The CyberWire Daily Briefing 10.07.16

Summary

By The CyberWire Staff

The former NSA contractor arrested for improper possession of classified material and Government property is being characterized by observers as neither a whistleblower nor a spy, but rather as a "weirdo." How the industry term "weirdo" may figure in any eventual defense remains to be seen. It appears increasingly unlikely to most that the contractor arrested had any connection to the Shadow Brokers' leaks.

Observers also think it unlikely that the arrest will have any noticeable effect on how the US Intelligence Community uses contractors. Both contract and Government personnel are cleared by the same authorities; both contractors and agencies face similar insider threats.

The athletes' records hacked in the attack on WADA (the World Anti-Doping Agency) appear to have been tampered with. Fancy Bear, a.k.a. Russia's GRU, is generally regarded as responsible. The case is newly interesting because of the data manipulation threat it now appears to illustrate.

Guccifer 2.0's claim to have hacked the Clinton Foundation appears quite exploded. Metadata suggest the material Guccifer 2.0 released in fact came from the Democratic Congressional Campaign Committee. Whatever paw may be inside the sockpuppet known as Guccifer 2.0, observers note that doxing need not be authentic to be an effective tool of information warfare.

Flashpoint researchers describe to common vulnerabilities exploited by the Mirai IoT botnet.

Cisco patches its Nexus 7000-series switches and its NX-OS software.

Eugene Kaspersky warns that terrorists, not states, are likeliest to commit a cyberattack against infrastructure (even while acknowledging that states have already done so).

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, India, Indonesia, Romania, Russia, United Kingdom, and United States.

It is, of course, National Cyber Security Awareness Month in the United States. The theme for this first week has been, "STOP. THINK. CONNECT.™: The Basic Steps to Online Safety and Security."

And another note to our readers: the CyberWire will be observing Columbus Day this Monday, and so we won't be publishing or podcasting. We'll be back as usual Tuesday. For those readers in the US who are able to take a break on Columbus Day, enjoy the long weekend.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from Dr. Charles Clancy of Virginia Tech's Hume Center. He'll talk through the cyber security policy positions the US Presidential candidates are advancing. Our guest is Joyce Brocaglia from the Executive Women’s Forum, and she'll discuss the career picture for women in cyber security. If you enjoy the podcast, by all means consider giving it an iTunes review.

Sponsored Events

Tech Talk: Blockchain & Bitcoin (Laurel, Maryland, USA, October 17, 2016) Join Novetta and Chainanalysis at Jailbreak Brewery to learn about Bitcoin, a digital currency, and Blockchain, the technology that makes it all work. Rub elbows with like-minded techies and enjoy ice cold beer - Don’t miss out.

Cyber Security Summit (Los Angeles, California, USA, October 20, 2016) Senior-level executives are invited to learn about the latest threats and solutions in cyber security from experts from the U.S. Dept. of Justice, Darktrace, IBM and more. Use promo code cyberwire50 for a 50% off (Regular price $250).

CyberMaryland 2016 (Baltimore, MD, USA, October 20 - 21, 2016) This year's theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side.

NICE Conference and Expo 2016 (Kansas City, MO, USA, November 1 - 2, 2016) The NICE 2016 Conference and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for two days of focused discussions.

Selected Reading

Cyber Trends

US NIST Warns Security ‘Fatigue’ is Putting Users at Risk (Infosecurity Magazine) A reluctance to deal with computer security is putting users in danger online as they take unnecessary risks due to general fatigue with things like passwords, according to a new NIST study.

