The CyberWire Daily Briefing 09.09.16

Summary

By The CyberWire Staff

US authorities continue to investigate what's being characterized informally (albeit all but officially) as a Russian government campaign to "disrupt" upcoming US elections. Direct hacking of voting is feared, but such Russian activity as has been observed is more consistent with influence operation than classic cyberattack. Observers see the probable goal as undermining confidence in US institutions to the detriment of the US and the advantage of Russia. Most of the interest in the alleged Russian campaign continues to center on what Russian intelligence services may have collected from political parties (especially the Democratic Party) and from candidate Clinton's State-Department-era private email server.

Wikileaks' Julian Assange (objectively aligned with Russia's government) has promised to release as many as "100,000 pages" of new material "related to Hilary Clinton."

Criminals are using malware installed on Seagate Central NAS to mine cryptocurrencies. Sophos researchers describe "Mal/Miner-C," which is being used to extract value from Monero, more susceptible to mining than the older Bitcoin. Of 207,110 active Seagate Central NAS devices allowing anonymous remote access, 7,263 permit write-access enabled, and 5,137 of these are infected with Mal/Miner-C.

KrebsOnSecurity reports on vDOS, an Israel-based booter DDoS-attack service that earned its masters some $600,000 over the past two years.

InfoArmor publishes an update on GovRAT, a criminal campaign now in version 2.0 and afflicting US Government and military targets.

The Congressional report on 2015's massive OPM breach is out. Cylance offers a vade mecum for the dismaying contents.

Two alleged Crackas-with-attitude are arrested in North Carolina.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, China, France, Gabon, Germany Iran, Iraq, Israel, Democratic Peoples Republic of Korea, Russia, Syria, United Kingdom, United States

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from the University of Maryland's Markus Rauschecker, of the Center for Health and Homeland Security, who'll talk about how your social media accounts may be checked when you enter the United States. Our guest, Cylance's Malcolm Harkins, will give us an insider's perspective on the just-released Congressional report on 2015's OPM breach. If you enjoy the podcast, please consider giving it an iTunes review.

Sponsored Events

New York Cyber Security Summit (New York, NY, USA, September 21, 2016) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the FBI, Arbor Networks, IBM and more. <a href="http://cybersummitusa.com/new-york-2016/">Register with promo code cyberwire50 for half off your admission (Regular price $250)</a>

Selected Reading

Cyber Trends

Cybercrime and Money – Cause and Effect (Tripwire: the State of Security) In cybercrime, truth is in the eye of the beholder. And if in any other research or business field it is somehow easy to define cause and consequence, in cybercrime it is not

Cyber space a 'double-edged sword' for firms (Lawyers Weekly) The cyber space presents unique opportunities for Australian firms aspiring to be at the forefront of the profession, but it also poses significant threats to those who do not comply properly

Legislation, Policy and Regulation

U.S.-U.K. Cyber Agreement Opens Doors for Both Nations (DoD News) Defense Secretary Ash Carter and his British counterpart Michael Fallon yesterday signed a first-of-its kind agreement to together advance offensive and defensive cyber capabilities, Carter said in a joint press conference in London as part of his three-day trip to the United Kingdom and Norway

Germany to pour cash into mass surveillance (Deutsche Welle) Germany's intelligence agencies are planning a massive increase in their budgets next year, according to a new report. The BND is hoping the cash injection will help it become more independent from the NSA

Hollande: Republic must create 'Islam of France' to respond to terror threat (CNN) Hollande: Republic must create 'Islam of France' to respond to terror threat

NSA hack revives old policy debates (American Enterprise Institute) It has now been almost a month since a group called the Shadow Brokers leaked a huge trove of NSA hacking tools online in what has been declared the “biggest blow to the agency” since the Snowden debacle in 2013

White House to name retired Air Force general as first cybersecurity chief (Reuters via CNBC) The White House on Thursday is expected to announce retired U.S. Air Force Brigadier General Gregory Touhill as the government's first federal cybersecurity chief, a position intended to improve defenses against hackers, according to a government statement seen by Reuters

