The CyberWire Daily Briefing 6.6.17

Summary

By The CyberWire Staff

The Intercept late yesterday published a highly classified NSA report detailing Russian hacking related to last year's US elections. A 25-year-old US Air Force veteran, Reality Leigh Winner, employed by Federal contractor Pluribus International, was questioned and arrested in Georgia Saturday, charged with "removing classified material from a government facility and mailing it to a news outlet, in violation of 18 U.S.C. Section 793(e)." She is alleged to have printed and removed the report from a secure facility on May 9. Authorities learned of the leak less than a week ago when a news organization, presumably the Intercept, began asking questions about the material.

The report is noteworthy in that is indicates a campaign to spearphish election officials and conduct reconnaissance of voting systems that ran from August into the first week in November, after Fancy Bear had been named, shamed, and told to cut it out or else.

The UK terrorists appear to have been very well-known wolves indeed, one of them even having appeared on a television documentary about radicalization. Apple hints it's supplied investigators with metadata relevant to the suspects.

ISIS continues to seek to inspire, now with online video of its soldiers destroying a church in the Philippines.

US hopes for an "Arab NATO" and Chinese hopes for a "new Silk Road" run afoul of a diplomatic crisis spurred by hacking in Qatar, Bahrain, and the UAE.

The DarkOverlord returns, leaking eight episodes of an ABC show on Pirate Bay after ABC refused to pay extortion.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Bahrain, Canada, China, Egypt, France, Greece, Ireland, Israel, Libya, Montenegro, Philippines, Qatar, Russia, Saudi Arabia, Singapore, United Arab Emirates, United Kingdom, United States and Yemen

On the Podcast

On today's podcast, we hear from our partners at Palo Alto Networks, as Rick Howard talks us through government cloud deployment. Our guest is Andrea Little Limbago from Endgame, who shares the results of a survey that looked into Americans’ perceptions of the US government’s cybersecurity capabilities.

Also, Recorded Future's latest podcast, From Russia with Lulz, produced in partnership with the CyberWire, is up (and you don't need a double-0 number to download and listen, either).

Sponsored Events

Delta Risk (Webinar, June 8, 2017) Insider threats are more prevalent but not any less difficult to detect and deter. One of the best ways to address insider threats is to implement a formal insider threat program in your organization. Delta Risk experts discuss essential elements of an insider threat program, and why you need one now more than ever.

CyberTech Fairfax (Fairfax, Virginia, USA, June 13, 2017) Cybertech Fairfax: meet tech execs, start-ups, investors & legal, media & mktg pros changing the global cyber landscape. Cybertech Fairfax is a thought-provoking conference on global cyber threats, solutions, innovations and technologies.

UMBC Cybersecurity Graduate Info Session (Rockville, Maryland, USA, June 15, 2017) Learn how UMBC’s graduate programs in Cybersecurity can elevate your career at our upcoming Info Session. Led by industry experts, our programs combine hands-on technical training with unparalleled opportunity.

CyberSecurity International Symposium (Chicago, Illinois, USA, July 10 - 11, 2017) Network with leading cybersecurity professionals, innovators, CIOs and regulators who are on the front lines of securing critical business and infrastructure networks. This in-depth Symposium examines the latest technologies, best practices, and lessons learned in achieving end-to-end network security for organizations of all varieties.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Leaked NSA report says Russians tried to hack state election officials (Ars Technica) Alleged source of leak arrested by FBI after Intercept provided copy to NSA.

Report: Russia Launched Cyberattack On Voting Vendor Ahead Of Election (NPR) Russia's GRU intelligence agency targeted an American provider of election services, The Intercept says; a U.S. intelligence contractor was charged with revealing a secret report about the scheme.

VR Systems issued the following statement regarding recent security reports (VR Elections) “When a customer alerted us to an obviously fraudulent email purporting to come from VR Systems, we immediately notified all our customers and advised them not to click on the attachment. We are only aware of a handful of our customers who actually received the fraudulent email and of those, we have no indication that any of them clicked on the attachment or were compromised as a result.

Could Russia have tampered with the U.S. voting system? A new report is raising questions (Newsweek) The Intercept reported Monday that Russian military intelligence launched a cyberattack on a U.S. voting software supplier.

Bombshell intel leak reveals Russia cyber attack targeted voting software and election officials (Raw Story) According to a report at The Intercept, an internal document at the NSA shows that Russian military intelligence “executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election.”

NSA Document Alleges Russian Intelligence Launched Cyber Attack on Voting Machine Software Vendor (IJR - Independent Journal Review) "...executed cyber espionage operations..."

