The Mirai botnet DDoS attack, its consequences and attribution. Industry notes. A report on CyCon US.
news from CyCon US 2016
The inaugural meeting of the International Conference on Cyber Conflict (CyCon US) were held in Washington, DC, late last week and throught the weekend. The conference focused on the theme of protecting the future. Sponsored by the Army Cyber Institute at West Point in collaboration with the NATO Cooperative Cyber Defense Center of Excellence, the conference sought to "create greater information exchange among industry, academia, and government entities at both the national and international levels."
Sessions covered topics including technical challenges, international cooperation, the kind of conflict we can expect to see in cyberspace, and assessments of new legal and regulatory standards and frameworks.
The CyberWire was able to attend Saturday's sessions. The presentations and the people we spoke with had the previous day's massive denial-of-service attack against DNS provider Dyn very much in mind. It served as an immediate reminder of how nation-state conflict in cyberspace had become a real and present danger. And the participants were willing to entertain some dramatic revisions to much conventional thinking about cyber conflict: sharpening the definition of "critical infrastructure," recognizing that cyber conflict occupies a deniable gray area between traditional espionage and clear acts of war, realizing that US and NATO adversaries seem to have adopted new and more aggressive rules of engagement, and addressing the need to prepare for high-end cyber conflict.
That last point was particularly sobering. Who knew that Ted Koppel, one of the speakers, could sound so much like a prepper?
You'll find relevant articles linked below—some covering the conference directly, others providing background. Our coverage of CyCon US may be found here.
Hangzhou Xiongmai Technology, which produces components widely used in digital video recorders and networked security cameras, has acknowledged that vulnerabilities in its products were exploited in Friday's distributed denial-of-service attack on Dyn. Hangzhoul is recalling thousands of devices to aid remediation of the vulnerability.
Security cameras and SOHO routers formed the better part of the Mirai botnet herd that stampeded through Dyn at the end of last week. One IoT vendor, Will Price, founder of Simple Control, told CEPro that it's misleading to call this DDoS incident an Internet-of-things problem. He would rather understand it as a problem with vendors releasing products that aren't properly secured, an issue that's certainly not confined to the IoT. He's got a point, but the combination of widespread deployment, weak security, and user inattention do seem to make the IoT particularly vulnerable to this sort of exploitation.
Attribution of the Dyn attacks remains unclear. The Washington Free Beacon said that US Director of National Intelligence Clapper told it the incident was the work of "a multi-national hacker group." He didn't elaborate, but other sources suggested it was vandalism as opposed to a nation-state attack. (Contrast, however, the Koppel-Alexander dialogue at CyCon.) Anti-virus pioneer, security gadfly, and quandam (we think) presidential candidate John McAfee thinks he knows whodunit: North Korea. He bases this attribution on what he describes as dark web chatter.
One apparent patriotic hacktivist, "Jester," is convinced the Russians are coming. He sent them a message by defacing an old Foreign Ministry site.
Notes.
Today's issue includes events affecting Afghanistan, Australia, China, Czech Republic, Germany, Japan, Democratic Peoples Republic of Korea, New Zealand, Russia, Syria, United Arab Emirates, United Kingdom, and United States.
A note to our readers: National Cyber Security Awareness Month is now in its' final full week. The theme is "our continuously connected lives: what's your 'apptitude'?"
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from the Johns Hopkins University's Joe Carrigan on the security of IoT devices. Our guest is Malcolm Harkins from Cylance. We caught up with him at CyberMaryland last week, and he offered us his contrarian vies that breaches in fact aren't, and don't have to be, inevitable. As always, if you enjoy the podcast, please consider giving it an iTunes review.