Meet the U.S.'s First Ever Cyber Chief (Fortune) Retired Air Force Brigadier Gen. Gregory Touhill just got a promotion

Johnson: Cyber reorg should be priority for next Congress (FCW) The reorganization of the Department of Homeland Security's cyber operations division should be at the top of the to-do list of the next Congress, said agency Secretary Jeh Johnson

Dateline

The State of US National Intelligence: Observations from the "Big Six" (The CyberWire) The Intelligence and National Security Summit concluded with a plenary session featuring the leaders of the Intelligence Community's largest agencies: CIA, NGA, FBI, NSA, NRO, and DIA. They covered a wide range of issues and challenges, most of which had a strong cyber dimension

Spy games meet word games as officials warn Russia against election meddling (Baltimore Sun) When some of the nation's top spies joined each other on stage at a conference Thursday, the question of whether Russia was behind the hacking of the Democratic National Committee and state elections systems soon came up

Structure of US Voting System 'More Resilient' to Possible Cyberattacks (Sputnik) FBI Director James Comey said that the widely dispersed and offline US vote-counting system helps defend the election process from malicious cyber actors

FBI director says bureau probing election interference from abroad (USA TODAY) While careful not to formally name Russia, FBI Director James Comey said Thursday that the bureau is actively investigating whether a "nation-state actor is messing'' with the U.S. electoral system

Next 5 Years for Intel Community Will Focus on Nation-State Threats, Counterterrorism (SIGNAL) Top U.S. intelligence leaders share insights, fears and hopes during INSS

Cyber red lines: ambiguous by necessity? (C4ISRNET) Members of Congress, academia, industry and policy circles have derided the lack of clear red lines in cyberspace -- cyber acts that would, without question, warrant a response. However, from the government’s perspective, some level of strategic ambiguity in red lines allows for critical political wiggle room

Bipartisan Signaling from the House to the IC (The CyberWire) In a discussion moderated by Walter Pincus of the Cipher Brief, Representatives David Nunes (R-California) and Adam Schiff (D-California) spoke directly about cyber threats and US organization to meet them

Old adversaries, new threats, say intel overseers (FCW) Russia, China, Iran, Islamic State, North Korea -- it's the same list of adversaries the U.S. has faced for years now, but the nature of the threat is changing, say leaders of the House Permanent Select Committee on Intelligence

Rep. Nunes Knocks DNI ‘Bureaucracy’; Schiff Calls On Obama To ID Russia For DNC Hack (Breaking Defense) The persistent grumbles from the CIA and other bastions of the Intelligence Community that the Director of National Intelligence is just an unneeded layer of bureaucracy has caught the ear of House Intelligence chairman Rep. Devin Nunes. He promised to try and pass legislation to change this but admitted it would be “tough” to get passed

Trump, Clinton Do Not Get PDB; DNI Stresses Intel Community Not Political (Breaking Defense) In the face of a lot of what he called “catastrophizing” about the “very volatile time for the country” known as the presidential transition, Director of National Intelligence James Clapper offers a simple message: “It’ll be OK”

Defense Intelligence Director Acknowledges ‘Winning Wars’ Not US Strong-Suit (Sputnik) US Defense Intelligence Agency Director Lt. Gen. Vincent Stewart said that the United States has a good success rate winning individual battles, but often fails to establish stable conditions after the fighting is over

Intelligence Officials: Technology Allows Terror Threat to Spread (Voice of America) Even though the U.S.-led coalition has made progress in efforts to oust Islamic State from its "caliphate" in Iraq and Syria, top U.S. intelligence officials warn that technology is allowing the threat of terrorism to spread across even wider circles

Comey: Terrorist infiltration to 'dominate' FBI focus for years (Washington Examiner) The flow of terrorists from the Arab world to Western Europe and the United States is going to "dominate" the FBI's attention for the foreseeable future, FBI Director James Comey said Thursday

How Will Terrorists Use the Internet of Things? The Justice Department Is Trying to Figure That Out (Defense One) As the business of connected devices explodes, DOJ joins other agencies in evaluating the national-security risks

