The CyberWire Daily Briefing 09.19.16

Summary

By The CyberWire Staff

Several attacks over the weekend, including stabbings in a Minnesota mall and a series of apparent bombings (both successful and failed) in New York and New Jersey, are affecting the United States this morning. Investigations are in their early stages, but ISIS sympathizers have been quick to applaud (and claim credit) in ISIS online media.

Offended by their lack of zeal for jihad, ISIS sympathizers defaced three Michigan Arab-American organizations' websites late last week.

Fancy Bear releases more documents hacked from the World Anti-Doping Agency (WADA). The threat group's interest in US elections also continues unabated. Few dissent from the consensus that Fancy Bear is run by Russian intelligence services. The US Department of Homeland Security offers various forms of security support to state election officials (acceptance is voluntary—elections won't be Federalized). Concerns center around the discrediting effects of disruption and disinformation—information operations are more feared than data corruption in the service of vote fraud.

Mozilla is expected to patch a Firefox zero-day tomorrow. The flaw rendered users susceptible to man-in-the-middle attacks. (It's also attracted much unfavorable comment in the vulnerability researcher twitterverse.)

In industry news, Uber, Twitter and other tech-dependent companies have formed the Vendor Security Alliance, which intends to drive better standards for security products. Oracle acquires cloud security shop Palerra.

Dueling editorials and op-eds in the Washington Post (anti), TechCrunch (pro), and Ars Technica (pro and anti) debate a Snowden pardon.

A British court orders that alleged hacker Laurie Love be extradited to the US.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, India, Mauritius, Russia, South Africa, United Kingdom, United States

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today Malek Ben Salem, from our partners at Accenture Labs, will be on, discussing the industrial Internet-of-things. If you enjoy the podcast, please consider giving it an iTunes review.

Selected Reading

Cyber Trends

The hidden cost of the insider threat (Help Net Security) Organizations are spending an average of $4.3 million annually to mitigate, address, and resolve insider-related incidents – with that spend surpassing $17 million annually in the most significant cases, according to the Ponemon Institute

Why Risk Detection Is Always One Step Behind (CIO Insight) Detecting security incidents can often extend to years, leaving systems and data at risk for an unacceptable amount of time

Advisers reveal cyber insecurities at FPA conference (Investment News) Most don't expect they could pass a hacking-preparedness test if the SEC came knocking, or even know all the compliance factors they are responsible for, according to a new Financial Planning Association study

Legislation, Policy and Regulation

Cyber attack threats to be focus of Australia's intelligence agencies review (Australian Broadcasting Corporation) The rising threat posed by cyber attacks is set to be the focus of a review of Australia's intelligence agencies

RBI says banks must report all cyber attacks (Economic Times) The Reserve Bank of India has issued an ultimatum to Indian banks on cyber crimes, asking them to immediately report any breach of security so that the overall network is not compromised

Will a European de-radicalization approach work in at-risk U.S. cities? (Washington Post) The number of Islamic State supporters in Minnesota has worried investigators for months, prompting suspicions that a stabbing Saturday in which eight people were injured might be related to terrorism

Election hacking threats prompt U.S. to accelerate aid to states (Pittsburgh Post-Gazette) A spate of hacking attacks has put U.S. states on edge ahead of November’s presidential vote as election officials rush to plug cybersecurity gaps with help from the federal government

DHS issues another warning regarding a potential hacked election (American Thinker) In an attempt to clarify what kind of assistance they will offer state and local election officials to prevent their systems from being hacked, the Department of Homeland Security has issued a further warning about the security of the ballot and what steps it will take to prevent it

Texas lawmakers call for DHS to strengthen industry friendship, finalize cyber plans (Federal News Radio) The chairman of the House Committee on Homeland Security is calling on the Homeland Security Department to collaborate with industry and double down on its response to cyber attacks

DOD needs to get a handle on Guard's cyber skills, GAO says (Defense Systems) Military leaders, including Defense Secretary Ash Carter, have touted National Guard members as a “huge treasure” in the Defense Department’s cybersecurity efforts, particularly because many of them work in the cyber field in their civilian jobs and bring some impressive skills to the service

