MIddlemen getting in the middle of tool sales. Lessons from recent incidents. Patch Tuesday notes. Industry news. And Russia says, not us; besides, you too.
news from the Seventh Annual Billington Cybersecurity Summt
The Seventh Annual Billington Cybersecurity Summit is in progress as this issue goes out. We'll have full reports tomorrow, but this morning we heard a keynote by US Federal CIO Tony Scott. It's clear what he thinks is the biggest challenge facing US Federal agencies across the board: their legacy IT systems. Difficult and expensive to secure, he thinks large-scale upgrading and modernization are the most important steps the Government could take to improve not only its IT, but its cyber security posture.
Scott thinks three paradigms must change if the Government is to advance cybersecurity: technology, organization, and funding. Tomorrow we'll have an account of how he sees these existing "paradigms" obstructing progress in security.
We'll be live-tweeting the proceedings periodically throughout the day. Look for #BillingtonSummit; follow @theCyberWire.
Observers looking into the sale of iOS surveillance tools by NSO Group to users in the United Arab Emirates find that middlemen make it difficult to identify those end users.
Other observers draw lessons from other recent incidents. The threat of the recently disclosed MySQL flaws, CSO writes, affords an object lesson in the importance of permission management. The large number of private keys exposed on publicly accessible web servers (up by more than a million from the number reported in last year's study by SEC Consult) indicates, says Naked Security, that those who develop firmware for embedded devices shouldn't (1) share or reuse private keys, (2) enable remote administration by default, or (3) let users activate new devices until they've set the necessary passwords.
Symantec releases its August security trends report. It finds a rise in malware variants (up to 45.5 million worldwide, as Symantec counts variants) but a drop in attacks as major malware toolkit activity is disrupted and declines.
Today is Patch Tuesday; the latest updates will be available from Redmond later in the day. Microsoft is revamping its patch distribution policy in October—this is the last Patch Tuesday but one to follow the old policies.
In industry news, the US General Services Administration has expanded the availability of cyber security purchases under Schedule 70.
Russia's Defense Minister takes a shot at remarks last week by the US Defense Secretary, charging Russia with dangerous destabilization of the international order. Russia says not us. Also tu quoque.
Notes.
Today's issue includes events affecting Australia, Canada, France, Germany, Iraq, Israel, Syria, United Kingdom, and United States.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll welcome Emily Wilson from our new partners at Terbium Labs. We'll also hear from Tony Dahbura, of the Johns Hopkins University, who'll describe their upcoming Senior Executive Cyber Security Conference. And as always, if you enjoy the podcast, please consider giving it an iTunes review.
Washington, DC: the latest from the Billington Cybersecurity Summit
7th Annual Billington CyberSecurity Summit (Billington CyberSecurity) Over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors [are attending] the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity in the Nation’s Capital, on September 13 in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynotes include NSA Director Admiral Michael Rogers and top U.K. and Israeli cyber leaders
Overnight Cybersecurity: House looking into election hacks | FTC seeks input on data safeguards (The Hill) ...At tomorrow's Billington Cybersecurity Summit in Washington D.C., Ryan Gillis, Palo Alto Network's vice president of cybersecurity strategy and global policy, will suggest a novel concept in information security: Successfully implementing cybersecurity policies in government and business might be less about technology or cost and more about being able to understand what other people are saying
Titan IC licenses Its Helios RegEx Processor to LookingGlass for Network-Based Threat Mitigation. (Design & Reuse) Titan IC Systems (Titan IC) today announces that LookingGlass Cyber Solutions (“LookingGlass”) has signed a multi-year strategic partnership to further advance the state of the art network based threat mitigation with the Titan IC Helios regular expression (RegEx) processor
Cyber Attacks, Threats, and Vulnerabilities
Surveillance Middlemen Make it Harder to Track Who's Responsible For Hacks (Motherboard) In August, researchers revealed they had found malware from secretive Israeli hacking company NSO Group on the phone of United Arab Emirates political dissident Ahmed Mansoor. The prime suspect behind the attack was the UAE government
Recent MySQL vulnerability a lesson in privilege assignments (CSO) SQLi makes it a remote issue, but the real problem is permissions
How “Fileless” Ransomware Works (CrowdStrike) As ransomware becomes an increasingly lucrative business, organized crime groups are expanding their operations to reach more victims and extract more ransoms
Hack Brief: Beware the Spammy Pokemon Go Apps Being Pushed to Millions of iPhones (Wired) There comes a time in everyone’s life when they consider, for better or for worse, downloading Pokémon Go. Now it seems scammers are ready for that impulsive moment to arrive, and they’re just waiting to redirect unsuspecting players to an app store where they may catch more than Pikachus
