US attributes DNC hacking to Russian government, promises to protect itself. Russia dismisses attribution as "rubbish." WikiLeaks posts Clinton campaign emails. IAEA says nuclear plant sustained cyber attack 2-3 years ago. IoT botnets and DDoS.
The US, late Friday, officially attributed election-related email hacking to Russia's government. A joint statement by the Office of the Director of National Intelligence and the Department of Homeland Security said the Intelligence Community was confident the operation could only have been authorized at the Russian government's highest levels. This opens a more confrontational phase in what observers generally regard as the Cold War redivivus. The US indicated it will take steps to protect itself "at a time and place of our choosing." Observers expect more anti-Russian sanctions.
Russian officials dismiss the attribution as "rubbish" designed to inflame anti-Russian hysteria. (It's also rubbish, Foreign Minister Lavrov says, to think Snowden was a Russian agent.) In the US Presidential campaign, candidate Clinton says Russia's trying to throw the election to Trump; candidate Trump says it's unclear Russia's behind election-related hacks, and that Clinton belongs in jail for mishandling classified material.
WikiLeaks posted 2050 emails purporting to be from candidate Clinton's campaign manager, John Podesta. They look generally discreditable, as leaked emails usually do.
The International Atomic Energy Agency reports that an unnamed nuclear plant sustained a successful cyberattack two to three years ago.
Imperva says the Mirai botnet was both "territorial" (disabling competing malware on infected systems) and selective (avoiding IP addresses belonging to the US Department of Defense, General Electric, and HP). Recent distributed denial-of-service campaigns move the European Union to advance work toward IoT security standards.
The FBI wants another iPhone unlocked, this one belonging to Minnesota's mall-stabbing terrorist.
Notes.
Today's issue includes events affecting Australia, Brazil, China, Colombia, India, Iraq, Israel, Republic of Korea, Libya, Mexico, Romania, Russia, Syria, Taiwan, Turkey, United Arab Emirates, United Kingdom, and United States and Vietnam.
A note to our readers: We're two weeks into National Cyber Security Awareness Month in the United States. The theme this week is, "From the Break Room to the Boardroom: Creating a Culture of Cybersecurity in the Workplace."
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from Level 3's Dale Drew, who will discuss election hacking concerns. Our guest, Smrithi Konanur of HPE Data Security, will talk about credit card security. If you enjoy the podcast, please consider giving it an iTunes review.
Cyber Attacks, Threats, and Vulnerabilities
U.S. Formally Accuses Russia of Stealing D.N.C. Emails (New York Times) The Obama administration on Friday formally accused the Russian government of stealing and disclosing emails from the Democratic National Committee and from a range of prominent individuals and institutions, immediately raising the issue of whether President Obama will seek sanctions or other retaliation for the cyberattacks
United States Accuses Russia of Using Hacking to Meddle in Election (Foreign Policy) The U.S. intelligence community now says it’s “confident” the Russian government “directed” recent hacks into the computer systems of American political groups to interfere with the U.S. election — an explosive charge that security researchers have been making for months
Joint Statement from the Department of Homeland Security and Office of the Director of National Intelligence on Election Security (Office of the Director of National Intelligence) The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations
Moscow says U.S. cyber attack claims fan 'anti-Russian hysteria' (Reuters) U.S. accusations that Russia was responsible for cyber attacks against Democratic Party organizations lack any proof and are an attempt by Washington to fan "unprecedented anti-Russian hysteria", the Foreign Ministry in Moscow said
The Trail of Russian Hackers, Putin's Revenge in Siberia (NBC News) This Soviet-era industrial city with a population of roughly 200,000 in Siberia is hardly an obvious place to be connected to a cyber attack on the American election system
Clinton says Russian attempts to influence elections are meant to help Trump (CNBC) Hillary Clinton said that attempts by the Kremlin to influence the U.S. presidential election are designed to help Donald Trump, whom she accused of being close to Russian strongman Vladimir Putin
Trump denies Russia behind attack, despite fed investigation saying otherwise (The Hill) Republican nominee Donald Trump disputed that Russia was behind high-profile data breaches of Democratic groups during Sunday night's presidential debate, despite the federal investigation reaching the opposite conclusion
