The CyberWire Daily Briefing 01.06.16
To most observers — including, according to reports, US intelligence services — Russia appears the most likely suspect in December's cyber attack on the Ukrainian power grid. How the attack was accomplished, however, remains less clear. As ESET's reports suggest, signs point to BlackEnergy malware (BlackEnergy was found in affected networks) but many think it's too early to close the case.
The motive for a Russian hack also remains unclear: there's no obvious operational purpose served. Some speculate the episode amounts to dissuasion or saber-rattling. (In its own bit of dissuasion, the US Treasury Department finalizes its system of sanctions for hacking.)
Other utilities around the world reassure stakeholders they've taken precautions against similar attacks.
Saudi Arabia and Iran seem poised to escalate ongoing tension into conflict in cyberspace. ISIS has taken to denouncing the Saudi regime as tyranny and Saudi soldiers as apostates. Shi'ites, Christians, and Jews also come in for their usual share of odium in Daesh social media. Western services are still working out their information operational response.
Anonymous takes down Thai police sites to protest death sentences handed down in the case of two murdered tourists.
"GeNiuS-JorDan," known for attacks on Kuwaiti and Nepalese sites, defaces Ugandan Foreign Ministry sites with protests of US and Israeli actions in the Middle East.
Analysts review Ransom32, which Emsisoft described this week. Its JavaScript-based ability to affect different operating systems is as disturbing as Ransom32's crimeware-as-a-service distribution.
Rapid7 finds issues with Xfinity's home security system.
Android patches five critical security flaws.
Notes.
Today's issue includes events affecting Afghanistan, Australia, Belgium, Brazil, Canada, China, Denmark, Ethiopia, France, Germany, India, Iraq, Iran, Israel, Italy, Jordan, Latvia, Japan, Kenya, Myanmar, Netherlands, Nigeria, Palestine, Russia, Rwanda, Saudi Arabia, Singapore, Switzerland, Syria, Tanzania, Thailand, Turkey, Uganda, Ukraine, United Kingdom, United States, and and Yemen.
Cyber Attacks, Threats, and Vulnerabilities
Russian hackers suspected in attack that blacked out parts of Ukraine (Washington Post) U.S. Homeland Security and intelligence agencies are analyzing computer code from what appear to be one of the first known cyberattacks that resulted in an electrical power outage — this one in Ukraine
Ukrainian Power Grid: Hacked (InfoRisk Today) Blackouts tied to malware attack against power provider
Exclusive: CIA Eyes Russian Hackers in 'Blackout' Attack (Daily Beast) Somebody hacked the Ukrainian power grid just before Christmas — and U.S. intel analysts are looking toward Moscow for answers
Ukraine blackout was a cyberattack milestone (C|NET) Hundreds of thousands of homes were left in the dark in what security experts say was a first for hackers with ill intent
Hack of Ukrainian Power Grid Marks 'New Territory,' Analyst Says (DoD Buzz) The recent cyberattack on Ukraine's power grid was the first of its kind and signals "new territory" for potential offensive military applications, an analyst said
Questions Remain On How Cyberattack Caused Ukraine Blackout (Dark Reading) Could BlackEnergy backdoor with KillDisk really cause a power outage? Some experts think piece of puzzle is missing
Ukraine power outages blamed on "hackers and malware" — the lessons to learn (Naked Security) You may have read news stories over the New Year's break about hackers causing power outages in Ukraine, using malware as their primary toolkit for attack
Measures to fend off cyber attacks tested regularly: Singapore Power (Channel News Asia) Singapore Power's comments come on heels of an attack on Ukrainian power company Prykarpattyaoblenergo late last month
Saudi And Iranian Hackers Are Already On A Cyber Warpath (BuzzFeed) Saudi and Iranian hackers are already launching small-scale cyberattacks on each other, but both countries have the ability to do more