4.5 million web servers have private keys that are publicly known! (Naked Security) Late in 2015, we wrote about a survey by a European security consultancy called SEC Consult that looked at the cryptographic safety of the average web server
Thousands of infected FTP servers net attackers $88k in cryptocurrency (Ars Technica) Targets foot hardware and electricity costs of mining Monero coins
Don’t click the link: NAB customers targeted by sophisticated phishing scam (News.com.au) Customers who bank with NAB need to be aware of a sophisticated new phishing scam targeting those using online banking
Symantec's August malware stats show rise in malware but drop in attacks (Security Brief) Symantec's latest Monthly Intelligence Report has revealed that new malware variants are on the rise across the globe, reaching 45.5 million, the highest since the same time last year. Phishing attacks have dropped but email malware is also on the rise, suggesting a rollercoaster mix of threat types
Augusta University employees fall prey to cyber attack (WRDW) Augusta University targeted in a cyber attack and sending out an alert to faculty, students, and staff
Security Patches, Mitigations, and Software Updates
New Windows Patch Policy At Odds With Acceptable Risk (Threatpost) With Microsoft’s Patch Tuesday release tomorrow, the countdown begins for application developers to button down code ahead of Microsoft’s new servicing model starting in October that could present vulnerability issues for some businesses
Pokémon Go update blocks jailbroken devices; workaround already found (Ars Technica) Adds Pokémon Go Plus and Buddy Pokémon support along with numerous bug fixes
Cyber Trends
Our Connected World and the Unseen Legacies of 9/11 (Wired) Tom Drake arrived at work on his first day as a full-time employee of the National Security Agency before sunrise on a cool, clear morning: September 11, 2001
Emerging technologies are poking holes in security (CSO) Change management will never be the same
Talk Talk, Ashley Madison and now Apple show no company is immune from cyber attack (Guardian) Tackling hacking is a $75bn-a-year industry that companies cannot ignore for fear of consumer backlash
Convergence makes broadcasters vulnerable to cyber attack (TVBEurope) Cyber security has been a hot subject at IBC. In announcing a supplier security checklist, a beginner’s guide and a longer user guide, DPP MD Mark Harrison said: “Collectively I cannot think of a more important subject than cyber security”
Why so many security strategies will fail (IT Online) While 66% of CEOs will have digital transformation at the heart of their corporate strategy, 70% of siloed digital transformation initiatives will fail by 2018 due to insufficient collaboration, integration, sourcing or project management – and security initiatives are no different
Marketplace
GSA retools Schedule 70 for cyber (FCW) Federal technology buyers who use the General Services Administration's Schedule 70 will soon have new options for acquiring cybersecurity services
Making Sense of the Leidos-Lockheed IT Merger (Defense News) Leidos CEO Roger Krone discusses his company’s recent merger with Lockheed Martin’s IT division and the effect on its balance sheet.
Security-Software Picks for the Rest of 2016 (Barron's) CyberArk Software, Fortinet, Palo Alto and Proofpoint are rated at Outperform
Palo Alto - State Of The Union (Seeking Alpha) The cybersecurity industry is experiencing a paradigm shift. Palo Alto might not be perfectly positioned to withstand these shifts. Competition in the industry will make it hard for slow adopters to catch up with the new trends. Palo Alto’s current valuation might not be justified if it does not act fast
Cato Networks Secures $30M to Accelerate Customer Adoption of Networking and Security in the Cloud (MarketWired) Announces general availability of the world's first software-defined and cloud-based secure enterprise network
CensorNet sets sights on enterprise space (ChannelWeb) Vendor launches new partner programme following acquisition of SMS Passcode
Trend Micro Offers $250K to Hack iPhone in Pwn2Own Contest (eWeek) A new iteration of the P2wn2Own mobile hacking contest takes aim at iOS and Android
Products, Services, and Solutions
SentinelOne to Stay Out of VirusTotal (BankInfo Security) Anti-malware firm sees inadequate return on investment, for now
Dataguise Powers Data Warehouse Security and Compliance at 2016 Teradata PARTNERS Conference (MarketWired) Company features sensitive data detection and masking as keys to driving greater value from Teradata Unified Data Architecture
ITelagen® Launches Online HIPAA Security Risk Analysis for Medical Practices Nationwide (Press Release Rocket) Simple and automated online SRA offered by ITelagen and powered by HIPAA One®
Vectra Networks Takes On Backdoors in Data Center Firewalls Planted by Advanced Adversaries (MarketWired) These attack vectors are aimed at blind spots in all network and server infrastructure
Wipro and Vectra Networks Partner to Deliver Automated ‘Threat Hunting as- a- Service’ (BusinesWire) Enables real-time attack visibility to prevent cyber attack
IBM Announces Spectrum Protect Version 7.1.7 (Storage Review) Today IBM announced the latest version of its data protection software, Spectrum Protect version 7.1.7
Forcepoint launches new security tool to stop 'risky' behaviour in its tracks (Security Brief) Forcepoint is taking on the cybersecurity scene in Australia, and the company has announced its SureView Insider Threat tool to help organisations battle the neverending war aganst cyber threats