Trump: Clinton should be jailed because of e-mail scandal (Ars Technica) Clinton's e-mail, Russian hacking emerge even amid Trump's comments about women
EXCLUSIVE: New Email Leak Reveals Clinton Campaign’s Cozy Press Relationship (Intercept) Internal strategy documents and emails among Clinton staffers shed light on friendly and highly useful relationships between the campaign and various members of the U.S. media, as well as the campaign’s strategies for manipulating those relationships
Apple Watch banned from UK cabinet meetings over Russian hacker fears (Ars Technica) Smartphones and tablets were already barred in fear of foreign eavesdroppers
Turkey blocks cloud sites following huge data dump of stolen email (Naked Security) Hackers from a left-wing group known as RedHack recently claimed to have got into three different email accounts belonging to Turkey’s Energy Minister, Berat Albayrak
ISIS Media Output Drops as Military Pressure Rises, Report Says (New York Times) The vaunted propaganda operations of the Islamic State, which helped lure more than 30,000 foreign fighters to Syria and Iraq, have dropped off drastically as the extremist group has come under military pressure, according to a study by terrorism researchers at West Point
Number of suicide attacks claimed by the Islamic State dipped in September (Long War Journal) The Islamic State’s Amaq News Agency claims that the group launched 53 “martyrdom operations” in Iraq and Syria during the month of September. The figure was first published on an Arabic infographic (seen above) that was released by Amaq on Oct. 6
NSA could put undetectable “trapdoors” in millions of crypto keys (Ars Technica) Technique allows attackers to passively decrypt Diffie-Hellman protected data
Security bod to MSFT: PowerShell's admin-lite scheme is an open door (Register) Too much admin turns out to be barely enough
Breaking Down Mirai: An IoT DDoS Botnet Analysis (Incapsula Blog) By now many of you have heard that on September 13, 2016, the website of renowned security journalist Brian Krebs was hit with one of the largest distributed denial of service attacks (DDoS) to date
Insecure security cameras, DVRs behind huge DDoS botnet (IT World Canada) Content delivery network Akamai has been under the microscope lately for seemingly abandoning security writer Brian Krebbs, whose site suffered a huge distributed denial of service attack last month
StrongPity APT Emerges with Trojanized Crypto-tools (Infosecurity Magazine) The StrongPity APT has resurfaced, with a focus on users of encryption tools
The DXXD Ransomware displays Legal Notice before Users Login (Bleeping Computer) Since the end of September, the DXXD Ransomware has been targeting servers and encrypting their files
Odin ransomware: How to protect the system? (Trojan Killer) Odin is yet of one ransomware. Security experts claim it is a new version of Locky ransomware
Businesses must prepare for expected rise in ransomware attacks, say experts (Out-Law) Businesses must prepare themselves for an expected surge in the number of so-called 'ransomware' attacks
Researcher finds flaws in industrial control devices (SC Magazine) A number of vulnerabilities found in an industrial automation device could allow hackers to take control of machinery
IAEA chief: Nuclear power plant was disrupted by cyber attack (Rueters via Yahoo!) A nuclear power plant became the target of a disruptive cyber attack two to three years ago, and there is a serious threat of militant attacks on such plants, the head of the United Nations nuclear watchdog said on Monday
Threat of cyber attack on nuclear stations rising, council warns (Global Construction Review) Countries must raise their game in combatting cyber attacks on nuclear and other energy infrastructure or face economic damage and threats to public safety, a report has warned
The NERC CIPs continue to expose the grid to significant cyber vulnerabilities even after the Ukrainian hack (Control Global) As mentioned many times, the NERC CIP process has many exceptions that make the NERC CIP process less rigorous and comprehensive than many people have been led to believe
Hackers Launch 133K+ Cyberattacks At G20 Summit (PYMNTS) The G20 Summit, a global economic leadership forum attended by world leaders from 20 major economies, experienced an onslaught of malicious cyberattacks during this year’s event, which took place Sept. 3–6
Hurricane Matthew: South Carolina Officials Say Emails with Flooding Info a Cyber Threat (Charleston Patch) South Carolina Gov. Nikki Haley said the situation began overnight
100+ online shops compromised with payment data-stealing code (Help Net Security) Since March 2016 (and possibly even earlier), someone has been compromising a variety of online shops and injecting them with malicious JavaScript code that exfiltrates payment card and other kinds of information users entered to pay for their shopping
Michigan Card Issuer Blocks Payments at Wendy's (BankInfo Security) A bold PR move, But will it help prevent fraud?
