The CyberWire Daily Briefing 10.06.16

Summary

By The CyberWire Staff

The FBI has arrested an NSA contract employee and entered a criminal complaint against him for theft of government property and unauthorized removal and retention of classified documents or material. The man arrested—Harold Thomas Martin—is (or was) employed by Booz Allen Hamilton. Reports in the New York Times and elsewhere mention the possibility that among the classified material the FBI found in Martin's possession was software. There's much speculation that Martin had been working for Russia's SVR as a "mole," and that he may have been connected with the Shadow Brokers' compromise of Equation Group tools, but the story is still developing and these conclusions are premature.

A statement from Martin's lawyers reported in the New York Times seems to adumbrate his likely defense: “We have not seen any evidence. But what we know is that Hal Martin loves his family and his country. There is no evidence that he intended to betray his country.” Thus, no intent.

The markets regard the arrest, of course, as a black eye for Booz Allen Hamilton.

The story of Yahoo!'s alleged complicity with Government surveillance is more complex than earlier reports would have suggested. After initially responding to inquiries concerning the allegation with bland assertions of being law-abiding, Yahoo! has denied giving up customer emails in bulk to the US Government. It's unclear exactly what Yahoo! did beyond compliance with court orders (many note that Reuters' sources' anonymity isn't helping). NSA Director Rogers has said the account sounds implausible to him.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Brazil, Canada, China, France, Germany, Iran, Democratic Peoples Republic of Korea, Netherlands, Poland, Russia, Singapore, Ukraine, United Kingdom, and United States.

A note to our readers: This week we attended the 2016 annual meeting of the Association of the United States Army. It was our pleasure, in particular, to participate in the Cyber Pavilion organized by our colleagues from the Military Cyber Professionals Association.

It's also National Cyber Security Awareness Month in the United States. The theme for the first week is "STOP. THINK. CONNECT.™: The Basic Steps to Online Safety and Security."

Thanks for helping us reach a milestone: we publish issue number 1000 of the CyberWire today. We're grateful to all of you for reading and subscribing; we're looking forward to our next thousand issues.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from the Johns Hopkins University's Joe Carrigan on cloud versus local storage of data. Our guest is Novetta's Peder Muller with a preview of the Blockchain presentation that he’ll be giving at Jailbreak on October 17. As always, if you enjoy the podcast, we invite you to consider giving it an iTunes review.

Sponsored Events

Tech Talk: Blockchain & Bitcoin (Laurel, Maryland, USA, October 17, 2016) Join Novetta and Chainanalysis at Jailbreak Brewery to learn about Bitcoin, a digital currency, and Blockchain, the technology that makes it all work. Rub elbows with like-minded techies and enjoy ice cold beer - Don’t miss out.

Cyber Security Summit (Los Angeles, California, USA, October 20, 2016) Senior-level executives are invited to learn about the latest threats and solutions in cyber security from experts from the U.S. Dept. of Justice, Darktrace, IBM and more. Use promo code cyberwire50 for a 50% off (Regular price $250).

CyberMaryland 2016 (Baltimore, MD, USA, October 20 - 21, 2016) This year's theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side.

NICE Conference and Expo 2016 (Kansas City, MO, USA, November 1 - 2, 2016) The NICE 2016 Conference and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for two days of focused discussions.

Selected Reading

Cyber Trends

Watch a Quantum Computing Expert Describe How the World’s About to Change (Motherboard) Quantum physics, with its descriptions of bizarre properties like entanglement and superposition, can sound like a science fiction fever dream. Yet this branch of physics, no matter how counterintuitive it seems sometimes, describes the universe all around us: As physicists have told often told me, we live in a quantum world. Soon, this will be better reflected in our technology, and everything it can do

“We’re all failing” – Experts slam enterprise cyber security failings at IP Expo (Computer Business Review) IT Expo panel blasts enterprises for not taking “basic” cyber security steps

Security Orchestration and Automation: Closing the Gap in Incident Response (Hexadite) ESG surveyed 100 IT professionals with knowledge or responsibility for their organization’s incident response processes and technologies. The research shows that 91 percent of these people believe that IR efficiency and effectiveness are limited by the time and effort of manual processes. In addition, it found that 97 percent of organizations have either already taken steps to automate and/or orchestrate incident response processes, or plan to do so within the next 18 months

Nearly 75 Percent of Consumers Say Guarantees Against Monetary Fraud Would Accelerate Mobile Payment Adoption (BusinessWire) Research for NTT DATA and Ingenico ePayments by Oxford Economics and Charney Research finds banks and merchants may not be taking customers’ fears seriously enough

