
Billington CyberSecurity Summit interim report. Fancy Bear gets busy: more DNC and WADA dox are out. Election hacking worries and responses. Ransomware profits. Industry notes. Congress debates surveillance, CyberCom organization. Snowden's pardon?
news from the Seventh Annual Billington Cybersecurity Summit
The Seventh Annual Billington Cybersecurity Summit met yesterday, with contributions from senior British, Israeli, and US leaders. In today's issue we have an account of the keynote address by US Federal CIO Tony Scott.
We'll have reports on other sessions and speakers in tomorrow's CyberWire. But as a preview, we heard about the relative value of state-to-state and international organization cooperation (speakers preferred the former), the costs (both fiscal and security) of maintaining legacy systems, the need for specificity in framing the definitions used in international agreements, the real but limited value of designating something "critical infrastructure," and the desire of agency leaders to increase the speed and intercommunication of artificially intelligent systems.
(And we also heard that, while the US is very active against ISIS in cyberspace, the Commander of US Cyber Command is undrestandably quite unwilling to describe those operations.)
More documents taken from the US Democratic National Committee are released. Nothing newly scabrous, but Russia Today continues to waggle the Guccifer 2.0 sockpuppet to misdirect all from the hackers who doxed the DNC. ABC News says those hackers call themselves "Fancy Bear," which isn't quite accurate: that's what CrowdStrike calls them. Fancy Bear actually calls itself "Гла́вное разве́дывательное управле́ние" (over here people usually say "GRU").
US officials continue to worry about election hacking, and appear to have settled on a policy of offering help to state and local authorities without designating voting "critical infrastructure" or Federalizing elections.
Fancy Bear is also said to be behind the doxing of the World Anti-Doping Authority (WADA), exposing non-Russian Olympians' medical records in a spirit of tu quoque about performance-enhancing substances. (Again, the hacking, not the records, is the shock.)
Ransomware crime continues to pay. One malware author is, incredibly, reported by McAfee Labs to have netted some $94 million ($121 million gross).
KrebsOnSecurity says the US Secret Service is warning of a new ATM threat, "periscope skimming," in which a specialized "probe" connects to the machine's circuit board to access card data.
In the US, Congress is again taking up surveillance legislation. The Intelligence Community (including the NSA Director) this week testified in favor of strong encryption.
Senator McCain (R-Arizona) vows to block any attempt to separate NSA and US Cyber Command. Secretary of Defense Carter muses that NSA might do better as an independent agency.
Snowden says he deserves a pardon.
Notes.
Today's issue includes events affecting Ireland, Israel, Russia, St. Kitts and Nevis, United Kingdom, and United States.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today Ben Yelin from our partners at the University of Maryland's Center for Health and Homeland Security will give us an update on the legal ins-and-outs of stingray cell phone interception. Our guest, Acalvio’s Chief Software Architect Raj Gopalakrishna, will talk about machine learning. As always, if you enjoy the podcast, please consider giving it an iTunes review.
Washington, DC: the latest from the Billington Cybersecurity Summit
Upgrading Technology, Organization, and Funding (The CyberWire) Tony Scott, the US Federal CIO, addressed the Billington CyberSecurity Summit with the aim of outlining what he sees at the path forward with respect to information technology for the United States Government. In doing so he paid particular attention to the implications of that path for cyber security
Cyber commission will weigh powers of White House policy czar (FedScoop) The commission will hear testimony from a wide variety of Washington players with different approaches to the issue
DHS won't define election systems as critical before November (FedScoop) “This is not something we're looking to in the near future. This is a conversation we’re having in the long term with state and local government, who are responsible for voting infrastructure"
Cyber threat sharing is now a two way street between industry and government (Federal News Radio) One of the more controversial laws passed last year just hit a major milestone. Companies are now officially sharing their cyber threat data with the government
Mandia: Phishing numbers show better U.S. cyber hygiene (FedScoop) If attackers have to phish your employees, it means they can't get at your servers
Israel cyber head: US-backed cyber norms too broad (The Hill) The head of the of the Israeli National Cyber Directorate on Tuesday criticized the State Department's strategy for developing international cybersecurity norms, calling the plans overly broad
Ciaran Martin: UK is moving towards more active defence in cyberspace (French Tribune) During the course of a speech at the Billington Cyber Security Summit in Washington, Ciaran Martin – the CEO of the UK’s new National Cyber Security Centre (NCSC) – said that the UK is moving towards more active defence in cyberspace