Security fatigue is real – we need usable security (Help Net Security) A preliminary study involving 40 computer users of different ages, occupations, and living in different settings has shown what most of use already know to be true: security fatigue is a real thing

The Ethics and Morality Behind APT Reports (Threatpost) Investigations into state-sponsored APT campaigns are much more than black-and-white research into malware, exploits and zero-days. Behind the scenes, these can be geopolitical powder kegs that require moral examinations into the ethics of publishing public reports that could expose tools that may be used by nations to take down terrorism operations or large-scale criminal investigations

Vast phishing campaigns boost global criminal attack footprint (Help Net Security) The Anti-Phishing Working Group (APWG) observed a record number of phishing attacks in the second quarter of 2016

Hackers Love Your Small Business (SIGNAL) The first week of National Cyber Security Awareness Month focuses on promoting cybersecurity for individuals. However, organizations of all types and sizes, especially small businesses, must be aware of the devastating consequences of a cyber domain attack

A closer look at data breach preparedness (Help Net Security) While most organizations have a data breach preparedness plan in place, executives are not updating or practicing the plan regularly and lack confidence in its effectiveness, according to a study by the Ponemon Institute

The State of Cyber Security Professional Careers (ESG and ISSA) When it comes to cyber security, there is no shortage of frightening data. As a small example

Data Science & Security: Overcoming The Communication Challenge (Dark Reading) Data scientists face a tricky task -- taking raw data and making it meaningful for security operation teams. Here's how to bridge the gap

Legislation, Policy and Regulation

India, Russia may ink cyber-security pact next week (Economic Times) India and Russia will likely sign a cyber-security pact during Russian President Vladimir Putin's trip to Goa next week, cementing joint efforts to curb terror-related activities in the region

IBM, Microsoft, Oracle beware: Russia wants open source, sees you as security risk (ZDNet) And even Russian software products could be banned from government agency IT systems if they're built on US-made software platforms

NSA Director Not Opposed To Splitting Cyber Command From Agency (Dark Reading) In the long run it may make sense to keep nation's cyber offense mission separate from NSA, Michael Rogers says

Johnson Pushes for Cyber Protection Agency (Defense News) Homeland Security Secretary Jeh Johnson on Wednesday said he is still after congressional approval for a national cybersecurity agency and broader reorganization of his department

EFF: NSA’s Support of Encryption ‘Disingenuous’ (Threatpost) The National Security Agency came out in support of encryption again Wednesday, but privacy advocates were quick to contest the agency’s stance, criticizing it for having a different definition of the term than others

US Launches IT Contract to Spur Cybersecurity Purchases (eCommerce Times) The U.S. government plans to initiate an updated contracting vehicle for the acquisition of cybersecurity information technologies for federal agencies this month. The purpose of the program is to make it easier and more efficient for federal agencies to obtain cyberprotection services

Defense Innovation Board Lays Out First Concepts (Defense News) The Pentagon’s new Defense Innovation Board had its first meeting Thursday, but it was clear the 15-member panel had been busy over the previous months

New Websites Available for Navy Cyber Work Force Personnel (SIGNAL) Naval Information Forces has developed a website for the Navy Cyber IT and Cybersecurity Workforce (Cyber IT/CSWF) Qualification Program. Pertinent ALCOMS, the Navy cyber IT and cybersecurity qualification matrix, designation and appointment letter templates, program checklists and much more can be found on the new site

N.Y.'s Cyber Plan Is a Start, But Banks Need Stronger Reform (American Banker) It is encouraging that regulators recognize the gravity of cyber risk, as indicated by proposed security regulations announced by New York Gov. Andrew Cuomo. But New York's plan is still far from what banks need to deal with the threat

Dateline

Innovation's Clockspeed Mismatch (and Crowdsourcing the Manhattan Project) (The CyberWire) The Institute of Land Warfare Contemporary Military Forum's session on "The Future of Army Public-Private Partnerships and Cyberspace" offered opinion and insight on how the US Department of Defense in general and the Department of the Army in particular can keep from falling behind the pace of innovation industry sets in the commercial market

Cyber, electronic warfare integration critical for future Army ops (C4ISRNET) The Army has been discussing convergence and integration when it comes to cyberspace, the electromagnetic spectrum and the signal corps, going so far as establishing a new headquarters in the Pentagon to focus on policy, strategy, and requirements for cyber, electromagnetic spectrum and information operations