12-year-old gets €100,000 Google bill after confusing AdWords and AdSense (Naked Security) The kid had a plan: put up some music videos of his band on YouTube, plug into Google’s AdSense program to run ads alongside, make enough money to buy instruments, play music, get rich and go buy a mansion
Security Patches, Mitigations, and Software Updates
Microsoft rejigs Patch Wednesday with new update structure (IT News) Windows administrators will have new patching options from this Wednesday as Microsoft drastically changes how it provides monthly security and operating system fixes
Microsoft fleshes out seismic change to Windows patching (Computerworld) Elaborates on how this month's Windows 7 and Windows 8.1 updates will be packaged and delivered
Cyber Trends
Artificial intelligence-powered malware is coming, and it's going to be terrifying (Business Insider) Imagine you've got a meeting with a client, and shortly before you leave, they send you over a confirmation and a map with directions to where you're planning to meet
Why attaching security to each piece of data is critical (Help Net Security) Following in Edward Snowden’s footsteps, yet another NSA contractor has leaked highly classified trade secrets and government information. My question to you: Are we really all that surprised?
‘Security Fatigue’ Can Cause Computer Users to Feel Hopeless and Act Recklessly, New Study Suggests (NIST) After updating your password for the umpteenth time, have you resorted to using one you know you’ll remember because you’ve used it before? Have you ever given up on an online purchase because you just didn’t feel like creating a new account
APRA: Almost half of insurers suffer cyber attack (Insurance Business) A survey compiled by Australian Prudential Regulation Authority (APRA) has found that 46% of insurers have suffered a cyberattack serious enough to warrant attention of executive managers
Tripwire Study: Only 33 Percent of Organizations Have Endpoint Security Strategy (BusinessWire) Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of an extensive Tripwire study conducted by Dimensional Research
How your superannuation could be at risk of cyber attack (Starts at 60) A survey into cyber attacks on financial institutions has found the superannuation industry is most at risk, putting your retirement savings at risks of serious cyber attacks
Marketplace
Enterprise multi-factor authentication market to cross $1 billion this year (Help Net Security) Evolving cyber threats contribute to hundreds of millions of dollars in losses for businesses each year due to compromised credentials and data breaches
In quest for better AI, tech companies gobble up smaller companies: Study (CNBC) Tech giants are hungry for artificial intelligence
Cisco, Palo Alto, Symantec Gear Up For Cloud Cybersecurity (Nasdaq) Cloud computing is reshaping the market for network security technologies
Verizon CEO Says Evaluating Whether Yahoo Hack Had ‘Material Impact’ (Wall Street Journal) Lowell McAdam still sees Yahoo as ‘a real value asset’
Verizon Reportedly Demands $1B Yahoo Discount After Breach (BankInfo Security) But breached businesses typically face few long-term repercussions
Would You Buy Yahoo for $4.8 Billion? How ’bout $3.8 Billion? (Sys-Con Media) When Verizon agreed to purchase Yahoo for $4.8 billion, it was the right price
Another NSA Breach Hits Booz Allen. Will Anything Change? (Bloomberg) Booz Allen Hamilton Holding Corp. is once again at the center of a major U.S. intelligence breach
A Botched NSA Leak... and an Investment Opportunity? (Investment U) At this point it seems every Booz-related NSA leak is a buying opportunity. And there was just another one
Thycotic Delivers Strongest Quarter in the Company's History Adding More Than 200 New Customers (PRNewswire) Company posts 77 percent compound annual growth rate in Q3 and continues streak of profitability
Palo Alto Networks Teams Up with Cyber Security Agency of Singapore to Strengthen the Nation's Cyber Defense (Stockhouse) Provides CSA the intelligence on sophisticated cyberthreats. Introduces its first education drive at GovWare, developed in conjunction with the CSA. Appoints first APAC representative to the Palo Alto Networks Public Sector Advisory Council
Startup Tanium Aiming to Address 'Prosaic' Cyber Attacks (The Street) Tanium co-founder and CEO Orion Hindawi believes the computer security industry continues to fail its market
Want a sure-fire well-paid job? Train to fight computer hackers (Miami Herald) Want a career with zero chances of going jobless?