Legislation, Policy and Regulation

What Does Putin Want? (National Interest) The United States should pursue confrontation where necessary and mutual interests without illusions where possible

Security vs. privacy: The endless fiery debate continues (CSO) There was general agreement at this week’s Cambridge Cyber Summit at MIT that it is imperative to find a balance between the often-competing needs of national security and individual privacy. But there was no agreement on what that balance would look like

Should NSA and Cyber Command have separate leadership? (The Conversation) The National Security Agency is the nation’s digital spying organization. U.S. Cyber Command is a military unit focused on cyberwarfare. Does it make sense for one person to lead them both at the same time?

Dateline

A generation ahead? Not by 2030. (The CyberWire) By 2030, the US will no longer be able to assume technological superiority. That was a principal conclusion of the Institute of Land Warfare Contemporary Military Forum's panel on " Threats in the 2030 Operating Environment"

Counter-ISIS Cyber Task Force Provides Greater Clarity, C2 (Defense News) The specially designated task force designed to merely focus on countering the Islamic State group in cyberspace is providing clarity and focus on operations

U.S. Military Applies 'Incredible Focus' in Digital War Against ISIL (SIGNAL) Army leads a task force of cyber warriors dedicated solely to the militant group's cyber efforts, general says

Army cyber advances in the face of policy challenges (FCW) The leader of the Army's Cyber Command said it has seen substantial growth in the past three years, but challenges related to staffing, training and policy reform lie ahead

Operationalizing Cyberspace (Stand-to!) The Army is in the process of operationalizing cyberspace to enable maneuver commanders to fight and win in the information environment in the same manner as in the ground, air, sea and space domains

Army explores using cyber teams to aid maneuver commanders (US Army) A pilot program known as Cyber Support to Corps and Below, or CSCB, is now providing some maneuver commanders with an improved situational awareness of the information environment and tools to shape that environment

Army CIO provides update on IT projects (C4ISRNET) During a panel discussion at the annual AUSA conference, Army’s CIO Lt. Gen. Robert Ferrell provided an update on the projects and progress the Army is making in the IT space

The World Changed in 2014 (The CyberWire) Everyone recognizes that the world changed on 9/11. It also changed, and just as drastically, in 2014. That year saw the Russian invasion of Ukraine (with its attendant suppression of civil society and hybrid warfare); it also saw the rise of ISIS and the beginning of the ongoing refugee crisis as people fled the failed states of North Africa and the Middle East. With that crisis, terrorism came back to Europe. A major feature of the new world of conflict has been intense operations in cyberspace

Products, Services, and Solutions

ROMAD Cyber Systems to Showcase Innovative Malware Eradication Technology at Cupertino Security Shark Tank (BusinessWire) The cybersecurity startup proactively detects threats based on the original malware family by successfully mapping the malware genome

Virtru Enables Cloud Migration for More Than 15,000 State of Maryland Employees (MarketWired) Client-side encryption, access control, and data loss prevention help state employees protect citizen privacy, comply with regulations, and reap the benefits of Google Cloud

VIPRE® Strengthens Critical Layer of Defense Against Ransomware Attacks (PRNewswire) VIPRE Email Security for Exchange 4.5 bolsters small businesses' protection against phishing attacks, malicious email attachments and dangerous spam

LightEdge Announces Partnership with Vision Solutions (LightEdge) New partnership provides unique solution for IBM i Customers

Palo Alto Networks Steps Up Endpoint Security Game With Certification Of Traps As AV Replacement (CRN) Palo Alto Networks is stepping up its next-generation endpoint security game, with the announcement Tuesday that its Traps technology has received third-party PCI and HIPAA certification as a replacement for legacy antivirus

New WatchGuard tabletop security appliance offers speeds over 1Gbps (Financial News) Advanced network security solutions provider WatchGuard® Technologies has released its newest hardware appliance, the Firebox® T70, which has set a new standard for tabletop performance, the company said

Thales offers a trusted probe for Critical National Infrastructure Provider (Web Wire) Thales introduces its cyberattack detection probe, currently undergoing qualification by the National Cybersecurity Agency of France (ANSSI)

Stop ransomware before it strikes (Techgoondu) Ransomware has emerged to become one of the most widespread and damaging threats today, with new strains of ransomware being continuously released into the wild

