The CyberWire Daily Briefing 03.02.16
news from RSA 2016
Yesterday's talks and conferences gave a wide range of industry leaders—among them Microsoft and RSA itself—an opportunity to express full-throated support of Apple in its dispute with the Justice Department over Government OS. "The path to hell starts at the backdoor," as Microsoft president Smith said, and his call to preserve the general availability of strong encryption was widely seconded.
In the dispute between Apple and the FBI more narrowly conceived—as a particular investigation of a specific crime involving a single device—opinion still tended to be on Apple's side, but reactions were more mixed. The FBI's motives and request received a more sympathetic hearing than one expects to encounter at hell's backdoor. Adi Shamir, for example, thought that, while the request certainly had the potential to set troubling precedents, Apple had picked the wrong battle: what the FBI was asking for was access to that one phone.
NSA's position in the crypto wars has been publicly much quieter and more nuanced than those taken by the Justice Department, and far more accepting, on the face of it, of the general availability of strong encryption. NSA Director Admiral Rogers delivered a keynote at the conference yesterday that's being widely reported as a plea for more cooperation between industry and the Intelligence Community. It was indeed that, but it also expressed an understanding that problems in cyber security are complex and variegated—problems for foxes, not hedgehogs. It's refreshing to see complexity acknowledged where one often hears glib calls for moonshots or Manhattan Projects (two hedgehog programs if there ever were any).
TechCrunch has declared this the year of "Security + Machine Learning + Artificial Intelligence" at RSA. That's a fair characterization of the technologies and approaches on offer. But we would add some additional specificity to this characterization. It's also the year of systems integration, OSINT, and, above all, anomaly detection. (Listen to our podcast for more details on our conversations with industry leaders.)
Congratulations to Whitfield Diffie and Martin E. Hellman, public-key cryptography pioneers who can now add the 2016 Turing Award to their list of well-deserved honors.
If you're at RSA, drop by for a visit. We're at South 1145.
US NSA Director Rogers warned yesterday that the US should expect, as a matter of practical certainty, to sustain infrastructure attacks at least as damaging as December's disruption of electrical power in Ukraine.
The widely expected and hitherto mysterious OpenSSL patch arrived yesterday, and all now know what was being plugged: a TLS/SSL vulnerability now being called "DROWN" (a forced acronym derived from Decrypting RSA using Obsolete and Weakened eNcryption). It's generally regarded as serious: about a third of all https servers are thought to be susceptible to DROWN attacks, which depend upon the old EXPORT_GRADE backdoor formerly mandated for US-made security products.
TrendLabs finds a new variant of the BIFROS Trojan designed for deployment against Unix (and "Unix-like") systems. They attribute the development to the threat actors behind the "Shrouded Crossbow" campaign.
A group of Turkish hackers has claimed responsibility for the ransomware attack on Hollywood Presbyterian Medical Center. While the motive behind the attack seems clear enough—criminal extortion—those claiming responsibility cloak themselves in a nationalist mantle: they were also protesting American friendliness toward Kurds. (Sez they.)
Verizon releases a breach report with a difference: it doesn't replace the company's existing well-known annual report, but it supplements statistical treatment with instructive case studies.
In the UK, the Government prepares a new version of its surveillance bill. The Apple-FBI case is being closely watched in Europe, where observers fear it will have implications for the implementation of Privacy Shield. Partisans of both sides square off in Congressional testimony.
Today's issue includes events affecting Afghanistan, China, European Union, India, Iran, Pakistan, Russia, Syria, Turkey, Ukraine, United Kingdom, and United States.
