US election hacking; reports of US preparations for retaliation. DDoS campaigns. Ransomware updates. Canadian surveillance practices rile journalists. And a report on the SINET Showcase and the SINET 16.
news from the SINET Showcase
Last week's SINET Showcase 2016 convened its customary mix of security entrepreneurs, customers (both current and prospective) and investors—essentially those who produce innovation and those who prompt and sustain it.
A highlight of the Showcase is always the introduction of the SINET 16. This program involves evaluation of hundreds of emerging cyber security companies from around the world. This year's winners included companies not only from the US, but from Canada, Israel, and the United Kingdom. The judges take into account the companies' technology, products, and business models. The sixteen companies selected present themselves and their offerings at the annual SINET Showcase.
The class of 2016 was marked by its exploitation of big data, anomaly detection, behavioral analysis, and machine learning. And all of 2016's SINET 16 were vividly aware that the users of their products operate against an intelligent adversary who thinks, reacts, adapts, and creates.
Ukrainian hackers have released documents from a second email account "linked" to Putin aide Vladislav Surkov. Like earlier leaks, they purport to show aggressive Russian designs against Ukraine.
Russian election hacking is of course a matter of concern in the US, but it's also prompted tighter cyber security in Montenegro, whose government plans upgrades after Russian operators' suspected interference with election sites.
In the US, several concerns persist over tomorrow's elections. First, there's the prospect of direct manipulation of vote tallies by enemies both foreign (Russia) and domestic (choose your poison). Despite recent proofs-of-concept by Cylance and others, this is generally regarded as unlikely. Distributed denial-of-service attacks that might disrupt voting or delay counting are thought somewhat more likely. Finally, information operations designed to discredit the US electoral system are widely believed to be well underway. There's also Internet chatter suggesting that al Qaeda and (possibly) ISIS are seeking to inspire physical attacks on election-related targets.
There have been various dark hints about US retaliation against any Russian electoral hacking. The Russian press has reported US penetration of Russian critical infrastructure networks, and the Russian government has demanded an explanation. Guccifer 2.0 has called upon hacktivists to monitor US elections for voter fraud.
WikiLeaks released another tranche of leaked emails over the weekend and claims to have experienced a DDoS attack. The site was back up as of this writing.
Twitter also experienced an outage earlier today, but that appears to have been an engineering error, and not an attack.
Notes.
Today's issue includes events affecting Canada, India, Iran, Liberia, Montenegro, Russia, Turkey, Ukraine, United Kingdom, and United States.
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at the University of Maryland, as Ben Yelin takes a last look at cyber policy and the US Presidential election. If you enjoy the podcast, please consider giving it an iTunes review.)
Washington, DC: the latest from the SINET Showcase
SINET Showcase 2016: Innovation and Those Who Sustain It (The CyberWire) The SINET Showcase is an annual discussion of cyber security innovation by the companies who deliver it, and also by the investors and customers who prompt and sustain it
The SINET 16—Start-ups to Watch (The CyberWire) Doug Maughan, of the Department of Homeland Security Science and Technology Directorate, welcomed and introduced the companies honored as this year's SINET 16 innovators. This year's class was marked by its exploitation of big data, anomaly detection, behavioral analysis, and machine learning. 2016's SINET 16 were vividly aware that users of their products operate against an intelligent adversary who thinks, reacts, adapts, and creates
Security Needs and the Markets They Create (The CyberWire) The SINET Showcase offered a variety of perspectives on what many of the symposiasts called the cyber innovation ecosystem. Some of the experts shared the perspective their decades-long work in security disciplines had afforded them; others expressed the challenges customers wanted the security industry to help them address
Air Force’s procurement prototype avoids ‘shoehorning’ IT acquisition (Federal News Radio) How is the Air Force’s information technology like a B-21 bomber?
