The CyberWire Daily Briefing 03.09.16
news from RSA 2016
From the companies we spoke with at RSA, several trends appear to be driving technology development in the cyber security space: machine learning and automated analysis of big data, the importance of integrating with comprehensive solutions, and, above all, the need to cut through the glare of too much information without missing what's really important.
You'll see links to some retrospective commentary below. We also have our own summary of the technology trends we saw, and you'll find interviews with some of the thought-leaders in the field in today's special CyberWire podcast.
The Republic of Korea issues another complaint about North Korean cyber operations: an attempt to access South Korean railroad workers' email, apparently in an effort to compromise transportation control systems.
FireEye thinks that governments with advanced cyber capabilities have already built latent vulnerabilities into industrial control systems with a view to holding them in reserve for future exploitation. This is, it seems, a matter of a priori possibility as opposed to a conclusion based on specific evidence.
ISIS success at information operations seems strongly connected to close control of messaging and its reiterated claims to be in control of territory.
A Damballa study describes how cyber criminals are evading legacy detection techniques by adopting an agile approach to their infrastructure. The company's eight-month study of Pony Loader revealed that the malware's controllers "281 domains and more than 120 IPs spread across 100 different ISPs."
In the US, phishing of companies for employee tax records continues as we approach the April 15th tax-filing deadline. The Internal Revenue Service, which sustained a major breach last year, has been forced to take its online PIN service offline—the remedial service has itself been compromised.
This week sees patches from Microsoft, Google, Adobe, Mozilla, Facebook, and SAP.
The Apple-FBI dispute in US courts continues, spooking the Silicon Valley companies the Defense Department hopes to win over with support for encryption (echoed by the UK's GCHQ).
Today's issue includes events affecting Australia, European Union, France, Iraq, Democratic Peoples Republic of Korea, Republic of Korea, Russia, Syria, Turkey, Ukraine, and United States..
San Francisco: the latest from RSA
Record numbers attend RSA Conference 2016 (OnWIndows) A record 40,000 attendees participated in the 25th RSA Conference, which took place at the Moscone Center in San Francisco, US from 29 February to 4 March
Hottest Topics To Come Out Of RSA Conference (Dark Reading) Encryption, bug bounties, and threat intel dominated the mindshare of the cybersecurity hive mind at RSAC last week
RSA Conference 2016: The infosec glass house? (Help Net Security) A couple of years late to the party, but I finally made it to San Francisco with a real sense of excitement to attend what was described to me as the “Super Bowl of the Security Industry"
Making sense of threat intelligence data in your IT environment (Help Net Security) Threat intelligence data has been growing at an exponential rate of 39% a month. Enterprise customers are looking at around 30,000 events going into their SIEM every second. Only a small percentage have the infrastructure able to handle that amount of data
Interview: Laura Galante, FireEye (Infosecurity Magazine) With another pivot into the threat intelligence space recently, FireEye continues to make strides in the services side of security
ThreatStream Changes Name To Anomali, Adds New Products (CRN) The security vendor formerly known as ThreatStream used the RSA conference in San Francisco as a launching platform for its new name, Anomali
How the tiny startup Phantom Cyber scored big at RSA (TechCrunch) By any measure, Phantom Cyber is a David in a world of security Goliaths
Cyber Attacks, Threats, and Vulnerabilities
Nations have injected malware into industrial control systems 'just in case' (V3) Developed nations are likely to have created and covertly deployed malware in industrial control systems (ICS) used in other countries in case it ever needs to be used in a conflict
North Korea tried to hack South's railway system: spy agency (Reuters) North Korea has tried to hack into email accounts of South Korean railway workers in an attempt to attack the transport system's control system, South Korea's spy agency said on Tuesday
