The CyberWire Daily Briefing 01.11.16
The emerging consensus over late December's rolling blackouts in Western Ukraine moves decisively toward the conclusion initially reached by ESET and iSight Partners that the affected oblast's grid sustained a cyber attack. The SANS Institute's influential Industrial Control Systems blog says, "We assess with high confidence based on company statements, media reports, and first-hand analysis that the incident was due to a coordinated intentional attack." Attackers apparently gained network access to control systems, turning them on and off at will. Other bits of malware and supporting attacks served as misdirection. Ukraine's government plans to release results of its investigation next week.
German intelligence services resume cooperation with US services after an interruption brought on by objections to US electronic surveillance of German and other friendly European targets.
A group of Germany-based jihadists begin publishing a cryptography magazine. While denying adherence to ISIS, the publishers nonetheless expect their work to useful to colleagues in cyber-jihad.
Counter-terror operations were the focus of Friday's White House outreach to Silicon Valley, with particular emphasis on denying ISIS a platform in social media. But the Daily Beast points out that the old-school, dead-tree ISIS magazine "Dabiq" enjoys wide influence, the message apparently trumping the medium.
Twitter finds itself in conflict with Turkey's government over Kurdish pro-independence.
UK opposition leader Jeremy Corbyn's Twitter account was briefly hijacked.
The Rovnix Trojan worries Japanese banks. Other countries go on alert against similar infestations.
Juniper Networks drops its backdoored encryption scheme. Microsoft's support for older IE versions ends tomorrow.
Notes.
Today's issue includes events affecting European Union, France, Germany, Iran, Iraq, Japan, Moldova, Nigeria, Philippines, Romania, Russia, Syria, Turkey, Ukraine, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Hackers used malware to confuse utility in Ukraine outage — report (Reuters) Hackers likely caused a Dec. 23 electricity outage in Ukraine by remotely switching breakers to cut power, after installing malware to prevent technicians from detecting the attack, according to a report analyzing how the incident unfolded
Malware wasn't sole cause of Ukraine power station outage (Computerworld) The attackers manually intervened to open breakers that caused power outages
Confirmation of a Coordinated Attack on the Ukrainian Power Grid (SANS Industrial Control Systems Blog) After analyzing the information that has been made available by affected power companies, researchers, and the media it is clear that cyber attacks were directly responsible for power outages in Ukraine. The SANS ICS team has been coordinating ongoing discussions and providing analysis across multiple international community members and companies. We assess with high confidence based on company statements, media reports, and first-hand analysis that the incident was due to a coordinated intentional attack
Russian Hacker Sandworm Blamed For Ukraine Power Outage (Radio Free Europe/Radio Liberty) U.S. cyberintelligence firm iSight Partners said it is certain that a Russian hacking group known as Sandworm caused last month's unprecedented power outage in Ukraine
The Ukranian electric grid cyber attack — it can it happen here (Control) iSight partners gave a presentation at the ICS Cyber Security Conference in Atlanta identifying the BlackEnergy malware and what it meant to critical infrastructures including electric utilities
ICS Cross-Industry Learning: Cyber-Attacks on Electric Transmission and Distribution (Part One) (SANS Industrial Control Systems Blog) When stories of cyber attacks against industrial control systems (ICS) emerge there are always statements around what malware did or did not do in the environment. To truly understand the impact on industrial control systems (ICS) though requires the understanding of the system itself and what is possible
Was the Cyber Attack on a Dam in New York an Armed Attack? (Just Security) Concerns about the vulnerability of infrastructure to cyber attacks were highlighted in two recent news articles. Last month, the Wall Street Journal reported that in 2013, Iranian hackers infiltrated the control system of a dam 20 miles outside of New York City…How should this event be characterized? Is it an act of cyberwar? Is it an inter-state attack? What measures can the United States take in response to this event?