The SINET 16: These could be the hottest new tech firms in the cybersecurity industry (CTOVision) The Security Innovation Network (SINET) is an organization on a particularly virtuous mission. It seeks to advance innovation and enable global collaboration between the public and private sectors to defeat cybersecurity threats. Supported by the US Department of Homeland Security Science & Technology Directorate, SINET conducts events focused on this critically important mission
BlackRidge Technology Wins SINET 16 Innovator Award for Cybersecurity (Benzinga) BlackRidge Technology is pleased to announce it is the recipient of the 2016 SINET 16 Innovator Award for outstanding advancements in the field of Cybersecurity
CyberX wins innovator award in DHS/DoD cybersecurity competition (GSN) CyberX, the industrial cybersecurity company protecting critical infrastructures worldwide, today announced that it has been named a SINET 16 Innovator Award winner
DataVisor Named SINET 16 Innovator (Marketwired) DataVisor recognized as one of the most innovative cybersecurity technologies of 2016 by Security Innovation Network (SINET)
Digital Shadows Recognized as One of World’s Most Innovative Cybersecurity Technologies (BusinessWire) Digital Shadows, a provider of cyber situational awareness, has been named one of the world’s most innovative cybersecurity technologies of 2016 in the annual SINET 16 awards
Interset Named 2016 Most Innovative Security Analytics Company by SINET (Interset) User Behavior Analytics (UBA) security leader Interset has been named to the list of most innovative cybersecurity companies of 2016 by SINET, an organization focused on advancing cybersecurity innovation through public-private collaboration
Menlo Security Named to Prestigious List of SINET Innovators for Cybersecurity (PRNewswire) Menlo Security, a pioneer of cloud-based malware isolation, today announced that it has been named a SINET innovator, as one of the 16 security start-ups offering cutting edge Cybersecurity technologies to address Web threats and vulnerabilities in the enterprise
Ntrepid Named a SINET 16 Innovator (BusinessWire) Company’s secure browser, Passages, recognized as one of the 16 most innovative yechnologies of 2016
Phantom Recognized as a SINET 16 Innovator for 2016 (Phantom Blog) “I am proud and excited to recognize Phantom as one of this year’s SINET 16 Innovators,” said Robert Rodriguez, Chairman and Founder of SINET
ProtectWise Named SINET 16 Innovator Award Winner for Cloud Network Security Technology (BusinessWire) The ProtectWise Grid is selected as one of the 16 most innovative cybersecurity technologies
iskSense Named 2016 SINET 16 Innovator for Pro-Active, New Approach to Cyber Risk Management (BusinessWire) Company’s SaaS platform identifies and prioritizes cyber threats, allowing enterprises to focus efforts on addressing most critical security gaps first
SafeBreach Named SINET 16 Innovator Award Winner for Continuous Security Validation Platform (Marketwired) SafeBreach selected as one of the 16 most innovative cybersecurity technologies
ThreatQuotient Recognized as a SINET 16 Innovator (Yahoo! Finance) ThreatQuotient™, a leading provider of enterprise-class threat intelligence platforms, today announced that ThreatQuotient has been recognized as one of the 16 most innovative cybersecurity technologies of 2016 by the Security Innovation Network (SINET)
Vera Named SINET 16 Innovator for Data-Centric Cybersecurity (Vera) Vera (vera.com), announced today it has been selected a winner of the annual 2016 SINET 16 competition by SINET (Security Innovation Network), an organization focused on advancing cybersecurity innovation through public-private collaboration
Cyber Attacks, Threats, and Vulnerabilities
Hackers Release More E-Mails They Say Tie Putin Aide to Ukraine Crisis (Eurasianet) Ukrainian hackers claim to have broken into a second e-mail account linked to Vladislav Surkov, a senior aide to Russian President Vladimir Putin, releasing documents they say add to mounting evidence of the Kremlin meddling in Kyiv's affairs
Montenegro to Tighten Cyber Security Against Hackers (Balkan Insights) Amid reports that Russian hackers had a role in downing several websites on election day, Montenegro plans to tighten up its cyber security