Anti-ISIS group claims credit for taking down websites of BBC, Trump, Turkish prime minister (FierceITSecurity) The New World Hacking group, which bills itself as an anti-ISIS group, claimed that it took down the websites of the BBC, Donald Trump's presidential campaign and the Turkish prime minister in distributed denial of service attacks carried out in recent days
ISIS Campaign Targets Saudi Arabia, Calls For Attacks Against Saudi Monarchy, Shi'ites, And Polytheists (MEMRI) The Islamic State (ISIS) has exerted much effort in the last couple of weeks to attacking Saudi Arabia and its ruling and religious echelons in an extensive and well-coordinated media campaign it launched against it. The campaign included the unprecedented release of 15 official ISIS videos from ISIS's various provinces, along with similarly prolific content released from the ISIS-affiliated Al-Battar media company over social networks and jihadi forums
Fixing How We Fight the Islamic State's Narrative (War on the Rocks) Over the past couple of years, counter-messaging has been driven to the forefront of countering violent extremism (CVE) efforts undertaken by the United States and its allies. From defense agencies to diplomats to civil society groups, almost every actor involved in CVE is committed to developing narratives to counter the potent propaganda and appeal of groups such as the Islamic State and al-Qaeda. The need for effective counter-messaging is apparent: The Islamic State in particular possesses an agile and robust propaganda machine that has helped to inspire as many as 31,000 people from across the globe to leave their homes and join the cause
Thai police websites hacked with 'Failed Law' message (AP: The Big Story) Hackers took over several police websites in Thailand, replacing the home pages with a message saying, "Failed Law. We want Justice!"
Anonymous Hacks 14 Thai Police Websites to Protest Flawed Murder Investigation (Softpedia) Anonymous hackers are contesting the decision of another judge, yet again, but this time in Thailand, in the Koh Tao murder case
Uganda High Commission Website For 20 Countries Hacked (Hack Read) The defaced sites were left with messages against the US invasion of Iraq, human rights violations in Afghanistan and Palestine
JavaScript makes Ransomware as simple as a snap of fingers (Hack Read) A new variant of ransomware, Ransom32, uses JavaScript to ease the process of attacking use systems with ransomware and cause problems
Researchers uncover JavaScript-based ransomware-as-service (Ars Technica) Malware, based on Node.js desktop framework, offered up to would-be extortionists for fee
Author of Linux.Encoder Fails for the Third Time, Ransomware Is Still Decryptable (Softpedia) The Linux.Encoder ransomware has received a third update, which security researchers from Bitdefender have managed to crack, yet again, for the third time
Security Alert: Exploit Kits Activity Spike Packs Improved Payloads, New Servers and a Predilection for Flash Player (Heimdal Security) It seems that cyber criminals are well rested and have also gotten back to the "office", because our team has spotted a substantial increase in exploit kit activity for Neutrino, RIG and Angler. Here's what it's all about
Hell is back with Hell Reloaded on the Dark Web (Hack Read) The Dark Web hacking forum named Hell was shut down last year when a data dump of personal details of users was found on the website. However, a few months after its reported shutdown by authorities, Hell is back
Linode To Hosting Customers: Change Your Passwords Now (Dark Reading) Stolen Linode customer credentials discovered on an 'external' server by cloud hosting provider that has been under continuous DDoS attack
Xfinity's Security System Flaws Open Homes to Thieves (Wired) New-generation alarm systems that send real-time text alerts and other digital notifications if an intruder tries to breach a property offer homeowners a great sense of security. Except when thieves can easily undermine the system to trick homeowners into thinking they're protected when they're not
Comcast security flaw could help burglars break into homes undetected (Ars Technica) Comcast says industry-standard tech to blame, but will try to fix it