CISA: Hope and Reality (The CyberWire) Moderated by Crhis Inglis, Venture Partner at Palladin, and former Deputy Director, National Security Agency, this panel took up "Implementing the Cybersecurity and Information Security Act (CISA) Challenges and Opportunities." CISA, passed in March of this year, intended to make it easier for industry to share information with the Government, and deliberately stopped short of requiring such sharing. The panel discussed how this law has worked out so far

Department of Homeland Security asks businesses to share cyberattack information, finds only one that's willing (Baltimore Sun) A law championed by Rep. C. A. Dutch Ruppersberger to get businesses and the government to share information about computer security threats has had limited impact so far because companies are reluctant to hand over data to the government, officials and corporate executives said Thursday

New OPM background check agency will inherit huge backlog (FedScoop) "On Oct. 1, when the NBIB officially stands up, it will also officially inherit a sizable backlog," Jim Onusko, U.S. government personnel security veteran and transition leader for the bureau said

How the IC can improve acquisitions (FCW) The Intelligence and National Security Alliance has some suggestions for how the intelligence community can improve its acquisition practices

Products, Services, and Solutions

Kaspersky Lab Presents the First Cybersecurity Index (Economic Times) Security company Kaspersky Lab has launched the Kaspersky Cybersecurity Index to measure the current cyberthreat levels that internet users face

Microsoft’s tin ear for privacy (Computerworld) The company keeps defending data-gathering features that some people don’t want instead of just making them optional

The Groundhog is Dead (Cylance) For years, one of my favorite movies has been Groundhog Day, which chronicles the tale of a narcissistic weatherman doomed to live the same day over and over again. This maddening process makes him feel none too different from the way I’ve felt professionally when, over the years, I’ve found myself time and again battling the same threats and vulnerabilities over and over, as though stuck in a cycle from which I could never break free

Technologies, Techniques, and Standards

Practical Handbook and Reference Guide for the Working Cyber Security Professional (TAG Cyber) The TAG Cyber 50 Enterprise Security Controls

Secure mobile communications explained (Help Net Security) For a typical consumer, seeing Secured by SSL is all it takes to reassure them that whatever they are doing online is safe and secure. Awareness also teaches these same users that if https is in the browser, they are safe

Are all IoT vulnerabilities easily avoidable? (Help Net Security) Every vulnerability or privacy issue reported for consumer connected home and wearable technology products since November 2015 could have been easily avoided, according to the Online Trust Alliance (OTA)

Avoiding The Blame Game For A Cyberattack (Dark Reading) How organizations can develop a framework of acceptable care for cybersecurity risk

The 9 Box of Controls (Cylance) American military leader General George Marshall once said, “The only way human beings can win a war is to prevent it.” As Secretary of Defense and the only US Army General to ever win a Nobel Peace Prize, his commitment to peace was born of his direct knowledge of the awful costs and consequences of war

Marketplace

Intel flogs McAfee security unit at a whopping $3.5bn loss (Inquirer) Looks like John McAfee ain't getting his name back

Better Buy: Palo Alto Networks Inc or Check Point Software? (Motley Fool) With data breaches on the rise, which firewall vendor is the better long-term investment?

One Year Post-IPO, Sophos Extending Its Security Platform (eWeek) Sophos' CEO discusses the challenges and opportunities of being a publicly traded security company in 2016

LookingGlass Cyber Solutions Honored as Best Overall IT Company of the Year by Network Products Guide and the 2016 IT World Awards (BusinessWire) LookingGlass also Received Bronze Distinction in the Best Products for Security Software Category

DDoS Experience a Hot Commodity in IT Job Market (Infosecurity Magazine) Global demand for network engineers who have DDoS mitigation skills has continued to grow over the last six months, with skilled pros raking in $102,000 per year on average

New group seeks to raise awareness of cybersecurity at top levels (Mississippi Business Journal) A new coalition of top Mississippi public and private sector leaders wants to raise awareness of cybersecurity implications, issues and the growing threats to businesses and government agencies as well as economic opportunities