To integrate cyber, the Army is learning by doing (C4ISRNET) The Army is taking the old adage of "learning by doing" to heart. As the Army looks to integrate cyber capabilities into its broader operational construct of land and air battle — as well as converging cyberspace activity with signal and electronic warfare — it is undertaking a series of tests and experiments to develop doctrine, tactics, techniques and procedures for the future

A generation ahead? Not by 2030. (The CyberWire) By 2030, the US will no longer be able to assume technological superiority. That was a principal conclusion of the Institute of Land Warfare Contemporary Military Forum's panel on " Threats in the 2030 Operating Environment"

The World Changed in 2014 (The CyberWire) Everyone recognizes that the world changed on 9/11. It also changed, and just as drastically, in 2014. That year saw the Russian invasion of Ukraine (with its attendant suppression of civil society and hybrid warfare); it also saw the rise of ISIS and the beginning of the ongoing refugee crisis as people fled the failed states of North Africa and the Middle East. With that crisis, terrorism came back to Europe. A major feature of the new world of conflict has been intense operations in cyberspace

Products, Services, and Solutions

Benchmark Executive Search Launches New Service to Connect Cybersecurity Experts (Hunt Scanlon) Benchmark Executive Search has launched Expert Network, a new service designed to match its network of experts, advisors and consultants with companies seeking to upgrade their corporate asset protection, risk management and cyber strategies

Authentication protects systems and securely controls IoT nodes (EDN Europe) Maxim’s DeepCover Secure Authenticator, DS28C36, provides public-key and secret-key crypto functions that support new levels of embedded security protection; developers of industrial, medical, and IoT products now have an added level of IP and device integrity protection

Free Tool Protects Mac Users from Webcam Surveillance (Threatpost) Hijacking a user’s webcam is one of the more dastardly tactics used for surveillance. In most cases the attacker can use a number of different webcam-aware malware samples to quietly turn on and record audio and video from the target’s machine

Facebook Secret Conversations: Enabling Privacy and Progress One Message at a Time (Inquisitr) If you’re among the estimated 1 billion global citizens who use Facebook to send and receive messages, you’ll want to know about the platform’s newly released “Secret Conversations” feature

Cisco and Thales Innovate Together for Trusted Cybersecurity Solution (Newswire Today) Cisco and Thales have launched a trusted cybersecurity solution to detect and counter cyberattacks more effectively

WISeKey and Bajaj Electricals Partnership to Create over 100 Million Digital Identities for Consumer and Industrial Products Through WISeLight IoT Platform (BusinessWire) WISeKey International Holding Ltd (WIHN.SW) (“WISeKey”), a Swiss based cybersecurity company and Bajaj Electricals Limited (BEL), India’s leading consumer durable and lighting company today announced their intention in New Delhi, at the India Economic Summit, to create the first ever IoT Trusted Platform connecting to a secure cloud approximately 100 million consumer & industrial products in the first phase of WISeLight IoT Platform

Intrinsic-ID and Guardtime form alliance to provide security and governance for IOT blockchain (EconoTimes) Intrinsic-ID, an embedded authentication company, and Guardtime, industrial blockchain platform powering digital transformation, have announced an alliance in order to provide a new level of security and governance for the Internet of Things (IOT)

Technologies, Techniques, and Standards

How companies can deal with insider data theft (CSO) The recent arrest of a former NSA contractor is just the latest high-profile example

What CSOs can learn from the Yahoo data breach (CSO) The IT security industry is still buzzing after news of a data breach at Yahoo in 2014, in which more than 500 million user accounts were hacked

DMARC email security is now mandatory for the UK government, what can the enterprise learn? (Help Net Security) It’s no secret by now that email has become the number one tool for cyber criminals and fraudsters. Earlier this year the FBI predicted that Business Email Compromise attacks which impersonate executives within a company have cost more than $3.1 billion in the last three years alone, while increasingly sophisticated phishing attacks are also targeting individuals