Russian hackers brazenly seek to embarrass the US this election season (St. Augustine Record) In February 2014, the Obama administration was embarrassed when a secretly recorded phone conversation between the U.S. ambassador in Ukraine and Victoria Nuland, a senior State Department official, was posted on YouTube
U.S. Govt. Hackers Ready to Hit Back If Russia Tries to Disrupt Election (NBC News) U.S. military hackers have penetrated Russia's electric grid, telecommunications networks and the Kremlin's command systems, making them vulnerable to attack by secret American cyber weapons should the U.S. deem it necessary, according to a senior intelligence official and top-secret documents reviewed by NBC News
US military hackers penetrate Russian electric grid and communication lines (Petra) U.S. military hackers have penetrated Russia's electric grid, telecommunications networks and the Kremlin's command systems, making them vulnerable to attack by secret American cyber weapons should the U.S. deem it necessary, the Russian news agency RIA Novosti reported Saturday
Russia demands Washington explain after reports say US military hacked into Russian networks (Russia Today) Russia expects Washington to provide an explanation after a report claimed that Pentagon cyber-offensive specialists have hacked into Russia’s power grids, telecommunications networks, and the Kremlin's command systems for a possible sabotage
US election: The Russia factor (Financial Times) Officials say Russia’s interference is unprecedented. Has the Kremlin achieved its goal?
U.S. fears Russia will orchestrate a cyber attack on Election Day (Salon) It's not certain what will happen, but officials fear something will happen
How a cyber attack could sabotage the US election (Telegraph) Cyber attackers could launch a “nightmarish” assault on the US when the country goes to the polls on November 8, security experts have warned
DNC hacker calls on brethren to monitor US election (CSO) Guccifer 2.0 is warning that Democrats could rig Tuesday's election
REPORT Alert: Hillary Clinton Is Stealing the Election in Ohio* *Hacking voting machines isn’t necessarily what you should be worried about. It’s fake headlines like this one that could upend Election Day. (Foreign Policy) As the 2016 U.S. presidential election draws mercifully to a close, hacking and computer security has injected itself into nearly every aspect of the campaign. And amid allegations of widespread, politically motivated Russian hacking, American officials and voters are carefully watching Tuesday’s balloting for any wrenches hackers might try to throw into the electoral machine
Experts Warn Of Election Day Cyberattacks Listen· 2:14 (NPR) Concerns about the possible hacking of voting systems on Election Day are growing. 46 states have asked the U.S. Department of Homeland Security to help make sure their systems are protected from disruptions on Tuesday. And some states, like Ohio, are taking steps on their own
Cyber 'SWAT' teams gird for Election Day trouble (USA Today) Law enforcement officials, government workers and cyber-security professionals are preparing to swoop in, track and hopefully block anyone attempting a cyberattack aimed at destabilizing the U.S. presidential election
Individuals sought over al Qaeda threat of attack ahead of Election Day (CBS News) A U.S. law enforcement official tells CBS News that investigators are looking for individuals who may have some information about the threat from al Qaeda for a potential attack Monday on U.S. soil
Assessing Terrorist Threats to the Current U.S. Election (Flashpoint) Despite recent media reports citing a specific al-Qaida terrorist threat to New York, Texas, and Virginia on the day before the 2016 US elections, Flashpoint analysts have seen no specific threats from official terrorist groups nor sources in the online jihadi community to this effect
Concerned About Voter Fraud, Rigged Election? Cyber Security Experts Weigh In On The Digital Safety Of Tuesday's Vote (International Business Times) The 2016 election year has been one fraught with digital insecurity as there are regular reports of another hack, leak or attempt to breach some aspect of the American election system
How hackers are trying to cast their ballots for president this election season (CNBC) As Americans head to the polls on Election Day, are hackers also preparing to vote?