Research and Development

DARPA Challenges Industry To Make Adaptive Radios With Artificial Intelligence (Defense News) The Pentagon’s research agency has a new challenge for scientists: make wireless radios with artificial intelligence that can figure out the most effective, efficient way to use the radio frequency spectrum, and win a pile of cash

Security Patches, Mitigations, and Software Updates

Chrome will start labeling some HTTP sites as non-secure (Help Net Security) Slowly but relentlessly, Google is pushing website owners to deploy HTTPS – or get left behind

Cyber Attacks, Threats, and Vulnerabilities

Assange: Up to 100,000 pages of Clinton documents to come (Washington Examiner) WikiLeaks could release as many as 100,000 pages of new material related to Hillary Clinton before the election, Julian Assange said Thursday, thanks in part to new sources who stepped forward after the organization leaked internal emails from the Democratic National Committee

U.S. investigating potential covert Russian plan to disrupt presidential election (Chicago Tribune) U.S. intelligence and law enforcement agencies are probing what they see as a broad covert Russian operation in the United States to sow public distrust in the upcoming presidential election and in U.S. political institutions, intelligence and congressional officials said

The Kremlin Really Believes That Hillary Wants to Start a War With Russia (Foreign Policy) An American embedded within Moscow’s top foreign-policy brain trust explains why Putin and his cadres are backing Trump

How Russia could spark a U.S. electoral disaster (Washington Post) “U.S. investigates potential covert Russian plan to disrupt November elections.” To those unused to this kind of story, I can imagine that headline, from The Post this week, seemed strange. A secret Russian plot to throw a U.S. election through a massive hack of the electoral system? It sounds like a thriller, or a movie starring Harrison Ford

Washington Really Doesn’t Want To Deal With A Cyber War With Russia (BuzzFeed News) “Do you really want that shitstorm? I don’t think you do,” one intelligence official told BuzzFeed News

Gabon Is Suffering the 'Worst Communications Suppression Since the Arab Spring' (Motherboard) The small West African nation of Gabon has replaced its country-wide internet blockage with an “internet curfew” that experts say is creating an “unprecedented level of communication suppression since the Arab Spring” and appears to have no end in sight. Gabon’s government rarely registers a blip on the radar of international news, but the blockage is the latest in a troubling trend of nations blocking the internet when they fear unrest

Yes, U.S. did hack Elysée Palace in 2012, French ex-spy says (CSO) And yes, it was a Frenchman who hacked the Canadians (and the Iranians) in 2009

What's behind backdoor #3? Mac version of Mokes malware follows Linux, Windows variants (PC & Tech Authority) Kaspersky Lab today released an analysis of a newly discovered version of Mokes - a malicious, cross-platform backdoor with spying functionality - this one targeting Apple's OS X operating system

Your Seagate Central NAS could be hosting mining malware (Help Net Security) If you have discovered cryptocurrency mining malware on your system, have removed it, and got compromised again without an idea about how it happened, it could be that the source of the infection is the Seagate Central NAS sitting on your network

Cryptomining malware on NAS servers – is one of them yours? (Naked Security) SophosLabs has just released a report on a new way that crooks are distributing a strain of malware that makes money by “borrowing” your computer to mine a new sort of cryptocurrency

DHS Urges Vigilance in Protecting Networking Gear (Threatpost) After a summer of high-profile attacks and disclosures centered around enterprise network infrastructure, the Department of Homeland Security on Tuesday put out an alert explaining some of the tactics used by advanced attackers, and urged special caution in maintaining supply chain integrity

Collecting Users Credentials from Locked Devices (SANS Internet Storm Center) It’s a fact: When a device can be physically accessed, you may consider it as compromised

GovRAT 2.0 Attacking US Military and Government (InfoArmor) In November 2015, InfoArmor identified the GovRAT malware that possessed advanced cyberespionage functionalities and documented these findings in the GovRAT Intelligence Report. Research indicated that GovRAT and the bad actors involved were targeting government and military assets. InfoArmor alerted the identified agencies and targets in order to prevent data exfiltration and to collect actual and current IOCs