Jihadists Launch Tech Magazine Focusing On Cryptography (Radio Free Europe/Radio Liberty) A group of German-speaking jihadists has released the first issue of an online magazine that provides information on encrypted communications and Internet security
'Supporters Of The Islamic State' — Anatomy Of A Private Jihadi Group On The Encrypted 'Telegram' App, Offering Secret Chats And Private Encryption Keys (MEMRI) The November 13, 2015 Paris attacks relaunched the debate about Islamic State (ISIS) and other jihadi use of encryption technology and apps, with particular attention, and unprecedentedly negative media coverage, directed at Telegram, which these groups and individuals now heavily favor
Twitter's Latest Challenge: Deciding Who's a Terrorist (Wired) Times are challengeing for Twitter. Its stock price is down. Its product strategy is under constant scrutiny. And recently, it's put itself in the position of defying a government's claim that it's offering a venue for terrorists
Anonymous Targets Nigerian Government Sites, Wages War Against Corruption (Hack Read) Anonymous, the infamous hacktivist group having footprints around the world, waged a cyber war against the Nigerian government on Friday
Labour leader Jeremy Corbyn's Twitter account hacked (BBC) A series of foul-mouthed posts have been published on Jeremy Corbyn's Twitter feed following the apparent hacking of the Labour leader's account
Hacked Twitter account embarrasses UK politicial leader (Naked Security) The UK's Leader of the Opposition is Jeremy Corbyn MP, head of the Labour Party, and we think we can say, while remaining entirely objective, that he's controversial
Why GPS is more vulnerable than ever (Christian Science Monitor Passcode) The space-based navigation and timing system faces a growing risk of attack. But there is a simple solution
Fatally weak MD5 function torpedoes crypto protections in HTTPS and IPSEC (Ars Technica) MD5 and its only slightly stronger SHA1 cousin put world on collision course
Japanese Banks Targeted With New Rovnix Trojan (Dark Reading) US organizations need to monitor such threats because cyber criminals can easily modify and migrate such threats for use here, IBM says
Ransomware evolution: Another brick in the CryptoWall (Naked Security) The evolution of ransomware is always a hot topic, or at least a hot under the collar topic, because of its odiousness
A Look Inside Cybercriminal Call Centers (KrebsOnSecurity) Crooks who make a living via identity theft schemes, dating scams and other con games often run into trouble when presented with a phone-based challenge that requires them to demonstrate mastery of a language they don't speak fluently. Enter the criminal call center, which allows scammers to outsource those calls to multi-lingual men and women who can be hired to close the deal
U.S. Says Only Jeeps Had Hacker Vulnerability Via Radios (Wall Street Journal) National Highway Traffic Safety Administration ends five-month investigation, saying problem appears isolated
National Lottery fails to set a good security example to Android users (Graham Cluley) It's a huge weekend for the UK's National Lottery — with a jackpot of almost £60 million up for grabs in what's set to be the biggest payout since the Lotto began 21 years ago
Fitbit users fall victim to account takeovers. Don't reuse passwords! (Naked Security) Online crooks have recently broken into dozens of Fitbit accounts using leaked email addresses and passwords from third-party sites
Cyber crooks abuse legitimate EU Cookie Law notices in clever clickjacking campaign (Help Net Security) Cyber crooks have set up a clever new clickjacking campaign that takes advantage of pop-up alerts that European users are (by now) accustomed to see: the "EU Cookie Law" notifications
A Guide on 5 Common Twitter Scams (Tripwire: the State of Security) For National Cyber Security Awareness Month (NCSAM) last year, The State of Security published an article offering advice on how users can securely navigate the world of social networking. Among other things, our experts cited users sharing too much information and posting revealing photos as dangerous behaviors that could potentially invite attackers to profile their accounts
Social Network Sharing Makes Users an Easy Target for Cyber-Criminals (Information Security Buzz) A quiz from Kaspersky Lab has found that almost a third (30 per cent) of social network users share their posts, check-ins and other personal information, not just with their friends, but with everybody who is online. This is leaving the door wide open for cyber-criminals to attack, as users remain unaware of just how public their private information can be on these channels
Intel Skylake bug causes PCs to freeze during complex workloads (Ars Technica) Bug discovered while using Prime95 to find Mersenne primes
Bulletin (SB16-011) Vulnerability Summary for the Week of January 4, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Juniper Networks will drop code tied to National Security Agency (Business Insider) Juniper Networks said late on Friday it would stop using a piece of security code that analysts believe was developed by the National Security Agency in order to eavesdrop through technology products