GCHQ cyber boss plans British firewall to block hackers (Guardian) Businesses could use surveillance agency’s expertise to protect them from malicious attacks, says director general of cyber Ciaran Martin
UK’s national cyber security unit working on automated defenses (TechCrunch) The CEO of the UK’s new National Cyber Security Centre wants industry and government to work more closely together to combat cyber crime
UK must plan for major 'hostile cyber attack' (Sky News) The boss of the new cyber security centre warns British infrastructure will only be safe when all outdated software is replaced
CREST Signs Cyber Security Incident Response Agreement With NSA (PRNewswire) New CREST USA Chapter opens offices in New York
Cyber Attacks, Threats, and Vulnerabilities
Guccifer 2.0 drops more DNC documents (The Hill) The hacker known as Guccifer 2.0 on Tuesday released a new trove of documents purportedly stolen from the Democratic National Committee (DNC)
Guccifer 2.0: More hacked DNC documents revealed at cyber conference (RT) Another round of hacked Democratic National Committee documents have been released. Provided by an anonymous representative of a hacker, Guccifer, the 500 megabytes detail the DNC’s information technology infrastructure and internal reports on donors
Possible Russian Meddling with US Elections Worries Key Defense Officials (Voice of America) Top U.S. defense officials insist they are not turning a blind eye to fears that Russian hackers are trying to hijack upcoming U.S. presidential and local elections
The DualToy Windows Trojan Uses USB Connection to Infect Androids and iOS Smartphones (Virus Guides) A Windows Trojan, named by Palo Alto Networks “DualToy”, used USB connection to load malicious apps on Android and iOS devices, connected to the infected computer
A single ransomware network has pulled in $121 million (CSO) A ransomware author was able to collect $121 million in ransomware payments
Armada Collective DDoS Extortion Group Now Threatens Ransomware Infections (Extreme Hacking) A group going by the name of Armada Collective is still sending extortion emails to website owners around the globe, one year after this type of attack became widely known
Ransomware usage explodes, as app, browser and plug-in vulnerabilities increase (Help Net Security) Bromium conducted research on cyber attacks and threats affecting enterprise security over the last six months. The good news is while the number of vulnerabilities is steadily increasing, not all exploitable vulnerabilities are actually exploited. The bad news is, criminals are working harder to get protected data. As a result, there’s been an uptick in recent high-profile data breaches and ransomware attacks
NTP reflection attacks hit record high (CSO) Distributed denial of service attacks that take advantage of misconfigured NTP servers were up 276 percent last quarter compared to the same time last year, reaching a new record high, according to a new report
Attackers Launch DDoS Attacks And the Kitchen Sink (CSO) First off, full disclosure, I work for Akamai as my day job. I don’t want any illusion on the point as I discuss the latest State of the Internet report that I was fortunate enough to be a part of creating
Business still ill-prepared to handle modern DDoS attacks (Help Net Security) In September 1996, New York City’s original ISP, Panix, was hit by a SYN flood denial of service attack that took them offline for several days. At a time when only 20 million Americans were online, this was one of the first high profile examples of the growing importance of network and service availability
Wada cyber attack: Williams sisters and Simone Biles targeted by Russian group (Guardian) ‘Fancy Bear’ accessed confidential medical data including TUEs. Serena Williams, Simone Biles, Elena Delle Donne targeted by group
Cyber 'Smear': Hackers Publish Olympians' Medical Records (ABC News) In what a U.S. official said was a "smear" attack on American Olympians, hackers have posted online medical and drug testing records for top athletes including gymnast Simone Biles, tennis players Serena and Venus Williams and basketball player Elena Delle Donne
Facebook Post Tagging Scam Steals Your Login Credentials (HackRead) Latest Facebook scam is spreading like wildfire and it uses a chrome app to steal login credentials — so watch out
6.6 million ClixSense users exposed in wake of site, company hack (Help Net Security) If you’ve ever registered with ClixSense – and millions have – you can consider all your personal information shared with the service compromised
Hacker Steals Passwords for Science Site EurekAlert!, Leaks Embargoed News (Motherboard) Popular science website EurekAlert!, which handles embargoed reports on health, medicine, and technology, has been hacked, according to an announcement on the site published Tuesday
Hackers found 47 new vulnerabilities in 23 IoT devices at DEF CON (CSO) The results from this year's IoT hacking contest are in and it's not a pretty picture
Don't Trust That Trust Mechanism: Vulnerabilities In Digital Certificates (Dark Reading) Tom Nipravsky, security researcher at Deep Instinct, visits the Dark Reading News Desk at Black Hat to explain how to tell the difference between a digital certificate that's worth your trust and one that isn't