Cyber firm wins award five consecutive times (Daily News) A cyber security firm, Sophos has once again been positioned in the lead on “Magic Quadrant for Unified Threat Management” award
Securonix signs HANDD Business Solutions to continue its expansion in the UK (ResponseSource) Data protection specialist uses pioneering user behaviour analytics cyber security platform to combat Insider Threat challenge
AI-Based Cyber-Security Firm Cylance Attracts Ex-Dell CISO and Distribution (IT Europa) Cylance VP and Ambassador-at-large John McClurg is in positive mood
Products, Services, and Solutions
Zentera Systems Announces IP Portfolio Expansion for its CoIP Platform that Enables Security Across Cloud and Enterprise Datacenters (PRNewswire) Zentera Systems, Inc., the leader in multicloud networking and security, announced today that its IP portfolio now includes a Secure Virtual Network Platform patent and two additional registered trademarks: CoIP® and Cloud Over IP®
Menlo Security's Malware Isolation Wins Innovation Award (eWeek) The patented technology is simple to deploy, requires no endpoint software or plug-ins and delivers a 100 percent secure and completely native user experience
CETECOM further extends Visa type approval testing portfolio in the US (Presse Box) CETECOM is now accredited to perform Visa Paywave Contactless Type Approval Testing in our US laboratory in Milpitas, California
India Post's New Bank: Building in Security (InfoRisk Today) Postal Service reaching out to 'unbanked'; awareness key challenge
Nyotron brings cloud-based cyber defence service to military, government (IHS Jane's 360) Israeli cyber specialist Nyotron has revealed details of novel technology now available to government agencies to defeat cyber threats following its initial development for the commercial sector
Technologies, Techniques, and Standards
Europe to Push New Security Rules Amid IoT Mess (KrebsOnSecurity) The European Commission is drafting new cybersecurity requirements to beef up security around so-called Internet of Things (IoT) devices such as Web-connected security cameras, routers and digital video recorders (DVRs)
Steps to developing secure IoT products (Help Net Security) IoT is broad ranging, and the pace of change and innovation is fast
Is it really a good idea to scam the scammers? (Naked Security) When scammers come calling, the temptation is to try and turn the tables on them. Some experts actually do, but is it a good idea for would-be vigilantes to follow suit?