Why ISIS is So Successful (Cipher Brief) The rise of the Islamic State has been accompanied by the increasing presence of the terror group on social media. ISIS’s message of a Muslim utopia is disseminated through various organizations and outlets, all coordinated through complex bureaucratic measures
Russia-linked malware group turns to Turkey (FierceGovernmentIT) A prolific malware group with suspected ties to Russia known as "Pawn Storm," has reportedly launched a cyber espionage campaign against the Turkish prime minister, Turkish parliament and one of the largest newspapers in Turkey
Polymorphic Malware on the Rise (Softpedia) Polymorphic techniques make malware harder to detect
Damballa Releases New State of Infections Report Highlighting How Cyber Criminals Move Their Infrastructure and Conceal Their Tracks to Avoid Detection (BusinessWire) Damballa, the experts in network security monitoring, today released its Q1 2016 State of Infections Report highlighting exactly how cyber criminals evade detection
Reactions to the KeRanger ransomware for Macs (Help Net Security) Palo Alto researchers have discovered the first fully functional ransomware aimed at Mac users. The malware, dubbed KeRanger, has been found bundled into the Mac version of the open source Transmission BitTorrent client, and made available for download on the Transmission developers’ official website
The Half-Day Attack: From Compromise to Cash with Sentry MBA (Shape Security) Sentry MBA, an automated attack tool used to take over accounts on major websites, makes cybercrime accessible to legions of attackers across the globe
The IRS Has Taken its Failed ID Protection Service Offline, After a Hack (Government Executive) After last year’s massive data breach at the United States Internal Revenue Service, the agency gave secret codes to the taxpayers whose personal information had been compromised
Seagate 'whaling' delivers thousands of employee W-2s to identity thieves (FierceITSecurity) 'Tis the season to file taxes in the U.S., and scam artists are out in force to take full advantage of the situation
More companies snared by same type of phishing attack that hit Snapchat (Naked Security) It’s getting close to Tax Day in the US, and if you haven’t filed your taxes yet, you really should go ahead and do it before a cybercriminal does it for you
Rosen Hotel Chain Had a PoS Malware Infection for 17 Months (Softpedia) Rosen Hotels & Resorts Inc. (RH&R), a Florida-based US hotel chain, had some bad news for its customers during the past week after the company announced a malware infection that affected its credit card processing system for over 17 months
Cyber criminals getting more nimble, sophisticated (Business Insurance) Firms face a “broader and deeper landscape” with respect to cyber security risks, according to an analysis released Tuesday
Why cyber security is so important: 18 real-life hacks & cyber attacks that could disrupt your business (Computer Busiess Review) A look through Verizon's Data Breach Digest and the different cyber scenarios that could threaten your business
And the State that Sends the Most Email Spam Is … (Comodo Blog) It might come as a surprise to learn that Utah – with its beautiful terrain and picturesque views – could be a hive of activity for the origination of spam emails
Security Patches, Mitigations, and Software Updates
Microsoft Security Bulletin Summary for March 2016 (Security TechCenter) This bulletin summary lists security bulletins released for March 2016
Microsoft Patches Critical Vulnerabilities in its Browsers (Threatpost) Microsoft released a baker’s dozen worth of security bulletins on Tuesday, including five rated critical and two rated important that could result in remote code execution attacks against compromised machines
Security update available for Adobe Digital Editions (Adobe Security Bulletin) Adobe has released a security update for Adobe Digital Editions 4.5.0 and earlier versions. This update resolves a critical memory corruption vulnerability that could lead to code execution
Security Updates Available for Adobe Acrobat and Reader (Adobe Security Bulletin) Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system
Mozilla Releases Security Updates (US-CERT) Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system
Stable Channel Update (Chrome Releases) The stable channel has been updated to 49.0.2623.87 for Windows, Mac, and Linux...This update includes 3 security fixes that were contributed by external researchers. Please see the Chromium security page for more information
Google plugs 19 holes in newest Android security update (Help Net Security) In the March 2016 security update for the Android Open Source Project (AOSP), Google has fixed 19 security issues, seven of which are considered to be critical