Washington, DC: the latest from CyCon US
The Logic of Deterrence in Cyberspace: a conversation between Ted Koppel and Keith Alexander (The CyberWIre) Ted Koppel interviewed former NSA Director General Keith Alexander (US Army, retired) about the current state of cyber conflict. Koppel opened their discussion (after some graceful words from Alexander complimenting Koppel's book on the cybersecurity of the electrical power infrastructure) with a question about attempts to influence the upcoming US elections
"An irresponsible breach of the rules of the playground": Kevin Mandia on the state of the threat. (The CyberWIre) Mandia offered five high-level observations about the current state of the cyber threat, including a shift in the adversary's rules of engagement--"an irresponsible breach of the rules of the playground"
The Decline in Chinese Cyberattacks: The Story Behind the Numbers (MIT Technology Review) The Obama administration has been touting a decrease in commercial espionage, but the reality for corporate America may be more complicated
Critical Infrastructure, Cyber Conflict, and Compliance Regimes (The CyberWire) A panel on cyber security policy offered both a take on the current state of the sector and advice for the next Administration and Congress. Panelists included Richard Harknett (Professor of Political Science at the University of Cincinnati, currently scholar-in-residence at US Cyber Command), Melissa Hathaway (President of Hathaway Global Strategies and senior adviser to Project MINERVA at the Harvard Kennedy School), Catherine Lotrionte (Director of the Institute for Law, Science and Global Security and Visiting Assistant Professor of Government and Foreign Service at Georgetown University), and Angela McKay (Director, Cybersecurity Policy and Strategy at Microsoft). Aaron Brantly (Assistant Professor in the Department of Social Sciences and the Army Cyber Institute, United States Military Academy) chaired the session
In cybersecurity contest, hackers target critical infrastructure (Christian Science Monitor Passcode) At the inaugural Passcode Cup capture the flag challenge, competitors raced through hacking challenges that ranged from password-cracking to compromising a mock water treatment facility
The Vulnerability Equities Process: Disputed Questions (The CyberWire) Stephanie Pell (Assistant Professor and Cyber Ethics Fellow at the Army Cyber Institute) moderated a panel discussion of the US Government's vulnerability disclosure practices. Panelists included Dave Aitel (Founder, President, and CEO of Immunity Inc.), Steven M. Bellovin (Professor of Computer Science, Columbia University), and Ari M. Schwartz (Managing Director, Cyber Security, at Venable). Pell set the discussion up by the going-dark/crypto wars debate. She described "Playpen," a court-approved use of malware to exploit a vulnerability that enabled law enforcement to identify customers who frequented a dark web child porn site. Mozilla filed a motion to compel the FBI to disclose the vulnerability so that Mozilla could patch it to protect Firefox users. This, she suggested, is the sort of issue the Government's Vulnerability Equities Process (VEP) was designed to address
Heartbleed: Understanding When We Disclose Cyber Vulnerabilities (The White House) For an agency whose acronym was once said to stand for “No Such Agency,” speaking out about Heartbleed was unusual but consistent with NSA’s efforts to appropriately inform the ongoing discussion related to how it conducts its missions
Government’s Role in Vulnerability Disclosure: Creating a Permanent and Accountable Vulnerability Equities Process (Belfer Center for Science and International Affairs) When government agencies discover or purchase zero day vulnerabilities, they confront a dilemma: should the government disclose such vulnerabilities, and thus allow them to be fixed, or should the government retain them for national security purposes?
Everything You Know About the Vulnerability Equities Process Is Wrong (Lawfare) The vulnerability equities process (VEP) is broken. While it is designed to ensure the satisfaction of many equities, in reality it satisfies none—or at least, none visible to those beyond the participants of the insular process. Instead of meaningfully shaping best outcomes, the VEP provides thin public relations cover when the US government is questioned on its strategy around vulnerabilities
Clinton’s encryption solution would require a ton of oversight (CyberScoop) Law enforcement taking advantage of zero day exploits is preferred to an overarching encryption “backdoor” law, a group of cryptography, security policy and digital privacy experts said Friday during a panel discussion at the 2016 CyCon U.S. cybersecurity conference
