net Security) A new malware targeting Macs has been discovered: the Mokes backdoor

Stealing login credentials from a locked PC or Mac just got easier (Ars Technica) 20 seconds of physical access with a $50 device is all it takes

Yes, you can hack cell phones like on Mr. Robot—just not the way they did (Ars Technica) While plausible, Elliot's "crackSIM" hack took some artistic license with technology

Look The Other Way: DDoS Attacks As Diversions (Dark Reading) Joe Loveless of Neustar talks about how DDoS attacks are shifting from simple disruption to more sinister continuous threats, and advises on what the new intents are. For example, the bad guys are even now using DDoS as diversions for other attacks such as malware insertions. What should you do about it?

Katcr.to, so-called Kickass Torrents Mirror Stealing Credit Card Data (HackRead) Kickass Torrents' shut down has been a blessing for scammers — after Kat.am scamming users here's Katcr.to doing the same

All About (Concealed) Data Leakage for Users Like You and Me (Heimdal Security) Drip, drip, drip…The sound of the leaking faucet called for my attention

When you've paid the ransom but you don't get your data back (Register) Oh, British firms... you're not alone – 1 in 3 pwned firms agree

Robert Herjavec Warns of Ransomware Attacks On Hospitals And Health Care Providers (The Street) Herjavec Group CEO Robert Herjavec warned of increased ransomware attacks on hospitals that use outdated technology in an appearance on CNBC

FBI Official Explains What To Do In A Ransomware Attack (Dark Reading) Feds say even basic information can advance the agency's investigation

Can you trust Tor’s hidden service directories? (Naked Security) Researchers recently revealed a new vulnerability in the design of Tor, the world’s favourite weapons-grade privacy tool

The Limits of SMS for 2-Factor Authentication (KrebsOnSecurity) A recent ping from a reader reminded me that I’ve been meaning to blog about the security limitations of using cell phone text messages for two-factor authentication online

Record Rambler Breach Highlights Password Flaws (Infosecurity Magazine) Security experts have called once again for an end to password-based authentication systems after nearly 100 million records were leaked online from Russian online portal Rambler.ru

Shipping must not underestimate physical risk posed by cyber-attack (Hellenic Shipping News) The London P&I Club says the physical risk to ships from cyber-attack may not be as well understood by ship owners as those threats posed to traditional back-office functions such as accounting, payments and banking

Malware Fears as Pokémon Threats Go Social (Infosecurity Magazine) Cybercriminals are jumping on the huge popularity of AR app Pokemon Go to spread malware via social media scams, according to Proofpoint

Security Patches, Mitigations, and Software Updates

WordPress 4.6.1 upgrades security, fixes 15 bugs (Help Net Security) WordPress 4.6.1 is now available. This is a security release for all previous versions and all users are strongly encouraged to update their sites immediately

Sweet Security Nuggets in Android Nougat (Digital Guardian) Google has released the long-awaited 7.0 version of Android, known as Nougat, and along with the usual performance and feature improvements, this release also is chock full of security improvements, both for users and developers

Google Safe Browsing gives more details to compromised website owners (CSO) The Google Search Console will now show tailored recommendations for dealing with security issues detected by Safe Browsing

Cyber Trends

Machine learning cybercrime experts tip Monero to join Bitcoin for darknet ransomware (International Business Times) Security experts Webroot predicts Bitcoin may be replaced by privacy-centric cryptocurrency Monero

Swift admits attack is “here to stay” – so what can banks do? (Banking Technology) There’s a cultural misconception that security equals lockdown in the financial sector; disclosure runs counter to that perception. Banks are less inclined to share intimate details of attacks because they don’t want to damage market confidence and that makes cyber security a major challenge for the sector

Top network security and data privacy concerns among businesses (Help Net Secuirty) With network security top of mind, businesses are nearly two times more concerned with losing private data (47 percent) than hackers disrupting their systems (26 percent), according to a new study by Wells Fargo Insurance. Misuse of technology among employees also emerged as a new, growing threat (seven percent), while network viruses and disruption of operations fell slightly to less than 10 percent from 2015

Concerns With Application and Data Security (DZone) It’s bad and it’s going to get worse before it gets better for a number of reasons

Why quantum computing has the cybersecurity world white-knuckled (PCWorld) 'There is a pending lethal attack, and the clock is ticking,' a new report warns