Watch This Security Researcher Hack a Voting Machine (Fortune) The vote counter is used in a bunch of states
US Governors Affirm Confidence In Cybersecurity Of Election Systems (Dark Reading) Statement from National Governors Association say presidential election outcome will accurately reflect voters' choice
The 2016 Election Exposes the Very, Very Dark Side of Tech (WIRED) You know that, at WIRED, technology and innovation are kind of our thing
WikiLeaks Releases DNCLeak2; Suffers Massive DDoS Attack (HackRead) The official website of WikiLeaks suffered a brief outage when it came under DDoS attacks right after posting new DNC e-mails earlier today
BGP errors are to blame for Monday’s Twitter outage, not DDoS attacks (CSO) No, your toaster didn’t kill Twitter, an engineer did
More Insights On Alleged DDoS Attack Against Liberia Using Mirai Botnet (Cyberinject) On Thursday, we compiled a story based on research published by a British security expert reporting that some cyber criminals are apparently using Mirai Botnet to conduct DDoS attacks against the telecommunication companies in Liberia, a small African country
Did the Mirai botnet knock Liberia offline? Not so much (Graham Cluley) Despite the many media headlines, this attack was over-hyped
“Shadows Kill” — Mirai DDoS botnet testing large scale attacks, sending threatening messages about UK and attacking researchers (Medium) Mirai, a Denial of Service toolkit, is made up of lots of actors across botnets. The source code is open source, meaning anybody can download it and join the club
Let’s continue talking about the cyber-attack (Odessa American) As I told you last week, achieving the data rate of over a terabyte/second that was used to take down Dyn would require over 100,000 10mb/sec high-speed data connections, all coordinated and working together. In reality, the number was far greater than that
Armada Collective DDoS Extortion Group Now Threatens Ransomware Infections (Extreme Hacking) A group going by the name of Armada Collective is still sending extortion emails to website owners around the globe, one year after this type of attack became widely known
Watch out! A new LinkedIn Phishing campaign is spreading in the wild (Security Affairs) Experts from Heimdal Security reported a recent LinkedIn phishing campaign aiming to collect confidential information from unsuspecting users
Berners-Lee raises spectre of weaponized open data (Naked Security) Practically everybody loves open data, ie “data that anyone can access, use or share”. And nobody loves it more than Tim Berners-Lee, creator of the World Wide Web, and co-founder of the Open Data Institute (ODI)
Ongoing Use of Windows Vista, IE8 Pose Huge Enterprise Threat (SecurityWeek) A new report highlights the high number of users still operating outdated Windows operating systems and unsupported browsers. This represents a huge threat to the organizations whose users access company networks from insecure laptops and home computers within the growing adoption of BYOD policies
Tesco Bank hacked (Computing) All online transactions have been stopped after more than 20,000 customers lose money
Cisco’s Mobile Careers Site Exposed Job Seekers Data (HackRead) Cisco has issued a security advisory stating that a portion of data belonging to its job seekers was discovered online by an independent security researcher
Scunthorpe hospital cyber attack: was it an infected memory stick? (Scunthorpe Telegraph) Bosses at the Northern Lincolnshire and Goole NHS Trust have responded to rumours about the cause of the computer system virus attack that struck Scunthorpe Hospital
Indonesian Malware Targets Magento-based Online Stores (Wapack Labs) A member of an Indonesian hacking group has authored ransomware that attacks Magento based online stores
King of chess Magnus Carlsen fears being a pawn in hackers' game (Telegraph) Magnus Carlsen, the reigning king of chess, has called on Microsoft for help as fears grow Russian hackers will target him before next week's World Championship
The invisible -- but growing -- threat to critical infrastructure (GCN) The nation’s cities, regions and states are all connected to the internet through the water, electric and telecom infrastructure. The damage an attack on this system could have should not to be understated, security experts say