Android Vulnerabilities Allow For Easy Root Access (TrendLabs Security Intelligence Blog) Qualcomm Snapdragon SoCs (systems on a chip) power a large percentage of smart devices in use today
Android security update once again addresses MMS malware flaws, but will your phone get fixed? (Hot for Security) Many Android users are running devices riddled with security holes, the most serious of which could allow a remote attacker to infect your smartphone with malware, simply by tricking you into opening an email, opening an MMS or browsing a website containing a boobytrapped media file
Facebook patches bug that let anyone hack any account (Graham Cluley) Facebook's poorly-secured beta site could be easily exploited in brute force attack
SAP Security Notes March 2016 – Review (ERPScan) SAP has released the monthly critical patch update for March 2016. This patch update closes 28 vulnerabilities in SAP products including 18 SAP Security Patch Day Notes and 10 Support Package Notes. 12 of all Notes were released after the second Tuesday of the previous month and before the second Tuesday of this month. 3 of all notes are updates to previous Security Notes
Patch insanity: Organizations are overwhelmed by vulnerability fixes (FierceITSecurity) While IT professionals know that patch management plays a critical role in maintaining an adequate cybersecurity profile, reality tends to bite: IT teams all too often struggle to keep up with, or find themselves completely overwhelmed by, the sheer volume of patches that need to be applied on a weekly, if not daily, basis in enterprise environments
Patch Management Still Plagues Enterprise (Dark Reading) Half of organizations don't even know difference between applying a patch and remediating a vulnerability
Data Security Trends: Shifting perceptions on data security (Dell: Future Ready Workforce) Business and IT decision makers are finally carrying the banner of data security, recognizing not only the safety it brings, but also the opportunity
3 in 5 Brits at risk from cyber attack through poor mobile security (Information Age) Millions of Brits are leaving their personal data exposed to cybercriminals – because they don’t know their own passwords
Is mobile the new squirrel? (CSO) Mobile is just the newest piece to the always changing puzzle of security
Security Professionals Sick of Stupid Users, Bromium Finds (IT Security Guru) Bromium, the micro-virtualisation specialists from California, have just released the results of a survey conducted at RSA 2016 with some surprising results. Users take note!
Cybersecurity by the Numbers: Inside 8 Recent Cyber Surveys (Legaltech News) These surveys cover both burgeoning areas of cybersecurity and companies’ cybersecurity reactions and plans
More Organizations to Deploy Encryption for Cyber Risks, Privacy Compliance, and Cloud (Legaltech News) More global organizations are adopting encryption citing major security and compliance concerns
Despite C-level buy-in, implementation hurdles plague security initiatives (FierceITSecurity) With headline after headline about data breaches and cyberthreats, data security has become a priority for C-suite executives—finally
IoT adoption is driving the use of Platform as a Service (Help Net Security) The widespread adoption of the Internet of Things (IoT) is driving platform as a service (PaaS) utilization. Gartner predicts that, by 2020, more than 50 percent of all new applications developed on PaaS will be IoT-centric, disrupting conventional architecture practices
Insurance helps protect against data breach fallout (Hotel News Now) Panelists at the 2016 Hospitality Law Conference explained the growing need for insurance and types of coverage that can protect against data breaches
Captive insurers seen as a good fit for cyber risk (Business Insurance) Although cyber attacks are occurring in almost every industry, an expert says just a fraction of clients are placing cyber liability in their captive insurer
FireEye higher as Piper upgrades following analyst day (Seeking Alpha) Piper's Andrew Nowinski, who smartly downgraded FireEye (NASDAQ:FEYE) to Neutral last October (shares were at $33.06 at the time), has upgraded to Overweight following yesterday's analyst day, and hiked his target by $9 to $24. Shares are up 4.6% premarket to $18.74