Marketplace

Intel to spin out security unit, sell stake in business to TPG (Reuters) Intel Corp (INTC.O) said it would spin out its cyber security division, formerly known as McAfee, and sell a majority stake in it to investment firm TPG for $3.1 billion in cash

Intel Adds to its Artificial Intelligence Portfolio with Movidius Acquisition (Electronics 360) Intel Corp. has acquired another company in the realm of deep learning in order to continue its push into artificial intelligence, with its RealSense technology

Dell Gets Bigger and Hewlett Packard Gets Smaller in Separate Deals (New York Times) Michael Dell and Meg Whitman may be business competitors, but they can each claim a technology industry superlative. One has overseen one of the largest mergers in the tech industry. The other has engineered its biggest breakup

As expected, Hewlett-Packard Enterprise sold its software business in an $8.8 billion deal (Business Insider) The rumored sale of Hewlett-Packard's Enterprise's software unit was officially announced today

Micro Focus merger with HPE’s Software Business Segment worth $8.8 billion (Help Net Security) Micro Focus announced today its intent to merge with HPE’s Software Business Segment in a transaction valued at approximately $8.8 billion. The merger is subject to customary closing conditions, including anti-trust clearances and shareholder approval and is expected to close in Q3 2017

A New Beginning (RSA) Today is a new beginning for RSA as we are now a part of the collective team of Dell Technologies, the world’s largest privately controlled tech company

LogRhythm talks next-gen security, fighting ransomware and more (IT Wire) At the recent Gartner Security and Risk Management Summit, I caught up with the company’s CMO, Mike Regan, to talk about LogRhythm’s latest security solutions

SonicWALL Partner Calms Customers Amid M&A Turbulence (MSP Mentor) When cybersecurity vendor SonicWALL was acquired by Dell in the late spring of 2012, the folks at partner Stronghold Data scrambled to reassure clients that the merger would ultimately be in their best interests

Partners Concerned About Future As FireEye Founder Resigns From Board Of Directors (CRN) FireEye founder and technical visionary Ashar Aziz has resigned from the security vendor, a move one partner called “extremely disconcerting”

Better Buy: FireEye Inc vs. Fortinet (Madison.com) Judging by their relative stock price performances, there's little question in investors' minds that Fortinet (NASDAQ: FTNT) has a brighter future than FireEye (NASDAQ: FEYE) in the cybersecurity market. Its shares are down 12% in the last year compared to a near-60% dive for FireEye

Why SecureWorks Is a Little-Noticed Buy (The Street) The computer information security firm will be a secure bet for the next 18 to 24 months

BAE Co-Hosts UK National Cyber Forensics Competition; Chris Clinton Comments (Executive Biz) BAE Systems, Cyber Security Challenge UK and Her Majesty’s Government Communications Centre have partnered to facilitate a competition that challenged participants to analyze a simulated attack on a fictional payment application site

Cybersecurity firm Kaspersky to create 50 jobs at new Dublin office (RTE News) Cybersecurity firm Kaspersky Lab is to create 50 jobs through the opening of its first European research and development centre in Dublin

Leidos Nabs $395 Million DHS Cyber Support Contract (Defense Daily) The Department of Homeland Security (DHS) has awarded Leidos [LDOS] a potential seven-year, $395 million contract to provide cyber security support services to the department’s Security Operations Center (SOC).DHS posted the award notice on Wednesday

Tech Forbes Cloud 100: Meet The Private Companies Leading Cloud Computing In 2016 (Forbes) From messaging to security and accounting to construction, cloud computing is transforming how companies do business and leaving new billion-dollar categories in its wake

New Cybersecurity Alliance Continues Trend of Industry Collaboration (Xconomy) For the cybersecurity industry, 2016 is shaping up to be the year of alliances

FireMon grabs Blue Coat man to head global channels (ChannelBiz) The security vendor has seen a 100 percent increase in channel bookings

Products, Services, and Solutions

Congressional Report Concludes CylancePROTECT Played a Pivotal Role in Discovering, Stopping and Remediating Malware that Caused OPM Data Breach (BusinessWire) Report shows artificial intelligence-based security software was key to halting data breach in progress

Trusona Releases Cloud Identity Suite and Launches the #NoPasswords Revolution (MarketWired) Trusona Essential is free and designed to eliminate passwords to create a safer Internet

LIFARS Partners with BlackRidge Technology to Bring a New Level of Cybersecurity Protection and Strategic Services to Enterprise Clients (Benzinga) Partnership addresses need to adopt new cyber defense technologies and response services to address today's cyber security threats