Older IE Versions Losing Security Support on Tuesday (Threatpost) Anxiety was high around April 8, 2014 when Microsoft officially closed the door on security support for Windows XP. Many envisioned black hats worldwide stockpiling exploits waiting for the day when XP machines would be left permanently exposed
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (Mozilla Foundation Security Advisory 2015-150) Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This issues exposes NSS based clients such as Firefox to theoretical collision-based forgery attacks. This issue was fixed in NSS version 3.20.2
Unlike Mozilla, Google anticipated SHA-1 errors caused by HTTPS traffic inspection systems (IDG via CSO) Google plans to ban only SHA-1-signed certificates that were issued after Jan. 1 by public certificate authorities
VMware Security Advisories: VMSA-2016-0001 (VMWare) VMware ESXi, Fusion, Player, and Workstation updates address important guest privilege escalation vulnerability
VMware beefs up security, announces IBM and Intel collaborations (Business Cloud News) VMWare campus logoVMware has moved to patch flaws in several of its services and has worked with Intel Security to beef up its protection of mobile cloud systems
About the security content of QuickTime 7.7.9 (Apple Support) This document describes the security content of QuickTime 7.7.9. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available
After two fixes, OAuth standard deemed secure (Help Net Security) OAuth 2.0 is one of the most used single sign-on systems on the web: it is used by Facebook, Google, Microsoft, GitHub and other big Internet companies
Cyber Trends
Cybersecurity Predictions From 2015: Were the Experts Right? (Business 2 Community) About this time last year, experts and analysts all placed their official predictions for the cyber threat landscape in 2015. Now that a year has come and gone, it would be interesting to see if these so called analysts were correct
2016 Cyber Threat Predictions to Use to Your Advantage (SecurityWeek) Predictions describe a set of events that will or are highly likely to happen in the future; they connote a degree of inevitability
Majority of Companies Use Risk-Based Cybersecurity Framework (HealthIT Security) Nearly all companies surveyed in the recent PwC Global State of Information Security Survey 2016 — 91 percent — reported that they follow a risk-based cybersecurity framework
Majority of parents monitor their teens' digital activity. Do you? (Naked Security) Been poking around to see what your teen's up to online? If so, join the crowd
BSP wary of financial cybercrimes (Manilla Bulletin) Late last year, the Bangko Sentral ng Pilipinas (BSP) held its first-ever "Cybersecurity Summit for the Financial Services Industry" as the central bank and the banking community recognized the growing threat in digital, mobile and Internet banking from hackers-for-hire and cyber syndicates
Marketplace
Cockroaches Versus Unicorns: The Golden Age Of Cybersecurity Startups (TechCrunch) According to Gartner, worldwide information security spending reached $76.9 billion in 2015. As the frequency and intensity of hacks worsen, security spending is expected to reach $170 billion by 2020. That's more than 100 percent growth in five years
Simi Valley's American Technology Solutions targets cybersecurity products (Ventura County Star) With increasingly sophisticated threats to cybersecurity, it has become more important to find new and better ways to protect valuable information and systems. Chuck Sedlacek, president of Simi Valley-based firm American Technology Solutions Inc., or ATS, believes he and his colleagues have the solution
GM Asks Friendly Hackers to Report Its Cars' Security Flaws (Wired) As automotive cybersecurity has become an increasingly heated concern, security researchers and auto giants have been locked in an uneasy standoff. Now one Detroit mega-carmaker has taken a first baby step toward cooperating with friendly car hackers, asking for their help in identifying and fixing its vehicles' security bugs
SBA wants contractors to train small business on cyber (Federal Times) Cybersecurity is becoming big business, which can make it difficult for small businesses that don't have the funds to buy needed security tools
Smee joins ambitious CensorNet (CRN) Cohort founder Grahame Smee rocks up as security vendor's sales VP
Blue Coat hires NetApp's Nick Noviello as new CFO (ARN Net) Will be responsible for leading the company's finance, IT, human resources, manufacturing, and supply chain teams
Infoblox Appoints Edzard Overbeek to Its Board of Directors (CNN Money) Infoblox Inc. (NYSE: BLOX), the network control company, today announced the appointment of technology executive Edzard Overbeek to its Board of Directors, effective immediately
Products, Services, and Solutions