Warner: Procurement and personnel key for cyber (CyberScoop) Fixing the way the U.S. government buys technology and hires and deploys its workforce is the key to improving the nation’s cybersecurity defenses, not changing the way authorities and responsibilities are divided up between federal agencies, Sen. Mark Warner, D-Va., said Friday
CyCon U.S. (CCDCOE/Army Cyber Insititute) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations
Cyber Attacks, Threats, and Vulnerabilities
Chinese firm admits its hacked products were behind Friday's massive DDOS attack (CSO) Botnets created from the Mirai malware were involved in Friday's cyber attack
The DDoS Attack On Dyn – A Recap From Imperva (Information Security Buzz) DNS provider Dyn was knocked offline for much of the day, causing disruption to several well-known SaaS applications and internet sites, including Amazon, Twitter, GitHub and The Boston Globe. The company later that day confirmed that the cause was a large DDoS attack, and that it was an internet of things (IoT) attack using the newly-discovered Mirai botnet
Dyn’s Day ‘Out’ Highlights Malware Riding on IoT (Read It Quick) The attacks that plagued the Internet address lookup service provider Dyn on Friday, left its 1,200 domains in the lurch. The impacted sites, included Amazon, Etsy, GitHub, Shopify, Twitter and The New York Times, to name a few. Millions of users across the world lost access to these popular sites as attackers pounded Dyn’s servers with fake IP traffic till the site collapsed
Dyn DDoS attack exposes soft underbelly of the cloud (InfoWorld) The DDoS attack against Dyn affected numerous websites, but the biggest victims are the enterprises that rely on SaaS for critical business operations
Mirai, Mirai, on the wall – through the looking glass of the attack on Dyn (Naked Security) On Friday, one of the largest and most powerful distributed denial of service (DDoS) attacks in recent history hit DNS provider Dyn and its customers, impacting major services like Twitter, Reddit and Spotify
Dyn DDoS – what can we do right now to help prevent the next attack? (Naked Security) The digital dust has settled, for now at least, on last week’s Distributed Denial of Service (DDoS) attack against DNS service provider Dyn
Future mega web outages: Here's what the security experts have to say (TechRadar Pro) Last Friday’s big web outage is still a hot topic for discussion
Home Automation and Cryptography Expert on DDoS Attack: Don’t Blame IoT (CEPro) Blaming last week’s Internet outage on the rise of connected devices is just a convenient meme, says encryption expert Will Price, founder of the home automation provider Simple Control (Roomie Remote)
Here's One Strategy for Thwarting Denial of Service Cyberattacks (Fortune) Companies that used multiple servers saw less of an impact from last Friday’s attack
The Cyber Threat: Dyn Cyber Attack Highlights Internet of Things Hacking (Washington Free Beacon) Clapper says multi-national hacker group to blame
John McAfee: North Korea behind Dyn DDoS assault, larger attacks on the way (Techspot) Whenever a major security incident takes place in the tech world, you can be certain that John McAfee will weigh in with his opinion. The anti-virus pioneer has just revealed who he believes was behind Friday’s DDoS attacks on popular DNS provider Dyn
Jester defaces website but the Russian Government isn’t laughing (Naked Security) The Russian Ministry of Foreign Affairs’ website is normally a pretty sedate read
DNC Chair Claims Damning Leaked Emails Were ‘Doctored.’ A Cyber Security Expert Just Demolished Her Cop-Out (IJR Wildfire) In an interview with Megyn Kelly last week, DNC Chairman Donna Brazile was questioned about a Wikileaks email that revealed she received questions for the CNN debate before it even happened
How security flaws in voting machines could discredit election results (ZDNet) Security experts say voting machines are easy to tamper with, and in several key battleground states ballots will be nearly impossible to verify
CrowdStrike’s Shawn Henry on Cyberterrorists, Ransomware and Hacked Elections (Brink) When the Democratic National Committee discovered in June that’s its entire computer network had been hacked, it called on Shawn Henry, president of CrowdStrike and former head of the FBI’s cyber division, to ferret out the damage and ultimately identify the perpetrators, who were deemed to be agents of the Russian government
Military Warns Chinese Computer Gear Poses Cyber Spy Threat (Washington Free Beacon) Lenovo seeking access to classified Pentagon networks, J-2 report says
Researchers spot ransomware evolving into 'doxware' to scare victims into paying (SC Magazine) As companies grow aware of the threat of ransomware, threat actors are upping the ante with “doxware” by implementing features to ransomware that could leak a victim's data if ransoms aren't paid