Technologies, Techniques, and Standards
PCI Security Update Targets PIN System Vendors (Dark Reading) New requirements cover physical and logical security control
If an Infosec policy falls in the forest (CSO) When you are building an Information Security practice you need a solid governance structure in place. For those of you who might not be familiar we can look at it a more accessible way. If you are building a house you need a solid foundation otherwise the thing will collapse
Five ways to respond to the ransomware threat (Help Net Security) The ransomware threat has taken a sharp upturn this year. In fact, a recent industry study found that nearly half of all U.S. businesses have experienced at least one ransomware attack in the past year alone. While organizations wrestle with the ever-pressing issue of whether to pay or not to pay if they’re victimized, Logicalis US suggests CXOs focus first on how to protect, thwart and recover from a potential attack
6 questions CISOs need to ask about containers (CSO) With the cloud being a big part of most companies, containers take on an important role in the network
Is your security awareness training program working? (CSO) An hour long lecture once a year doesn't do much for security awareness training
Moving toward an intelligent hybrid security model (Help Net Security) Cyber attacks aren’t slowing down – in fact, 76 percent of organizations have experienced a breach within the last two years. Enterprises of all sizes, across every industry, are challenged to respond to increasingly complex and severe attacks – often only learning about the size, severity, and type of incident they’re dealing with as their security teams work to stop them
Securing the human operating system: How to stop people being the weakest link in enterprise security (ZDNet) Protect your systems all you like but the biggest threat to security is still the worker sitting at a desk
DoD is 'rebranding' endpoint security (C4ISRNET) The Defense Department is making changes to the tools that provide endpoint security to its network. In a news release, DISA said the Host Based Security System (HBSS) — a tool to enable DoD to detect and counter known threats in the network — will be folded into several other tools as to provide an “evolved, holistic approach to cybersecurity network defense
Research and Development
Generic OS X Malware Detection Method Explained (Threatpost) When it comes to detecting OS X malware, the future may not be rooted in machine learning algorithms, but patterns and heatmap visualization, a researcher posits
Artificial intelligence in cybersecurity: Snake oil or salvation? (Help Net Security) So what is machine learning? Machine learning in an integral part of the “umbrella term” artificial intelligence. Put simply, it is the science of enabling computers to learn and take action without being explicitly programmed. This is achieved through complex algorithmic models applied to data. From this are derived data-driven predictions or decision
Academia
AU’s Kogod Cybersecurity Governance Center Hosting U.S. Cybersecurity Commission's September Hearing (Newswise) The U.S. Commission on Enhancing National Cybersecurity will hold its September 2016 field hearing at the American University Washington College of Law, hosted by the Kogod Cybersecurity Governance Center (KCGC)
Top 10 Cyber-Security Challenge UK talents chosen for European finals (SC Magazine) The final 10 candidates who will represent the Cyber-Security Challenge UK in the European Cyber-Security Challenge (ECSC) 2016 have been chosen
CSM National Security Agency (NSA) Internship Program (Southern Maryand Online) NSA educational co-op program is available to College of Southern Maryland’s students. The program provides paid employment during alternate semesters, tuition reimbursement and one class pre-paid during the accepted student’s “off” semesters
2 universities to discuss national security partnership (Washington Post) Two Maryland universities are scheduled to announce a national security partnership to pool resources and collaborate on counterterrorism research
Legislation, Policy, and Regulation
Russian Defense Minister Lashes Back at His US Counterpart (AP via ABC News) Russia's defense minister has lashed out at his U.S. counterpart, who has accused Moscow of sowing seeds of global instability
How the US responds to cyber incidents (C4ISRNET) The U.S. and its political parties have repeatedly fallen victim to cyber intruders in recent years. The most recent being the intrusion into a number of networks and accounts affiliated with the Democratic National Committee as well as state election systems, sowing some concern and distrust in American institutions
U.S.and UK enter into cyber partnership (C4ISRNET) During his overseas trip last week, U.S. Secretary of Defense Ash Carter and his UK counterpart, Michael Fallon, announced a partnership for greater information sharing in cyberspace
MoJ Struggling To Attract ‘Cooler’ Cyber Security Staff (TechWeek Europe) Government is losing top talent because ethical hackers don’t want to work for it, writes a senior recruiter
Obama administration takes battle against Islamic State into cyberspace (Washington Times) The Obama administration has launched the first cyberwar against the Islamic State, a war that, coupled with real, not virtual, fighting, is producing one of the most encouraging on-the-ground successes in the conflict — sharply cutting into the number of foreign fighters sneaking into Syria to join the group’s terrorist army and its so-called Islamic caliphate