Exploit Kits Take Cyberattacks to the Masses. But They're Preventable. (SecurityWeek) Exploit kits are a popular method for criminal groups to compromise victims’ systems, as they provide a stealthy way to infect hosts, they’re automated (making them easy to use), and they can be rented or sold to other malicious actors for thousands of dollars a day

How to Mitigate Data Breaches In Health IT (Information Management) What once was only science fiction is now our reality, anything and everything can be hacked

War stories: just shut off telnet (CSO) Years ago I was working on a project that had a rather interesting premise

War stories: Logs are where the dead things dwell (CSO) Over the years there has been one love hate relationship that I could never truly get away from entirely

Marketplace

Report: Verizon wants $1 billion discount after Yahoo privacy concerns (TechCrunch) It’s bad news for Yahoo. The company is in the midst of finalizing its sale to Verizon, but recent revelations about hacking and spying may be costing them a pretty penny

Business transformation proves to be a catalyst for cybersecurity spending (CSO) Evolving risks and business technologies shift focus in security budgets

PwC: Security is No Longer an IT Cost Center (Infosecurity Magazine) Many organizations no longer view cybersecurity as a barrier to change, nor as an IT cost

October 5th, Maryland's Day of Cyber (LinkedIn) I was very honored to participate in Maryland's Day of Cyber. The CyberSecurity Association of Maryland Inc. (CAMI) organized an event with a variety of speakers and panels from the cyber industry and a pitch competition with a variety of start-ups

Avast completes buyout of AVG, becoming the biggest antivirus provider outside China (TechRadar) Newly combined company promises to beef up protection for its 400 million users and continue support for AVG software

Raytheon: Bet On Cybersecurity (Seeking Alpha) Raytheon is a good investment for the election cycle due to its focus on cybersecurity and defense. It is valued lower than its competition - I believe this will change. Raytheon is poised to exploit the cybersecurity industry via its new Forcepoint division

Forcepoint opens Toronto secure data centre (Computer Dealer News) Nine months after rebranding itself Forcepoint, the security vendor has now established deep roots in Canada with the opening of a state-of-the-art data centre in the country’s biggest city to further its cloud security strategy

Data61 opens cybersecurity hub in Victoria (ZDNet) Data61 has officially opened its Cyber Security and Innovation Hub in Victoria, set up to work with government, industry, and the private sector to tackle the AU$98 billion cybersecurity market

Trust the cloud, we’re getting the hang of securing it, says Unisys security chief (Register) Tom Patterson talks the white and fluffy stuff

On Entrepreneurship: For new FireMon CEO, it’s growth over profitability (Kansas City Business Journal) Reporter Leslie Collins writes that Satin Mirchandani says he’s been charged with pouring every resource the cyber-security company has into growth and expansion

AT&T strikes Amazon cloud deal, strengthens IBM partnership (Total Telecom) Multi-year AWS partnership centres on cloud networking, IoT, security

High Cybersecurity Staff Turnover is an 'Existential Threat' (Infosecurity Magazine) Nearly two-thirds (65%) of cybersecurity professionals struggle to define their career paths—leading to a high turnover rate that opens up big security holes within organizations

Inside A Bug-Hunter's Head: 6 Motivators (Dark Reading) Who are bug bounty hunters, and why do they hack? We dig inside the motivators driving today's hackers to seek vulnerabilities

GrammaTech Recognized in Silicon Review's 50 Smartest Companies of the Year (PRNewswire) GrammaTech, a leading developer of software-assurance tools and advanced cyber-security solutions, was recognized today as one of the 50 Smartest Companies of 2016 in the Silicon Review, a preeminent business and technology magazine for tech decision makers and enterprise IT professionals. GrammaTech was selected among companies around the world with software solutions that drive business value in the evolving technical IoT landscape

Rapid7 Earns Top Spot from SANS in Critical Security Controls Report (EconoTimes) Rapid7, Inc. (NASDAQ:RPD), a leading provider of security data and analytics solutions, has been recognized by SANS for providing the most comprehensive coverage across the Center for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense

Secucloud appoints former E-POST managing director Mark Rees as its new COO (Realwire) In the era of the internet of things, comprehensive protection for all internet-enabled devices is becoming increasingly challenging

DigiCert Announces Hiring of Mike Johnson as General Counsel and Mark Packham as VP of Marketing (MarketWired) Johnson and Packham bring strong technology law experience and seasoned marketing leadership to the DigiCert team

Former RCMP Director General Robert Fahlman Joins Wynyard (BusinessWire) Robert C. Fahlman, former Director General with the Royal Canadian Mounted Police, has joined Wynyard Group as an advisor, the company announced today. Fahlman will provide insight to Wynyard on the needs of law enforcement agencies, engage with industry leaders, and share his knowledge of investigative and criminal intelligence challenges and procedures

Security Patches, Mitigations, and Software Updates

Cisco Warns of Critical Flaws in Nexus Switches (Threatpost) Cisco Systems released several critical software patches this week for its Nexus 7000-series switches and its NX-OS software. The vulnerabilities can allow remote access to systems, enabling a hacker to execute code or commands on targeted devices

Cyber Attacks, Threats, and Vulnerabilities

Metadata wrecks Guccifer 2.0's claims of a Clinton Foundation hack (CSO) Leaked documents full of DCCC markers

Even a Fake Clinton Foundation Hack Can Do Serious Damage (Wired) On Tuesday, Guccifer 2.0—the same hacker that previously broke into the Democratic National Committee’s servers—posted data that purportedly show evidence of corruption and malfeasance at the Clinton Foundation

From Russia with grudge: hackers accused of trying to sway US election (Naked Security) Are shadowy Russian computer experts really trying to ‘hack’ the 2016 US Presidential election?

Hacked Olympians’ doping docs may have been doctored post-theft (Naked Security) On 13 September, a hacking group called Fancy Bears published stolen medical data from the World Anti-Doping Agency (WADA)

Hacked: Website crashes after publishing Clinton associate files (Washington Examiner) The secret-leaking website DCLeaks went down on Wednesday evening, shortly after posting documents it says were obtained by hacking a key aide to Hillary Clinton at the State Department

When Vulnerabilities Travel Downstream (Flashpoint) CVEs assigned to upstream devices exploited by Mirai IoT botnet

We Need to Save the Internet from the Internet of Things (Motherboard) Brian Krebs is a popular reporter on the cybersecurity beat. He regularly exposes cybercriminals and their tactics, and consequently is regularly a target of their ire. Last month, he wrote about an online attack-for-hire service that resulted in the arrest of the two proprietors. In the aftermath, his site was taken down by a massive DDoS attack

New FastPoS PoS malware implements a ‘quickly and dirty’ approach to steal card data (Security Affairs) The author of the FastPoS PoS malware issued an update that profoundly changes its behavior, preferring a quick exfiltration activity even if is noisier

Attackers Can Use Legit Webcam Sessions To Spy On Mac Users, Researcher Warns (Dark Reading) Method does not exploit any vulnerability, uses legitimate functionality of the Mac OS X, Synack's Wardle says

On Phone Numbers and Identity (Coinbase) Coinbase sees a lot of motivated attackers, it’s one of the things that makes working in security at Coinbase so interesting. I want to deep dive into one recent attack for a few reasons

Passwords are the Weakest Link in Cybersecurity Today (CNBC via the Chertoff Group) Last month’s news of the devastating breach at Yahoo stunned even the most seasoned security experts, given its impact on more than 500 million individuals

Terror groups likely to be first to unleash cyber weapons, says Eugene Kaspersky (Computer Weekly) Terror groups are more likely than nation states to unleash cyber weapons and critical infrastructure is the most likely target, warns Kaspersky Lab chief

South Australian power shutdown ‘just a taste of cyber attack’ (Australian) The shutdown of South Australia last week is a near-perfect example of the impact of a cyberattack. A one-day shutdown led to hundreds of millions of dollars in losses to the economy, disruptions to citizens’ lives and an unravelling of political, social and economic certainties