Herjavec Group Introduces Advanced Identity and Access Management Practice Following Acquisition of Aikya Security Solutions (PRNewswire) Robert Herjavec, leading investor on the Emmy Award-winning hit show, Shark Tank, and Founder & CEO of global cybersecurity firm, Herjavec Group, proudly announces the acquisition of Identity and Access Management (IAM) consultancy, Aikya Security Solutions

LightCyber Introduces Free Purple Team Assessment to Test Data Breach Readiness (PRNewswire) Working with select managed security service partners to provide combined red team attack simulation and blue team attack detection for a limited time offer

Me-OUCH! Facebook shuts accounts over image of cat wearing suit and tie (Naked Security) Besides featuring attire that might be worn by a lawyer, is there anything offensive about the above cat picture?

Scoop News Group Launches CyberScoop: A National Cybersecurity News Platform Connecting Security Leaders from Government and Tech Industries (PRNewswire) Scoop News Group (SNG) announces the launch of their CyberScoop website, the newest go-to destination for cutting edge cybersecurity news. Earlier this year, the media company launched a digital newsletter featuring articles and events related to protecting electronic data

Technologies, Techniques, and Standards

Cyber security tips for budding startups (Your Story) A well-entrenched cyber security programme is an absolute must for any budding startups. Data breaches reached an all-time high last year. Millions of people were affected as hackers stole information via phishing emails, watering hole attacks and ransomware. Burgeoning internet penetration and usage made the world a global village. This ease of access and availability also acted as a boon to cyber attackers. Businesses lost cash, reputation and sensitive information and individuals suffered due to breaches in bank accounts

Marketplace

Booz Allen Hamilton shares turn negative after DOJ arrests government contractor (CNBC) Shares of Booz Allen Hamilton moved sharply lower after The New York Times reported that Harold Thomas Martin, one of the firm's National Security Agency contractors, had been arrested for possible theft of classified computer code

Meet Palantir, Silicon Valley's most questionable unicorn (LinkedIn) Gandalf: A palantir is a dangerous tool, Saruman. Saruman: Why? Why should we fear to use it? Gandalf: They are not all accounted for, the lost Seeing-stones. We do not know who else may be watching

Overreaction Of Investors Leaves Akamai Trading At A Steep Discount (Seeking Alpha) While CDN and Security remain competitive markets, Akamai remains well positioned. Revenue growth should reaccelerate in FY17 as DIY impact dissipates. The shares are trading at a steep discount to the Nasdaq and the industry

Why Investors Are Paying a Premium for CyberArk Software Ltd (Motley Fool) The company’s robust sales growth, stable profitability, and best in breed reputation are convincing some investors to pay a premium -- but should you?

Defend and Invest: Hacking Attacks Lead to Cybersecurity Industry Growth (Bloomberg BNA) Some industries excel during times of excitement or crisis. People flock to buy hotdogs, hamburgers, fireworks and nice cold U.S. beer during the summer time. The demand of umbrellas, flashlights, jugs of water and cans of food rise when the threat of a hurricane is imminent. Even a Trump presidency may lead to many democrats stocking up on their gold stockpiles

Accenture adds another cyber acquisition to its portfolio (Washington Technology) Accenture is keeping a tight focus on cybersecurity as it makes another deal for company that specializes in information security for federal agencies

IBM Invests $200m in German Blockchain and IoT Lab (Finance Magnates) The investment responds to increasing demand from clients looking to transform their operations with IoT and AI technologies

Cybric Secures $6.3 Million Seed Investment to Accelerate the Launch of the Company’s Cybersecurity Platform to Enterprises Worldwide (BusinessWire) New continuous security-as-a-service platform enables enterprises to protect critical applications and data without impacting production environments

Forcepoint pushes to move 'forward without fear' (Channelnomics) Part one of two: Security player takes on widespread threats with channel’s help

How Symantec's Cyber Career Connection (SC3) is Fighting Cybercrime One Job at a Time (Sustainable Brands) Today cyber security is one of the most important fields in technology and a serious issue for individuals, business leaders, Chief Information Officers (CIOs) and CISOs, and society as a whole

Half Of Cybersecurity Pros Solicited Weekly About A New Job (Dark Reading) 'Sellers' market' for IT security professionals, but more than two-thirds lack a clear career path in the field

Chief Information Security Officers Select Cylance as Winner of Security Current's Security Shark Tank® Chicago (PRNewswire) Chief Information Security Officers (CISOs) select endpoint security provider Cylance for its innovation and importance to the business