XFINITY Security System Flaw Allows Sneak Attacks By Jamming Radio Frequency (Dark Reading) Rapid7 Researcher finds that when communication between base station and sensors is disrupted, alarm system continues to think it is armed
BTCC Bitcoin Trader Confronts DDoS Attackers Like A Pro (Hack Read) Bitcoin-for-DDoS extortion scheme has a new victim and its none other than the BTCC — however, the hacker was unfortunate this time as the company was capable financially and had implemented advanced DDoS protection measures beforehand
Brazilian Cyber-crime Flourishes, Catching Up to Russian, Chinese Groups (eWeek) Studies of cyber-crime in Russia, China, Brazil and other nations find that each has its strengths
As Microsoft support winds down, security risks ratchet up (GCN) When it comes to security, government IT managers do their best to balance risk and cost. In 2016 that balance will be harder to maintain when "extended support" for some Microsoft products ends
European Trains at risk of being Hacked: Hackers (Hack Read) Trio of Russian hackers revealed numerous bugs in the train systems of many of Europe's railway companies, saying that hackers and terrorists can easily exploit them to derail or even hijack the trains
SNHU still investigating database leak exposing over 140,000 records (CSO) Class records exposed by third-party vendor, university says
HSBC hails "steady return of service" to online banking (ITPro) But bank's technical problems are still ongoing
Two-day outage at British bank not cyberattack (The Hill) Britain's biggest bank, HSBC, said on Tuesday that hackers aren't responsible for a mobile and online banking outage that has now lasted two days
60 Percent of Banks Operating in the UK Have Weak Crypto (Softpedia) More than half of British or foreign-owned banks operating in the UK were found to run insecure SSL instances on the login page of their Web portals
Security Patches, Mitigations, and Software Updates
January Android security update fixes 5 critical flaws, removes unneeded component (Help Net Security) Google has released the January security update for Android (for its Nexus devices). The update fixes 12 issues, five of which are critical
Nexus Security Bulletin — January 2016 (Android) We have released a security update to Nexus devices through an over-the-air (OTA) update as part of our Android Security Bulletin Monthly Release process
Got an Android? I hope you're patching it (We Live Security) If you are one of the many millions of people who owns an Android phone, I do hope you're managing to keep it updated
Security Notification and Linode Manager Password Reset (Scheduled Maintenance Report for Linode) Effective immediately, Linode Manager passwords have been expired. You will be prompted to set a new password on your next login. We regret this inconvenience, however this is a necessary precaution
Cyber Trends
3 Information Security Trends for 2016 (Recorded Future) Threat intelligence truly took center stage in 2015. While there is an element of trendiness to the term, the need for more accurate, timely, and actionable information about threats to enterprises, individuals, and even nation-states has never been more important
2016 Technology Report: New Security Solutions and Risks Go Hand-in-Hand (Security) Technology moves quickly, as military and commercial tools and toys merge with security applications to create both new solutions and risks for the enterprise. What should you be on the lookout for this year?
Hacker 2016 To-Do List: Botnet All The Things! (Dark Reading) Most predicted security crisis of the year is an impending wave of zombified Internet of Things (IoT) devices taken over to fill out cybercriminal botnets
The Biggest Security Threats We'll Face in 2016 (Wired) Hackers are nothing if not persistent. Where others see obstacles and quit, hackers brute-force their way through barriers or find ways to game or bypass them. And they'll patiently invest weeks and months devising new methods to do so
Security and Data Breach Trends in 2016 (InfoRisk Today) What's the new stance for breach prevention and detection?