FireEye Is Starting To Shine (Seeking Alpha) FireEye's human and machine-based intelligence should allow the company to remain highly competitive in the rapidly evolving cybersecurity industry. It continues to improve its financial health, as evident in the company's Q4 results. FireEye's acquisition-heavy strategy could potentially backfire in an increasingly competitive cybersecurity industry
Did Akamai Partner With Microsoft, Alphabet? (Barron's) Based on management comments, Akamai may be working on accelerating and securing apps on Azure and Google Cloud
Is Microsoft Corporation Actually Getting Serious About Security? (Motley Fool) A new cloud-based security service rollout and a shiny new war room say yes
Is Morgan Stanley wrong about big Palantir valuation markdown? (Silicon Valley Business Journal) The recent downgrade of Palantir Technologies' valuation by Morgan Stanley was a surprise to many, since the secretive intelligence analytics company hasn't seemed to be losing any momentum
IBM Denies Layoff Size As Salesforce CEO Woos Talent (InformationWeek) IBM called reports that it is laying off a third of its workforce "outlandish and untrue." That's not stopping Salesforce CEO Marc Benioff from publicly inviting IBM employees to apply for open posts at his firm
Air Force awards cryptographic contract to Raytheon (C4ISR & Networks) Raytheon has been awarded a $7.7 million Air Force contract modification for a cryptographic contract
CrowdStrike expands into Europe after backing from Google (Channelnomics) US security vendor set to open UK offices
Cylance Receives FedRAMP Certification with Third Party Assessment Organization (3PAO) Classification (PRNewswire) One of Only 33 Organizations Worldwide to Achieve 3PAO Classification as an Inspection Body
Comcast transmits signal that it takes privacy seriously, hires Noopur Davis as privacy SVP (CSO) Davis joins Comcast from Intel Security, where she was VP of Global Quality
Products, Services, and Solutions
Google open sources vendor security review tool (Help Net Secuirty) Google has open sourced its Vendor Security Assessment Questionnaire (VSAQ) Framework with the hope that other companies and developers could use it to improve their vendor security programs and/or posture
Dell open sources DCEPT, a honeypot tool for detecting network intrusions (Help Net Security) Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody
Kaspersky launches IT Health Check to assess your cyber defences (IT Pro Portal) Yesterday, Kaspersky Lab announced the launch of its IT Health Check tool
US giant Lockheed-Martin releases Israeli-based cyber-security system (Times of Israel) The aerospace company is also a big cyber-security provider, and its product just got better thanks to Israel’s Cybereason
Cybersecurity Solutions Provider Comodo Announces Launch of Secure Web Platform (HostSearch) Cybersecurity solutions provider Comodo has announced the launch of Comodo Dome, a new cloud-based secure web platform
The Institute of World Politics’ new Cyber Intelligence Initiative announces strategic partnership with Duklaw Ventures (Institute of World Politics) New strategic partnership will help cyber innovation companies
ShadowDragon Announces Partnership with Proofpoint to Create MalNet (Virtual Strategy Magazine) MalNet visualizes and maps advanced malware threat intelligence from the Proofpoint in just seconds using ShadowDragon Maltego Transforms
DefCon Cyber on alert in Prince William, protecting critical assets (Potomac Local) The time from when a cyber attacker can access a company’s internal systems to the time the company responds is about 204 days or about seven months
eero: A Mesh WiFi Router Built for Security (KrebsOnSecurity) User-friendly and secure
Technologies, Techniques, and Standards
A Wall Against Cryptowall? Some Tips for Preventing Ransomware (Internet Storm Center) A lot of attention has been paid lately to the Cryptowall / Ransomware "family" (as in crime family) of malware. What I get asked a lot by clients is "how can I prepare / prevent an infection?"
Cisco security chief: How to beat back security system complexity (Network World via CSO) Cisco has aggressively bought up security vendors and worked on integrating their software protections into existing Cisco gear, making for a simpler, more secure and flexible network, says Cisco’s security chief
Cyber Storm exercise tests cyber defense strategies (Federal Times) To an unaware observer, Cyber Storm V would look pretty undramatic: A group of people in a room, using laptops to graze websites, occasionally fielding a phone call
5 Ways to Fix the Biggest Cybersecurity Issues Law Firms Face (Legaltech News) How do you protect your law firm from a seemingly indefensible threat?