Former Raytheon Chairman and CEO William Swanson Joins Pwnie Express Board of Directors (MarketWired) IoT security leader adds proven security, government and military expertise

Security Patches, Mitigations, and Software Updates

Google melts 78 Android security holes, two of which were critical (Register) Chinese hackers thanked for help finding flaws

Cyber Attacks, Threats, and Vulnerabilities

Hackers Hit Buzzfeed, Claim to Have Database (Motherboard) On Wednesday, someone claiming affiliation with the hacking group OurMine breached a section of Buzzfeed’s website, and defaced a handful of articles. The hacker or hackers also claimed to have a copy of the site’s database

Hack Brief: Hackers Breach BuzzFeed in Retaliation for Exposé (Wired) After Kim Kardashian was threatened and robbed in Paris this week, celebrities are considering whether her frequent social media use made her more vulnerable, and may be reassessing their own digital sharing. But for prominent people, this won’t resolve another perpetual threat: Being hacked

Spotify Free is Serving Up Malware (Infosecurity Magazine) Numerous users are flooding music streaming service Spotify’s Twitter feed, reporting that the freemium tier service has been hit with a malvertising attack

Cerber ransomware kills database connections to access important data (CSO) The program tries to terminate common database-related processes like those of the MySQL, Oracle and Microsoft SQL servers

Yahoo hack raises fresh fraud concerns (Christian Science Monitor Passcode) Fraudsters are trying to trick victims of the massive Yahoo data breach into paying for bogus tech support

Juan Andres Guerrero-Saade and Brian Bartholomew on APT False Flags and Attribution (Threatpost) Mike Mimoso talks to Kaspersky Lab Global Research and Analysis Team researchers Juan Andres Guerrero-Saade and Brian Bartholomew about a paper released at Virus Bulletin on deception tactics and false flags flown by APT groups to frustrate analysis

Akamai Post-Mortem Report Confirms Mirai as Source of Krebs DDoS Attacks (Softpedia) Almost half of Mirai bots located in the EMEA region

Your home might be secretly carrying out cyberattacks (Christian Science Monitor Passcode) Criminal hackers have shown they can take over connected home devices and turn them into zombie networks that carry out debilitating online attacks

Compromised eCommerce Sites Lead to “Magecart” (RiskIQ) Most methods used by attackers to target consumers are commonplace, such as phishing and the use of malware to target payment cards. Others, such as POS (point of sale) malware, tend to be rarer and isolated to certain industries. However, some methods are downright obscure—Magecart, a recently observed instance of threat actors injecting a keylogger directly into a website, is one of these

FastPOS Updates in Time for the Retail Sale Season (TrendLabs Security Intelligence Blog) Most point-of-sale (PoS) threats follow a common process: dump, scrape, store, exfiltrate. FastPOS (initially detected by Trend Micro as TSPY_FASTPOS.SMZTDA) was different with the way it removed a middleman and went straight from stealing credit card data to directly exfiltrating them to its command and control (C&C) servers

RIG Exploit Kit Analysis – Part 2 (Count Upon Secuirty) Continuing with the analysis of the RIG exploit kit, let’s start where we left off and understand the part that contains the malicious Adobe Flash file

Cisco Host Scan Package Cross-Site Scripting Vulnerability (Cisco Security Advisory) A vulnerability in the Cisco Host Scan package could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of a Cisco Adaptive Security Appliance (ASA) Web VPN deployment

One in every 16 Android devices is affected by BadKernel (Techworm) BadKernel vulnerability affects one in every 16 Android smartphones

Abandoned Mobile C&C Servers Present Opportunity to Attackers (Threatpost) When developers build mobile apps, they’re not only coding functionality, but they’re also dragging in third-party software development kits (SDKs) for ads, analytics and lots of things in between

Insulin Pump Found to Be Less Secure Than a Bluetooth Speaker (BostInno) A Johnson & Johnson subsidiary has acknowledged that vulnerabilities flagged by a Boston cybersecurity firm in its popular insulin pump could allow hackers to harm patients

Noisy Fans & Fake Deli Coupons: How Hackers are Winning Now (Infosecurity Magazine) In the race to come up with new and more sophisticated ways to invade victims' computers and networks, hackers will use any means necessary – even a computer's fan

Checking my honeypot day (SANS Internet Storm Center) A number of the handlers, including myself, run a number of honeypots around the planet. Unfortunately I don't get to play with them as much as I want to. There are a bunch of automated processes in place, but on occasion I have a honeypot day/night where I check how they are doing and to have a look to see what people are up to, as well as take a look at the executables being pulled