San Francisco: the latest from RSA
Cyber security execs come out swinging for Apple (USA Today) The cybersecurity industry came out swinging Tuesday in favor of Apple in its fight against the FBI’s demand that it build a backdoor into an iPhone operating system
Apple vs. FBI: Even Cryptographers Cannot Agree (eSecurity Planet) Even world famous cryptographers don't all agree with Apple's position on protecting encrypted data
NSA Director Makes Plea to Tech Industry to Partner on Security (eWeek) At RSA, the head of the U.S. Cyber Command and director of the NSA explains the mission of the organizations he commands and what he's doing to improve security in America
Cryptography Pioneers Win Turing Award (New York Times) In 1970, a Stanford artificial intelligence researcher named John McCarthy returned from a conference in Bordeaux, France, where he had presented a paper on the possibility of a “Home Information Terminal"
Innovations In Cybersecurity At RSA 2016 (TechCrunch) At the 25th RSA 2016, it will be the year of Security + Machine Learning + Artificial Intelligence
Photo gallery: RSA Conference 2016 Innovation Sandbox (Help Net Security) The RSA Conference 2016 is underway at the Moscone Center in San Francisco
RSA 2016: A call for a new approach to cyber security (ITWorld Canada) Organizations can only fight attackers by freeing infosec staff to find creative solutions, says the head of RSA
#RSAC: Creativity remains an important tool for data security, says Google’s Chief Safety Officer (Infosecurity Magazine) Google’s famous 80/20 policy, under which employees are encouraged to spend one fifth of their working hours away from the daily grind, focusing on projects that satisfy their passion, creativity and innovative spirit, extends even to the team responsible for keeping the company’s products – and users’ data – safe and secure
Encryption, Privacy & Skills Shortage Hot Topics On RSA Keynote Stage (Dark Reading) From the president of RSA to the director of the NSA, all RSA conference keynotes mentioned needs for protecting liberties and increasing the infosec workforce
CISOs Still Frozen Out of the Boardroom (Infosecurity Magazine) Cybersecurity is now front and center on organizations’ boardroom agendas (and budgets), but staffing shortages and lack of expertise persists, and most chief information security officers (CISOs) have yet to earn a seat at the table
Is Your CISO Out of Place? (IBM Security Intelligence Blog) There’s a good reason why Fast Company called the job of chief information security officer (CISO) the “hottest seat in corporate America today"
ThreatQuotient wins Security Start Up of the Year award (Help Net Security) ThreatQuotient announced its Threat Intelligence Platform (TIP), ThreatQ, was recognized as a Silver winner for Innovation in Enterprise Security at the 2016 Info Security Global Excellence Awards
ForgeRock Wins Cyber Defense Magazine Award 2016 (CSO) ForgeRock®, the leading open platform provider of identity management solutions, today announced that its ForgeRock Identity Platform™ has been recognised in the 2016 Cyber Defense Magazine Awards as “Best Product” in the Identity Access Management Solution Category
Guidance Software Honored as Gold and Bronze Winner in the 12th Annual 2016 Info Security PG’s Global Excellence Awards® in Endpoint Security and Security Training and Educational Programs (BusinessWire) The Security Industry’s Coveted Global Excellence Awards Winners and Finalists from all over the world were honored by Info Security Products Guide in San Francisco on February 29, 2016
Ntrepid’s Passages Takes Home Two Awards During RSA 2016 Conference (BusinessWire) Secure Browser Wins for Innovation in Enterprise Security and Next Generation Security
BluVector 2.0: Machine-learning malware detection (Help Net Security) At RSA Conference 2016 Acuity Solutions announced the release of version 2.0 of BluVector, its machine-learning malware detection and cyber hunting solution, which now provides to enterprises the ability to train their BluVector appliance on their environment through a new artificial intelligence capability
Discover, classify, protect and analyze data with TITUS Illuminate (Help Net Security) According to a recent Forrester report, data discovery and classification is an often-overlooked yet critical component of data security and control
Microsoft Develops Next-Generation Endpoint Security Offering (Dark Reading) Windows 10 gets a cloud-based advanced threat endpoint detection and response (EDR) service option
Kaspersky Launches Targeted Attack Detection Platform, Security Intelligence Services At RSA Conference (CRN) Kaspersky Lab Tuesday launched a targeted attack detection platform and line of security intelligence services at the RSA Conference, being held this week in San Francisco
Tenable Network Security Delivers New Solution for Unknown and Shadow Asset Solution to Eliminate Blind Spots Across Complex IT Environments (CSO) Tenable Network Security, Inc., a global leader transforming security technology for the business needs of tomorrow, announced a new solution for Unknown and Shadow Assets at RSA Conference 2016
RSA® Security Analytics Adds Real-Time Behavior Analytics (PRNewswire) Enables analysts to detect advanced threats and understand the full scope of the compromise
Chinese Threat Intel Start-up Finds DarkHotel Exploiting Chinese Telecom (Dark Reading) New China-based threat intelligence company ThreatBook wants to be the 'trusted contact in China'
Cyber Attacks, Threats, and Vulnerabilities
Islamic State group in competition for recruits in Pakistan (AP) Trying to lure him into the Islamic State group, the would-be recruiter told Pakistani journalist Hasan Abdullah, "Brother, you could be such an asset to the Ummah"— the Islamic community. Abdullah replied that he was enjoying life and had no plans to join the jihadis
NSA Chief Worries About Cyber-Attack on US Infrastructure (Gadgets 360°) US National Security Agency chief Michael Rogers warned Tuesday that hackers will inevitably mount a cyber-attack against US infrastructure, similar to the power failure in western Ukraine last year
New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan (@PhilipHungCao) On December 24, 2015, Unit 42 identified a targeted attack, delivered via email, on a high profile Indian diplomat, an Ambassador to Afghanistan
DROWN attack breaks TLS encryption, one-third of all HTTPS servers vulnerable (Help Net Security) There’s a new attack that breaks the communication encryption provided by SSL and TLS and can therefore lead to theft of extremely sensitive data exchanged between users and a vulnerable server
DROWN attack: 33% of all HTTPS servers declared at risk (HEAT Security Blog) Remember the Heartbleed and POODLE vulnerabilities that were found in the OpenSSL cryptographic library back in 2014?