Indegy CTO to Disclose Zero Day SCADA Vulnerability at the ICS Cyber Security Conference (BusinessWire) Session will explain how flaw in Schneider Electric software enables attackers to remotely control industrial processes
U.S. Commander: ISIS Attempting to Establish Caliphate in Afghanistan (NBC News) ISIS is trying to establish a caliphate inside Afghanistan, the country's top U.S. commander said
Hired experts back claims St. Jude heart devices can be hacked (Reuters) Short-selling firm Muddy Waters said in a legal filing on Monday that outside experts it hired validated its claims that St. Jude Medical Inc cardiac implants are vulnerable to potentially life-threatening cyber attacks
Indian banks use insecure ATM machines, still cling to outdated Windows XP: Report (India Today) There is still some time before we get a clear picture of the data breach that has affected over 32 lakh debit cards in India. But cyber security firm Kaspersky has done some quick analysis of it with a more detailed one still in the process. Although for now the company is neither denying nor confirming the State Bank of India debit cards breach, it is quite blunt in saying that the banking industry in India is very cavalier about the cyber security and that is not good for consumers
Security Patches, Mitigations, and Software Updates
Chinese Manufacturer Recalls IOT Gear Following Dyn DDoS (Threatpost) Hangzhou Xiongmai said that it will recall millions of cameras sold in the U.S. in response to Friday’s DDoS attack against DNS provider Dyn that kept a number of web-based services such as Twitter, Github and others offline for much of the day
Microsoft's New Patch Tuesday Model Comes With Benefits And Risks (Dark Reading) Microsoft has transitioned its Patch Tuesday update process to a cumulative rollup model. What businesses need to know about the new patching regimen
Cyber Trends
AT&T: Most Cyber Attacks Easily Prevented (Light Reading) New AT&T research in the latest AT&T Cybersecurity Insights report, “The CEO’s Guide to Navigating the Threat Landscape,” shows that most cyberattacks impacting today’s businesses are “known” or common threats
When Naming Cyber Threat Actors Does More Harm Than Good (Council on Foreign Relations) Cybersecurity firms, despite their increasing prominence in light of greater media attention at Russian and Chinese cyber operations, are often criticized for their biases when identifying advanced persistent threat actors (APT). Two critiques are most-often heard
In cyber, knowledge is a powerful weapon (C4ISRNET) The general notion is that much of the core understanding in cyber is in place. I would like to challenge that. There are still vast territories of the cyber domain that need to be researched, structured and understood
SMB security: The evolving role of SaaS and IT outsourcing (Help Net Security) SMBs need to bridge the gap between smaller IT security budgets and a shortage of expertise to face the very real and growing threat of cyber attacks, according to Kaspersky Lab
Why SOC Deployments Are Increasing in India (InfoRisk Today) Gartner's Kaur offers insights on trends, challenges
Marketplace
What Investors Need to Know After the Vera Bradley Security Breach (Motley Fool) The handbag company is the latest victim of hackers. Investors should brace for fallout
IBM issues apology after cyber-attack shuts down Australian national census (Tech 2) International Business Machines Corp apologized to Australia on Tuesday for what the government has described as a “malicious” cyber-attack that shut down a national census, but blamed two domestic internet providers for the security lapse
The Russian Expat Leading the Fight to Protect America (Esquire) In a war against hackers, Dmitri Alperovitch and CrowdStrike are our special forces (and Putin's worst nightmare)
DarkMatter, vArmour offer cybersecurity solutions to Middle Eastern businesses (Gulf News) DarkMatter recently announced a partnership with vArmour, which aims to offer customers of both companies cybersecurity solutions
Spies for Hire (Intercept) In July, Simone Margaritelli, an Italian security researcher, boarded a Boeing 777 in Rome headed for Dubai, a city now billing itself as a tech startup hub
UAE surveillance contractor is recruiting an army of foreign hackers to break into its citizens' devices (BoingBoing) The world's most sophisticated security experts have been bombarded with recruiting offers from UAE-based company Darkmatter, which bills itself as a major state security contractor -- but people who've taken the bait say they were then told that they were being hired to weaponize huge arsenals of zero-day vulnerabilities so that the UAE can subject its own population to fine-grained, continuous surveillance
Wynyard Group in voluntary administration (NewsHub) Local tech company Wynyard Group has been placed into voluntary administration