Secret Service Warns of ‘Periscope’ Skimmers (KrebsOnSecurity) The U.S. Secret Service is warning banks and ATM owners about a new technological advance in cash machine skimming known as “periscope skimming,” which involves a specialized skimming probe that connects directly to the ATM’s internal circuit board to steal card data
Security Patches, Mitigations, and Software Updates
Using a thing made by Microsoft, Apple or Adobe? It probably needs a patch today (Register) Windows, Win Server, Office, Edge, IE, Silverlight, Flash, iOS, watchOS
Patch Tuesday: Microsoft rolls out 14 bulletins, prepares new updating system for October (SC Magazine) Microsoft's September Patch Tuesday offering, which included 14 bulletins covering 60 vulnerabilities or almost twice as many as were issued in August, is the last to be delivered under this update system with the company moving to a “monthly rollup” delivery mechanism starting in October
Microsoft Patch Tuesday Analysis (SANS Internet Storm Center) The Microsoft Patch Tuesday updates are out, our analysis is here
Microsoft ends Tuesday patches (Help Net Security) Yesterday was a big day for Patch Tuesday. It was the last traditional Windows Patch Tuesday as Microsoft is moving to a new patching release model. In the future, patches will be bundled together and users will no longer be able to pick and choose which updates to install. Furthermore, these new ‘monthly update packs’ will be combined, so for instance, the November update will include all the patches from October as well
Apple iOS 10 and 10.0.1 Released (SANS Internet Storm Center) On top of today being Patch Tuesday, Apple has released IOS 10 sometime today as well. They also released 10.0.1, with not a lot of detail behind that release (maybe something was missed?)
iOS 10 Security Updates Move to HTTPS (Threatpost) Update Apple has finally moved its iOS security update mechanism to HTTPS with today’s release of iOS 10
iPhones 'bricked' as Apple releases iOS 10 (and then rapidly fixes the problem) (Graham Cluley) Some iPhones and iPads busted by Apple’s buggy update
Adobe Back With New Flash Player Security Update (Threatpost) After a month free of Flash Player fixes and emergency patches, Adobe today resumed its monthly ritual of releasing a security update for the maligned software
Bad news: MySQL can dish out root access to cunning miscreants (Register) Good news: Oracle sneaked some patches out
Cyber Trends
Centrify’s Survey Finds Consumers More Concerned with Financial Data Getting Hacked than Private Information about Their Families Being Exposed (BusinessWire) Survey also reveals consumers more likely to hear about data breaches from the news or social media—not from companies holding their data
Securing information in the age of external collaboration (Help Net Security) A new Enterprise Strategy Group (ESG) research study, which was completed by 200 senior IT and security professionals with influence over purchasing decisions, highlights the need for organizations to have the necessary technologies in place to ensure policies travel with sensitive data wherever and however it is shared
GDPR: Are you prepared? (Help Net Security) Many European and US businesses are ill-prepared for the recently agreed EU General Data Protection Regulation (GDPR) and are at risk of falling foul of its rules around the use and control of personal data, according to a study conducted by Vanson Bourne
After all this time, enterprises are still doing cybersecurity wrong (ITProPortal) The main reason why so many organisations are suffering breaches and other forms of cyber-attacks is because they're not proactive, but reactive, says NSFOCUS
Insider Incidents Cost Companies $4.3 Million Per Year On Average (Dark Reading) Breaches caused by external attackers posing as insiders are the most financially damaging, Ponemon Institute survey finds
Deloitte executive says Latin America and Caribbean highly vulnerable to cyber- attacks (SKNVibes) Deloitte’s Global Chief Information Officer, Larry Quinlan, said that despite increased improvements in technology in the Caribbean and Latin America, the regions remain highly vulnerable to cyber-attacks
UAE companies ‘wide open’ to cyber attacks due to lack of staff training (National) Companies are failing to provide their employees with basic cyber security awareness training, leaving their systems "wide open" to attacks
Marketplace
Microsoft, Huawei Join in Cybersecurity Message (Wall Street Journal) Each feeling the heat from the other’s government, the two titans have jointly produced a tech ‘buyers guide’
U.S. spies think China wants to read your email (Bloomberg View via the Chicago Tribune) For more than a decade, the U.S. military and intelligence community has quietly warned that the world's largest telecom equipment manufacturer, Huawei, is an arm of the People's Liberation Army and that its phones, circuits and routers are instruments of Chinese eavesdropping
How Symantec's New COO Measures Security Success (eSecurity Planet) Mike Fey, president and COO of Symantec, talks about how he will bring the former Blue Coat and Symantec teams together