Attack of the week: DROWN (A Few Thoughts on Cryptographic Engineering) To every thing there is a season. And in the world of cryptography, today we have the first signs of the season of TLS vulnerabilities
The DROWN security hole – what you need to know (Naked Security) Our Vulnerability of the Week Award goes to DROWN, for a cool name and and an amusing logo
Threat Actors Behind “Shrouded Crossbow” Create BIFROSE for UNIX (TrendLabs Security Intelligence Blog) We recently came across a variant of the BIFROSE malware that has been rewritten for UNIX and UNIX-like systems
Shocking! This Trojan can bypass Google Play Store’s security measures! (PC-Tablet) Acecard Trojan, capable of attacking nearly 30 banking and payment Android mobile apps was detected by Kaspersky Lab’s Anti-malware research team
Turkish hackers claim responsibility for LA hospital ransomware (SC Magazine) Turkish hackers have claimed responsibility for the recent ransomware attack on a Los Angeles hospital
HackingTeam Releases New Malware Targeting Mac (Softpedia) For the past few weeks, security researchers from Palo Alto Networks, SentinelOne, and Synack have been analyzing a new malware sample targeting Mac OS X, which appears to be the work of the infamous HackingTeam
Another Day, Another Hack: Hacker Claims to Have Sold 27M Mate1.com Passwords (Motherboard) Quite literally, every day someone gets hacked. Whether that's a telecommunications company having its customer data stolen, or another chain of businesses being ripped for all the credit cards it processes, today one hack just seems to melt into another
Beware Of Social Media And Cybersecurity (Forbes) There are no hackers, only spies, says Eric O’Neill, former FBI counterterrorism and counterintelligence operative
Information vs. Intelligence: Anonymous targets the banking industry (CSO) A threat advisory from Solutionary warns of a pending attack
Cybercrime Recruiters Want You (BankInfoSecurity) Desperately seeking hackers for hire
Security Patches, Mitigations, and Software Updates
Millions of OpenSSL secured websites at risk of new DROWN attack (ZDNet) A new patch to OpenSSL has come just in time to combat the new deadly DROWN security hole. Here's how to defend yourself
Verizon releases first-ever data breach digest with security case studies (CSO) Verizon is known for its huge annual Data Breach Investigations Report, but this morning it released a less data-heavy digest organized by case study
Data breaches exposed over 707 million records in 2015 (ZDNet) But the good news is that the total number of breaches dropped by 3.4 percent from 2014
DDoS, Web Attacks Surge; Repeat Attacks Become the Norm (CSO) Akamai has announced the availability of the Q4 2015 State of the Internet – Security Report. The quarterly report provides analysis and insight into malicious activity observed across the Akamai Intelligent Platform™ and provides a detailed view of the global cloud security threat landscape
Companies are realizing that security and privacy go hand in hand (Help Net Security) 50 percent of companies over the past two years have increased the involvement of privacy professionals on their information security teams to enhance the prevention of data breaches, a joint study released at RSA Conference by the International Association of Privacy Professionals (IAPP) and TRUSTe has found
Phishing Attacks Increase Tech Sophistication, Focus On Financial Fraud (Dark Reading) With a prevalence of free, feature-rich phishing kits and multi-million dollar profits from business email compromise attacks, no wonder phishing's so popular
To Case the Joint, Press 1: Crooks Refocus on Bank Call Centers (American Banker) The often-overlooked call center is getting more attention, as banks realize that stronger security on online and mobile channels has driven cybercriminals to focus their energies on conning phone reps
World’s 10 Hottest Cybersecurity Companies to Watch in 2016 (Information Security Buzz) Cybersecurity Ventures announces the Cyber Top 10 for 2016, a global compilation of the leading companies who provide cybersecurity solutions and services. The ten companies sit atop the Cybersecurity 500, which is published quarterly by Cybersecurity Ventures