Components of an effective vulnerability management process (Help Net Security) Vulnerabilities continue to grab headlines. Whether it is a zero-day that affects “tens of millions” servers around the globe or an old unpatched flaw that leads to a data compromise, we will keep reading about them
No more guilt about your lack of innovation in administrative IT (Help Net Security) Helpdesks are mired in mundane tasks that are repeated every day – password resets, user account access and account creations, just to name a few
Reviewing File Transfer Protocol Healthcare Cybersecurity Risks (HealthITSecurity) The SANS Institute provides important guidelines that healthcare organizations should follow when it comes to maintaining healthcare cybersecurity with file transfer protocol
New phone app tracks forced disappearances in Egypt (Cortez Journal) Opponents of the Egyptian government seem to just vanish
A CISO, consultant and infosec vendor nail down cybersecurity best practice lists (Healthcare IT News) A triptych of experts share insights and advice about cyberthreat intelligence sharing, plotting a security strategy and safeguarding data against attacks
Design and Innovation
Google wants to revamp public Wi-Fi networks, but what about security? (Help Net Security) William Shakespeare once wrote, “the eyes are the windows to your soul,” but if you ask savvy retailers, they might say it’s guest Wi-Fi
Why AI Makes It Hard to Prove That Self-Driving Cars Are Safe (IEEE Spectrum) Car manufacturers will have difficulty demonstrating just how safe self-driving vehicles are because of what’s at the core of their smarts: machine learning
Research and Development
Even the US military is looking at blockchain technology—to secure nuclear weapons (Quartz) Blockchain technology has been slow to gain adoption in non-financial contexts, but it could turn out to have invaluable military applications
NYU Abu Dhabi engineers seek to make cities more secure (Nation) The UAE is hardening its critical infrastructure against hacking with plans to test the security of electronic chips used to operate everything from a city’s power grid to phones, satellites, aviation, and medical and military applications
Academia
Training Cyber Warriors in Virginia (WVTF) The number of devices that are now connected to the Internet far exceeds the number of people on the planet
Legislation, Policy, and Regulation
The cold war past haunts our electronic future (Financial Times) Russians have always believed that the real value of cyber is psychological warfare and influence
US may use sanctions to punish Russia for election hacking (CSO) A Republican lawmaker will propose legislation to go after the country's cyber criminals
US “Writing Playbook” On Response To Russia For Hacking Into DNC (BuzzFeed) “This isn’t espionage anymore,” said one former official. “They are now actively trying to disrupt the elections”
U.S. Vows Response to Russian Hack at 'Time and Place of our Choosing' (SecurityWeek) Directly accusing Russia of trying to manipulate the 2016 US presidential election, the United States on Friday issued a stark warning that it would act when it wants to protect its interest
What's Obama's next move after blaming Moscow for hacks? (Christian Science Monitor Passcode) Now that the Homeland Security and the Office of the Director of National Intelligence officially accused the Russian government of conducting cyberattacks on US political targets, will the administration retaliate?
Get Help to Secure Election, US Urges Local Officials (Voice of America) Federal officials are urging local election agencies to contact the Department of Homeland Security to receive help with cybersecurity before the November 8 election
INSA Intelligence and National Security Alliance : Calls for Swift Action to Modernize Security Processes (4-Traders) INSA President Chuck Alsup issued the following statement today: Media reports Wednesday of yet another criminal mishandling of classified materials, if true, are greatly troubling and underscore the urgent need for fundamental security reform and modernization efforts
NSA Compliance and Congress’s Plan: How to Account for Flaws in the Metadata Program? (Lawfare) In the extraordinary transparency that followed Edward Snowden’s 2013 revelations, one tantalizing mystery remained: how did the NSA persist until early 2009 in querying metadata under the now-replaced section 215 program with search terms (“identifiers”) that lacked a key requirement imposed by the Foreign Intelligence Surveillance Court (FISC)?
Ron Wyden Discusses Encryption, Data Privacy and Security (New York Times) After Apple and the F.B.I. made their battle over encryption public in February, members of Congress quickly jumped into the debate. Some lawmakers promised new rules that would give authorities more access to smartphones, while others promised to fight off those laws
Crypto Wars: Why the Fight to Encrypt Rages On (PC Magazine) We talked to several experts in the field to help us understand the many facets of encryption
What would a CYBERCOM-NSA split mean? (C4ISRNET) Much has been made over the discussions surrounding a potential separation of the National Security Agency and US Cyber Command
What would an independent Cyber Command look like? (C4ISRNET) Top decision-makers in the government continue to debate the merits of splitting the National Security Agency and US Cyber Command. If this divorce occurs, what would an independent CYBERCOM look like?