Cryptography Guru Announces Anonymous Communications Network Called PrivaTegrity (Softpedia) David Chaum announces new PrivaTegrity network, his own take on Tor and I2P, but with better encryption
Cloud Security Alliance Announces Formation of Australia and New Zealand Regional Coordinating Body (Cloud Security Alliance) New body to serve growing demand for cloud security interest and best practices through access to more regional activities
Sookasa Adds Security to Box's Cloud Storage Platform (CloudWedge) Sookasa has emerged as a leader within the cloud access security broker (CASB) market. As evidence of Sookasa's rapid rise in popularity, the security suite can now be integrated directly into your organization's Box storage accounts
Technologies, Techniques, and Standards
Vulnerability Management Program Best Practices — Part 1 (Tripwire: the State of Security) An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals that address the information needs of all stakeholders, its output is tied back to the goals of the enterprise, and there is a reduction in the overall risk of the organization
The Most Common Ecommerce Security Mistakes — And How to Avoid Them (Information Security Buzz) If there is one concern that all ecommerce site owners share, it's security
How to Tell Whether You're Getting a Return on Governance (SecurityWeek) Surveys can be mind-numbingly dry, but there is occasionally something surprising to be learned about what is happening in the industry
The Key Missing Piece of Your Cyber Strategy? Visibility (Nextgov) As cyberattacks are becoming cheaper and easier to perform, government IT personnel are diligently trying to maintain increasingly complex IT systems
The futility of data breach notifications (TechTarget) Olivia Eckerson discusses how her healthcare insurance provider was hacked, and why the data breach notification letter she received was less than helpful
How to Set up a Successful Bug Bounty Program [VIDEO] (eSecurity Planet) What does it take to run a successful bug bounty program?
Design and Innovation
Passwords being phased out in favour of biometrics (SecurityWatch) Passwords are being phased out as biometric security options take centre stage, according to new information from security software firm Wynyard Group
Academia
ISI Professor: Research, Training are Key to Quality Cybersecurity Instruction (Ferris State University) Hwee-Joo KamAn assistant professor in Ferris State University's Information Security and Intelligence program said she, and her peers are perpetually involved in training and research, so as to keep their curriculum up-to-date and relevant for students
Legislation, Policy, and Regulation
Germany restarts joint intelligence surveillance with US (Deutsche Welle) Germany's BND intelligence agency is once again working with its US counterpart on Middle East surveillance. Collaboration had been suspended after it was revealed the US was spying on European officials and firms
Europe Sets Up Digital 'SWAT' Team for Aviation Cyber Threats (Wall Street Journal) European aviation agency's team would identify and combat potential hacking attacks
White House Lobbies Tech Leaders in War Against Online Militants (Fortune) Top Obama Administration officials met with leaders from Apple, Google, and Facebook
Monitor Exclusive: How the US government wants Silicon Valley to counter terrorism (Christian Science Monitor Passcode) In the wake of Islamic State and other violent attacks, an Obama administration delegation met with technology leaders Friday to develop a strategy for battling terrorists' use of technology
Can Silicon Valley help fight terrorism and still protect privacy? (Naked Security) The big Silicon Valley tech companies like Google, Apple and Facebook have an obligation to protect their users' privacy and security — that much most of us can agree on
Why the U.S. Can't Make a Magazine Like ISIS (Daily Beast) ISIS's propaganda success isn't just online. Its magazine, Dabiq, is read all over the world. If only the U.S. government was so creative and effective
Why We Don't Need Backdoors to Move Ahead on Cybersecurity (Wall Street Journal) There is no such thing as 'good enough' encryption once a backdoor has been added
New National Security Tool Activated At Challenging Time (IC on the Record) Late last year, a judge of the Foreign Intelligence Surveillance Court gave the green light to the National Security Agency to start using a new tool to help the government protect against international terrorism while balancing the legitimate need to protect privacy and civil liberties
5 things Obama will say, should say, won't say on cyber (Federal Times) Cybersecurity was a small but important part of President Barack Obama?s 2015 State of the Union address. And with the events of the last year — the hack of Office of Personnel Management networks, breach of an IRS database, passage of information sharing legislation and an agreement with China to curb economic espionage — one would expect cyber to be a major part of this year's speech on Jan. 12