LogicNow Acquires iScan Online, Introduces MAX Risk Intelligence (MSPMentor) iScan's technology will power the LOGICnow MAX Risk Intelligence solution
PAR Technology Lands Air Force Cyber Tech Development Contract; Matt Cicchinelli Comments (ExecuitveBiz) PAR Technology‘s government systems subsidiary landed an approximately 42-month $3.4 million Integrated Information Management System Cyber Technology Maturation Framework contract from the U.S. Air Force
AVG Technologies Announces Second Tranche of Share Repurchase Program (PRNewswire) AVG® Technologies N.V. (NYSE: AVG), the online security company™, announced today the second tranche of its previously announced 1,666,667 share repurchase program intended to cover AVG's obligations to deliver shares under its employee stock options incentive and restricted share units plans, as announced on November 9, 2015 and subsequently on December 17, 2015
eCrypt Technologies : Bravatek Board of Director, Chuck Brooks, Widely Recognized For Thought Leadership and as Top Social Media Influencer (4-Traders) Chuck was recently named Chairman of CompTIA's New and Emerging Technology Committee. The committee address the impacts of social media, big data and data analytics, cloud, mobility, and the Internet of Things
Engility taps former Raytheon exec as new CEO (Boston Business Journal) Engility Holdings Inc. (NYSE: EGL) said Tuesday it has hired board member and longtime defense industry vet Lynn Dugle as its new CEO as Tony Smeraglinolo has stepped down effective immediately
Products, Services, and Solutions
Accenture and Endgame Form Alliance to Help Organizations Hunt, Block and Remove Cyber Adversaries (Accenture) Accenture also investing in Endgame to expand its cyber defense portfolio with automated threat detection and elimination
A10 Networks Announces Worldwide Availability of Thunder Convergent Firewall and New ACOS 4.1 Software Release (A10) A10 Networks (NYSE: ATEN), a leader in application networking and security, today announced the worldwide availability of Thunder Convergent Firewall (CFW), a standalone security product built on A10’s ACOS Harmony platform
A10 Networks Launches Standalone Thunder SSL Insight (SSLi) Line of Products (A10) A10 Networks (NYSE: ATEN), a leader in application networking and security, announced the worldwide availability of Thunder SSL Insight (SSLi), a standalone security product built on A10’s market-leading SSL inspection technology and ACOS Harmony platform.
Cavium OCTEON III Multi-Core Processor Family Powering Next Generation Advanced Security Appliances (PRNewswire) Cavium, Inc. (NASDAQ: CAVM), a leading provider of semiconductor products that enable intelligent processing for enterprise, data center, wired and wireless networking, today announced that its latest processing technologies are enabling a new wave of advanced security appliances
Qualys extends Cloud Agent Platform to support Linux and Mac OS (Help Net Security) Qualys announced the expansion of the Qualys Cloud Agent Platform
SECUDE and Boldon James Partner to Offer an Integrated Data Classification Solution for SAP Customers (Yahoo! Finance) Data classification leaders collaborate to provide consistency in handling enterprise data, created both inside and outside of SAP applications
Splunk adds more machine learning, analytics to security detection tools (ZDNet) Splunk added features and integration between User Behavior Analytics (UBA) 2.2 and Splunk Enterprise Security 4.1
Egnyte offers flexible key management (Computerworld) Encryption has been, ever since the Snowden revelations, the topic du jour. Egnyte is giving customers ultimate flexibility over encryption keys
Hexis Cyber Solutions Enhances HawkEye G Integrated Detection and Automated Response Capabilities (EconoTimes) Hexis Cyber Solutions Inc. (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (NASDAQ:KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, is committed to the continuous innovation and development of its flagship next-generation endpoint security solution, HawkEye G
Say hello to Kiddle: the child-protecting search engine (Naked Security) Remember “celebgate” – the widespread hack of hundreds of iCloud accounts which saw the internet flooded with intimate pictures of Jennifer Lawrence, Rihanna and a whole host of others?