New Connected Security Alliance Aims to Address Entire Kill Chain (VAR Guy) SecureAuth leads initiative to integrate multiple solutions from different vendors at the product level

Panda Security Announces New Multiplatform Cloud-Based Security Solutions (Broadway World) Panda security, the world's leading provider of cloud-based security solutions, today announced new range of products compatible with Windows 10 Anniversary, Android, iOs and Mac

NBN Co beefs up cyber security offense (IT News) Ramp up of rollout leads to fresh capabilities

Lloyd’s Register, QinetiQ and GasLog to collaborate on maritime cyber security (Splash 24/7) “It’s not a matter of if, it’s a matter of when.” That was the stark warning on the likelihood of ships being hacked given by Luis Benito today at the SMM fair in Hamburg. Benito, global strategic marketing manager for Lloyd’s Register (LR) was speaking as the UK classification society announced a collaboration with QinetiQ and GasLog to increase the level of security of cyber-enabled ships

Balabit's Shell Control Box Now Available in Microsoft Azure Marketplace -- Removes Key Barrier to Cloud Adoption (Finance) Balabit Inc., a leading provider of contextual security technologies, has announced that its privileged user monitoring solution, Shell Control Box (SCB), is now available in the Microsoft Azure Marketplace

Sophos is a Magic Quadrant Leader in Unified Threat Management for the fifth year running (Sophos Blog) We’re excited to announce that the new Gartner Magic Quadrant for Unified Threat Management* is out, and Sophos is positioned in the Leaders Quadrant for the fifth year running

Global Technical Systems granted status as a National Security Agency Trusted Integrator for Commercial Solutions for Classified Programs (PRNewswire) Global Technical Systems (GTS), headquartered in Virginia Beach, VA., has been granted status as a National Security Agency (NSA) Trusted Integrator for Commercial Solutions for Classified (CSfC) Programs

Swift Programmers Using Checkmarx Can Now Detect Security and Code Flaws (App Developer Magazine) Since launching publicly at Apple’s WWDC in 2014, Swift has soared in popularity amongst programmers and has caught the attention of other major technology players in the process. Google is now even considering implementing Swift as a “first class” language for Android

GenDyn to supply U.S. Air Force with new cryptographic module (UPI) The KIV-78 updates Air Identification Friend or Foe system for identifying friendly vehicles

Technologies, Techniques, and Standards

The evolution of data breach prevention practices (Help Net Security) Despite the potential costs, legal consequences and other negative outcomes of data breaches, they continue to happen. A new SANS Institute survey looks at the preventive aspect of breaches – and what security and IT practitioners actually are, or are not, implementing for prevention

Trend Micro advises firms to sandbox employees (V3) Let employees learn and make mistakes in a safe environment, says security firm

Cybersecurity expert says 'almost everything can be hacked' and endpoint protection is not enough (Healthcare IT News) Healthcare organizations need to implement high-end network monitoring and network anomaly detection, according to Core Security general manager Chris Sullivan

Design and Innovation

How Google aims to disrupt the Islamic State propaganda machine (Christian Science Monitor Passcode) A pilot program launched by Google’s technology incubator created software that pairs searches for the militant's slogans and recruitment material with antiextremist messages

Google’s Clever Plan to Stop Aspiring ISIS Recruits (Wired) Google has built a half-trillion-dollar business out of divining what people want based on a few words they type into a search field. In the process, it’s stumbled on a powerful tool for getting inside the minds of some of the least understood and most dangerous people on the Internet: potential ISIS recruits. Now one subsidiary of Google is trying not just to understand those would-be jihadis’ intentions, but to change them

Academia

Back to school: How cyber security can learn from academia (Computer Business Review) Is it time cyber security drew from fields such as psychology and social science?