Report suggests Russia hackers breached voting software firm (Military Times) Russian hackers attacked at least one U.S. voting software supplier days before last year's presidential election, according to a government intelligence report leaked Monday that suggests election-related hacking penetrated further into U.S. voting systems than previously known.

What’s Inside Leaked NSA Report on Russian Election Hacking? (MSNBC) NBC’s Ken Dilanian breaks down the contents of a top-secret NSA document obtained by The Intercept detailing Russia’s hacking effort days before the 2016 election.

From Russia With Lulz (Recorded Future) Russian hackers are central players all over the news today. But what’s the real story? In this episode, we welcome back Andrei Barysevich to find out.

A TV Hack Appears to Have Sparked the Middle East's Diplomatic Crisis (Motherboard) Alleged hackers broke into a TV station to broadcast and tweet fake news, provoking a huge diplomatic incident.

Greek extremists go abroad for training in revolution (Deutsche Welle) From anarchists to nihilists, militant Greek youth are increasingly networking with other global forces of violence. Left unchecked, they risk turning into loose cannons, disregarding all costs, reports Anthee Carassava.

Islamic State video shows destruction of church in Marawi (FDD's Long War Journal) The Islamic State’s Amaq News Agency released a short video showing the destruction of a church inside Marawi city. This is the second video released by Amaq from the southern Philippines city.

More Payloads Appear for EternalBlue NSA Weapon (Infosecurity Magazine) It is likely that we will see yet more additional payloads for the tool.

WannaCry Exploit Could Infect Windows 10 (Dark Reading) The EternalBlue remote kernel exploit used in WannaCry could be used to infect unpatched Windows 10 machines with malware, researchers find.

'ExplodingCan' NSA exploit menaces thousands of servers (iTnews) Many vulnerable in Australia.

Punching down the Judy Android adware: a SophosLabs analysis (Naked Security) What’s going on under the hood of the Judy apps we wrote about last month? We had a look – and didn’t like what we found

Malware and XOR - Part 1 (SANS Internet Storm Center) Malware authors often encode their malicious payload, to avoid detection and make analysis more difficult.

40,000 Subdomains Tied to RIG Exploit Kit Shut Down (Threatpost) GoDaddy, along with researchers from RSA Security and other companies, shut down tens of thousands of illegal established subdomains tied to the RIG Exploit Kit.

Synopsys Research Highlights the Pervasive Use of Outdated and Insecure Third-Party Software Components (PRNewswire) Synopsys, Inc. (Nasdaq: SNPS) today released its report, "The...

Short, Stealthy, Sub-Saturating DDoS Attacks Pose Greatest Security Threat to Businesses (BusinessWire) New DDoS trends and analysis report warns of "Trojan Horse" DDoS attacks intended to disrupt and distract network operators from more dest

#Infosec17: Botnets & Their DDoS Attacks Are Our Collective Problem (Infosecurity Magazine) DDoS attacks are all too commonly thought of as “someone else’s” problem, but botnets are all too easily formed

53 Percent of Enterprise Flash Installs are Outdated (Threatpost) More than half of enterprises are exposing themselves to unnecessary risk by running out-of-date versions of Flash.

Developers Again Blamed for Cloud Back-End Security Vulnerabilities (ADTmag) Developers are once again being blamed for cloud security vulnerabilities, this time in a new report from Appthority, which found terabytes of enterprise data exposed on cloud back-ends, including personally identifiable information.

Application security trends: What you need to know (Help Net Security) High-Tech Bridge released a summary report on application security trends for Q1 – Q2 2017, which provides and extensive overview.

Hackers Ruin ABC TV Show Premiere, Leak First Eight Episodes on Torrent Site (BleepingComputer) The hacker group known as The Dark Overlord (TDO) leaked today the first eight episodes of an upcoming TV game show, set to premiere on ABC on Sunday, June 11.

ICO Audit: Met Police Use Of Windows XP Risks User Data Security (Silicon UK) A consensual audit has found 'considerable scope for improvement' in the Met Police Service's data protection arrangements

Cyber Trends

State of Cyber Security 2017 (ISACA) For the third year in a row, ISACA has surveyed security leaders worldwide to determine their insights and experiences with key cyber security issues, ranging from workforce challenges and opportunities to the emerging threat landscape.