The Deck Chairs Matter (Taps for the IAD and the Rule of Law) (Morning Consult) The time has come to play taps for the vaunted defensive arm of the National Security Agency, the Information Assurance Directorate (known among cyber peeps as IAD)
CYBERCOM: Getting the right ‘wetware’ (Federal Times) When officials consider U.S. Cyber Command’s critical cybersecurity mission, the conversation typically focuses on the state of its technology
UK Stands Up GCHQ National Cyber Security Center in London (GovInfo Security) But Brexit may down Europol and intelligence-sharing efforts
Israel ready to assist India with a comprehensive and effective cyber security plan (Economic Times) Israel is ready to assist India with a comprehensive and effective cyber security plan to counter threats from industrial hackers as well as extremist groups, according to Col Ram Dor, noted cyber security expert from the West Asian nation
Litigation, Investigation, and Law Enforcement
Arrested NSA contractor may have hoarded secrets to work from home (Ars Technica) Investigators still haven't found evidence that he leaked classified material to anyone
Our say: In online wars, front lines can be anywhere (Capital Gazette) A mystery solved: Some residents of Glen Burnie now know what was happening on Aug. 27, when two dozen armed FBI agents rushed into their neighborhood, blocking off streets
White House Coordinated on Clinton Email Issues, New Documents Show (Wall Street Journal) Emails obtained by the Republican National Committee find close contact with Hillary Clinton’s nascent presidential campaign in early 2015
US Claims of Russia Employing Snowden 'Nonsense' (Sputnik News) Russian Foreign Minister Sergey Lavrov called US accusations of Russia employing former National Security Agency (NSA) contractor Edward Snowden "just nonsense"
Subpoena to Encrypted App Provider Highlights Overbroad FBI Requests for Information (Intercept) A recently revealed grand jury subpoena shows that the FBI is likely continuing to ask companies for more information than the law allows, according to technology and privacy attorneys interviewed by The Intercept
Terror suspect's locked iPhone could lead to a second Apple-FBI showdown (CSO) This is gonna keep happening
ISIS suspect charged with researching encryption, encrypting website (Help Net Security) A man from Cardiff, Wales, has been charged with six terrorism-related charges, including one that involves actions that are not usually considered illegal: researching encryption software, publishing instructions on how to use it, and encrypting a website
German spy chief says Syrian suspect targeted Berlin airports (Reuters) The head of Germany's domestic intelligence agency (BfV) said a Syrian suspect arrested on Monday was building a bomb and probably planned to attack one of the airports in Berlin
Alleged JPMorgan Hacker Detained in Moscow (Infosecurity Magazine) A US citizen wanted in connection with the massive stock manipulation scheme linked to the breach of over 100 million JPMorgan Chase and other customer records is reportedly in a Russian jail for illegal immigrants
Appeals court restores previously-dismissed surveillance lawsuit (Ars Technica) 3rd Circuit gives Elliott Schuchardt new, albeit slim, chance to beat the gov't
Cybersecurity Whistleblowing Is Murkier Than You May Think (Corporate Counsel) How can your breach turn into a securities law violation? The answer may be "via whistleblower"
The fall of the Encryptor RaaS also thanks to Shodan (Security Affairs) Law enforcement and security experts have dismantled the Encryptor RaaS architecture by localizing one of its servers with Shodan
Spy fraud (Vice) Taxpayers are paying intelligence contractors to browse Facebook, watch porn, and commit crimes
Enigma Software Group Files Suit Against Malwarebytes (PRLeap) Enigma Software Group USA, LLC (ESG) filed a complaint in federal court in New York today against competing anti-malware provider Malwarebytes Inc. The complaint, available here, alleges false advertising, unfair competition, and tortious interference with contractual relations
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
18th Annual AT&T Cybersecurity Conference (New York, New York, USA, Oct 24 - 25, 2016) Countless cyberthreats circle your organization every second of every day. While your organization utilizes more mobile, IoT and emerging technologies, attackers simply focus on more ways to exploit them. That’s why we’re hosting the 18th Annual AT&T Cybersecurity Conference.
TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, Jun 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.
Upcoming Events
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, Oct 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that unite players from research labs, automakers, tier 1’s and the complete supply chain to plan for a secure future.