High honour for head of Waikato's cyber security lab (Voxy) Head of the University of Waikato’s Cyber Security Lab Dr Ryan Ko is one of 22 people who have been made Research Fellows by the Cloud Security Alliance (CSA)

NSA Designates Forsyth Tech a Cybersecurity Regional Resource Center (Stokes News) College tapped to help address predicted global digital security workforce shortfall of 1.5 million by 2020

Legislation, Policy, and Regulation

NATO opens flagship cyber event with vision for the future (NATO Communications and Information Agency) Top NATO officials and industry representatives are discussing how to join forces and efforts to combat ever more sophisticated cyber threats at the Alliance's annual two-day cyber security conference NIAS 16 in Mons, Belgium

Ash Carter: Russia has a 'clear ambition' to degrade world order with military, cyber campaigns (Business Insider) US Defense Secretary Ash Carter is strongly criticizing Russia for what he says is Moscow's "clear ambition to erode the principled international order" through coercion and aggression

DHS chief has 'a lot of confidence' in security of US electoral infrastructure (Fox News) Homeland Security Secretary Jeh Johnson said Wednesday he has “a lot of confidence” in the security of America’s electoral infrastructure despite concerns about intrusions by cybercriminals

US must beef up its cyber muscle, Trump says (CIO) The Republican calls for increased spending on cybersecurity and more offensive weapons

Trump: ‘Hillary Clinton Has Taught Us Really How Vulnerable We Are in Cyber Hacking’ (CNSNews) In a speech at the Union League of Philadelphia, GOP presidential nominee Donald Trump said Wednesday that the Defense Department’s cyber capabilities must be improved to prevent cyber hacking and that Democratic presidential nominee Hillary Clinton has taught the nation how vulnerable it is

Clinton, Trump confront weaknesses in security forum (KLTV) Donald Trump and Hillary Clinton confronted their key weaknesses in a televised national security forum, with the Republican defending his preparedness to be commander in chief despite vague plans for tackling global challenges and the Democrat arguing that her controversial email practices did not expose questionable judgment

Podcast: Government hacking v. human rights (Christian Science Monitor Passcode) On the latest edition of The Cybersecurity Podcast, digital privacy expert Amie Stepanovich discusses government hacking from a human rights perspective

GAO: DoD Should Monitor National Guard’s Cyber Response Capabilities Through a Database (Executive Gov) The Government Accountability Office has called on the Defense Department to maintain a database to keep track of National Guard’s emergency response capabilities in support of civil agencies during a cyber attack

Litigation, Investigation, and Law Enforcement

OPM Breach: Two Waves Of Attacks Likely Connected, Congressional Probe Concludes (Dark Reading) Congressional investigation sheds more light on what went down in the massive Office of Personnel Management breach, says data theft was preventable

Congressional report highlights missed opportunities to avert OPM cyber-attack (Guardian) Personal information of more than 21 million compromised at federal agency. House report reveals details and chronology of attack some blame on China

OPM Hackers Used Marvel Superhero Nicknames to Hide Their Tracks (Motherboard) The disastrous data breach discovered last year at the US government agency that handles all federal employees data, the Office of Personnel Management, or OPM, was enabled by a seemingly endless series of mistakes by the agency itself, according to a comprehensive congressional report released on Wednesday

House GOP Slams OPM Over 2015 Breach (Infosecurity Magazine) House of Representatives Republicans have slammed the Office of Personnel Management (OPM) for multiple IT security failings which led to the unprecedented breach of over 21 million sensitive records last year, but Democrats claim their report doesn’t tell the whole story.

Turkish group responsible for failed cyber-attack on Vienna airport (SC Magazine) Austrian police are investigating a failed cyber-attack on the Vienna airport and the authenticity of a claim of responsibility from a Turkish political group

Microsoft’s Top Lawyer Becomes a Civil Rights Crusader (MIT Technology Review) The No. 2 executive at Microsoft is fighting the U.S. government in a series of cases that will shape online privacy—and the cloud business

Watchdog Finds UK Cops Snooped on Journalists' Sources Without Approval (Motherboard) UK police acquired data to identify or determine journalistic sources without seeking judicial approval four times in 2015, according to a report from an independent oversight body published on Thursday

German Federal Intelligence Service violates laws, dodges supervision (Help Net Security) The German Federal Intelligence Service (BND) has been illegally collecting data through mass surveillance tools, storing it in databases that should not exist, and has repeatedly prevented the Federal Commissioner for Data Protection and Freedom of Information (BfDI) from supervising their actions

St. Jude Sues Muddy Water Waters, MedSec (Dark Reading) Medical device vulnerability-disclosure flap intensifies

CIA-backed big data firm Palantir says secrets pinched by investor (Register) Accuses advisor of 'brazen scheme to claim highly confidential secrets as his own'

Exclusive: Our Thai prison interview with an alleged top advisor to Silk Road (Ars Technica) Is Roger Thomas Clark really the notorious "Variety Jones"?