Academia

Idaho State University raises awareness about cyber security (ABC News 8) October is cyber security awareness month. So Idaho State University's information security center is working to promote awareness. The National Information Assurance Training and Education Center is putting up posters around campus with advice and safety tips

Litigation, Investigation, and Enforcement

N.S.A. Contractor Arrested in Possible New Theft of Secrets (New York Times) The F.B.I. secretly arrested a National Security Agency contractor in recent weeks and is investigating whether he stole and disclosed highly classified computer code developed to hack into the networks of foreign governments, according to several senior law enforcement and intelligence officials

Feds Charge NSA Contractor with Taking Top Secret Documents (Wired) Three years after Edward Snowden, the National Security Agency has sprung another contractor leak

F.B.I. Criminal Complaint Against Harold Martin, N.S.A. Contractor (New York Times) The F.B.I. secretly arrested Harold T. Martin III, an N.S.A. contractor, and is investigating whether he stole and disclosed highly classified information

Has the Russian Mole Inside NSA Finally Been Arrested? (Observer) The FBI has a yet another defense contractor in custody on espionage charges—what did he really do?

The risk of contractors is real, Justice Dept. national security head says (CNBC) After the arrest of a National Security Agency contractor for allegedly stealing government secrets, the Justice Department's John Carlin told CNBC on Wednesday that the risk posed by contractors is "real"

Yahoo's secret email scans helped the FBI probe terrorists (CSO) The scanning program used a reconfigured spam filter, not a whole new system, the New York Times says

What to Make of Yahoo's Email-Scanning Allegations (Fortune) Hold your horses, everyone

Yahoo Slams Email Surveillance Story: Experts Demand Details (Threatpost) Bombshell revelations that Yahoo conducted mass email surveillance is raising hackles among legal, civil liberties and security experts that demand Yahoo and the U.S. government come clean. Meanwhile Yahoo challenged the accuracy of Tuesday’s report by Reuters

The Yahoo-email-search story is garbage (Errata Security) Joseph Menn (Reuters) is reporting that Yahoo! searched emails for the NSA. The details of the story are so mangled that it's impossible to say what's actually going on

Yahoo admits forwarding customer emails to FBI (HNGN) Yahoo has revealed that it scanned millions of email accounts to the US intelligence circle. According to a source, a program has been created to institute the search process

Snoop! stooge! Yahoo! handed! all! your! email! to! Uncle! Sam! – and! any! passing! hacker! (Register) We broke no laws, troubled web giant insists

Yahoo! tries!, fails! to! shoot! down! email! backdoor! claim! (Register) Purple Palace twists words to wriggle out of its surveillance hell

Feds subpoena, gag encrypted chat firm Open Whisper Systems (ZDNet) The US government demanded user data, but all did not go to plan

A Computer Guy of Interest to the F.B.I. Walks Into a Bar, in Siberia (New York Times) At the edge of this city a ribbon of asphalt called the Chuysky Highway stretches away through the wilderness of southern Siberia toward the border with Mongolia

Feds Accuse Two 19-Year-Olds Of Hacking For Lizard Squad and PoodleCorp (Motherboard) The FBI is accusing two teenagers, one from the US and one from the Netherlands, of being members of the hacking groups Lizard Squad and PoodleCorp, which have gained notoriety for targeting online gaming services such as Blizzard's World of Warcraft, and League of Legends, among others

Two charged in Chicago with operating cyber-attack-for-hire websites (Chicago Tribune) They marketed themselves as modern-day extortionists, hackers-for-hire whose black hat computer skills could shut down company web sites and harass unsuspecting people around the world, federal prosecutors say

TalkTalk fined £400k over ‘security failings’ before cyber attack (Financial Times) Telecoms group TalkTalk has been slapped with a record £400,000 fine by the Information Commissioner’s Office in the UK, which found that “security failings” allowed a cyber attacker to access customer data “with ease” last year

WADA details response to Fancy Bears' hacking (Cycling News) Anti-doping agency says its investigation into athlete TUE revelations is ongoing

Chip card lawsuit to move forward against Visa, Mastercard, others (CSO) But judge dismisses claims against nine major banks

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, October 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference will build on last year's success with a particular focus on the domestic and international legal frameworks and challenges to confronting the growing cyber threats in the gray zone short of armed conflict and employing cyber capabilities as part of broader deterrence strategies. The first two days of the conference will be held at the Acquisition Research Center, Hannover, MD, and will be conducted at the Unclassified level. The third and fourth days of the conference will be held at the classified level on Fort Meade, Maryland. The conference will be closed to the media and conducted under Chatham House rules.