Litigation, Investigation, and Enforcement

Booz Allen Statement on Department of Justice Announcement (Booz Allen Hamilton) When Booz Allen learned of the arrest of one of its employees by the FBI, we immediately reached out to the authorities to offer our total cooperation in their investigation, and we fired the employee. We continue to cooperate fully with the government on its investigation into this serious matter. Booz Allen is a 102-year-old company, and the alleged conduct does not reflect our core values. Our employees continue to support critical client missions with dedication and excellence each day. Their professionalism, values and ethics are what define our firm

Possible security gap allowed NSA contractor to shift highly sensitive jobs (CNN) Harold Martin was removed from a contract position at the National Security Agency in the past year following conflicts with co-workers, but that ouster did not prevent him from getting a different contract job in the government, US officials briefed on the investigation tell CNN

Officials: NSA contractor 'more weirdo than whistleblower' (Washington Examiner) The Booz Allen Hamilton contractor who allegedly took classified information from the National Security Agency may just be a "weirdo," current and former agency officials say, rather than a whistleblower or spy

Insider threat: NSA contractor arrest highlights the challenges (Military Times) The arrest of a National Security Agency contractor for allegedly stealing classified information was the second known case of a government contractor being publicly accused of removing secret data from the intelligence agency since 2013

Second theft of U.S. secrets likely won't hurt contractors (WUNC) A government contractor who was arrested in August is accused of taking top secret computer code designed to help the U.S. hack into foreign government computer networks. Harold Thomas Martin, 51, worked for Booz Allen Hamilton, the same private consulting company that had employed Edward Snowden, who released a slew of confidential data to journalists in 2013

At Booz Allen, a Vast U.S. Spy Operation, Run for Private Profit (New York Times) In the six weeks since federal agents raided a suburban Maryland home and arrested Harold T. Martin III on suspicion of stealing classified information from the National Security Agency, another organization has quietly prepared to face the fallout: Booz Allen Hamilton, Mr. Martin’s employer

FBI files reveal missing email 'boxes' in Clinton case, allegations of evidence tampering (Fox News) Buried in the 189 pages of heavily redacted FBI witness interviews from the Hillary Clinton email investigation are details of yet another mystery -- about two missing “bankers boxes” filled with the former secretary of state’s emails

New emails show intersection of Clinton Foundation, State Dept., paid speeches (Washington Examiner) A new batch of emails from Hillary Clinton's time at the State Department offered fresh evidence Wednesday of the pains Clinton's staff took to accommodate her husband's paid speeches and her family's foundation — just hours after Sen. Tim Kaine dismissed the possibility that the Clinton Foundation had wielded influence over his running mate

How Shodan helped bring down a ransomware botnet (CSO) Shodan is a search engine that looks for internet-connected devices. This summer, it was also used by security researchers and law enforcement to shut down a ransomware botnet

ATM Malware Gang Slowly Dismantled by British Police (Softpedia) Police arrested three out of five members

Judges Question Ross Ulbricht’s Life Sentence in Silk Road Appeal (Wired) Over a year has passed since a federal judge sentenced Ross Ulbricht to life in prison without parole after he was convicted of creating and running the vast dark web drug bazaar known as Silk Road. Today Ulbricht returned to court to face a panel of judges to appeal his conviction—but it was his harsh sentence that seemed to most draw their focus

Billboard hacker faces 12 years in jail for broadcasting porn (Naked Security) Indonesian police have arrested a man for allegedly streaming porn on a billboard viewable to passing motorists in the south of Jakarta, the BBC reports

Cops arrest hundreds of people allegedly involved in IRS phone scam (Ars Technica) Police in India detained around 700 people believed to be involved in financial fraud

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Inside Dark Web (Washington, DC, USA, November 1 - 2, 2016) Individuals, organizations, corporations, and governments use the Dark Web to protect themselves and their users, employees, customers, and citizens seeking a more accessible and secure Internet experience. Experts from government, the financial community, law enforcement and cyber security will give you the background history, current utilization and future thoughts about the fast growing misunderstood world of the Dark Web.