The Looming Disaster of the Internet of (Hackable) Things (Motherboard) Last January, walking through the seemingly endless showroom at the gadget bonanza known as the Consumer Electronics Show (CES) in Las Vegas, I saw a glimpse of what’s to come. Big multinational brands as well as small startup gizmo-makers were showing off their latest creations in an attempt to sell us their products—and the future
Nigerian scammers: Then and now (Help Net Security) The image that the expression “Nigerian scammer” conjures up in most people’s heads is still that of the confidence man behind the keyboard
Cyber Trends
Online Threats Still Rising as Mobile Malware Subsides: Kaspersky (eWeek) A massive spike in the number of malicious or dangerous mobile programs subsided in the third quarter, dropping nearly 60 percent, Kaspersky Lab finds
Connected-devices industry grapples with security (International Business Journal) On Oct. 21, hackers took control of thousands, if not millions, of internet-connected devices and directed them to clog up web traffic across the globe. The hack led to temporary outages of some 1,200 websites, including Twitter, Netflix and PayPal
#BHEU Quantum Crypto Edges Closer to Reality (Infosecurity Magazine) Cryptography for quantum computers is taking a serious step forward, thanks to the launch of the OpenQuantumSafe Software Project
Marketplace
These VCs are bearish on cyber startup values. Here's how to get their money. (Washington Business Journal) Executives from the Blackstone Group, Bessemer Venture Partners and Paladin Capital Group offer their advice to score funding
Manny Medina to lead new multinational cybersecurity company in Miami (Miami Herald) Medina Capital, a Miami-based private equity firm led by Medina, and global private equity firm BC Partners are forming a new venture in a $2.8 billion transaction combining a worldwide network of data centers with cybersecurity and data analytics companies, the firms are expected to announce on Friday
Family Zone Cyber Safety Ltd to reveal acquisition (Proactive Investors) Family Zone is an Australian owned and operated technology company focused on the cyber safety market
FireEye pops 12% as requests to fight Russian cyberthreats, email hacks boost business (CNBC) Amid increasing reports of email hacks and Russian cyberthreats, at least one struggling business has found a silver lining
FireEye revenue beats on strong demand for cloud services (Reuters) Cybersecurity firm FireEye Inc (FEYE.O) reported a higher-than- expected 12.6 percent rise in quarterly revenue, helped by strong demand for its cloud-based products
Why Trend Micro is unable to take on Symantec or Intel McAfee (Infotechlead) At the Trend Micro Insight 2016 event for industry analysts, the 27-year-old pure play security vendor displayed a modern enterprise security portfolio updated with new machine learning capabilities and fresh threat intelligence
Hewlett Packard Emphasizes Importance, Potential of Blockchain, Decentralization (Coin Telegraph) HPE also known as Hewlett Packard Enterprise, a $52 bln parent corporation of technology company HP, recently emphasized the importance of irrefutability and decentralization for Blockchain networks
Wombat Security Positioned by Gartner in the Leaders Quadrant of the 2016 Magic Quadrant for Security Awareness Computer-Based Training (PRNewswire) Evaluation based on completeness of vision and ability to execute
Booz Allen is on a hiring spree — with no end in sight (Washington Business Journal) McLean-based Booz Allen Hamilton Inc. (NYSE: BAH) is on a hiring spree and it doesn’t look to be ending anytime soon as the company’s backlog continues to climb
SSA looks for cyber risk help (FCW) WHAT: A Social Security Administration request for information on the availability of cybersecurity and risk management services to protect SSA programs and systems
Products, Services, and Solutions
CYBERBIT, Elbit Systems' Subsidiary, to Provide Training and Simulation Platform to the New Cyber-Security Training Range of Maryland (PRNewswire) The Cyber Security Training Range of Maryland is the first hands-on cyber-security training center for IT and SCADA security professionals in the U.S.