The Changing Role of the ISP & How Net Neutrality Laws Impact Cyber Defense (Infosecurity Magazine) Net neutrality is one of the internet’s guiding principles. The concept that Internet Service Providers (ISP) should direct all content and traffic from one destination to another, without passing judgment about the content, is widely recognized as the best means to preserve free speech online and encourage economic growth

Dateline

AFA's Annual Air, Space & Cyber Conference: What to Expect (Military.com) From revealing the name of the future bomber to new leaders outlining priorities, this year's annual Air, Space & Cyber conference organized by the Air Force Association is sure to make some news

Air, Space, and Cyber Conference (Air Force Association) Attend more than 38 sessions, ranging from workshops to major addresses by DoD and Air Force Leadership

Products, Services, and Solutions

Context Dons Cape to Fight Nation State APTs (Infosecurity Magazine) Cybersecurity consultancy Context Information Security has released a new open source tool designed to reverse engineer sophisticated nation state malware

Hexis Cyber Solutions' NetBeat MON: Product overview (Tech Target) Expert Dan Sullivan checks out Hexis Cyber Solutions' NetBeat MON, a security analytics monitoring appliance that leverages several open source network monitoring tools

Technologies, Techniques, and Standards

How to Reconnect With Teens on Internet Safety (Voice of America) Several campaigns are underway in the U.S. and other countries to raise awareness about internet safety, particularly among teenagers for whom parental rules are hard to follow in the age of social media. But while rules are still needed, one advocate argues it is time for parents to change the conversation about internet safety

Marketplace

Cyber security is not a concern of IT department, it’s a board issue (Daily Nation) Organisations need to think more creatively to meet the demands of an increasingly technology-enabled, self-directed environment. It is patent that security and privacy should be a concern of top level executives. 90 per cent of cybercrimes require human interaction before they are successful, meaning there is need for proactive measures

Nine of 10 big business have suffered a major cyber attack as Lloyd’s of London chief says firms are ‘complacent’ (Telegraph) ompany bosses have been accused of complacency after it was revealed that nine in 10 big businesses have suffered a significant cyber attack in the past five years, but less than half are concerned about suffering a future breach

Australia hardest hit globally by cyber security skills shortage: report (CIO) Lack of professionals having detrimental affect on Aussie businesses says think tank

Cyber security VCs are holding onto their cash, but that's OK (CSO) Are VCs cooling their interest in cyber-security companies?

Uber, Twitter and Others Join Forces for Security Coalition (Infosecurity Magazine) Some of the biggest names in technology have joined forces to create a coalition that aims to improve cybersecurity standards. The hope of the Vendor Security Alliance (VSA) is that it will help businesses assess how secure third-party providers are

Oracle buys Palerra to boost its security stack (TechCrunch) Oracle is kicking off a big customer confab in San Francisco this week, and to mark the event, it’s announced an acquisition. Oracle is buying Palerra, a cloud security startup co-founded by Oracle alums Rohit Gupta (its CEO) and Ganesh Kirti (CTO)

Five Cybersecurity Stocks Hedge Funds Love: From Juniper (JNPR) To Palo Alto (PANW) (Insider Monkey) Cybersecurity stocks have had a relatively good 2016, with indexes that collate the stocks like the Nasdaq CTA Cybersecurity Index (INDEXNASDAQ:NQCYBR), which is up by more than 7.5% year-to-date, managing to beat market benchmarks like the S&P 500 and Nasdaq, both of which have gained roughly 4.5% this year

Here's a Reason Symantec (SYMC) Stock Is Advancing Today (The Street) Symantec (SYMC) stock is rising on Friday afternoon as UBS issued an upbeat note about the company

Huawei chief flags cloud computing push as Australian regulatory dance goes on (Financial Review) The chief executive of Chinese telecommunications equipment maker Huawei has said its ban from working on the National Broadband Network and exclusion from Telstra networks was not derailing its growth as it pushes a global cloud strategy

Intercede warns over full-year revenue (Digital Look) AIM-listed cyber security firm Intercede said on Friday that full-year revenues are likely to be below the previous year

Unisys still stands at 30 (Philly.com) Unisys, founded 30 years ago to challenge IBM for global tech leadership, marked the anniversary Thursday at its Blue Bell headquarters with an ice cream party

Northrop gets $88M to improve, secure Navy's computers (San Diego Union-Tribune) The Defense Department will give Northrop Grumman San Diego at least $88 million to develop and test better computer systems for Navy warfighters, including the kind of software that detects and fights cyberattacks

Denel forms cyber security division (Defence Web) Denel has established a dedicated business unit to counter the growing global threat to the country’s security and economic interests

WISeKey to Launch a Blockchain Center of Excellence in Mauritius to Develop a Blockchain Platform (BusinessWire) WISeKey to establish a Mauritius based center to work on this project with the Mauritius Board of Investment

Look Who’s MeriTalking: The Symantec Cyber Award Winners (MeriTalk) The Cyber Awards, announced at this year’s Symantec Government Symposium Aug. 30, recognize individuals who have demonstrated excellence and leadership in government cybersecurity through their personal contributions to programs that protect critical data and systems. Nominees go above and beyond each day to do the important work needed to keep government secure

'I wish I had a nickel for every vendor that rediscovers the channel' - Sophos CEO (Channel Web) Kris Hagerman questions the channel commitment of some security vendors

QuintessenceLabs Recognized as Quantum Cybersecurity Pioneer (Yahoo! Sports) As one of Australia's premier cybersecurity companies, several representatives of QuintessenceLabs were in attendance at the SINET 61 global cybersecurity event in Sydney on September 13th when they were delighted to hear the company singled out by Prime Minister Malcolm Turnbull in his introductory video address to the event

Security Patches, Mitigations, and Software Updates

Mozilla will patch zero-day Firefox bug to fiddle man-in-the-middle diddle (Register) Researcher revealed Tor flaw after initially being ignored

Cyber Attacks, Threats, and Vulnerabilities

Fancy Bears hacking group has ties to Russian presidency, US cyber security experts say (Austratlian Broadcasting Corporation) The Fancy Bears group responsible for leaking the World Anti Doping Agency's (WADA) private medical records has strong links to the Russian secret service that leads all the way to the Russian presidency, US cyber security experts have revealed

Sen. John McCain suggests Russian hackers targeted Arizona because it's his home state (Arizona Republic) U.S. Sen. John McCain speculated Friday that a suspected Russian hacker may have struck at the election system in Arizona because it is his home state

The real threat to our elections: Disinformation and doubt (InfoWorld) Hackers are working to sabotage the upcoming election, but not through the expected avenues

Olympic rower Kim Brennan one of three Aussie victims of Russian hackers’ attack on WADA data store (Daily Telegraph) Rio Olympic rowing champion Kim Brennan is one of three Australian athletes to have confidential medical data published by the Russian cyber espionage group the Fancy Bears

ISIS Supporters Rush To Celebrate NYC Explosion (Vocativ) "We cause you pain inside your house," one ISIS supporter bragged online

ISIS Supporters Use Hashtag #ExplosionManhattan, Praise And Celebrate NYC Bombing On Social Media (American Military News) Though authorities have yet to officially identify any suspects or conclude any motives in the investigation of the multiple bombs on Saturday, ISIS supporters wasted no time applauding the IEDs planted in NYC Saturday night, praising the harm done to freedom-loving Americans

F.B.I. Treats Minnesota Mall Stabbing Attack as ‘Potential Act of Terrorism’ (New York Times) A report by a news agency linked to the Islamic State claimed on Sunday that a “soldier of the Islamic State” was behind a stabbing attack Saturday night at a Minnesota shopping mall, an episode that the F.B.I. said it was investigating as a “potential act of terrorism.” Nine people were injured in the attack before an off-duty police officer fatally shot the knife-wielding man, the authorities in St. Cloud said

Arab-American organizations cyber attacked (Fox 2 WJBK) Dearborn police are investigating the cyber-attack that targeted three Arab American organizations in hopes of promoting hate

Trump Website Leak That Exposed Campaign Intern Resumes (Information Security Buzz) Trump Website Leak That Exposed Campaign Intern Resumes Security Experts On September 17, 2016 Donald Trump’s official website suffered from a serious misconfiguration that exposed campaign intern résumés to the public internet according to a report from Chris Vickery of the blog. After Chris contacted intermediaries to get to the Trump campaign, the problem was fixed. IT security experts from Tripwire, Lieberman Software and Redscan commented below

Ransomware criminals increase use of asymmetric encryption (SC Magazine) Ransomware criminals are growing more sophisticated in their use of encryption, as criminals increasingly use asymmetric encryption methods, according to security pros

This Ransomware Exposes Users’ Location Data on the Internet (HackRead) If you think that your location data is safe then you are mistaken because there is a new series of ransomware that can post your location data on the internet. The most advanced of them all is the “CryLocker"

Malware Inc: Malware Means Big Money for Bad Guys (American Security Today) As legitimate companies go about offering products or services, attracting customers and building revenues and profits, a different commerce model rakes in huge payouts

This guy found out how to take over any Facebook Page using a zero-day 0 (Techworm) Security researcher discovers a Zero-day in Facebook that allows him to take over any FB Page

UDP flood attacks becoming increasingly powerful (Help Net Security) When it comes to quantitative indicators, the last quarter can be marked by significant quantitative decline, according to DDoS-GUARD. The number of detected DDoS attacks is 57% lower than in the previous quarter and equals to 12583. But don’t get excited too soon, as the attacks quality, volume and complexity has increased markedly

Why DNS shouldn’t be used for data transport (Help Net Security) Malicious DNS tunnelling is a big problem in cybersecurity. The technique involves the use of the Domain Name System (DNS) protocol to smuggle sensitive corporate or personal information out of a network, and to enable malware command and control communications in and out

Is Your Printer About To Launch A Cyber Attack? (Minute Hack) Too many companies are overlooking the security threat posed by the humble printer

Connected devices riddled with badly-coded APIs, poor encryption (Help Net Security) The advent of home automation and rapid rise of smart home connected devices is seeing some vendors and new startups scramble to become a part of the movement, with ABI Research forecasting 360 million smart home device shipments by 2020

Litigation, Investigation, and Enforcement

Lawsuit: Who did the FBI pay to get into the San Bernardino attacker’s iPhone? (Ars Technica) Associated Press, USA Today, and Vice Media sue FBI for contractual records

No pardon for Edward Snowden (Washington Post) Edward Snowden, the former National Security Agency contractor who blew the cover off the federal government’s electronic surveillance programs three years ago, has his admirers

Don’t just pardon Edward Snowden; give the man a medal (TechCrunch) As Barack Obama’s second term comes to an end, an increasingly loud chorus of voices are calling for a dramatic final presidential act: the pardoning of Edward Snowden. Authoritarians are horrified by this, and, as usual, they are wrong. A pardon really isn’t enough. As I’ve argued before, Snowden deserves a medal

Op-ed: Why President Obama won’t, and shouldn’t, pardon Snowden (Ars Technica) A former US gov't lawyer and current Harvard Law professor makes the case

Op-Ed: Why Obama should pardon Edward Snowden (Ars Technica) A former Obama advisor on civil liberties says Snowden deserves one

A Former NSA Deputy Director Weighs In On 'Snowden' (NPR) Two very different narratives on the former National Security Agency contractor unfolded this week. Both proved that the debate over whether Edward Snowden is a traitor or a patriot is in no danger of running out of steam

Snowden says he'll vote in US presidential election (San Francisco Chronicle) Edward Snowden, in exile in Moscow after leaking U.S. National Security Agency documents, said Friday he intends to vote in the U.S. presidential election, but did not say which candidate he favors

Alleged Hacker Lauri Love Can Be Extradited To US, Court Rules (Infosecurity Magazine) A UK court has ruled that alleged hacker Lauri Love can be extradited to the US to face hacking charges there

FBI Encouraging Ransomware Victims To Report Infections (Threatpost) The Federal Bureau of Investigation this week urged victims of ransomware to report infections to federal law enforcement in hopes of better understanding the threat

Let's Encrypt won its Comodo trademark battle – but now fan tools must rename (Register) Why the popular letsencrypt.sh is now known as Dehydrated

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Structure Security (San Francisco, California, USA, September 27 - 28, 2016) Technology companies have created a digital revolution through the sheer pace of their innovation. CIOs and business leaders in every industry are adopting digital technology at breakneck speed and transforming their companies; no industry has been left untouched. But the benefits of this digital world have been offset by increased risks from all manner of sophisticated adversaries who find new vulnerabilities to exploit as quickly as old flaws are addressed. That means CISOs are struggling to keep up with the threats as the security industry itself responds with an increasing — and often confusing — array of products and services. Structure Security is the first and only conference to bring all of these constituencies together.

upcoming Events

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.

AFA AIr, Space, and Cyber Conference (National Harbor, Maryland, USA, September 19 - 21, 2016) The Air Force Association’s Air, Space & Cyber Conference is the must-attend event by Airmen each fall. This annual gathering provides attendees with an unrivaled platform to debate and discuss the most pressing trends and topics shaping the defense industry

Cyber Physical Systems Summit (Newport News, Virginia, USA, September 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.

GDPR Comprehensive 2016 (London, England, UK, September 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals for the implementation of the GPDR. Now we’re bringing the programme to London. Don’t miss this intensive, two-day guided tour of the GDPR with the industry’s most knowledgeable experts.

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

escar Asia 2016 (Tokyon, Japan, September 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.

Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, October 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference will build on last year's success with a particular focus on the domestic and international legal frameworks and challenges to confronting the growing cyber threats in the gray zone short of armed conflict and employing cyber capabilities as part of broader deterrence strategies. The first two days of the conference will be held at the Acquisition Research Center, Hannover, MD, and will be conducted at the Unclassified level. The third and fourth days of the conference will be held at the classified level on Fort Meade, Maryland. The conference will be closed to the media and conducted under Chatham House rules.

Crossroads Regional Cybersecurity Summit (Victoria, Texas, USA, October 4, 2016) Bringing together top experts from both the public and private sectors, the Crossroads Regional Cybersecurity Summit (CRCS) will be an exciting and educational day for local businesses. Through a variety of speakers and interactive panels, CRCS will educate and raise awareness on a wide range of cybersecurity issues - from local to global - facing businesses of all sizes. Summit attendees will be exposed to the latest findings and best practices regarding: small organizations/SMB cybersecurity preventative measures, network security (whether large or small), financial and payment card industry (PCI) compliance, and law enforcement and national security concerns. Plan to attend and ensure that your business is prepared to face the 21st Century cybersecurity challenges ahead.

Cambridge Cyber Summit (Cambridge, Massachusetts, USA, October 5, 2016) This unique one-day summit will bring together c-suite executives and business owners with public and private-sector leaders in security, technology and defense to discuss ways to combat urgent cyber threats and secure America's future. The event, comprised of interviews and live demonstrations, will focus on critical issues such as the next wave of cyberattacks and their perpetrators, countermeasures, privacy and security, public-private cooperation and information sharing, and the latest trends in technology, among others.

IP EXPO Europe (London, England, UK, October 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own speakers, exhibitors and seminar programmes. These events bring together 300+ exhibitors and 300+ free to attend seminars across 23 theatres, all under ONE roof. The six IP EXPO Europe events for 2016 are: Cloud Europe, Cyber Security Europe, Networks & Infrastructure Europe, Data Analytics Europe, DevOps Europe, Open Source Europe

RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, October 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate their adversaries. We invite Recorded Future customers, partners, and threat intelligence enthusiasts to join us at RFUN 2016.

SecureWorld Denver (Denver, Colorado, USA, October 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

VB 2016 (Denver, Colorado, USA, October 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, October 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that unite players from research labs, automakers, tier 1’s and the complete supply chain to plan for a secure future.

AppSecUSA 2016 (Washington, DC, USA, October 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s Favorite Hacker, Former DHS NCSD Director of Software Assurance, and Assistant Professor & Cryptographer—who are challenging traditions. You’ll be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle your challenges in innovative ways.

Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, October 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.

EDGE2016 Security Conference (Knoxville, Tennessee, USA, October 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.

SecureWorld St. Louis (St. Louis, Missouri, USA, October 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.