The Mariner Group is Now a Wholly Owned Subsidiary of ARES Security Corporation (PRNewswire) The Mariner Group has recently been fully acquired by ARES Security Corporation (ASC), who has held a majority ownership in The Mariner Group since 2013
Verizon to acquire IoT startup Sensity and aid smart city services (Techseen) Sensity Systems has agreed to the deal for an undisclosed amount and will aid Verizon's ThingSpace IoT platfrom with its LED light systems
FireEye: A Closer Look At Mandiant (Seeking Alpha) FireEye bought Mandiant for synergistic reasons. Mandiant is yet to live up to expectation due to dwindling high profile attacks. Separating Mandiant can potentially unlock more value for FireEye
Intel’s Spinout of McAfee Sparks Further Interest in Cyber Security (Guru Focus) You and the data associated with your network are now at risk…maybe
Startup Focuses On Real-Time Security Monitoring Of Plant Networks (Dark Reading) With $32 million in venture capital funding and co-founders from Siemens and Israeli Defense Force research teams, Claroty emerges from stealth
Israeli cyber security startup Cato Networks raises $30 million led by Greylock Partners (Geektime) This is the second round over $20 million in the last 15 months for Cato
GSA in a 'sprint' to offer new cybersecurity contracts (FedScoop) Agencies will be able to buy specialized cybersecurity tools and services in the areas of incident response, penetration testing, cyber hunt, and risk and vulnerability assessments beginning Oct. 1
Google offers $200K for top prize in new Android hack challenge (CSO) Launches limited-time 'bug chain' contest to root out security vulnerabilities
Portrait Of A Bug Bounty Hacker (Dark Reading) Bounty programs attract young, self-taught hackers who primarily depend on it as a lucrative side gig
Ntrepid Reveals Technical Advisory Board for Passages (BusinessWire) Diverse group of industry security experts and leading academia tapped to drive innovation
ICF International Awarded $34 Million Contract to Support the Defense Critical Infrastructure Program by Conducting Infrastructure Risk Assessments Worldwide (BusinessWire) ICF International (NASDAQ:ICFI), a leading provider of professional services and technology-based solutions to government and commercial clients, has been awarded a new $34 million contract to strengthen the resilience of U.S. Department of Defense (DOD) assets and assess the potential vulnerability of critical infrastructure at installations around the world
Kaspersky Lab opens R&D office in Ireland (Telecompaper) Kaspersky Lab opened its first European research and development (R&D) centre, in Dublin, Ireland. The location was selected on account of Dublin’s growing reputation as a major European tech hub, providing access to a highly skilled IT talent pool and a strong network of innovative technology companies
Global Cyber Leaders set to convene at 6th Annual CyberMaryland Summit (PRNewswire) Annual conference, industry showcase, job fair and National Cyber Security Hall of Fame Induction Ceremony to be held during National Cybersecurity Awareness Month in October
CrowdStrike Co-Founder and CTO Dmitri Alperovitch Named to Politico 50 List (Broadway World) CrowdStrike Co-Founder and CTO Dmitri Alperovitch Named to Politico 50 List CrowdStrike, the leader in cloud-delivered next-generation endpoint protection, today announced that Dmitri Alperovitch, CrowdStrike’s co-founder and chief technology officer, has been named into the Politico 50 list for 2016
Proofpoint CEO Gary Steele Joins Malwarebytes Board of Directors (Digital Journal) Malwarebytes™, the leading advanced malware prevention and remediation solution, today announced the appointment of Gary Steele, CEO at Proofpoint, to the Malwarebytes Board of Directors
Products, Services, and Solutions
The ‘Automated Public/Private Intel Sharing System’ That Enables CISA (Motherboard) At the end of 2015, with the United States facing the potential of a government shutdown, a widely derided and unpopular cybersecurity bill formerly known as CISPA and CISA was unceremoniously snuck into a 2000-page, must-pass budget bill
Tenable adds security to Google Cloud Platform (CloudPro) Vendor claims this will give customers complete cloud security view
Wipro partners with IntSights to deliver ‘Threat Intelligence as a Service’ (IIFL) The company announced a partnership with Israel-based IntSights Cyber Intelligence to bolster and expand its 'Threat Intelligence as- a- Service offering'
5 ways Cisco could become an iPhone's best friend (PCWorld) Apple devices get some special capabilities on Cisco networks starting with iOS 10
DDoS downtime calculator based on real-world information (Help Net Security) Are you wondering how you can assess the risks associated with a DDoS attack? Incapsula’s free DDoS Downtime Calculator offers case-specific information adjusted to the realities of your organization
Keeper Password Manager Available on Continuum for Windows 10 Phone Users (PRNewswire) App seamlessly syncs Microsoft's signature feature
Myki rolls out a password manager that locks all your info away on your phone (TechCrunch) Everything is getting hacked to the point that it’s getting kind of ridiculous — and everyone needs to have secure passwords
Duo Security Helps Protect Healthcare Organizations from Ransomware Attacks in a Single Step (PRNewswire) Certification organization EPCS compliance for two-factor authentication