New push for encryption backdoors faces first big test on Capitol Hill (Daily Dot) The newest phase in Washington's fight over encryption and cybersecurity is scheduled to begin on Capitol Hill on Tuesday as both interwoven issues shoot back toward center stage in a Senate hearing that will help set the tone for the next year of debate
Bipartisan campaign on Rule 41 gains steam? (Politico) A bipartisan cadre of senators are trying to kill a controversial change to the federal rules governing legal hacking
Will NSA and CyberCom Split? (NextGov) Talk of separating the National Security Agency and U.S. Cyber Command continues to pop up, as officials discuss the best path forward for agencies with different but related missions
Does the NSA have a duty to disclose zero-day exploits? (Network World) The NSA should disclose all zero-day exploits. But it doesn't
Nation's first CISO brings vision, strategy to cybersecurity mission (Federal Times) Last week, retired Air Force Gen. Gregory Touhill was appointed as the first federal chief information security officer. The appointment was well received throughout industry and the public sector as he brings technical expertise, leadership, accessibility and inclusion to the cybersecurity mission. He is viewed as a consummate cybersecurity professional who is well liked on both sides of the political aisle and by our global allies
The IRS isn’t alone with its struggle with the EINSTEIN cyber program (Federal News Radio) Agencies are looking at a deadline of less than four months to implement the cybersecurity program known as EINSTEIN 3-Accelerated (E3A)
New Book Traces Obama Strategy To Protect America From Hackers, Terrorists & Nation States (Dark Reading) A review of Charlie Mitchell's 'Hacked: The Inside Story of America's Struggle to Secure Cyberspace'
Litigation, Investigation, and Law Enforcement
Officials: 1 IS recruiter links attackers, jihadis in France (Fox News) A single French Islamic State jihadi has emerged as the link among at least four plots to attack France since June, three people with knowledge of the investigation said
3 Syrians arrested in Germany, believed sent by IS (AP) Three Syrian men believed to have been sent to Germany last year by the Islamic State group were arrested in raids on Tuesday, part of efforts to root out extremists sent to Europe amid the migrant influx, authorities said
Former Clinton email tech aide won’t testify at congressional hearing Tuesday (Washington Post) Lawyers for a former State Department staffer who worked on Hillary Clinton’s private email system have notified a House committee that their client will not testify Tuesday morning, saying that he previously invoked his constitutional right against self-incrimination before another Republican-led panel of Congress
Lawmaker issues subpoena to FBI for Clinton probe records (Fox News) A senior House Republican on Monday escalated the GOP's battle with the FBI over its decision not to recommend criminal charges against Hillary Clinton for her use of a private email system, serving a top FBI official with a subpoena for the investigation's full case file
Grassley blasts FBI over Clinton probe release (The Hill) Sen. Chuck Grassley is doubling down on his demand that the FBI publicly release unclassified information from its investigation into Hillary Clinton's private email server
Edward Snowden: ACLU and Amnesty seek presidential pardon (BBC) Two of the most prominent human rights organisations in the United States are about to launch a campaign for the presidential pardon of Edward Snowden
Edward Snowden should return to US, face charges: White House (Indian Express) White House officials said that Snowden would be offered due process of law on return, while adding that President Obama continues to believe that he has done harm to the national security interest of the US
Edward Snowden's 40 days in a Russian airport – by the woman who helped him escape (Register) Sarah Harrison on Ed's exile, Assange’s future – and the privacy fight ahead
The NSA whistleblowers who vetted Oliver Stone's 'Snowden' biopic (Christian Science Monitor Passcode) Former National Security Agency executives Bill Binney and Thomas Drake, who blew the whistle on US government surveillance programs more than a decade ago, served as advisers on the Edward Snowden film that opens nationwide Friday
Snowden May Help Explain Your Job To Your Family (Dark Reading) Hacking Oliver Stone's new film about whistleblower Edward Snowden
FDA, DHS Investigating St. Jude Device Vulnerabilities (Threatpost) The U.S. government has entered into the St. Jude-MedSec-Muddy Waters fray with an investigation into claims St. Jude medical devices are vulnerable to cyberattacks
vDOS hack: Attack on DDoS-for-hire service leads to two arrests (Inquirer) Serves them right
Man hacked, blackmailed gold bullion trading firm (Help Net Security) 25-year-old Adam Penny hacked the systems of an unnamed gold bullion trading firm, and used the stolen information about gold deliveries to intercept them before they are delivered to the rightful owners
Montreal cops hunting data thieves (CSO) When I was a kid growing up I was always enamored with the old cops and robbers movies. I was always amazed a the criminals terrible OPSEC even at a young age
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
SANS Network Security 2016 (Las Vegas, Nevada, USA , Sep 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.