Utimaco IS GmbH (Infineon) Interacting devices within the Internet of Things (IoT) need to trust each other. Utimaco is a leading manufacturer of hardware security modules (HSMs) that provide the Root of Trust to the IoT
AVG Wants Your Home Router to Fight Internet of Things Malware (Motherboard) The internet of things is totally broken. Amateur hackers have managed to build huge botnets of compromised devices, and many of these machines are difficult or near-impossible for manufacturers to remotely keep up to date
ESET closes the window for webcam hackers (Gadget) Security software maker ESET has rolled out new Internet security products for home users, becoming one of the first to include specific Webcam protection
Komodo, A Secure Crypto-Platform for Blockchain Products and Solutions (BItcoin News Service) Komodo Platform is a unique cryptocurrency ecosystem built on ZCash fork. ZCash, aka ZeroCash, is a cryptocurrency built on Bitcoin Core code base
BioCatch introduces BioCatch 2.0, next-generation behavioural biometrics platform for enterprises (Pharmbiz) BioCatch, the global leader in behavioural biometrics, announced it has launched its next-generation platform to optimize the implementation and performance of behavioural biometrics online and on mobile at the enterprise level
FireEye iSIGHT Intelligence Now Available in Windows Defender Advanced Threat Protection to Help Customers Identify More Attacks and Gain Valuable Information about Activity Groups Targeting an Organization (Yahoo!) FireEye, Inc. ( NASDAQ : FEYE ), the intelligence-led security company, today announced FireEye iSIGHT® Intelligence is now accessible to Microsoft customers through Windows Defender Advanced Threat Protection (WDATP), a new service that helps enterprises detect, investigate, and respond to advanced attacks on their networks
SentinelOne Outperforms Competition in Inaugural Anti-Malware Test Focused on Next-Gen Endpoint Solutions (Yahoo! Finance) SentinelOne, the company transforming endpoint security by delivering real-time protection powered by machine learning and dynamic behavior analysis, today announced that it outperformed competition in a new assessment by MRG Effitas and AV-Comparatives (AVC) for anti-malware testing
Windows 10: 6 ways that Microsoft Edge is more secure than Internet Explorer (BT) Move over IE, it’s time for a faster, slicker and safer web browser to take us into the future. We take a closer look at Microsoft Edge
Self-Destructing Boeing Black Smartphone Now In Testing (Android Headlines) These days, smartphone security is one of the biggest concerns for users, with more and more vulnerabilities seemingly found every month, it’s no wonder that smartphone users are beginning to get a little twitchy
Ixia’s Flex Tap Secure+ protects against injection breaches (Network World) This new network tap will be of value on networks running bandwidth-intensive, mission-critical applications that need to be secure
Ixia Launches Software for Pre-Silicon Testing (Light Reading) Ixia announced a test software solution, IxVerify, architected to work in an emulation-based verification flow. The first such verification flow that IxVerify works with is the Veloce Virtual Network (VN) App from Mentor Graphics
Illumio releases new templates that offer better security (ReadWrite) Adaptive security company Illumio, the just released Illumio Security Templates, offering ready-to-use security policies for core data center and cloud applications. They are pre-made to secure common applications, providing segmentation without having to reconfigure the network
Pulse Secure Updates Their Network Access Control (NAC) Solution By Adding Device Discovery And Profiling (Source Security) Pulse Secure, a provider of secure access solutions has announced an update to their Pulse Policy Secure solution that allows advanced device discovery with highly automated and detailed profiling
Technologies, Techniques, and Standards
There’s no best way to handle disclosure of zero-day vulnerabilities (Naked Security) Earlier this week, the headlines flashed with news that Google had disclosed a vulnerability to Microsoft that allows local privilege escalation in Windows 10
How Many Zero-Days Does the US Government Hold? Here’s the Best Guess Yet (Defense One) A Columbia University report critiques the process that decides whether cyber vulnerabilities should be fixed or exploited
Cyberthreat hunt teams would benefit from machine assistance (C4ISRNET) While some officials have expressed a strong desire for automated tools in the way of cyber defense to operate and respond at a cyber speed, a more offensive tactic involves hunt teams
Backslash Powered Scanning: Hunting Unknown Vulnerability Classes (Portswigger) Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific payloads at a target and looking for signatures - almost like an anti-virus. In this document
Human skills are essential in battle against cyber crime (Financial Times) Insight and curiosity are as important as analytics and artificial intelligence