IP EXPO Europe (London, England, UK, October 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own speakers, exhibitors and seminar programmes. These events bring together 300+ exhibitors and 300+ free to attend seminars across 23 theatres, all under ONE roof. The six IP EXPO Europe events for 2016 are: Cloud Europe, Cyber Security Europe, Networks & Infrastructure Europe, Data Analytics Europe, DevOps Europe, Open Source Europe

RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, October 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate their adversaries. We invite Recorded Future customers, partners, and threat intelligence enthusiasts to join us at RFUN 2016.

SecureWorld Denver (Denver, Colorado, USA, October 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

VB 2016 (Denver, Colorado, USA, October 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, October 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that unite players from research labs, automakers, tier 1’s and the complete supply chain to plan for a secure future.

AFCEA CyberSecurity Summit (Washington, DC, USA, October 11 - 12, 2016) AFCEA Washington, DC invites you to attend the 7th Annual Cybersecurity Summit on October 11–12, 2016. This two-day summit will feature keynotes from government leaders, thought-provoking discussion panels, and a number of deep-dive breakout sessions. The opening day of the conference, October 11, will tackle strategies for addressing cyber intelligence, next-generation cyber operations, and insider threats. Hosted at the Grand Hyatt Washington, attendees will be able to explore the avenues of cyber workforce development and training issues impacting tomorrow’s evolving threat environment. The half-day conference on October 12 is strictly for Sensitive Compartmented Information (SCI) clearance holders and will be hosted at the General Dynamics Information Technology facility in Alexandria, Virginia

AppSecUSA 2016 (Washington, DC, USA, October 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s Favorite Hacker, Former DHS NCSD Director of Software Assurance, and Assistant Professor & Cryptographer—who are challenging traditions. You’ll be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle your challenges in innovative ways.

Cyber Security Summit 2016 (Aukland, New Zealand, May 5, 2016) New Zealand’s first Cyber Security Summit will be held in Auckland on 5 May 2016. The theme is “Keeping New Zealand’s Economy Cyber Secure”. Hosted by the Minister for Communications Hon Amy Adams, the Summit is an opportunity for board chairs and chief executives to discuss how New Zealand should tackle the threat of cybercrime, and improve our resilience and security. Chief executives, board chairs and leaders from across the public and private sectors have been invited to join the Minister for Communications at this high level event.

Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, October 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.

Cyber Ready 2016 (McDill Air Force Base, Florida, USA, October 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE Corporation, Tampa Bay Innovation Center, Florida Chamber Foundation and the Florida Suncoast AFIO Chapter is proud to present this important event. In addition to attending the Cybersecurity Conference, you're also invited to register for the Golf Outing and Barbecue Dinner at the MacDill AFB Bay Palms Golf Complex on Monday afternoon. The event will include the sixth annual MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.

EDGE2016 Security Conference (Knoxville, Tennessee, USA, October 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.

SecureWorld St. Louis (St. Louis, Missouri, USA, October 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

CyberTini at CyberMaryland (Baltimore, Maryland, USA, October 19, 2016) The bwtech@UMBC Cyber Incubator will be hosting a CyberTini as the official opening event of the CyberMaryland Conference on the evening of October 19, 2016 at the Columbus Center in Baltimore’s Inner Harbor. The Columbus Center is just a few blocks from the Baltimore Hilton Hotel where the CyberMaryland Conference is taking place, and attendance at the CyberTini is estimated to be 250 or more. The event will begin at 5pm the night before the CyberMaryland Conference and will run until approximately 7:30pm.

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.

14th Annual EWF National Conference (Scottsdale, Arizona, USA, October 25 - 27, 2016) Balancing risk and opportunity: transforming cybersecuity; risk and privacy beyond the enterprise. The Executive Women's Forum (EWF) Annual Conference provides an exclusive opportunity to personally interact with more than 350 global thought leaders in the fields of Information Security, Risk Management and Privacy. During this three-day event, members collaborate on round-table exercises, incident simulations, panel discussions and working groups. Exposure to new ideas and approaches, best practice management of everyday issues and learning from observing the best and the brightest is an excellent and abundant return on investment.

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Security By Design (McLean, Virginia, USA, October 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

AUSA update. NSA contract worker arrested for taking classified material from his workplace. Yahoo! surveillance story still murky. Industry notes, threat research, and product announcements.