Attacking the Attackers: Facebook Hacker Tools Exploit Their Users (eWeek) Would-be hackers that sought out tools to hack Facebook were in fact exploited themselves, new research from Blue Coat Elastica Cloud Threat Labs shows

Israeli Online Attack Service ‘vDOS’ Earned $600,000 in Two Years (KrebsOnSecurity) vDOS — a “booter” service that has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock Web sites offline — has been massively hacked, spilling secrets about tens of thousands of paying customers and their targets

Nettitude warns of DDoS extortion and ransomware campaign targeting the financial sector (Finextra) UK cyber security consultancy, Nettitude, has identified a coordinated DDoS extortion and ransomware campaign, which has been targeting financial institutions over the past few days

The cost of ransomware attacks: $1 billion this year (ZDNet) And it's only the beginning, with file locking malware only set to grow and take larger role in cybercrime, warn researchers

43.7% of cloud-based malware delivers ransomware (Help Net Security) According to a new Netskope report, 43.7% of malware found in enterprises cloud apps have delivered ransomware, and 55.9% of malware-infected files found in cloud apps are shared publicly. Enterprises, on average, have 977 cloud apps in use, up from 935 last quarter

FTC Panel Encourages Basic Security Hygiene to Counter Ransomware (Threatpost) When asked to describe what it’s like to deal with the constantly looming threat of ransomware, Chad Wilson, the Director of Information Security at Children’s National Medical Center in Washington D.C., didn’t beat around the bush

Hacked uTorrent Forum, Mail.ru, Yandex.ru Data Goes on Darknet for Sale (HackRead) Hackers are now selling stolen data from UTorrent Forum, Mail.ru, and Yandex.ru — the data is in the millions, so brace yourself

Brazzers gets the shaft in data breach (CSO) Years ago, I remember a time when water was free. You would just drink it from the tap and you had to pay for your ‘dirty magazines’. Times have changed to say the least

Data hoarders are shining a spotlight on past breaches (CSO) Anonymous internet users routinely collect copies of stolen databases

Pokémon Go a breeding ground for malware, Proofpoint warns (IT Business) Security concerns related to Pokémon Go are nothing new – but in addition to existing problems regarding user privacy, the game could also leave its players vulnerable to malware, a new blog post by data protection software firm Proofpoint warns

Why Some Dark Web Dealers Post Photos of Their Drug Labs (Motherboard) The dark web drug trade is already pretty audacious. Dealers, customers, and site administrator operate fairly openly, and anyone can log onto a dark web marketplace and easily place an order for whatever drug they want

Clinton email highlights frustrating reality of bypassed IT policies (CSO) Don't like security restrictions on communications and devices? Just ignore them

Litigation, Investigation, and Enforcement

Fallout Over OPM Breach Report Begins (Threatpost) Wednesday’s bombshell report on the U.S. Office of Personnel Management breaches that exposed sensitive data belonging to more than 22 million people has sparked a cavalcade of finger pointing, politicking and squabbling over who knew what first

Your Cylance® Resource for Understanding the OPM Breach (Cylance) Access the report and view information you can use for your own breach prevention, mitigation, and incident response plan

Actually, Clinton Should Have Destroyed Her Phones Better (Wired) Following Friday afternoon's FBI release of documents about Hillary Clinton’s private email servers, Julian Assange, CNN, and Donald Trump have all railed against the revelation that her aide smashed two of her 13 private BlackBerrys with a hammer in an attempt to destroy them

Powell Email Shows Clinton Was Hardly First to Break Security Rules (Wired) A new piece of evidence surfaced Wednesday night in the imbroglio over Hillary Clinton’s controversial use of a private server and Blackberry during her time as Secretary of State: A friendly message from Colin Powell detailing how he had used his own unapproved devices and private email during his time as head of the State Department years earlier

The “plain hearing” doctrine now dictates when cops must hang up on wiretaps (Ars Technica) US appeals court decides "novel question" of electronic surveillance law

5,300 Wells Fargo employees fired after 2 million fake accounts discovered (Ars Technica) Employees transferred funds to fake accounts, sometimes triggering charges for customers