Integrated security frameworks help mitigate risk (SecurityInfoWatch) There has been an increased push by security executives across various disciplines and vertical markets in recent years to transform the C-Suite’s perception of security departments as being reactive cost centers into proactive business enablers
How to calculate ROI and justify your cybersecurity budget (CSO) If you speak with management about money – speak their language and you will definitely get what you need
Two key tools for cyber security (UK Authority) DCLG deputy technology leader William Barker emphasises importance of 10 Steps documents and CiSP
Encryption project issues 1 million free digital certificates in three months (IDG via CSO) The EFF said the numbers show that websites were previously put off by cost and bureaucracy
Design and Innovation
DARPA as the model for military cyber innovation (SC Magazine) U.S. officials expect cooperation with the private sector will bear little resemblance to a traditional recruiting model
Northrop Grumman Foundation recognizes top teams advancing to CyberPatriot VIII national finals competition (Your Defense News) The Northrop Grumman Foundation, presenting sponsor for CyberPatriot VIII, congratulates the top 25 high school and three middle school teams advancing to the national finals competition in Baltimore, April 12
Legislation, Policy, and Regulation
France votes to penalize companies for refusing to decrypt devices, messages (Ars Technica) But UN official warns: "Without encryption tools, lives may be endangered"
In Europe, You’ll Need a VPN to See Real Google Search Results (Wired) You've got a blind date tonight and you want to find out more about the person you’re meeting
GCHQ: Crypto's great, we're your mate, don't be like that and hate (Register) UK spymaster tells MIT that all must cooperate in response to crims' use of ciphers
Military hits snag in Silicon Valley recruitment (The Hill) The fight between the FBI and Apple over a locked iPhone is threatening to undermine the Pentagon’s attempt to recruit talent from Silicon Valley
Johnson: Recruit patriots to boost cybersecurity (Federal Times) A love of country should be the one characteristic the government focuses on to recruit cyber warriors, according to Homeland Security Secretary Jeh Johnson
Obama Says Google, Facebook, Microsoft, And Visa Will Provide Extra Layer Of Security To Americans (Forbes) President Barak Obama recently said “With the help of companies like Google GOOGL +0.15%, Facebook FB +0.20%, Microsoft MSFT +0.85%, and Visa V -1.83%, we’re going to empower Americans to be able to help themselves and make sure that they are safe online with an extra layer of security, like a fingerprint or a code sent to your cellphone"
Civil liberties groups ask White House for a seat at the table in discussions on countering violent extremism online (FierceGovernmentIT) Obama administration officials are reportedly engaging the tech community on how to counter the spread of violent extremism and propaganda through online platforms and social media, but civil liberties groups say they've been excluded from the conversation
Civil Society Input on Human Rights and Civil Liberties Protections Online (New America) The undersigned organizations recognize that the U.S. government faces complex security challenges, and we appreciate the role of a variety of stakeholders including technology companies
“Activism is not terrorism”: Rights groups call on Congress to investigate the FBI and DHS for surveillance of activists (Salon) On 45th anniversary of exposure of COINTELPRO, more than 60 orgs pen a letter to congressional judiciary committees
FBI adopts new rules for accessing NSA data: report (Washington Times) New policies adopted by the FBI reportedly affect the bureau’s access to intelligence gathered by the National Security Agency on U.S. citizens, but officials say they’re barred from explaining since the changes are classified
Mandatory data breach notification proposals will unleash compliance confusion (CSO) Companies will struggle to comply with the Federal Government’s mandatory data breach notification proposals unless detailed guidance is developed and consultation processes with the Privacy Commissioner are introduced, to help them determine whether they have a notification obligation, says an IT security expert from global consulting firm, Protiviti
Einstein, cyber workforce priorities for DHS chief (FCW) In what will likely be his last budget presentation before the Senate, Homeland Security Secretary Jeh Johnson said implementing the Einstein cybersecurity system across government, attracting capable cyber defenders and ensuring the success of the Department of Homeland Security's unified acquisition and management programs are among his top targets for the year and into the future
Q&A: Why Phyllis Schneck needs the country to trust her (FedScoop) Whether it's defending the .gov domain or protecting the private sector, the Department of Homeland Security’s deputy undersecretary for cyber says trust is crucial to her mission
Litigation, Investigation, and Law Enforcement
Feds Appeal Apple's iPhone Encryption Win In NY Case (InformationWeek) Apple may have hoped to "hang its hat" on a recent iPhone encryption win in a Brooklyn court, but the Justice Department has requested revisiting the judge's ruling
Apple to FBI: Weakening iPhone Security Could Make the Power Grid More Hackable (MIT Technology Review) Apple’s public assaults on the FBI’s demand that it help unlock an iPhone used in last year’s shootings in San Bernardino, California, keep getting louder
Snowden: FBI’s stance in Apple case is 'horses---' (The Hill) National Security Agency leaker Edward Snowden on Tuesday had harsh words regarding the FBI’s claim that only Apple can break into the iPhone used by one of the San Bernardino, Calif., terrorists
Fact checking the Hillary Clinton email controversy (Washington Post) It’s been one year since it was learned that Hillary Clinton had set up a private email system when she was secretary of state — a revelation that has dogged her campaign for the presidency
Home Depot settles consumer lawsuit over big 2014 data breach (Reuters) Home Depot Inc (HD.N) agreed to pay at least $19.5 million to compensate U.S. consumers harmed by a 2014 data breach affecting more than 50 million cardholders
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Insider Threat Program Development Training (Washington, DC, USA, Mar 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training
International Academic Business Conference (New Orleans, Louisiana, USA, Mar 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are welcome to make presentations and/or to only attend sessions. The Clute Institute also seeks manuscripts for possible publication in our recently launched Journal of Cybersecurity Research
CISO Atlanta Summit (Atlanta, Georgia, USA, Mar 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data
The Atlantic Council's Cyber 9/12 Student Challenge (Washington, D.C. USA, Mar 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests
SANS 2016 (Orlando, Florida, USA, Mar 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 with cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. We invite you to take this amazing opportunity to meet with other cyber security professionals at one of the largest SANS events and learn actionable steps that will make an impact on security. Our event campus and lodging will once again be the magnificent Walt Disney World Dolphin Resort.
CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, Mar 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM), and Operation/Exercise lessons learned during Joint/Allied operations. The event will support all levels of organizations that manage deployed forces, or the local community. ISKMI will address rapidly changing security strategies, technologies and methodologies that make accounting of safeguarding and securing equipment more complex than ever before.
Pwn2Own 2016 (Vancouver, British Columbia, Canada, Mar 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets, the Windows-based targets will be running on a VMware Workstation virtual machine. A $75K bonus will be given to those who can escape the VMware virtual machine. This is our first year including VMware as a target, and we look forward to seeing what researchers will do with it
Insider Threat Symposium & Expo™ (San Antonio, Texas, USA, Mar 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents to businesses. The Insider Threat Symposium & Expo is a MUST ATTEND event for individuals working for the U.S. Government, State Governments, Department of Defense, Intelligence Community Agencies, Critical Infrastructure Providers, Defense Industrial Base Contractors, Airport / Aviation Security, large and small businesses
ICCWS 2016 (Boston, Massachusetts, USA, Mar 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security
CISO Summit France (Paris, France, Mar 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming years. But even with enterprises tacking notice of new technologies capable of driving revenue and lowering costs, IT departments aren't yet in the clear. The role of the CISO is more important than ever as financial turmoil continues to alter the world's economy, making it difficult to put your organisation in a position to achieve success. The business goals have changed and CISOs are now tasked with trying to find emerging opportunities to drive value throughout the enterprise
Risk Management Summit (New York, New York, USA, Mar 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the largest US and global companies. Now in it its seventh year, provides attendees with focused insights into key risk management concerns via expert panels and strategic, thought-provoking discussions with peers and industry leaders
Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, Mar 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that have only limited functionality — have become viable. While this potentially will provide great opportunities, the development of AI is likely to impact upon the very functioning of society. In this context, the specialized training on AI and autonomous robotics aims to provide media and public relations professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media
International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, Mar 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce. Despite the increasing demand for cybersecurity professionals globally it remains an area where there is a significant shortage of skilled security professionals. The conference will facilitate a national dialogue toward enhancing opportunities in cybersecurity education and increase employment opportunities for minorities
Commonwealth Cybersecurity Forum 2016 (London, England, UK, Mar 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together cybersecurity stakeholders from across the Commonwealth; from policy makers, regulators and implementing agencies to private sector and civil society. The Forum is a place to showcase expertise, build capacity, present new technologies and develop relationships. Importantly it will map out the future cooperation among Commonwealth countries in Cybersecurity
Black Hat Asia 2016 (Singapore, Mar 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings
SecureWorld Boston (Boston, Massachussetts, USA, Mar 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Insider Threat Summit (Monterey, California, USA, Mar 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: to better understand security challenges in order to better defend against insider threats
TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, Mar 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem. The conference unites players from research labs, automakers, tier 1's, security researchers, and the complete supply chain to plan for the imminent future
Women in Cyber Security 2016 (Dallas, Texas, USA, Mar 31 - Apr 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional Development), WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in supporting recruiting and retention efforts for women in cybersecurity is encouraged to participate