Black Hat Europe 2016 (London, England, UK, November 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.

upcoming Events

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, October 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that unite players from research labs, automakers, tier 1’s and the complete supply chain to plan for a secure future.

AFCEA CyberSecurity Summit (Washington, DC, USA, October 11 - 12, 2016) AFCEA Washington, DC invites you to attend the 7th Annual Cybersecurity Summit on October 11–12, 2016. This two-day summit will feature keynotes from government leaders, thought-provoking discussion panels, and a number of deep-dive breakout sessions. The opening day of the conference, October 11, will tackle strategies for addressing cyber intelligence, next-generation cyber operations, and insider threats. Hosted at the Grand Hyatt Washington, attendees will be able to explore the avenues of cyber workforce development and training issues impacting tomorrow’s evolving threat environment. The half-day conference on October 12 is strictly for Sensitive Compartmented Information (SCI) clearance holders and will be hosted at the General Dynamics Information Technology facility in Alexandria, Virginia

AppSecUSA 2016 (Washington, DC, USA, October 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s Favorite Hacker, Former DHS NCSD Director of Software Assurance, and Assistant Professor & Cryptographer—who are challenging traditions. You’ll be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle your challenges in innovative ways.

Cyber Security Summit 2016 (Aukland, New Zealand, May 5, 2016) New Zealand’s first Cyber Security Summit will be held in Auckland on 5 May 2016. The theme is “Keeping New Zealand’s Economy Cyber Secure”. Hosted by the Minister for Communications Hon Amy Adams, the Summit is an opportunity for board chairs and chief executives to discuss how New Zealand should tackle the threat of cybercrime, and improve our resilience and security. Chief executives, board chairs and leaders from across the public and private sectors have been invited to join the Minister for Communications at this high level event.

Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, October 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.

Cyber Ready 2016 (McDill Air Force Base, Florida, USA, October 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE Corporation, Tampa Bay Innovation Center, Florida Chamber Foundation and the Florida Suncoast AFIO Chapter is proud to present this important event. In addition to attending the Cybersecurity Conference, you're also invited to register for the Golf Outing and Barbecue Dinner at the MacDill AFB Bay Palms Golf Complex on Monday afternoon. The event will include the sixth annual MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.

EDGE2016 Security Conference (Knoxville, Tennessee, USA, October 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.

SecureWorld St. Louis (St. Louis, Missouri, USA, October 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

CyberTini at CyberMaryland (Baltimore, Maryland, USA, October 19, 2016) The bwtech@UMBC Cyber Incubator will be hosting a CyberTini as the official opening event of the CyberMaryland Conference on the evening of October 19, 2016 at the Columbus Center in Baltimore’s Inner Harbor. The Columbus Center is just a few blocks from the Baltimore Hilton Hotel where the CyberMaryland Conference is taking place, and attendance at the CyberTini is estimated to be 250 or more. The event will begin at 5pm the night before the CyberMaryland Conference and will run until approximately 7:30pm.

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.

14th Annual EWF National Conference (Scottsdale, Arizona, USA, October 25 - 27, 2016) Balancing risk and opportunity: transforming cybersecuity; risk and privacy beyond the enterprise. The Executive Women's Forum (EWF) Annual Conference provides an exclusive opportunity to personally interact with more than 350 global thought leaders in the fields of Information Security, Risk Management and Privacy. During this three-day event, members collaborate on round-table exercises, incident simulations, panel discussions and working groups. Exposure to new ideas and approaches, best practice management of everyday issues and learning from observing the best and the brightest is an excellent and abundant return on investment.

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Security By Design (McLean, Virginia, USA, October 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

AUSA update: crowdsourcing and moonshots. NSA contractor arrest. WADA data not just doxed, but altered. Guccifer 2.0 didn't hack the Clinton Foundation (didn't have to). Mirai botnet exploits.