Short Ixia: Why Ixia Is No Longer Secure (Seeking Alpha) Ixia's uniquely unfavorable relationships with clients adds additional, unaccounted risk. Ixia will be unable to capture strong future growth trends within the cybersecurity industry. Ixia is currently trading at a premium given the current outlook of the company
Fortinet talks up benefits of new Frankfurt datacentre (Channelnomics) Security vendor makes cloud solutions available from German facility
Buying into the Blockchain: How Bitcoin and Blockchain Cryptography are Upending Traditional Ideas of Investing (NuWire Investor) One of the biggest buzzwords within the banking and financial technologies at the moment is blockchain. Blockchain is decentralized technology that is revolutionizing the way people all over
root9B Technologies Announces Results of 2016 Special Meeting of Stockholders (Yahoo! Finance) root9B Technologies, Inc. (RTNB) announced the results of its 2016 Special Meeting of Stockholders, held earlier today in New York City
Palo Alto Networks Appoints Mary Pat McCarthy to Board of Directors (PRNewswire) Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced the appointment of Mary Pat McCarthy to the company's board of directors. She also will be joining the board's audit committee
Former AOL Counsel, Big Data Expert Joins Venable as Partner in Privacy, Data Security Practice (Corporate Counsel) Law firm Venable recently announced the addition of former AOL Inc. chief counsel Charles D. Curran as a partner in its privacy and data security practice
Express Logic Hires Industry Security Expert to Drive IoT Embedded Security Solutions (BusinessWire) Express Logic, Inc., the worldwide leader in royalty-free real-time operating systems (RTOS) with more than 5.4 billion deployments, today introduced widely respected expert Tim Stapko, head of its recently established Security Products department
Aon just hired the FBI's top cybersecurity expert (Chicago Tribune) Aon has hired the FBI's top cybersecurity expert to its cyber risk team, hoping his expertise will help clients avoid being taken down by an internet attack like the massive one that brought down Twitter, Spotify and others on Friday
Products, Services, and Solutions
Centrify Bolsters MFA Everywhere Initiative to Stop Attacks Across Hybrid IT Infrastructures (BusinessWire) Centrify’s Multi-Factor Authentication solution now supports additional operating systems and authentication factors while extending MFA to additional privileged identity use cases
ThreatConnect and Symantec Collaborate to Provide Premium Threat Intelligence for Improved Threat Management (BusinessWire) ThreatConnect now utilizes Symantec DeepSight advanced IP and URL reputation feeds
ThetaRay Analytics Platform to Help Large Organizations Detect Unknown Threats and Opportunities (PRNewswire) THETA now implemented at several multinational banks and other businesses
TopSpin Security First to Combine Threat Intelligence and Advanced Asset Profiling in Intelligent Deception Solutions to Protect Assets from Cyber Attackers (Yahoo!) TopSpin Security, Inc., the leader in integrated deception and detection solutions, today at the 2016 FS-ISAC Fall Summit introduced the newest version of DECOYnet™, the industry's first deception and detection solution to combine threat intelligence and advanced asset profiling to help keep cyber attackers away from organizations' real assets
Jihadists' favorite messaging apps gain popularity in DC (Washington Times) Some of the same unhackable applications that have become the "favorite technologies" of the Islamic State and other terrorist groups have gained popularity in Washington, D.C., in part because the federal government is still struggling to find ways to protect government communications
Technologies, Techniques, and Standards
Cybersecurity experts call for ‘internet of things’ standards in wake of massive attack (San Jose Mercury News) Cybersecurity experts on Monday called for standardized security measures for connected webcams, printers and routers in the wake of a massive cyber attack spread by those devices
5 Tips For Preventing IoT Hacks (Dark Reading) The recent DDoS attack on Dyn was powered in part by a bot army of home devices. How not to let your webcam or other IoT system go rogue
The CEO's Guide to Navigating the Threat Landscape (AT&T) Increasingly, organizations of all sizes are facing a growing variety of cyberthreats. AT&T Cybersecurity Insights reports will help build your knowledge of enterprise security issues and equip you and other leaders within your organization to make better security decisions. Get informed, stay protected
Academia
Einaudi lecturer will link cybersecurity and national security (Cornell Chronicle) How serious a threat is cyberwarfare? Does it fundamentally change the nature of international conflict, or does it simply provide combatants with another set of tools and techniques?