Fearful of Hacks, Pentagon Considers More Classified Programs (Defense News) When the Pentagon awarded the contract for the Long Range Strike-Bomber (LRS-B) program on Oct. 27, it declined to list key details, including which subcontractors would support prime contractor Northrop Grumman
9 DoD IT moves you missed over the holidays (C4ISR & Networks) Between Christmas Eve and New Year's Day, most people were checked out of the office — but not so at the Pentagon, where over the holidays new guidance, memos, reports and contract action all quietly emerged under the radar
HHS Office for Civil Rights unveils new guidance on patient rights to data under HIPAA (FierceHealthIT) OCR Director Jocelyn Samuels: 'Far too often individuals face obstacles to accessing their health information'
Building a better cyber weapon (Politico) If the United States is going to have an effective cyber strike capability, then cyber weapons must resemble traditional ordnance, says William Leigher, a retired Navy admiral turned top Raytheon executive. "It's got to look and smell like a weapon," he told MC on Thursday. "It doesn't yet"
Litigation, Investigation, and Law Enforcement
Bombshell: In Email, Hillary Ordered Aide to Strip Classified Marking and Send Sensitive Material (Townhall) The State Department waited until the middle of the night to execute its belated, court-ordered release of the latest tranche of Hillary Clinton's emails — the ones she and her attorneys didn't unilaterally delete with no oversight, that is
Clinton says she did not get classified information through email (Reuters) Democratic presidential candidate Hillary Clinton said on Sunday that she did not ask for classified information to be sent over a non-secure system while heading the State Department, responding to the latest development in an issue that has dogged her campaign for months
NSA, the black hole of government spying (Examiner) It was revealed last week that Israeli diplomats were not the only targets of the Department of Defense's data gathering operation on Capitol Hill. The NSA also intercepted sensitive calls by members of Congress in the data collection frenzy
FTC Levies Hefty Fine Over False Encryption Claims (Infosecurity Magazine) Dental software provider Henry Schein Practice Solutions has agreed to settle with the Federal Trade Commission (FTC) over charges it misled customers on the level of encryption its software provided to protect sensitive patient data
Takedown of criminal gang behind ATM malware attacks (Help Net Security) The Romanian National Police and the Directorate for Investigating Organised Crimes and Terrorism (DIICOT), assisted by Europol and Eurojust as well as a number of European Law Enforcement authorities, disrupted an international criminal group responsible for ATM malware attacks
States say Volkswagen has refused to turn over internal documents (Ars Technica) The automaker is citing German privacy laws as justification for not cooperating
Two months after FBI debacle, Tor Project still can't get an answer from CMU (Ars Technica) Ars Q&A: We sit down with Tor Project's new executive director, Shari Steele
Judges struggle with cyber crime punishment (The Hill) Judges are struggling to determine the appropriate punishments for cyber crimes even as U.S. law enforcement works to bring more of the Internet's bad actors to justice
Verizon Routing Millions of IP Addresses for Cybercrime Gangs (Spamhaus) Over the past few years, spammers have sought out large ranges of IP addresses. By spreading out their sending patterns across a wide range of IP addresses, they can attempt to defeat spam filters and get spam and malware emails delivered where they are not wanted. However, IPv4 addresses are getting scarce and hard to come by
How Stories Deceive (New Yorker) On the afternoon of October 10, 2013, an unusually cold day, the streets of downtown Dublin were filled with tourists and people leaving work early. In their midst, one young woman stood out. She seemed dazed and distressed as she wandered down O?Connell Street, looking around timidly, a helpless-seeming terror in her eyes
Ex-St. Louis Cardinals' Scout Pleads Guilty to Hacking Astros (BloombergBusiness) A former St. Louis Cardinals scouting director pleaded guilty to hacking into the Houston Astros' "Ground Control" database to steal private reports and player trade details, according to U.S. Justice Department
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
The Law and Policy of Cybersecurity Symposium (Rockville, Maryland, USA, Feb 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies, and anyone who assists organizations in preparing for and responding to cyber incidents should attend. Attendees will gain a comprehensive understanding of the legal and policy issues that they need to know when they represent clients, develop their organization's cyber strategy and policies, or respond to cyber incidents
CISO Chicago Summit (Chicago, Illinois, USA, Mar 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
CISO Atlanta Summit (Atlanta, Georgia, USA, Mar 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data