Facebook safety check: telling loved ones you’re safe is a good thing (Naked Security) Our data may be currency to Facebook, but being able to let your loved ones know you’re safe is priceless

The transformational potential for GDPR (Computing) GDPR presents CIOs and IT directors with the leverage to enforce a culture of secure IT and data management, argues Gordon Morrison

GDPR spells the end of programmatic advertising as we know it (Computing) Mark Roy, chairman of REaD Group, believes that the new legislation will limit the use of AI, whatever Google, Facebook et al might try to do to stop it

Data sovereignty remains biggest enterprise GDPR fear (Computing) Cloud worries still prevalent as May 2018 approaches, finds research

Marketplace

Cybersecurity labor crunch to hit 3.5 million unfilled jobs by 2021 (CSO Online) The cyber crime epidemic is expected to triple the number of open cybersecurity positions to 3.5 million over the next five years.

Armis Launches from Stealth to Eliminate IoT Security Blind Spot for Enterprises (Armis) Sequoia Capital and Tenaya Capital invest $17M to help enterprises gain visibility and control over threats created by the explosion of connected devices

Cloud security broker Netskope raises $100m more led by Lightspeed and Accel (TechCrunch) As enterprises continue to move more of their computing to the cloud, and across an ever-expanding range of devices from computers to phones and tablets and..

FireEye 2.0: Cyberhumans as a Service (CSO Online) FireEye CEO Kevin Mandia discusses the company's approach to cyber crime and cybersecurity.

Radware (RDWR) to Buyback $40.00 million in Outstanding Stock (Cerbat Gem) Radware (NASDAQ:RDWR) announced that its board has authorized a share repurchase plan, which permits the company to buyback $40.00 million in shares on Tuesday, April 25th, EventVestor reports.

NCI Awarded Prime Position on $37 Billion Multiple Award Contract with US Army (BusinessWire) NCI announced it won a prime position on the multiple award indefinite-delivery, indefinite-quantity U.S. Army Communications‒Electronics Comman

General Michael Hayden Joins root9B Advisory Board (PRNewswire) root9B, a root9B Holdings, Inc. (NASDAQ: RTNB) company and...

Forcepoint Names Praveen Asthana as Chief Marketing Officer (PRNewswire) Global cybersecurity leader Forcepoint™ today announced technology...

Leading Energy Sector Executive, Jason Few, Joins Verve Industrial Protection as Senior Advisor (PRNewswire) Verve Industrial Protection is pleased to announce the...

Products, Services, and Solutions

Qualys to Help Customers Worldwide Comply with European Union General Data Protection Regulation (GDPR) (Qualys) Qualys Cloud Platform out-of-the-box capabilities enable assessment and management of internal and third-party risk, and reporting on GDPR requirements

GlobalSCAPE, Inc. Delivers Enhanced Data Governance, Visibility and Intelligence with Release of EFT Insight (BusinessWire) Latest version features include modern interface, real-time data management analytics, automatic alerts and robust reporting.

Versasec and cryptovision Form Technology Partnership (Versasec) Smart Card Management Systems Company customizes its Credential Management System to Support the cryptovision ePKI Smart Card Applet and sc/interface middleware

Tenable Delivers the First Vulnerability Management Platform to Unify IT and OT Security for the Full Range of Traditional and Modern Assets (CSO) Expanded Tenable.io platform incorporates Nessus Network Monitor alongside new container and web application security products for improved discovery and vulnerability management of operational technology assets like ICS/SCADA

Blackberry signs up Optus Business and Briggs Communications for AtHoc partnership (CRN Australia) Telco and Briggs Communications to support new product.

Cloud Security Alliance Announces "Grand Opening" of Its New Third-Party Global Consultancy Program (PRNewswire) The Cloud Security Alliance (CSA), the world's leading organization...

Mimecast and PhishMe Collaborate to Improve Cyber Resilience - NASDAQ.com (NASDAQ.com) Organizations can now harness powerful security controls with impactful education from the cloud

A10 Networks Delivers Enhanced Solutions for Processing the Rising Tide of Encrypted Internet Traffic (BusinessWire) A10 Networks (NYSE: ATEN), a Secure Application Services™ company, today introduced third-generation SSL/TLS hardware solutions to help organiza

80% of NGFWs Fail to Detect Evasions (Infosecurity Magazine) In independent testing, the average security effectiveness rating was 67.3%.

Technologies, Techniques, and Standards

The Trouble if Security Awareness Training Is Mainly a Penalty (Government Technology) Every technology leader wants a security-aware, cyber-savvy enterprise culture. But what does that mean and how can we get there? There is an ongoing debate regarding security awareness training techniques, engagement and overall effectiveness. Let’s explore.

What can DoD, civilian cyber efforts learn from the Coast Guard approach to maritime security? (FederalNewsRadio.com) Sen. John McCain (R-Ariz.), chairman of the Armed Services Committee, asked whether a new approach to the tactical and operational aspects of federal cybersecurity could be a powerful tool for addressing gaps that impede existing organizational structures.