Technologies, Techniques, and Standards
EU Group Canvas Aims to Put Ethics Back in Security (Infosecurity Magazine) A new EU-backed consortium created to help align cybersecurity with European ethics and values held its first meeting in Zurich this week
Biometrics: the New Frontier in Security, but Why Aren’t We There Yet? (Infosecurity Magazine) Biometrics is often considered to be the cutting-edge technology that the security industry needs to adopt to help drive innovation in the digital age
The Dos And Don'ts Of Running Security Honeypots In Your Organisation (Life Hacker) In the context of IT security, a honeypot is a computer system that serves as a decoy or as a trap so organisations can gather information on attackers that break into their corporate networks
9 biases killing your security program (CSO) I see what I want to see
Design and Innovation
Why The Security UI Could Help With Hiring (Dark Reading) The incoming generation of security analysts has specific expectations for the user interface of security software, and businesses should pay attention
Research and Development
Galois and Guardtime Federal Awarded $1.8M DARPA Contract to Formally Verify Blockchain-Based Integrity Monitoring System (PRWeb) Project aims to verify ability of keyless integrity monitoring systems to detect Advanced Persistent Threats (APTs) as they work to remain hidden in networks
Special Issue on Entropy-Based Applied Cryptography and Enhanced Security for Ubiquitous Computing (Entropy) Entropy is a basic and important concept in information theory. It is also often used as a measure of the unpredictability of a cryptographic key in cryptography research areas
Legislation, Policy, and Regulation
Cybersecurity In The Obama Era (Dark Reading) Our roundup of the Obama administration's major initiatives, executive orders and actions over the past seven and a half years. How would you grade the president's cybersecurity achievements?
White House’s DJ Patil wants to disrupt the criminal justice system with data (TechCrunch) At TechCrunch Disrupt SF 2016 today, I had a chance to chat with DJ Patil, the nation’s deputy chief technology officer for data policy and chief data scientist. We talked about what he’s been up to at the White House lately, the criminal justice system and a recently-launched data justice initiative
Encryption-focused lawmakers remain at loggerheads (Politico) Hacks won't force action on encryption
With national privacy debate unsettled, US intelligence officials back encryption (Christian Science Monitor Passcode) Lawmakers may still consider measures to force tech companies to decrypt communications, but at a Senate hearing Tuesday two top intelligence officials supported strong digital privacy protections
Senior Officials: DoD Supports Strong Encryption for Defense, Commercial Security (DoD News) The Defense Department supports strong encryption to protect military capabilities and commercial encryption technology that is critical to U.S. economic security, senior DoD officials said here today
Tor Slams Mass Hacking Amendments (Infosecurity Magazine) The Tor Project has slammed proposed US legislation that would allow the FBI greater capabilities to hack computers and conduct surveillance on electronic media that is “concealed through technological means"
The Defense Department Wants to Spin Off the NSA (PC Magazine) An independent NSA could free up DOD resources for more cyberattacks, assuming they can find enough programmers
McCain vows to block breakup of NSA leadership (The Hill) Sen. John McCain (R-Ariz.) on Tuesday vowed to oppose a reported proposal that would split up the leadership of the National Security Agency (NSA) and the U.S Cyber Command in a preview of what could be a brutal fight later this year
Army wants cyber capability everywhere (FCW) The Army's new cyber director said the service is still struggling to make cyber, electronic warfare and information operations tangible to warfighters
Litigation, Investigation, and Law Enforcement
Former Clinton adviser unsure of security protections on server (The Hill) Former senior Clinton adviser Justin Cooper repeatedly professed that he could not provide specific details about the security protections in place on Hillary Clinton’s private email server during a Tuesday congressional hearing
Edward Snowden says he deserves presidential pardon over NSA leaks (Washington Times) Edward Snowden on Monday said he should be pardoned, not prosecuted, for leaking government secrets, and he described his decision to disclose national security documents as being “necessary” to affect change to the country’s surveillance programs
Edward Snowden’s former boss speaks out: ‘I would have hired him again’ — but not now (GeekWire via Yahoo! Tech) The cybersecurity expert who hired Edward Snowden for his last job is laying out his lessons learned – but admits it would have been hard to stop the man who spilled some of the National Security Agency’s most closely held secrets
Edward Snowden Really Needs Oliver Stone’s Hero Movie Right Now (Wired) Director Oliver Stone’s Snowden takes about 90 minutes to bleach out the last shades of grey in its black-and-white biopic of the NSA’s most well-known whistleblower