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

escar Asia 2016 (Tokyon, Japan, Sep 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.

Upcoming Events

2016 Intelligence & National Security Summit (Washington, DC, USA, Sep 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity, policy, and enduring strategic issues

Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, Sep 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016.

Innoexcell Annual Symposium 2016 (Singapore, Sep 8, 2016) The Innoxcell Annual Symposium (IAS) is largest and most comprehensive international legal and regulatory compliance conference in Hong Kong, Beijing, Shanghai, Singapore, Australia and United States.This is the only event of its kind that will run multiple paths covering great diversity of Legal and Regulatory Compliance topics with over 20 sessions to select from and 10+ exhibitions. We aim to provide a ‘one-of-a-kind’ conference for legal and compliance executives and professionals from different industries to explore the latest best legal and business practices, catch-up with latest regulatory updates, establish networking with prominent legal professionals around the Globe, as well as visit the legal technology and solutions exhibition.

SecureWorld Cincinnati (Sharonville, Ohio, USA, Sep 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Borderless Cyber Europe (Brussels, Belgium, Sep 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness and more effectively protect your business against cyber threats. You will learn how to build communities of practice between C-level professionals and IT security practitioners, access the latest cyber threat information sharing and get actionable experiences from real-world use cases.

SANS Network Security 2016 (Las Vegas, Nevada, USA , Sep 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, Sep 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite.

Hacker Halted 2016 (Atlanta, Georgia, USA, Sep 11 - 16, 2016) This ​year, ​Hacker ​H​alted’s theme​ is​ the Cyber Butterfl​​y Effect​:​ When ​S​mall ​M​istakes ​L​ead to ​B​ig ​D​isasters​. The goal of the conference is to bring the IT security community together to discuss how organizations are often compromised through the smallest of mistakes​ and how implementing effective changes can have ripple effects throughout all departments of an organization.

(ISC)² Security Congress (Orlando, Florida, USA, Sep 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity in the Nation’s Capital, on September 13 in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynotes Include NSA Director Admiral Michael Rogers and top U.K. and Israeli Cyber Leaders.

Privacy. Security. Risk. 2016 (San Jose, California, USA, Sep 13 - 16, 2016) Innovative since Day 1, P.S.R. brings together two related fields—privacy and security—helping you see beyond your role in order to excel in your role. Because perspective is everything. Delivering the most thought-provoking speakers, sessions led by foremost experts and invaluable opportunities to connect and share ideas, P.S.R. gives you a world of new perspective.

CISO GAS (Frankfurt, Hessen, Germany, Sep 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives must always have this in mind, as well as a host of other evolving concerns, from curbing Bring-Your-Own-Device (BYOD) risk to controlling vulnerable social media data. In order for today's leading enterprises to operate smoothly, information security must be ahead of the hackers and kept abreast of the latest IT security topics and trends. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more

ISS World Americas (Washington, DC, USA, Sep 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering and Sharing. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's Telecommunications networks, the Internet and Social Networks.

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, Sep 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply with the increasingly complex data security laws. Data privacy and security experts will discuss practical solutions to current problems.

Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, Sep 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. The training will include "Legal Considerations & Guidance For Insider Threat Programs" (Privacy Concerns, User Activity Monitoring, Investigations, Etc.) - Provided By Co-Instructor Insider Threat Law - Licensed Attorney. Insider Threat Defense has trained over 400 organizations and has become the "leader-go to company" for insider threat program development training.

SecureWorld Detroit (Dearborn, Michigan, USA , Sep 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, Sep 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, Sep 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.

Cyber Physical Systems Summit (Newport News, Virginia, USA, Sep 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.

hardwear.io Security Conference (The Hague, the Netherlands, Sep 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, Sep 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."

New York Cyber Security Summit (New York, New York, USA, Sep 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, Sep 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.

NYIT Annual Cybersecurity Conference (New York, New York, USA, Sep 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.

GDPR Comprehensive 2016 (London, England, UK, Sep 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals for the implementation of the GPDR. Now we’re bringing the programme to London. Don’t miss this intensive, two-day guided tour of the GDPR with the industry’s most knowledgeable experts.

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, Sep 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.

CYBERSEC (Kraków, Poland, Sep 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Sep 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf

IP EXPO Nordic 2016 (Stockholm, Sweden, Sep 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.

SecureWorld Dallas (Plano, Texas, USA , Sep 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers