The CyberWire Daily Briefing 01.29.16
Israeli officials cite leaks as they say British and American agencies monitored Israeli air force communications. Other sources claim Iran targeted Israeli generals in extensive spearphishing campaigns.
Investigation of the Ukrainian power grid incidents continues to focus on BlackEnergy and its distribution through compromised Word files. As utilities in the US and elsewhere look to their defenses, control system security experts warn against over-reliance on incident response.
FinFisher spyware is discovered in some Australian data centers. Some observers think Indonesian security services may be behind the campaign.
ISIS has begun recruiting hackers in India, offering up to $10,000 for information stolen from government networks. This seems to be hacking-for-hire as opposed to an attempt to build a stable of coders and a credible cyber offensive capability.
HSBC's online customer banking sites in the UK have been disrupted by a significant distribute denial-of-service attack.
LG patches a bug (disclosed by BugSec and Cynet) in its Android phones' preloaded Smart Notice widget. The bug could be exploited for data theft.
A Cisco firmware update closes a hole in RV220W Wireless Network Security Firewall devices. OpenSSL fixes an encryption weakness involving re-use of prime numbers.
The RSA Conference announces finalists in the Innovation Sandbox competition: Bastille Networks, illusive Networks, Menlo Security, Phantom, Prevoty, ProtectWise, Skyport Systems, Vera, and Versa Networks.
In the US, NIST solicits comments on a draft random number generation standard. The FDA issues draft medical device cyber guidelines. An audit finds issues with DHS's Einstein system.
Safe Harbor renewal recedes.
Notes.
Today's issue includes events affecting Australia, Canada, European Union, India, Indonesia, Iran, Israel, Malaysia, New Zealand, Russia, Ukraine, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
'US and British spies hacked Israeli air force networks' (The National) The United States and Britain have monitored secret sorties and communications by Israel's air force in a hacking operation dating back to 1998, according to documents attributed to leaks by former US spy agency contractor Edward Snowden
Israeli generals said among 1,600 global targets of Iran cyber-attack (Times of Israel) Cyber-defense expert Gil Shwed says a quarter of recipients opened emails and thus unknowingly enabled hackers to steal information from their hard drives
Ukraine Sitting On 'Powder Keg' Of More Cyber Attacks (Techweek Europe) Consultant working for government claims energy companies ignored their own security rules in power grid hack, as more attacks are predicted to come
Russian Hackers Used Weaponized Word Files to Infect Ukraine's Power Grid (Softpedia) BlackEnergy campaign shows the dangers of spear-phishing, having untrained employees, and Word's ever-lasting macro bug
BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents (SecureList) Late last year, a wave of cyber-attacks hit several critical sectors in Ukraine. Widely discussed in the media, the attacks took advantage of known BlackEnergy Trojans as well as several new modules
Analyzing a New Variant of BlackEnergy 3: Likely Insider-Based Execution (SentinelOne) While writing this report (1/26/2016) a new attack has just been detected, targeting a Ukranian power facility. The attack vector appears to the be the same variant analyzed in this report. We'll provide more details in a subsequent analysis
U.S. utilities worry about cyber cover after Ukraine grid attack (Reuters via Business Insurance) U.S. utilities are looking hard at their cyber vulnerabilities and whether they can get insurance to cover what could be a multibillion-dollar loss after hackers cut electric power to more than 80,000 Ukrainians last month
How Incident Response Fails In Industrial Control System Networks (Dark Reading) Experts say a solid incident response plan is the best way to minimize the damage of a cyberattack — but IR isn't so simple for the ICS/SCADA world
Islamic State in recruitment spree for Indian hackers (ComputerWeekly) Islamic State is recruiting hackers in India to steal sensitive data from governments with offers worth as much as $10,000 a job
ISIS Offering $10,000 To Indian Hackers To Steal Sensitive Data From Government (India Times) It might be Republic Day but all's not well where combating terrorism is concerned. It is being reported that ISIS is willing to pay Indian hackers thousands of dollars to hack into government websites and gain access to sensitive documents
Sydney Data Center Targeted By FinFisher Spyware (Hack Read) In 2013, the Australian government was accused of spying on Indonesia thanks to the documents leaked by Edward Snowden. Now, it looks like the Indonesians are taking revenge from the kangaroos
Anonymous Takes Down 20 Thai Prison Websites (Softpedia) Anonymous' crusade against the Thai justice system continues today, with the group bringing down 20 websites belonging to their prison system
Bug in pre-installed app opens LG G3 smartphone owners to data theft, phishing (Help Net Security) Two BugSec researchers have discovered a serious vulnerability in LG's G3 Android devices, which can be exploited to steal user data, mount phishing attacks, install malicious apps, and more
Cynet, BugSec Uncover SNAP, a Major Vulnerability on LG G3 Devices (PRWeb) Cynet, pioneers of the all-in-one agentless solution for detection and remediation of advanced and unknown threats, and BugSec Group Ltd., a leading provider of cyber security services, announced today that a joint team of researchers has discovered a severe security vulnerability in LG G3 Android devices, enabling the potential hijack of an estimated 10 million smartphones worldwide
HSBC online banking suffers major outage, blames DDoS attack (Ars Technica) Huge headache for customers hammering away at their tax returns
This Facebook bug could have allowed hackers to take over your account (Naked Security) A UK security researcher who goes by fin1te has just published the fascinating story of a Cross-Site Scripting (XSS) bug he found in Facebook's content delivery network
Beware fake Facebook 'Be Like Bill' apps that could serve up malware or steal your personal info (Graham Cluley) Concerns have been raised that scammers could trick Facebook users into installing fake and malicious apps that claim they generate the popular "Be Like Bill" memes
Spiele–App führt in teure Abo–Falle (ptext) G DATA analysiert Anwendung aus dem Google Play Store, die unbemerkt Abos abschließt
PayPal is the latest victim of Java deserialization bugs in Web apps (IDG via CSO) The company's Java-based, back-end system was vulnerable to an attack that researchers have warned about for a year
Big Week For Ransomware (Dark Reading) Inventive new variants and damaging attacks swept through the headlines this week
Security challenges in the e-enabled aircraft (New Electronics) The e-enabled aircraft can provide many benefits to operators in terms of operational efficiency, passenger comfort and MRO (maintenance, repair, and overhaul)
cPanel to Implement Password Reset Following Breach (Tripwire: the State of Security) cPanel has announced that it will require its users to change their passwords following a breach into one of its user databases
Security Patches, Mitigations, and Software Updates
LG patches data theft bug affecting millions of Android phones (IDG via CSO) Malicious JavaScript could be entered into a contact form
Cisco plugs hole in firewall devices that could lead to device hijacking (Help Net Security) Cisco has released a firmware update that plugs a critical, easy-to-exploit vulnerability that could allow a remote attacker to take control of the company's RV220W Wireless Network Security Firewall devices
OpenSSL patches a severe but not widespread problem (IDG via CSO) In some instances, OpenSSL will reuse prime numbers
Cyber Trends
Security Analysts Say Defending Against Advanced Malware Still a Major Struggle (ThreatTrack) In the past two years, organizations have made only modest gains in their readiness to fight cyberattacks, and took a few steps backward in some areas
Security Requirements Are Driving Identity Management (Network World) Cybersecurity professionals are getting more involved in identity and access management (IAM) decisions and day-to-day operations driving changes to IT and infosec
Share risk by extending identity to IoT devices — but letting people control their data: ForgeRock (CSO) Tools providing citizens with control over their personal data will help increasingly security-conscious companies better manage exposure to the growing identity challenge posed by a flood of devices and the Internet of Things (IoT), one industry expert has predicted as the latest international Data Privacy Day rekindles awareness of personal privacy online
Web users should take more responsibility for data privacy, warns FireEye CIO (V3) Internet users need to better understand data privacy and the consequences of losing personal information in the wake of data breaches at companies such as Target and TalkTalk, according to Julie Cullivan, chief information officer at security firm FireEye
Most large organizations will have a Chief Data Officer by 2019 (Help Net Security) The race to drive competitive advantage and improved efficiency through better use of information assets is leading to a sharp rise in the number of chief data officers (CDOs). As a result, Gartner predicts that 90 percent of large companies will have a CDO role by the end of 2019
Marketplace
Top five U.S. defense contractors bungle commercial cybersecurity market opportunity (CSO) Lockheed, Boeing, Raytheon, General Dynamics, Northrop Grumman have exited, struggled, or spun out of the commercial cybersecurity market
Time to Exhale; Fortinet Delivers Good 4Q and Better-than-Feared Guidance — Maintain Outperform (FBR Capital) With bearish Street expectations coming into Fortinet's print last night, we would characterize results as much better than feared. With many skeptics yelling fire in a crowded theater on the name over the last few months, saying this growth story was in the rearview mirror, Fortinet instead delivered a good quarter with a billings beat that will be front and center this morning
Proofpoint, Inc. (PFPT — $53.83*) Growth Tailwinds Heading into 2016; Another Solid Performance — Maintain Outperform (FBR Capital) Last night, January 28, Proofpoint delivered another rock-solid performance, coming in above the Street's 4Q15 revenue estimate and the all-important billings number, while EPS were in line
Check Point Software Technologies (CHKP — $75.20*) Steady As She Goes into 2016; Good Results/Guidance Yet Again — Maintain Outperform (FBR Capital) This morning, Check Point delivered respectable 4Q15 (Dec) results that hit the Street's estimates on the top line while exceeding consensus on the bottom line and beating the all-important deferred number
Check Point CEO: We're Evaluating Acquisitions, Both Big And Small (CRN) Check Point Software Technologies is on the hunt for an acquisition in 2016 and is open to the idea of either a blockbuster buy or a small technology tuck-in move, CEO Gil Shwed said on the company's year-end earnings call Thursday
Pindrop Raises $75M to Advance Tech to Fight Phone Fraud (eWeek) The voice fingerprinting technology vendor is set to expand, thanks to the new funding, and could one day help to end the scourge of robocalls
Shareholders Association to reconsider Wynyard rights issue (NBR) The Shareholders Association says it is reconsidering its view on a rights issue by the security software company, Wynyard Group
RSA Conference Announces Finalists for Innovation Sandbox Contest 2016 (BusinessWire) Conference event to honor information security's next generation of groundbreaking technologies
CyberArk Named One of the Best Workplaces in Technology by Great Place to Work® and Fortune (BusinessWire) CyberArk (NASDAQ: CYBR), the company that protects organizations from cyber attacks that have made their way inside the network perimeter, has been named a 2016 Best Workplace in Technology by Fortune Magazine and global research and consulting firm Great Place to Work
Cybersecurity pros switch jobs for challenging work, pay, and flexible hours (CSO) Cybersecurity pros are most likely to leave for a number of reasons
Products, Services, and Solutions
Virtru Launches Software Development Kit, Enables Any Software or Cloud Provider to Easily Enable End-to-End Encryption (Yahoo! Finance) When every data transfer is a potential data leak, Virtru makes it easy for others to leverage its encryption-as-a-service architecture for content protection
Fortinet Details Updates to Their Cybersecurity Operating System (CNN Money) FortiOS 5.4 enables deployment of internal segmentation, secure access along with new features for control and visibility
Sensato, Divurgent form Medical Device Cybersecurity Task Force (Becker's Health IT and CIO Review) Sensato, a cybersecurity firm based in Asbury Park, N.J., and Virginia Beach, Va.-based healthcare consulting firm Divurgent are collaborating to establish the Medical Device Cybersecurity Task Force
New Version Of CenterPOS Malware Taps Rush To Attack Retail Systems (Dark Reading) EMV will make it much harder for criminals to steal payment card data, so there's a rush to do it while they can
Technologies, Techniques, and Standards
US Homeland Security's $6B Firewall Has More Than a Few Frightening Blind Spots (Defense One) A recent audit revealed the National Cybersecurity Protection System — aka EINSTEIN — does not scan for 94 percent of common computer vulnerabilities. But that's not all of its shortcomings
NIST looks to strengthen crypto backbone (FCW) The National Institute of Standards and Technology is looking to make the backbone of cryptography — random bit generators — less predictable
NIST Requests Comments on Computer Security Publication on Randomness (NIST) The National Institute of Standards and Technology (NIST) is seeking public comment on its latest draft of a publication intended to help computer security experts use randomness to protect sensitive data
FDA releases draft guidelines to improve cybersecurity in medical devices (Naked Security) There's no doubt that the global Internet of Things (IoT) healthcare market is growing
Cybersecurity report recommends test-hacking medical devices before and after release (KnowTechie) Test-hacking medical devices and systems before and after release is a great way to boost security and privacy for customers
Cybersecurity Meets EDRM with the Cybersecurity Reference Model (Legaltech News) The CSRM is a risk-based approach to information protection, showing discrete steps in the information security process
CSI: Cyber-Attack Scene Investigation — a Malware Whodunit (Scientific American) Although the method of a hack attack can be deciphered, the culprits often remain a mystery
Cloud security culture a building block for today's businesses (TechTarget) As organizations today move more data to the cloud, it's important to cultivate a cloud security culture and enlist a CISO, a new report shows
Rootkits and Security (Enterprise Storage Forum) The topic this month is going to be rootkits, which are nasty security issues that I think we all need to start thinking about, as well as what to do about them
Scripting Web Categorization (Internet Storm Center) When you are dealing with a huge amount of data, it can be very useful to enhance them by adding more valuable content
What is… Tor (Naked Security) You can't go far these days without hearing about Tor, and opinions about it are sharply divided
How to Avoid the Common Pitfalls While Browsing the Web (Recorded Future) Web browser exploits are on the rise due to the ease with which they are executed. Too often, the user starts with the browser that ships with their device and then downloads from the pre-installed browser their favorite browser
Research and Development
Israeli Technology to Track Terrorists on Social Media, Prevent Attacks (Legal Insurrection) With Cyber Technology, Israel again shows the world how to combat terrorism
ISU profs develop way to help protect power grid (Ames Tribune) A cyber attack last month on many of Ukraine's power substations left hundreds of cities blacked out
Academia
Brown University Launches Executive Cybersecurity Program (Wall Street Journal) Brown University has launched its first executive master program in cybersecurity, the school said Wednesday
Legislation, Policy, and Regulation
Indonesia to Boost Deradicalization After Islamic State Attack (The Diplomat) Top presidential adviser says more funds are on the way for deradicalization programs
Malaysia to launch regional digital counter-terrorism centre (Business Standard) The regional digital counter-terrorism messaging centre is expected to open in May
Canada spy agency stops sharing intelligence with international parters (Guardian) Move not to share with Five Eyes partners comes after Communications Security Establishment revealed it had illegally collected Canadians' metadata
Is an obscure group of bureaucrats in Europe about to break the internet as we know it? (Quartz) Twitter updated its privacy policy this week. Amid mostly routine changes, the last sentence said this: "We've also removed the EU Safe Harbor Framework section"
Senate panel advances key privacy bill as deadline looms (The Hill) A Senate committee on Thursday advanced a privacy bill that many see as critical to a pair of pending agreements between the U.S. and EU
Last-minute change to privacy bill adds tension to US-EU talks (The Hill) The European Commission is dismayed by the final language of a key privacy bill that could influence already-tense negotiations over a new data flow agreement with the U.S., according to those familiar with the talks
Congressional Hearings on Surveillance Programs to Kick Off — in Secret (Intercept) The House Judiciary Committee will hold its first hearing next week on two of the NSA spying programs revealed by whistleblower Edward Snowden that vacuum up domestic content despite being ostensibly targeted at foreigners: PRISM and Upstream
Will Information Sharing Improve Cybersecurity? (Cipher Brief) One of the key lessons of 2015 was that cybersecurity is more important than ever — a lesson that Sony and the Office of Personnel Management learned the hard way. In the wake of these hacks, information sharing has become a very popular way for private companies and the government to tangibly demonstrate their commitment to good cybersecurity
SPAWAR's strategic plan focusing on cyber (Defense Systems) The Space and Naval Warfare Systems Command has released its 2016 Strategic Plan, which places adding advanced cyber capabilities among its five key objectives
Cyber Capabilities Key to Future Dominance (Army Magazine) One of the stunning trends since 2001 is the tactical dominance of the American military, especially ground combat units
Litigation, Investigation, and Law Enforcement
Watchdog: Canada's electronic spy agency broke privacy laws (Washington Times) Canada's electronic spy agency broke privacy laws by sharing information about Canadians with foreign partners, a federal watchdog said Thursday, and the country's defense minister said the practice will stop until proper protections are in place
Warrantless stingray case finally arrives before federal appellate judges (Ars Technica) "Cell-site simulators raise especially serious questions under the Fourth Amendment"
FTC: Tax Fraud Behind 47% Spike in ID Theft (KrebsOnSecurity) The U.S. Federal Trade Commission (FTC) today said it tracked a nearly 50 percent increase in identity theft complaints in 2015, and that by far the biggest contributor to that spike was tax refund fraud
TalkTalk phone scams: arrests made at Indian call center (Graham Cluley) Authorities have nabbed three employees of an Indian call center following an investigation into a spate of phone scams targeting TalkTalk customers
Dad found not guilty for taking away his daughter's iPhone (Naked Security) Have you ever taken your child's mobile phone away, as punishment? Be careful: it could get you thrown in jail
Sysadmin held at gunpoint by man demanding he fix his computer (Naked Security) Joseph "Joe" Nestor Mondello was arrested last month for allegedly refusing to let a Dell technician leave his house to get a part he said he needed to fix Mondello's computer, pointing a gun at him and ordering him to fix the computer lest he kill him
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
International Academic Business Conference (New Orleans, Louisiana, USA, Mar 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are welcome to make presentations and/or to only attend sessions. The Clute Institute also seeks manuscripts for possible publication in our recently launched Journal of Cybersecurity Research
SecureWorld Cincinnati (Sharonville, Ohio, USA, Sep 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
SecureWorld Detroit (Dearborn, Michigan, USA , Sep 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
SecureWorld Dallas (Plano, Texas, USA , Sep 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
SecureWorld Denver (Denver, Colorado, USA, Oct 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
SecureWorld St. Louis (St. Louis, Missouri, USA, Oct 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
SecureWorld Bay Area (San Jose, California, USA, Oct 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
SecureWorld Seattle (Bellevue, Washington, USA, Nov 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Upcoming Events
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
ESA 2016 Leadership Summit (Chandler, Arizona, USA, Jan 31 - Feb 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and practices stay ahead of the curve. The Summit is a three-day conference filled with networking and educational opportunities dedicated to delivering business intelligence to electronic security companies and professionals that are ready to embrace innovation and grow
SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, Feb 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and discuss directly with the experts who are doing the CTI analysis in their organizations. What you learn will help you detect and respond to some of the most sophisticated threats targeting your networks
BSides Tampa 2016 (MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, Feb 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia
The Law and Policy of Cybersecurity Symposium (Rockville, Maryland, USA, Feb 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies, and anyone who assists organizations in preparing for and responding to cyber incidents should attend. Attendees will gain a comprehensive understanding of the legal and policy issues that they need to know when they represent clients, develop their organization's cyber strategy and policies, or respond to cyber incidents
National Cybersecurity Center of Excellence to Celebrate Opening of Newly Remodeled Facility (Rockville, Maryland, USA, Feb 8, 2016) The National Cybersecurity Center of Excellence is celebrating its dedication on February 8, 2016 at the center's newly remodeled facility at 9700 Great Seneca Highway
Insider Threat Program Development Training — California (Carlsbad, California, USA, Feb 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
OPSWAT Cyber Security Seminar (Washington, DC, Feb 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies
Secure Rail (Orlando, Florida, USA, Feb 9 - 10, 2016) The first conference to address physical and cyber rail security in North America
Cyber Security Breakdown: Dallas (Dallas, Texas, USA, Feb 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals
SecureWorld Charlotte (Charlotte, North Carolina, USA, Feb 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Suits and Spooks (Washington, DC, USA, Feb 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We have an international panel of speakers from the public and private sectors and we'll be adding live-streaming via Webex for those who cannot attend in person
2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, Feb 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of Homeland Security (DHS), Science and Technology Directorate (S&T) is funding many R&D efforts through academia, small businesses, industry and government and national labs. This year, we are excited to include an R&D Showcase featuring nine innovative transition-ready solutions and two collaboration projects with the private sector selected from our portfolio that address a variety of complex challenges and have the potential for transition into the marketplace
Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, Feb 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that supports the SECNAV's vision laid out in the DON Transformation Plan to achieve business transformation priorities, leverage strategic opportunities, and implement DON institutional reform initiatives by changing the culture, increasing the use of data-driven decision-making, and effective governance
ICISSP 2016 (Rome, Italy, Feb 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information systems, especially in organizations, including not only technological issues but also social issues. The conference welcomes papers of either practical or theoretical nature, presenting research or applications addressing all aspects of security and privacy, that concerns to organizations and individuals, thus creating new research opportunities
Interconnect2016 (Las Vegas, Nevada, USA, Feb 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect, or cloud expert, we all have one thing in common — we strive to build better businesses. The relationship between IT and business is changing. As a leader, builder or innovator of technology, the decisions you make today will have an increasingly greater impact on your company's bottom line tomorrow. To remain successful, it's critical that you transform along with this ever-changing environment
CISO Canada Summit (Montréal, Québec, Canada, Feb 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting
cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, Feb 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people interact with the world around them primarily by seeing, hearing, and feeling, and make decisions about what to do next depending upon the context of what is happening in their environment. People often do not realize that their decision making process triggers certain unconscious behaviors that can be read as indicators of how their thoughts were formulated and sequenced
Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, Feb 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
CISO New York Summit (New York, New York, USA, Feb 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
BSides San Francisco (San Francisco, California, USA, Feb 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There is no charge to the public to attend BSides SF. Our costs are covered by our generous donors and sponsors, who share our vision of free dissemination of information. The conversations are getting more potent and the "TALK AT YOU" conferences are starting to realize they have to change. BSides SF is making this happen by shaking-up the format
CISO Summit Europe (London, England, UK, Feb 28 - Mar 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include engaging Keynote Presentations, Thought Leadership sessions, CISO Think Tanks, Analyst Q&As and much more
RSA Conference 2016 (San Francisco, California, USA, Feb 29 - Mar 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016