NY Cracks Down on Mattel and Hasbro For Tracking Kids Online (Wired) Most Americans have long ago given up fighting the notion that their behavior is tracked by advertisers as they move around the web
2 million fake accounts later, Wells Fargo drops sales quotas for its employees (Ars Technica) Bank has not promised it will stop cross-selling products entirely, despite a temporary hold
Man accused of necrophilia and sexual assault prevails in privacy case (Ars Technica) “Cell phones are intrinsically private,” Arizona Supreme Court finds
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, Oct 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference will build on last year's success with a particular focus on the domestic and international legal frameworks and challenges to confronting the growing cyber threats in the gray zone short of armed conflict and employing cyber capabilities as part of broader deterrence strategies. The first two days of the conference will be held at the Acquisition Research Center, Hannover, MD, and will be conducted at the Unclassified level. The third and fourth days of the conference will be held at the classified level on Fort Meade, Maryland. The conference will be closed to the media and conducted under Chatham House rules.
Upcoming Events
SANS Network Security 2016 (Las Vegas, Nevada, USA , Sep 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity! SANS will bring you the best in network security training, certification, and up-to-the-minute research on the most important topics in the industry today.
Hacker Halted 2016 (Atlanta, Georgia, USA, Sep 11 - 16, 2016) This year, Hacker Halted’s theme is the Cyber Butterfly Effect: When Small Mistakes Lead to Big Disasters. The goal of the conference is to bring the IT security community together to discuss how organizations are often compromised through the smallest of mistakes and how implementing effective changes can have ripple effects throughout all departments of an organization.
(ISC)² Security Congress (Orlando, Florida, USA, Sep 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity leaders. As cyber threats and attacks continue to rise, the goal of (ISC)² Security Congress is to advance security leaders by arming them with the knowledge, tools, and expertise to protect their organizations.
Privacy. Security. Risk. 2016 (San Jose, California, USA, Sep 13 - 16, 2016) Innovative since Day 1, P.S.R. brings together two related fields—privacy and security—helping you see beyond your role in order to excel in your role. Because perspective is everything. Delivering the most thought-provoking speakers, sessions led by foremost experts and invaluable opportunities to connect and share ideas, P.S.R. gives you a world of new perspective.
ISS World Americas (Washington, DC, USA, Sep 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering and Sharing. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's Telecommunications networks, the Internet and Social Networks.
Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, Sep 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. The training will include "Legal Considerations & Guidance For Insider Threat Programs" (Privacy Concerns, User Activity Monitoring, Investigations, Etc.) - Provided By Co-Instructor Insider Threat Law - Licensed Attorney. Insider Threat Defense has trained over 400 organizations and has become the "leader-go to company" for insider threat program development training.
SecureWorld Detroit (Dearborn, Michigan, USA , Sep 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, Sep 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.
4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, Sep 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.
Cyber Physical Systems Summit (Newport News, Virginia, USA, Sep 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.
hardwear.io Security Conference (The Hague, the Netherlands, Sep 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.
3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, Sep 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."
New York Cyber Security Summit (New York, New York, USA, Sep 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, Sep 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.
NYIT Annual Cybersecurity Conference (New York, New York, USA, Sep 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.
GDPR Comprehensive 2016 (London, England, UK, Sep 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals for the implementation of the GPDR. Now we’re bringing the programme to London. Don’t miss this intensive, two-day guided tour of the GDPR with the industry’s most knowledgeable experts.
Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, Sep 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.
CYBERSEC (Kraków, Poland, Sep 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.
Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, Sep 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf
IP EXPO Nordic 2016 (Stockholm, Sweden, Sep 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.
SecureWorld Dallas (Plano, Texas, USA , Sep 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
escar Asia 2016 (Tokyon, Japan, Sep 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.