CISO Summit France (Paris, France, Mar 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming years. But even with enterprises tacking notice of new technologies capable of driving revenue and lowering costs, IT departments aren't yet in the clear. The role of the CISO is more important than ever as financial turmoil continues to alter the world's economy, making it difficult to put your organisation in a position to achieve success. The business goals have changed and CISOs are now tasked with trying to find emerging opportunities to drive value throughout the enterprise
Creech AFB–AFCEA Las Vegas Cyber Security, IT & Tactical Tech Day (Indian Springs, Nevada, USA, Apr 19, 2016) The Armed Forces Communications & Electronics Association (AFCEA) Las Vegas Chapter, with support from the 432d Wing, will host the 4th Annual Cyber Security, IT & Tactical Technology Day at Creech AFB on Tuesday, April 19, 2016. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB
Army SIGINT (Fort Meade, Maryland, USA, Apr 25, 2016) Approximately 500 attendees will come together to discuss future technologies in Signals Intelligence (SIGINT), focusing on applications for the actual users in the field (the soldiers). Most attendees will be Army personnel from outside of the Ft. Meade area. FBC will be working with the Army to invite all local Ft. Meade personnel and contractors to the expo as well. The industry expo will be held for one day only during the "Emerging Technologies" portion of the conference
Upcoming Events
FloCon 2016 (Daytona Beach, Florida, USA, Jan 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers, researchers, and others interested in applying the latest analytics against large volumes of traffic
Breach Planning & Incident Response Summit: Proactive Collaboration Between Private Industry and Law Enforcement to Mitigate Damage (Odenton, Maryland, USA, Jan 12, 2016) The Cybersecurity Association of Maryland, Inc.(CAMI), Chesapeake Regional Tech Council, Maryland Chamber of Commerce, Chesapeake Innovation Center, Tech Council of Maryland are partnering together to host this event designed to attract and educate CIO's, CISO's, CEO and Compliance officials from small to mid-sized commercial firms on the practical actions taken by the government, firms and organizations post-hack
Cyber Security Breakdown: Chicago (Chicago, Illinois, USA, Jan 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals
Insider Threat Program Development Training Course — Georgia (Atlanta, Georgia, USA, Jan 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies victimized by current or former employees incur costs from $5,000 to $3 million. bring? Is your company required to establish an Insider Threat Program per the requirements of NISPOM Conforming Change 2? Insider Threat Defense has trained a substantial number of U.S. Government Agencies (DoD, IC), Defense Contractors, Critical Infrastructure Providers, Aviation Security Professionals, large and small businesses on Insider Threat Program Development and Insider Threat Risk Mitigation
FTC PrivacyCon (Washington, DC, USA, Jan 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer advocates
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
POPL 2016 (St. Petersburg, Florida, USA, Jan 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome, on topics ranging from formal frameworks to experience reports
Automotive Cyber Security Summit — Shanghai (Shanghai, China, Jan 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards and new products and solutions designed to deal with the growing threats
SANS Institute: Information Security Training (Las Vegas, Nevada, USA, Sep 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel
CyberTech 2016 (Tel Aviv, Israel, Jan 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with the latest innovations and solutions featured by the international cyber community. The conference's main focuses are on networking, strengthening alliances and forming new connections. Cybertech also provided an incredible platform for Business to Business interaction
Global Cybersecurity Innovation Summit (London, England, UK, Jan 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. Our objective is to advance innovation and the growth of the cybersecurity sector by providing a platform for cybersecurity businesses, particularly small and medium enterprises (SMEs), to connect with key UK, US, and international decision makers, system integrators, investors, government policy makers, academia and other influential business executives
Fort Meade IT & Cyber Day (Fort Meade, Maryland, USA, Jan 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products and services to IT, Communications, Cyber and Intelligence personnel
ESA 2016 Leadership Summit (Chandler, Arizona, USA, Jan 31 - Feb 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and practices stay ahead of the curve. The Summit is a three-day conference filled with networking and educational opportunities dedicated to delivering business intelligence to electronic security companies and professionals that are ready to embrace innovation and grow