FBI arrests two men behind hacking of CIA director (Washington Examiner) The FBI on Thursday arrested two North Carolina men allegedly involved in last year's hack of CIA Director John Brennan, and cited incriminating messages sent privately over Twitter between the two

Two men charged with hacking CIA director and other high-ranking officials (Ars Technica) "Crackas with Attitude" members accused of posing as Verizon and FBI support personnel

'Snowden' Film to Change Personal Internet Security Perceptions (Sputnik) Igor Lopatonok, the executive producer of the upcoming "Snowden" film said that former National Security Agency (NSA) contractor-turned-whistleblower Edward Snowden himself has approved of the film and its story, praising Gordon-Levitt's depiction of the whistleblower and expressing confidence in the film's success with the audience

Anonymous Hacker Might Get 16 Years For Exposing Steubenville Rape Scandal (Steubenville) Believe it or not, one of the Anonymous-associated hackers may receive 16 years in prison for exposing the Steubenville rape scandal — meanwhile, rapists exposed by the hacker are already free

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, September 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016.

Borderless Cyber Europe (Brussels, Belgium, September 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness and more effectively protect your business against cyber threats. You will learn how to build communities of practice between C-level professionals and IT security practitioners, access the latest cyber threat information sharing and get actionable experiences from real-world use cases.

SANS Network Security 2016 (Las Vegas, Nevada, USA , September 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, September 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks that threaten their organizations. The day-long conference will explore cyber exposures, regulations, governance and insurance coverage. Risk managers and CISOs will learn how to adapt proven risk management strategies to their current cybersecurity environments, how to better communicate with their information security teams, and how to effectively convey risks, exposures and coverage options to their corporate boards and the C suite.

Hacker Halted 2016 (Atlanta, Georgia, USA, September 11 - 16, 2016) This year, Hacker Halted’s theme is the Cyber Butterfly Effect: When Small Mistakes Lead to Big Disasters. The goal of the conference is to bring the IT security community together to discuss how organizations are often compromised through the smallest of mistakes and how implementing effective changes can have ripple effects throughout all departments of an organization.

(ISC)² Security Congress (Orlando, Florida, USA, September 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity in the Nation’s Capital, on September 13 in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynotes Include NSA Director Admiral Michael Rogers and top U.K. and Israeli Cyber Leaders.

Privacy. Security. Risk. 2016 (San Jose, California, USA, September 13 - 16, 2016) Innovative since Day 1, P.S.R. brings together two related fields—privacy and security—helping you see beyond your role in order to excel in your role. Because perspective is everything. Delivering the most thought-provoking speakers, sessions led by foremost experts and invaluable opportunities to connect and share ideas, P.S.R. gives you a world of new perspective.

CISO GAS (Frankfurt, Hessen, Germany, September 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives must always have this in mind, as well as a host of other evolving concerns, from curbing Bring-Your-Own-Device (BYOD) risk to controlling vulnerable social media data. In order for today's leading enterprises to operate smoothly, information security must be ahead of the hackers and kept abreast of the latest IT security topics and trends. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more

ISS World Americas (Washington, DC, USA, September 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering and Sharing. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's Telecommunications networks, the Internet and Social Networks.

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, September 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply with the increasingly complex data security laws. Data privacy and security experts will discuss practical solutions to current problems.

Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, September 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. The training will include "Legal Considerations & Guidance For Insider Threat Programs" (Privacy Concerns, User Activity Monitoring, Investigations, Etc.) - Provided By Co-Instructor Insider Threat Law - Licensed Attorney. Insider Threat Defense has trained over 400 organizations and has become the "leader-go to company" for insider threat program development training.

SecureWorld Detroit (Dearborn, Michigan, USA , September 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.

Cyber Physical Systems Summit (Newport News, Virginia, USA, September 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.

GDPR Comprehensive 2016 (London, England, UK, September 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals for the implementation of the GPDR. Now we’re bringing the programme to London. Don’t miss this intensive, two-day guided tour of the GDPR with the industry’s most knowledgeable experts.

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

escar Asia 2016 (Tokyon, Japan, September 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.