Hacker Halted 2016 (Atlanta, Georgia, USA, Sep 11 - 16, 2016) This year, Hacker Halted’s theme is the Cyber Butterfly Effect: When Small Mistakes Lead to Big Disasters. The goal of the conference is to bring the IT security community together to discuss how organizations are often compromised through the smallest of mistakes and how implementing effective changes can have ripple effects throughout all departments of an organization.
(ISC)² Security Congress (Orlando, Florida, USA, Sep 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.
7th Annual Billington Cybersecurity Summit (Washington, DC, USA, Sep 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity in the Nation’s Capital, on September 13 in Washington, D.C. at the Ronald Reagan Building and International Trade Center. Keynotes Include NSA Director Admiral Michael Rogers and top U.K. and Israeli Cyber Leaders.
Privacy. Security. Risk. 2016 (San Jose, California, USA, Sep 13 - 16, 2016) Innovative since Day 1, P.S.R. brings together two related fields—privacy and security—helping you see beyond your role in order to excel in your role. Because perspective is everything. Delivering the most thought-provoking speakers, sessions led by foremost experts and invaluable opportunities to connect and share ideas, P.S.R. gives you a world of new perspective.
CISO GAS (Frankfurt, Hessen, Germany, Sep 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives must always have this in mind, as well as a host of other evolving concerns, from curbing Bring-Your-Own-Device (BYOD) risk to controlling vulnerable social media data. In order for today's leading enterprises to operate smoothly, information security must be ahead of the hackers and kept abreast of the latest IT security topics and trends. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more
ISS World Americas (Washington, DC, USA, Sep 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering and Sharing. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's Telecommunications networks, the Internet and Social Networks.
Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, Sep 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply with the increasingly complex data security laws. Data privacy and security experts will discuss practical solutions to current problems.
Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, Sep 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. The training will include "Legal Considerations & Guidance For Insider Threat Programs" (Privacy Concerns, User Activity Monitoring, Investigations, Etc.) - Provided By Co-Instructor Insider Threat Law - Licensed Attorney. Insider Threat Defense has trained over 400 organizations and has become the "leader-go to company" for insider threat program development training.
SecureWorld Detroit (Dearborn, Michigan, USA , Sep 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, Sep 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.
4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, Sep 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.
Cyber Physical Systems Summit (Newport News, Virginia, USA, Sep 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.
hardwear.io Security Conference (The Hague, the Netherlands, Sep 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.
3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, Sep 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."
New York Cyber Security Summit (New York, New York, USA, Sep 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, Sep 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.
NYIT Annual Cybersecurity Conference (New York, New York, USA, Sep 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.
GDPR Comprehensive 2016 (London, England, UK, Sep 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals for the implementation of the GPDR. Now we’re bringing the programme to London. Don’t miss this intensive, two-day guided tour of the GDPR with the industry’s most knowledgeable experts.
Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, Sep 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.
CYBERSEC (Kraków, Poland, Sep 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.
Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Sep 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf
IP EXPO Nordic 2016 (Stockholm, Sweden, Sep 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.
SecureWorld Dallas (Plano, Texas, USA , Sep 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
escar Asia 2016 (Tokyon, Japan, Sep 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.