Technologies, Techniques, and Standards
How to set up your Facebook privacy settings (Graham Cluley) Facebook, privacy and you
Research and Development
Deep Instinct Files Portfolio of Patents to Implement Deep Learning in Cybersecurity (BusinessWire) Patent-pending technology applying deep learning to cybersecurity for the first time prevents zero-day and APT attacks on endpoints, servers and mobile devices, freeing enterprises from costly recovery
Legislation, Policy, and Regulation
Britain floats revised bill for broad surveillance powers (SC Magazine) Britain floated revised legislation on Tuesday that would grant authorities wide-ranging surveillance powers including the right to see which websites people visit, saying the modified bill addressed concerns about threats to privacy
Apple-FBI stand-off raises red flags for European data protection agreement (Euronews) The fight between Apple and the US law enforcement agency the FBI over access to a terrorist’s iPhone is raising concerns in Europe
Lynch: Wiretap agreement with Britain would protect privacy, human rights (Washington Post) Attorney General Loretta E. Lynch plans to say Tuesday that recently launched transatlantic talks to enable British access to wiretap data from U.S. firms would protect privacy and human rights
Carter Draws Hard Comparison With China on Cyber, Naval Policies (Defense News) Secretary of Defense Ash Carter used a keynote address in San Francisco on Tuesday to draw stark parallels between the policies of the United States and those of China, particularly on freedom of commerce and the Internet
Defense Secretary Ash Carter Praises Strong Encryption (Wall Street Journal) Warns that if U.S. and Silicon Valley don’t work together, other nations could set standards on their terms
Apple lawyer, FBI director face off in Congress on iPhone encryption (Reuters) FBI Director James Comey told a congressional panel on Tuesday that a final court ruling forcing Apple Inc (AAPL.O) to give the FBI data from an iPhone used by one of the San Bernardino shooters would be “potentially precedential” in other cases where the agency might request similar cooperation from technology companies
Our personal security is our national security (The Hill) Strong encryption is good for our personal security
Offense and Defense Define Air Force Cyber Work With Industry (SIGNAL) Maj. Gen. Burke Edwin Wilson, USAF, commander, 24th Air Force and Air Forces Cyber, offers that the 24th is working with industry “on a plethora of capabilities"
Litigation, Investigation, and Law Enforcement
Attorney General Loretta Lynch ‘Disappointed’ With Apple Court Ruling (Wall Street Journal) Says technology companies are subject to ‘social compact’ to comply with the law and meet its responsibilities
F.B.I. Error Locked San Bernardino Attacker’s iPhone (New York Times) The head of the F.B.I. acknowledged on Tuesday that his agency lost a chance to capture data from the iPhone used by one of the San Bernardino attackers when it ordered that his password to the online storage service iCloud be reset shortly after the rampage
We’re On the Same Side, Carter Tells Silicon Valley (Defense One) As the FBI-vs.-Apple battle heats up, the defense secretary makes his own pitch to the tech industry
Terror Expert Describes Islamic State Tactics, Recruiting (ABC News) An expert for the U.S. Justice Department told a jury in a terror trial on Tuesday that Islamic State targets individual American troops and reaches new recruits through social media
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
2016 CyberWeek (Tel Aviv, Israel, Jun 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's Office and Tel Aviv University, in collaboration with the Ministry of Foreign Affairs, will bring together high level international cyber experts, policy-makers, academia and researchers, security officials and foreign diplomats, attracting many participants from around the world for an exchange of knowledge, methods and ideas evolving field of cyber.
RSA Conference 2016 (San Francisco, California, USA, Feb 29 - Mar 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016
Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, Mar 1 - 2, 2016) The National Defense Industrial Association (NDIA) Michigan Chapter Cybersecurity: Defense Sector Summit is to provide a forum to foster educational dialog between government, industry and academia in support of shaping the defense sector's strategy for "platform" cybersecurity. Multiple "conversation panels" will be focused on how cybersecurity is impacting not only ground vehicles, but air and maritime platforms. Key to the discussion will be synergies and lessons to be learned from connected car initiatives and the commercial sector. The Summit is in partnership with the State of Michigan and its Michigan Economic Development Corporation (MEDC)
International Academic Business Conference (New Orleans, Louisiana, USA, Mar 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are welcome to make presentations and/or to only attend sessions. The Clute Institute also seeks manuscripts for possible publication in our recently launched Journal of Cybersecurity Research
CISO Chicago Summit (Chicago, Illinois, USA, Mar 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
Navigating Summit 2016 (Canberra, Australia, Mar 8, 2016) The Australian government has pledged to create a future-proofed nation, one that is fit to drive higher economic growth and improved standards of living using information technology innovatively. Privacy and cyber-security are the cornerstones of this strategy. The Summit will examine the implications of privacy and security in a ubiquitously connected, data driven world. Key areas of focus will include digital identity, open data and data sharing, the implications of technologies such as cloud computing, data analytics and the Internet of Things and perceived tensions between privacy and security and innovation.
CISO Atlanta Summit (Atlanta, Georgia, USA, Mar 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data
The Atlantic Council's Cyber 9/12 Student Challenge (Washington, D.C. USA, Mar 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests
SANS 2016 (Orlando, Florida, USA, Mar 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 with cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. We invite you to take this amazing opportunity to meet with other cyber security professionals at one of the largest SANS events and learn actionable steps that will make an impact on security. Our event campus and lodging will once again be the magnificent Walt Disney World Dolphin Resort.
CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, Mar 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM), and Operation/Exercise lessons learned during Joint/Allied operations. The event will support all levels of organizations that manage deployed forces, or the local community. ISKMI will address rapidly changing security strategies, technologies and methodologies that make accounting of safeguarding and securing equipment more complex than ever before.
Pwn2Own 2016 (Vancouver, British Columbia, Canada, Mar 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets, the Windows-based targets will be running on a VMware Workstation virtual machine. A $75K bonus will be given to those who can escape the VMware virtual machine. This is our first year including VMware as a target, and we look forward to seeing what researchers will do with it
Insider Threat Symposium & Expo™ (San Antonio, Texas, USA, Mar 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents to businesses. The Insider Threat Symposium & Expo is a MUST ATTEND event for individuals working for the U.S. Government, State Governments, Department of Defense, Intelligence Community Agencies, Critical Infrastructure Providers, Defense Industrial Base Contractors, Airport / Aviation Security, large and small businesses
ICCWS 2016 (Boston, Massachusetts, USA, Mar 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security
CISO Summit France (Paris, France, Mar 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming years. But even with enterprises tacking notice of new technologies capable of driving revenue and lowering costs, IT departments aren't yet in the clear. The role of the CISO is more important than ever as financial turmoil continues to alter the world's economy, making it difficult to put your organisation in a position to achieve success. The business goals have changed and CISOs are now tasked with trying to find emerging opportunities to drive value throughout the enterprise
Risk Management Summit (New York, New York, USA, Mar 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the largest US and global companies. Now in it its seventh year, provides attendees with focused insights into key risk management concerns via expert panels and strategic, thought-provoking discussions with peers and industry leaders
Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, Mar 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that have only limited functionality — have become viable. While this potentially will provide great opportunities, the development of AI is likely to impact upon the very functioning of society. In this context, the specialized training on AI and autonomous robotics aims to provide media and public relations professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media
International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, Mar 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce. Despite the increasing demand for cybersecurity professionals globally it remains an area where there is a significant shortage of skilled security professionals. The conference will facilitate a national dialogue toward enhancing opportunities in cybersecurity education and increase employment opportunities for minorities
Commonwealth Cybersecurity Forum 2016 (London, England, UK, Mar 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together cybersecurity stakeholders from across the Commonwealth; from policy makers, regulators and implementing agencies to private sector and civil society. The Forum is a place to showcase expertise, build capacity, present new technologies and develop relationships. Importantly it will map out the future cooperation among Commonwealth countries in Cybersecurity
Black Hat Asia 2016 (Singapore, Mar 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings
SecureWorld Boston (Boston, Massachussetts, USA, Mar 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Insider Threat Summit (Monterey, California, USA, Mar 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: to better understand security challenges in order to better defend against insider threats
TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, Mar 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem. The conference unites players from research labs, automakers, tier 1's, security researchers, and the complete supply chain to plan for the imminent future
Women in Cyber Security 2016 (Dallas, Texas, USA, Mar 31 - Apr 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional Development), WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in supporting recruiting and retention efforts for women in cybersecurity is encouraged to participate