Forward-facing security by remembering the past (GCN) As the new year begins, it?s a good time to look forward to what?s on the horizon and reflect on the successes and struggles of the past 12 months. Given the speed with which technologies emerge, these moments give us perspective when planning to make the coming year a stronger and more successful one
An Internet of Things wish list for 2016 (Help Net Security) I've been writing about the Internet of Things for a while now, both from the perspective of the great opportunities that the IoT offers and the very real pressure it will put on both security practice and legislation designed to protect our privacy
Confusion about IT security leaves devices at risk (Help Net Security) When it comes to Internet security, consumer concern and awareness are both on the increase. However, despite a growing recognition of the need to protect devices, many consumers are struggling to identify, install and use security software, according to Kaspersky Lab and B2B International
Infographic: The Size and Scope of Data Breaches in 2015 (Bromium) Looking back at 2015, it's clear that IT security is a real and growing concern. Just a few years ago, online retailers were the source of most security failures. Now, cybercriminals are getting more sophisticated. In 2015, cybercriminals have successfully attacked governments, hospitals and insurance companies — the organizations that store our most personal data
2015 Government Technology in Review: Mobile Security, the Cloud, and Police Body Cameras (Samsung) While no one would dispute that the past year has seen some game-changing advances in government technology, some might be surprised at just how deep these changes run
2016: Year of the Empowered CISO? (InfoRisk Today) Intel Security's MD on trends and challenges facing Indian security jeaders
The Growing Role of Incident Response (InfoRisk Today) Arbor's Buhl: awareness up, but Asian approach still young
What About Canada, Eh? — The Canadian Threat Landscape (TrendLabs Security Intelligence Blog) As a Canadian Threat Analyst, one challenge that I and others like me face is that there are very few threat reports that focus on or cover Canada
Marketplace
More Executives Turn to Cyber Risk Transfer (Tripwire: the State of Security) As cyber threats grow in scope and potential impact, the complexity of enterprise digital data protection grows to astonishing proportions. Last year, a Fortune 500 survey revealed that cyber security is the second biggest concern for CEOs, who keep looking for new solutions to keep their data safe and their clients happy
Cybersecurity Demand Looks Strong into 2016; Is There Enough Pie for Everyone at the Table? (FBR Capital) On the heels of another strong year for cybersecurity players, our field checks for 4Q15/initial 2016 pipelines indicate strong deal flow, particularly on the seven-figure-deal front, as the sophisticated threats facing enterprises and governments remain unprecedented. Our channel partner/customer checks suggest elevated threats coupled with increasing endpoints (e.g., cloud buildouts, mobile proliferation) are catalyzing IT departments to aggressively build out next-generation firewalls, email protection, and advanced threat analysis/detection
Cybersecurity Industry Predictions for 2016 (Network World) Skills shortage, M&A, and trusted systems will impact the industry this year
The life and times of the cyber security hype curve (Information Age) The evolution of cyber provisioning and how this reflects the maturity (or the lack of it) of the cyber security market in developed economies
Digging Into The Deceleration At Qualys (Seeking Alpha) Qualys Chairman/CEO Philippe Courtot has led many technology companies to strong exits, and Qualys is likely another feather in his cap. Unfortunately, competition is heating up, calling the achievability of both growth rates and the company's aggressive target model into question. At the current valuation, Qualys doesn't look like a compelling long, but it may be an M&A candidate. More aggressive investors might find it worth a look on a deeper selloff
New Company, CyberVista, Launches to Tackle Cybersecurity Training for Business Leaders and Practitioners (BusinessWire) CyberVista, a wholly owned subsidiary of Graham Holdings Company and sister company to Kaplan, Inc., will make its official debut today during the first-ever CES CyberSecurity Forum at 2016 CES in Las Vegas. CyberVista, a cybersecurity education and workforce development company, aims to create a cyber-ready workforce through personalized training programs that provide organizations with the people, knowledge and skills required to defend their most critical assets
What Washington tech startups want out of CES (Washington Business Journal) If you're in the tech world — or even just a self-proclaimed tech geek — it's arguably the most wonderful time of the year for you: The Consumer Electronics Show kicks off Wednesday in Las Vegas