Army faces training challenges as it deploys cyber capabilities to smaller units (Federal News Radio) As we’ve reported before, the Army is playing catch-up after letting its electronic warfare capabilities atrophy during a decade in which it was largely preoccupied with counterinsurgency warfare and while potential adversaries
Academia
Students worldwide competed to improve security software in a contest led by UMD (Diamondback) Some University of Maryland professors are trying to change how software designers approach their work
Legislation, Policy, and Regulation
China Adopts Cybersecurity Law Despite Foreign Opposition (Bloomberg Technology) China has green-lit a sweeping and controversial law that may grant Beijing unprecedented access to foreign companies’ technology and hamstring their operations in the world’s second-largest economy
West's cyber attack on Iran's nuclear facilities helps Iran's counter-measure developments: official (Global Times) A senior Iranian nuclear official said that West's cyber attack against Iran's nuclear facilities raised the country's awareness to embark on a new scientific field to ward off further acts of sabotage, Tasnim news agency reported on Saturday
Post-coup shake-up at Turkey's intelligence agency (Al Monitor) As emergency law becomes the new order in Turkey, several institutions are being reformed, shut down or promptly restructured. With each new executive decree that passes as law, Ankara bureaucrats have been wondering whether the National Intelligence Organization (MIT) would be affected as well
Hillary Clinton was warned in 2010 that U.S.-Canada intelligence sharing ‘may be controversial for Canadians’ (National Post) Huma Abedin warned Hillary Clinton in 2010 that cables from the U.S. Embassy in Ottawa could cause problems for Stephen Harper’s government, emails released Thursday show
GCHQ wants internet providers to rewrite systems to block hackers (Telegraph) James Blessing, the chair of the ISPA, said internet providers are working on their own fixes for such insecurities, “because we don’t like DDoS on our networks either”
Hidden Warfare 1. Cyber (Open Democracy) The UK agency would like to be known as on the front line defending UK interests from cyber attacks, rather than as an eavesdropping agency collecting data on individuals en masse
What the next president needs to do on cyber (FCW) With Election Day upon us, we are getting closer to ushering in a new administration in the White House
Inside the CIA, sweeping reforms during the age of cyberwar (Reuters via West Central Tribune) When America goes to the polls on Nov. 8, according to current and former U.S. intelligence officials, it will likely experience the culmination of a new form of information war
U.S. Air Force's F-35 Teams up With New "Cyber-Squadrons" to Fight Future Wars (National Interest) The Air Force is standing up new “cyber squadrons” and working vigorously to widen the aperture of its cyber-security focus. This initiative will more broadly incorporate “networked” and cyber-reliant weapons systems
FCC ushers in a troublesome new world for online privacy (TechCrunch) In late October, the Federal Communications Commission passed new rules that take the unprecedented step of imposing stricter privacy regulation on one specific set of actors in the Internet ecosystem
Litigation, Investigation, and Law Enforcement
CSIS claims it has been transparent with ministers about data collection (Globe and Mail) Facing fallout from judges complaining of being kept in the dark over some of its activities, Canada’s domestic spy agency says its officials always keep CSIS’s political masters and watchdogs aware of what it is doing
Écoute électronique de journalistes: le SPVM et son chef contredits (La Presse) Contrairement à ce que soutenait cette semaine son chef Philippe Pichet, le SPVM a demandé et obtenu un mandat pour placer sur écoute le chroniqueur Patrick Lagacé et le journaliste Vincent Larouche, a appris La Presse
FBI sticks to earlier view not to charge Clinton over email server (CSO) FBI chief James Comey had previously said that newly found emails "appear to be pertinent" to the agency's original investigation
Clinton directed her maid to print out classified materials (New York Post) As secretary of state, Hillary Clinton routinely asked her maid to print out sensitive government emails and documents — including ones containing classified information — from her house in Washington, DC, emails and FBI memos show
Rival behind July cyber attack on internet service provider: Cops (Indian Express) Officers are waiting for a technical report from the Forensic Science Laboratory to confirm their suspicions
C-Level Executives May Be Liable For Cyber Breaches, Warns LeClairRyan Attorney (PRNewswire) Complacency puts them at legal and professional risk, Christopher Wiech says in recent blog post
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, Nov 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping tomorrow’s global cyber threat landscape. The interactive, fresh and content driven format is specifically designed for leaders, visionaries and decision makers across all geographies. Strengthen your global network and form lasting relationships with other forward-thinking and inspiring leaders.
IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, Nov 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional community and unrivaled education. It’s time to get to work: Start here.
SANS Miami 2016 (Coconut Grove, Florida, USA, Nov 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing viciousness and stealth, and it's essential you understand the tools and techniques and learn the skills needed to protect your organizations. Get the training you need from SANS - the most trusted and by far the largest source for information security training in the world
Federal IT Security Conference (Columbia, Maryland, USA, Nov 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. All proceeds from the event go to help retrain Wounded Warriors to become cyber defenders at the Wounded Warrior Cyber Combat Academy.
11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, Nov 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.
SecureWorld Seattle (Bellevue, Washington, USA, Nov 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, Nov 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate black-tie event will celebrate the minds of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used exclusively to help sustain and grow the Institute’s research, publications and educational activities for the communities it serves.
Israel HLS and Cyber 2016 (Tel Aviv, Israel, Nov 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.
SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, Nov 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market
Infosec 2016 (Dublin, Ireland, Nov 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing
Commercial Cyber Forum: Insider Threat (Odenton, Maryland, USA, Nov 15, 2016) Please join us for a panelist discussion with insider threat experts on upcoming Federal rules, key elements of an insider threat program and privacy, due process, and human resource requirements.
Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, Nov 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.
CISO Charlotte (Charlotte, North Carolina, USA, Nov 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
Pharma Blockchain Bootcamp (Edison, New Jersey, USA, Nov 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.
CyberCon 2016 (Washington, DC, USA, Nov 16, 2016) CyberCon 2016 is the forum for dialogue on strategy and innovation to secure civilian and defense networks, as well as private-sector networks that hold their sensitive data. Cybersecurity will be the defining challenge for the foreseeable future and CyberCon 2016 will provide a roadmap for innovation and collaboration that lead to more transparent and secure networks.
Versus 16 (San Francisco, California, USA, Nov 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age
Focusing On The Future: Prioritizing Security in the Digital Economy (Washington, DC, USA, Nov 18, 2016) In today's digital economy, developing and prioritizing a cyber strategy is critical to address diverse and evolving threats, foster trust in the technology we use, and define a path forward where security is seen as a business enabler. Join The Chertoff Group for a premier post-election cyber conference that will convene thought leaders across government and industry to share their unique points of view and insights with regard to critical policy, technology, and risk management issues that will be shaping the security agenda.
Data Breach & Fraud Prevention Summit Asia (Mumbai, India, Jun 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.
SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, Nov 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.
4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, Nov 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.
Internet of Things (IoT) (Elkridge, Maryland, USA, Nov 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting support to small companies. The Internet of Things (IoT) is becoming more embedded in everyday life, often without people being aware. This talk centers on defining what IoT really is, discussing why it has exploded exponentially, and identifying challenges to future implementation of IoT, including security challenges.
CIFI Security Summit (Toronto, Ontario, Canada, Nov 30 - Dec 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.