Legislation, Policy, and Regulation
NATO member commanders outline cyber priorities (IHS Jane's International Defense Review) Senior military commanders from across NATO have described the practical challenges and opportunities facing the armed forces as developments in cyberspace continue to advance across the contemporary operating environment
US Cyber Command's DCOM outlines emerging threat environment (IHS Jane's 360) The effects of operations in cyberspace across '21st Century Warfare' is forcing militaries to rapidly develop concepts of operation and command structures to deal with emerging requirements, a senior US commander has announced
US Army keeping wary eye on Russia (The Hill) U.S. military leaders are increasingly leery of Russia, even as Republican presidential nominee Donald Trump talks about improving relations with the nation on the campaign trail
One team, one fight, one agency? (CyberScoop) A senior NSA official told the American Enterprise Institute last week that the U.S. should consider combining parts of the National Security Agency, Department of Homeland Security, and Federal Bureau of Investigation/Department of Justice into a single organization
Agencies turn attention to plugging cyber holes in software (Federal News Radio) Agencies are ramping up to take on the next major cybersecurity challenge —software assurance
Pentagon launches next round of ‘bug bounties,’ including cyber tests of sensitive systems (Federal News Radio) The Pentagon last week made contract awards in its promised expansion of federal government’s first-ever bug bounty — the “Hack the Pentagon” challenge which would up finding and closing 138 separate cybersecurity vulnerabilities in DoD’s public-facing websites earlier this year
For the Navy, its all about cyber resiliency, not cyber protection (C4ISRNET) The Navy is thinking differently about its approach to cybersecurity, according to a top official
Litigation, Investigation, and Law Enforcement
Distributing encryption software may break the law (Opensource) FOSS cryptography is a powerful tool but may carry some risk
German Terrorism Case Highlights Europe’s Security Challenges (New York Times) The warning came to the German security authorities in early September from “our best partners,” as they euphemistically refer to the American intelligence agencies: A terrorist assault might be in the works
Media watchdog slams Tokyo after journalist alleges U.S. military spying (Japan Times) The government is under fire for failing to protect press freedom following a Japan Times report by a British journalist revealing that the U.S. military has spied on him over his activities in Okinawa
Anonymous hacker charged with #opJustina DDoS attacks on hospitals (Naked Security) The Anonymous-affiliated hacker who admitted to cyberattacks on two hospitals in the #opJustina operation and fled the country while being investigated was indicted last week
Russian Hacker Behind LinkedIn Breach also Charged with Hacking Dropbox and Formspring (Hacker News) The alleged Russian hacker, who was arrested by the FBI in collaboration with the Czech police, was believed to be the one responsible for massive 2012 data breach at LinkedIn, according to a statement released by LinkedIn. Now, United States authorities have officially indicted Yevgeniy Aleksandrovich Nikulin, 29-years-old Russian national, for hacking not just LinkedIn, but also the online cloud storage platform Dropbox, and now-defunct social-networking company Formspring
Pulling back the covers on a critical IG report about Interior’s cyber efforts (Federal News Radio) There’s a problem with many reports from federal auditors that doesn’t get mentioned often enough in government. Many times these inspector general or Government Accountability Office reports are just snapshots in time and could be as much as 6-to-12 months old in terms of the actual state of the federal agency
Clinton State Department IT Official John Bentel Takes Fifth Amendment During Judicial Watch Deposition (Judicial Watch) Judicial Watch announced today that another witness in the Clinton email matter asserted his Fifth Amendment rights during a Judicial Watch deposition today. The deposition of John Bentel, the State Department’s former Director of Information Resource Management of the Executive Secretariat (“S/ES-IRM”), was ordered by U.S. District Court Judge Emmet G. Sullivan. S/ES-IRM is the office that handles information technology for the Office of the Secretary. Mr. Bentel answered over 90 questions with “On advice from my legal counsel, I decline to answer the question and I invoke my Fifth Amendment rights”
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Rail Cyber Security Summit (London, England, UK, Mar 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.
Upcoming Events
SANS San Diego 2016 (San Diego, California, USA , Oct 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills
18th Annual AT&T Cybersecurity Conference (New York, New York, USA, Oct 24 - 25, 2016) Countless cyberthreats circle your organization every second of every day. While your organization utilizes more mobile, IoT and emerging technologies, attackers simply focus on more ways to exploit them. That’s why we’re hosting the 18th Annual AT&T Cybersecurity Conference.
Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, Aug 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.
2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, Oct 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.
14th Annual EWF National Conference (Scottsdale, Arizona, USA, Oct 25 - 27, 2016) Balancing risk and opportunity: transforming cybersecuity; risk and privacy beyond the enterprise. The Executive Women's Forum (EWF) Annual Conference provides an exclusive opportunity to personally interact with more than 350 global thought leaders in the fields of Information Security, Risk Management and Privacy. During this three-day event, members collaborate on round-table exercises, incident simulations, panel discussions and working groups. Exposure to new ideas and approaches, best practice management of everyday issues and learning from observing the best and the brightest is an excellent and abundant return on investment.
SecureWorld Bay Area (San Jose, California, USA, Oct 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Security By Design (McLean, Virginia, USA, Oct 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.
Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, Oct 30 - Nov 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.
Inside Dark Web (Washington, DC, USA, Nov 1 - 2, 2016) Individuals, organizations, corporations, and governments use the Dark Web to protect themselves and their users, employees, customers, and citizens seeking a more accessible and secure Internet experience. Experts from government, the financial community, law enforcement and cyber security will give you the background history, current utilization and future thoughts about the fast growing misunderstood world of the Dark Web.
National Institute for Cybersecurity Education 2016 Conference and Expo (Kansas City, Missouri, USA, Nov 1 - 2, 2016) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2016 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.
GTEC (Ottawa, Ontario, Canada, Nov 1 - 3, 2016) For the public sector and business, count on GTEC to help you keep up with the changing landscape of technology and service delivery in Canada. With our nationally recognized awards program and annual conference, plus our new learning products, GTEC is your destination of choice for innovation and excellence in public sector IT. The conference program will feature a close focus on the cyber threat, particularly the threat of cybercrime, and the Canadian response to that threat.
Black Hat Europe 2016 (London, England, UK, Nov 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.
TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, Jun 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.
ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.
SINET Showcase 2016: Highlighting and Advancing Innovation (Washington, DC, USA, Nov 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase’s objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation’s critical infrastructure and command-and-control systems.
3rd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, Nov 3, 2016) The 2016 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues. The symposium is a day long event comprised of panels, Q&A sessions, tool demonstrations and networking opportunities. Focused and thorough, there are take-aways for all attendees.
Security of Things World USA (San Diego, California, USA, Nov 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in November in San Diego to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.
2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, Nov 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping tomorrow’s global cyber threat landscape. The interactive, fresh and content driven format is specifically designed for leaders, visionaries and decision makers across all geographies. Strengthen your global network and form lasting relationships with other forward-thinking and inspiring leaders.
IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, Nov 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional community and unrivaled education. It’s time to get to work: Start here.
SANS Miami 2016 (Coconut Grove, Florida, USA, Nov 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing viciousness and stealth, and it's essential you understand the tools and techniques and learn the skills needed to protect your organizations. Get the training you need from SANS - the most trusted and by far the largest source for information security training in the world
Federal IT Security Conference (Columbia, Maryland, USA, Nov 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. All proceeds from the event go to help retrain Wounded Warriors to become cyber defenders at the Wounded Warrior Cyber Combat Academy.
11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, Nov 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.
SecureWorld Seattle (Bellevue, Washington, USA, Nov 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, Nov 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate black-tie event will celebrate the minds of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used exclusively to help sustain and grow the Institute’s research, publications and educational activities for the communities it serves.
Israel HLS and Cyber 2016 (Tel Aviv, Israel, Nov 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.
SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, Nov 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market
Infosec 2016 (Dublin, Ireland, Nov 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing
Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, Nov 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.
CISO Charlotte (Charlotte, North Carolina, USA, Nov 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
Pharma Blockchain Bootcamp (Edison, New Jersey, USA, Nov 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.
Cybercon 2016 (Washington, DC, USA, Nov 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.
Versus 16 (San Francisco, California, USA, Nov 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age
Data Breach & Fraud Prevention Summit Asia (Mumbai, India, Jun 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.
SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, Nov 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.
4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, Nov 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.
CIFI Security Summit (Toronto, Ontario, Canada, Nov 30 - Dec 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.