Zerodium offers $100,000 to hackers to breach Flash's new security feature (TechWorm) Zerodium, the company that deals in exploits and zero-days has put up a fresh $100,000 bug bounty for zero-days in the new Flash security feature. Zerodium buys zero-day bugs from security researchers and then sells them forward to government intelligence agencies. It has already been in news for offering a $1 million bug bounty to a security researcher for a zero-day bug in Apple's newly released iOS 9 mobile operating system
Air Force wants to simulate cyberwar in a virtual environment (FierceGovernmentIT) The Air Force issued a request Monday for research and product information on a virtualized system that could help the service rehearse combat scenarios in the cyberspace domain
Sotera Wins Prime Position on $6 Billion DIA E-SITE IDIQ Contract (PRNewswire) Sotera Defense Solutions (Sotera), a provider of mission-critical, technology-based systems, solutions and services for national security agencies and programs of the U.S. Government, was recently awarded a prime position on the Enhanced Solutions for the Information Technology Enterprise (E-SITE) Indefinite Delivery Indefinite Quantity (IDIQ) — Large Business track
SRA International awarded DCGS maintenance contract (UPI) SRA International has been awarded a $35 million contract to manage and maintain the Processing, Exploitation, and Dissemination, or PED, Operation Center of the Air Force Distributed Common Ground System
IT security is a safe job? Tell that to Norse staff laid off this week (Register) Exclusive One of the more promising security startups of recent years has laid off a sizable chunk of its staff, citing business pressures
KEYW Names Michele M. Cook Executive Vice President of Business Development (CNN Money) The KEYW Corporation, a wholly-owned subsidiary of The KEYW Holding Corporation (NASDAQ:KEYW), announced today it has named Michele M. Cook as Executive Vice President of Business Development, with an employment commencement date of January 18, 2016
Products, Services, and Solutions
Microsoft's New Security Approach (Redmond Magazine) Microsoft is shifting to an operational focus and creating a security graph to help address the alarming new threat landscape and the rise of cloud computing
Cloudlock And Check Point Partner to Revolutionize Cloud Malware Threat Detection and Quarantine (EIN News) Joint solution discovers and attacks hybrid cloud shadow IT and malware at the source through detection, quarantine, and eradication capabilities
VMware integrates mobile security into enterprise threat defense lifecycle with Intel Security (Computer Technology Review) VMware further enhanced Tuesday its alliance with Intel Security to include joint solutions for customers using the AirWatch by VMware Enterprise Mobility Management platform
Silicon Labs Gecko MCU Platforms Focusing on IoT Security and Energy (App Developer Magazine) Silicon Labs has introduced two new EFM32 Gecko microcontroller (MCU) platforms that focus on security and energy management for IoT-connected devices
LoJack SCI and TransVoyant Partner to Deliver Supply Chain Risk Alerting (PRNewswire) Will the potential for a port workers' strike in Shanghai affect my shipments? How risky is this shipping route through northwestern Mexico for cargo theft? Will severe weather in the Pacific cause my ocean cargo to arrive late into the Port of Long Beach? Converging logistical risk subject matter expertise with live data analytics, LoJack SCI and TransVoyant today announced a partnership that will answer these questions and more
Can enterprises keep mobile security threats from driving customers away? (CSO) A 2015 mobile app survey from Bluebox Security supports the notion that most consumers would turn away from vendors if their mobile app is compromised and take their business elsewhere
WISeKey Locks Down Digital Identity Solution In China (PYMNTS) Swiss-based cybersecurity firm WISeKey announced yesterday (Jan. 4) that it will launch its Digital Identification and secure cloud services for Chinese consumers
Technologies, Techniques, and Standards
Cyber security guidelines for the shipping industry (Help Net Security) A group consisting of several leading shipping organizations and companies has published a set of guidelines to help the global shipping industry develop good solutions for preventing cyber incidents onboard their ships
Wi-Fi HaLow to extend Wi-Fi solutions for the Internet of Things (Help Net Security) With industry momentum mounting around a low power Wi-Fi solution, Wi-Fi Alliance announced the Wi-Fi HaLow designation for products incorporating IEEE 802.11ah technology
Cyber security: making banking safer (The Banker) Protecting the banks' crown jewels — money and personal data — may have become more difficult than ever, but financial institutions have fortified their defences with a little help from their fintech friends
Data convenience isn't a crime, but treating it as one should be (Computerworld) It's self-defeating to try to protect data by treating it all as if it's equally sensitive
Solid cyber risk management depends on good defense metrics (Business Insurance) Cyber security is vital for corporations and individuals alike, but its practice is hamstrung by a lack of effective data, loose monitoring and impediments to sharing the data that does exist