AFCEA CyberSecurity Summit (Washington, DC, USA, Oct 11 - 12, 2016) AFCEA Washington, DC invites you to attend the 7th Annual Cybersecurity Summit on October 11–12, 2016. This two-day summit will feature keynotes from government leaders, thought-provoking discussion panels, and a number of deep-dive breakout sessions. The opening day of the conference, October 11, will tackle strategies for addressing cyber intelligence, next-generation cyber operations, and insider threats. Hosted at the Grand Hyatt Washington, attendees will be able to explore the avenues of cyber workforce development and training issues impacting tomorrow’s evolving threat environment. The half-day conference on October 12 is strictly for Sensitive Compartmented Information (SCI) clearance holders and will be hosted at the General Dynamics Information Technology facility in Alexandria, Virginia
AppSecUSA 2016 (Washington, DC, USA, Oct 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s Favorite Hacker, Former DHS NCSD Director of Software Assurance, and Assistant Professor & Cryptographer—who are challenging traditions. You’ll be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle your challenges in innovative ways.
Cyber Security Summit 2016 (Aukland, New Zealand, May 5, 2016) New Zealand’s first Cyber Security Summit will be held in Auckland on 5 May 2016. The theme is “Keeping New Zealand’s Economy Cyber Secure”. Hosted by the Minister for Communications Hon Amy Adams, the Summit is an opportunity for board chairs and chief executives to discuss how New Zealand should tackle the threat of cybercrime, and improve our resilience and security. Chief executives, board chairs and leaders from across the public and private sectors have been invited to join the Minister for Communications at this high level event.
Tech Talk: Blockchain & Bitcoin (Laurel, Maryland, USA, Oct 17, 2016) Join Novetta and Chainanalysis at Jailbreak Brewery to learn about Bitcoin, a digital currency, and Blockchain, the technology that makes it all work. Rub elbows with like-minded techies and enjoy ice cold beer - Don’t miss out.
Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, Oct 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.
Cyber Ready 2016 (McDill Air Force Base, Florida, USA, Oct 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE Corporation, Tampa Bay Innovation Center, Florida Chamber Foundation and the Florida Suncoast AFIO Chapter is proud to present this important event. In addition to attending the Cybersecurity Conference, you're also invited to register for the Golf Outing and Barbecue Dinner at the MacDill AFB Bay Palms Golf Complex on Monday afternoon. The event will include the sixth annual MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.
EDGE2016 Security Conference (Knoxville, Tennessee, USA, Oct 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.
SecureWorld St. Louis (St. Louis, Missouri, USA, Oct 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
CyberTini at CyberMaryland (Baltimore, Maryland, USA, Oct 19, 2016) The bwtech@UMBC Cyber Incubator will be hosting a CyberTini as the official opening event of the CyberMaryland Conference on the evening of October 19, 2016 at the Columbus Center in Baltimore’s Inner Harbor. The Columbus Center is just a few blocks from the Baltimore Hilton Hotel where the CyberMaryland Conference is taking place, and attendance at the CyberTini is estimated to be 250 or more. The event will begin at 5pm the night before the CyberMaryland Conference and will run until approximately 7:30pm.
Los Angeles Cyber Security Summit (Los Angeles, California, USA, Oct 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
CyberMaryland 2016 (Baltimore, Maryland, USA, Oct 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.
CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, Oct 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.
SANS San Diego 2016 (San Diego, California, USA , Oct 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, Oct 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.
14th Annual EWF National Conference (Scottsdale, Arizona, USA, Oct 25 - 27, 2016) Balancing risk and opportunity: transforming cybersecuity; risk and privacy beyond the enterprise. The Executive Women's Forum (EWF) Annual Conference provides an exclusive opportunity to personally interact with more than 350 global thought leaders in the fields of Information Security, Risk Management and Privacy. During this three-day event, members collaborate on round-table exercises, incident simulations, panel discussions and working groups. Exposure to new ideas and approaches, best practice management of everyday issues and learning from observing the best and the brightest is an excellent and abundant return on investment.
SecureWorld Bay Area (San Jose, California, USA, Oct 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Security By Design (McLean, Virginia, USA, Oct 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.
Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, Oct 30 - Nov 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.