Victims or Villains: Intelligent Incident Response Can Save the Day (Infosecurity Magazine) We all know the lessons of nursery school tales: don't lie, don't steal, and play nice with others
HTML5 Security Cheat Sheet (Help Net Security) This OWASP cheat sheet serves as a guide for implementing HTML5 in a secure fashion
Design and Innovation
The Father of Online Anonymity Has a Plan to End the Crypto War (Wired) It's been more than 30 years since David Chaum launched the ideas that would serve as much of the groundwork for anonymity online. In doing so, he also helped spark the debate that's endured ever since, over the anarchic freedoms that digital secrecy enables — the conflict between privacy advocates and governments known today as the "crypto wars"
New Dropbox patent hints at possible P2P future (FierceCIO) BitTorrent Sync might be getting some new competition
Gaming Gets Serious on Addressing Online Dual Threats of Cyber-Attacks and Piracy (Willis Wire) Within the world of game console systems, piracy is an ever-present threat and the potential consequences of a cyber-attack have spiraled upward, now that online gaming services have become an inextricable part of modern game consoles
Research and Development
De-anonymizing code authors by analyzing executable binaries (Help Net Security) A group of researchers that have previously proven that it's possible to de-anonymize programmers by analysing the source code of programs they have created, have now demonstrated that a good result can be also be achieved by analyzing executable binaries of those programs
Quantum Cryptography May Not Be as Secure as Previously Thought (IBM Security Intelligence) Researchers from Stockholm University and Linköping University in Sweden have discovered that quantum cryptography may not be as secure as it was presumed to be. They found that energy-time entanglement, which forms the basis for many systems of quantum cryptography, is vulnerable to attack
Hacking the Bell test using classical light in energy-time entanglement-based quantum key distribution (Science Advances) Photonic systems based on energy-time entanglement have been proposed to test local realism using the Bell inequality. A violation of this inequality normally also certifies security of device-independent quantum key distribution (QKD) so that an attacker cannot eavesdrop or control the system. We show how this security test can be circumvented in energy-time entangled systems when using standard avalanche photodetectors, allowing an attacker to compromise the system without leaving a trace
Legislation, Policy, and Regulation
EU finally agrees on General Data Protection Regulations (ITPro) The wording of the document has been finalised and is set to come into force in 2018
Dutch Government Embraces Encryption, Denounces Backdoors (Threatpost) While the "Going Dark" debate over encryption standards rages on here in the United States, government officials in the Netherlands this week released a statement that actually calls for stronger encryption and rejects backdoors entirely
CSU : Financial Constraints to Combat Terrorism Includes Call for Bitcoin Framework (CryptoCoinNews) The Christian Social Union (CSU), a leading Christian democratic and conservative political party in Bavaria, Germany is due to issue a paper detailing effective ways to combat terrorism that will include financial restraints, as the party sees it. The paper will also include regulation for all virtual currencies including Bitcoin
Treasury finalizes rule for imposing cyber sanctions (Federal Times) As the U.S. looks to get tougher on cyber criminals that threaten the nation's critical infrastructure, the Treasury Department released an abridged version of a proposed regulation for imposing cyber-related sanctions to foreign actors, whether individuals, groups or nation-states
CRS sheds light on enforcement authority in data breach notification legislation (FierceGovernmentIT) As lawmakers return to the Hill, several data security and breach notification bills remain up for consideration in the 114th Congress. Among the major legal issues members of Congress must consider in proposed legislation is the existing jurisdiction and enforcement authority of the Federal Trade Commission and the Federal Communications Commission, reported the Congressional Research Service
Federal legislation takes look at social media and terrorism (ABC 13 WHAM) New federal legislation is taking aim at terrorist's use of social media sites. The new bill is called the "combat terrorist use of social media act of 2015"
Army FORSCOM Relaunches Intell Operations Facility in North Carolina (ExecutiveGov) The U.S. Army Forces Command has reopened a 27,000-square-foot facility at Fort Bragg in North Carolina to provide a training venue for uniformed personnel and support future intelligence missions
Litigation, Investigation, and Law Enforcement
Britain accused of security lapse in case of jihadi who fled (Gazette) Opposition members of Parliament criticized the British government Tuesday for failing to prevent a man charged with serious crimes from traveling to Syria to join Islamic State extremists
What to Know About the New 'Jihadi John' (TIME) How a bounce-house salesman became an alleged ISIS executioner
How Jewish groups got spied on by Obama (JTA) At first blush, it appears like a bombshell: The United States listened in on Israeli Prime Minister Benjamin Netanyahu's phone calls
China Asks Microsoft to Explain 'Major Problems' in Probe Data (Wall Street Journal) Software firm's sales and marketing practices face further scrutiny by Chinese officials
Latvian Who Co-Wrote Worldwide Computer Virus Can Go Home (ABC News) A Latvian computer code writer who admitted a role in spreading a virus to more than a million computers worldwide, including some at NASA, can return home after serving 20 months in prison
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Global Cybersecurity Innovation Summit (London, England, UK, Jan 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. Our objective is to advance innovation and the growth of the cybersecurity sector by providing a platform for cybersecurity businesses, particularly small and medium enterprises (SMEs), to connect with key UK, US, and international decision makers, system integrators, investors, government policy makers, academia and other influential business executives
ESA 2016 Leadership Summit (Chandler, Arizona, USA, Jan 31 - Feb 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and practices stay ahead of the curve. The Summit is a three-day conference filled with networking and educational opportunities dedicated to delivering business intelligence to electronic security companies and professionals that are ready to embrace innovation and grow
Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, Mar 1 - 2, 2016) The National Defense Industrial Association (NDIA) Michigan Chapter Cybersecurity: Defense Sector Summit is to provide a forum to foster educational dialog between government, industry and academia in support of shaping the defense sector's strategy for "platform" cybersecurity. Multiple "conversation panels" will be focused on how cybersecurity is impacting not only ground vehicles, but air and maritime platforms. Key to the discussion will be synergies and lessons to be learned from connected car initiatives and the commercial sector. The Summit is in partnership with the State of Michigan and its Michigan Economic Development Corporation (MEDC)
Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. The Cybersecurity Law Institute will give you insights into the latest information and strategies. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis
Upcoming Events
CES CyberSecurity Forum (Las Vegas, Nevada, USA, Jan 6, 2016) Premiering at CES 2016 — the global stage for next generation technologies — The CyberSecurity Forum will bring together security experts and technology visionaries with executives and policymakers to tackle current and looming cyber security challenges. Registration is limited to ensure a highly interactive experience and opportunities for networking
FloCon 2016 (Daytona Beach, Florida, USA, Jan 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers, researchers, and others interested in applying the latest analytics against large volumes of traffic
Breach Planning & Incident Response Summit: Proactive Collaboration Between Private Industry and Law Enforcement to Mitigate Damage (Odenton, Maryland, USA, Jan 12, 2016) The Cybersecurity Association of Maryland, Inc.(CAMI), Chesapeake Regional Tech Council, Maryland Chamber of Commerce, Chesapeake Innovation Center, Tech Council of Maryland are partnering together to host this event designed to attract and educate CIO's, CISO's, CEO and Compliance officials from small to mid-sized commercial firms on the practical actions taken by the government, firms and organizations post-hack
Cyber Security Breakdown: Chicago (Chicago, Illinois, USA, Jan 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals
Insider Threat Program Development Training Course — Georgia (Atlanta, Georgia, USA, Jan 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
FTC PrivacyCon (Washington, DC, USA, Jan 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer advocates
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
POPL 2016 (St. Petersburg, Florida, USA, Jan 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome, on topics ranging from formal frameworks to experience reports
Automotive Cyber Security Summit — Shanghai (Shanghai, China, Jan 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards and new products and solutions designed to deal with the growing threats
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
CyberTech 2016 (Tel Aviv, Israel, Jan 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with the latest innovations and solutions featured by the international cyber community. The conference's main focuses are on networking, strengthening alliances and forming new connections. Cybertech also provided an incredible platform for Business to Business interaction
Fort Meade IT & Cyber Day (Fort Meade, Maryland, USA, Jan 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products and services to IT, Communications, Cyber and Intelligence personnel