Why Two Factors are Better than One (Infosecurity Magazine) Two factors are better than one in the security authentication landscape.

Design and Innovation

The First Space-Based ‘Nation’ Wants to Store Data Off-Planet, Beyond the Law (Motherboard) 'Asgardia' plans to launch a data storage satellite beyond the reach of Earthly laws—an ambitious and problematic goal.

Legislation, Policy and Regulation

Theresa May’s repeated calls to ban encryption still won’t work (New Scientist) After the latest terrorist attack in London, the Prime Minister has called for internet companies to stamp out safe spaces for terrorists – but this is unworkable

Blaming the Internet For Terrorism Misses The Point (WIRED) Governments need to focus on real-world solutions to terrorism.

5 Arab Nations Move to Isolate Qatar, Putting the U.S. in a Bind (New York Times) The feud among regional allies of Washington threatens to stress the American-led campaign against ISIS and complicate efforts to confront Iran.

Tillerson: Growing list of 'irritants' isolating Qatar (Washington Examiner) U.S. allies in the Persian Gulf are in a diplomatic kerfuffle

Qatar rift sets back Trump's 'Arab NATO' (Defense News) A diplomatic rift between Qatar and four Gulf neighbors shows why a military union to fight terrorism and push back against Iran is easier said than done.

Arab nations cut ties with Qatar, home to major US military base, in new Mideast crisis (Military Times) Saudi Arabia and other Arab powers severed diplomatic ties Monday with Qatar and moved to isolate the energy-rich nation that is home to a major U.S. military base, accusing it of supporting terrorist groups and backing Iran.

How the Gulf row is blocking China’s new Silk Road (South China Morning Post) Rift between Qatar and its neighbours could disrupt key projects in Beijing’s sprawling trade initiative

Why Did Several Arab Countries Suddenly Cut Ties With Qatar? (Foreign Policy) On the heels of Trump's visit to Saudi Arabia, that country and others cut Gulf ties.

Singapore, Australia forge cyber security ties (ComputerWeekly) The two countries will conduct joint cyber security exercises, among a raft of measures to secure critical infrastructure and bolster cyber security knowhow

NSA chief urges Israel US cyber security cooperation (Globes) Keith Alexander: These two countries realize that someone who can't wage physical war will try to fight in the cyber sphere.

Defying Russia, Montenegro Finally Joins NATO (VOA) Move by former Russia ally has infuriated Moscow which has sought to maintain strong influence in country it considers special zone of interest

Congress may go after software vulnerabilities, DHS's cyber role this summer (Washington Examiner) The WannaCry ransomware attack highlighted the absence of an effective integrated response process.

What is the NYDFS Cybersecurity Regulation? A New Cybersecurity Compliance Requirement for Financial Institutions (Digital Guardian) Learn about the new NYDFS Cybersecurity Regulation and its implications for financial institutions in Data Protection 101, our series on the fundamentals of information security.

The End of Net Neutrality Could Shackle the Internet of Things (WIRED) Fear the pay-per-device dystopia.

Litigation, Investigation, and Enforcement

Contractor charged in NSA document leak case (Washington Post) The charge against a 25-year-old woman is the first leak prosecution of the Trump administration.

Feds Charge NSA Contractor Accused of Exposing Russian Hacking (WIRED) The arrest of an alleged source of a classified leak to the Intercept offers a lesson in the risks of spilling secrets.

Federal Government Contractor in Georgia Charged With Removing and Mailing Classified Materials to a News Outlet (US Department of Justice) A criminal complaint was filed in the Southern District of Georgia today charging Reality Leigh Winner, 25, a federal contractor from Augusta, Georgia, with removing classified material from a government facility and mailing it to a news outlet, in violation of 18 U.S.C. Section 793(e).

How the New Suspected NSA Leaker Reality Winner Was Caught (Motherboard) From the characteristics of physical documents, to not using work computers, there’s plenty to learn from the recent bombshell leaking charge.

Putin dismisses US claims about Trump, Russia and elections (Military Times) Russian President Vladimir Putin is dismissing as "a load of nonsense" the idea that Russia has damaging information on President Donald Trump and denies having any relationship with him.

NSA Director Mike Rogers poised to ‘drop a bomb’ on Trump admin during Wednesday testimony: MSNBC (Raw Story) Atlantic magazine writer Steve Clemons said during a Saturday panel on MSNBC’s “The Point with Ari Melber” that National Security Agency (NSA) Director Michael Rogers “may have a bomb to drop” on the Trump administration.

The Man Who Made the Mistake of Trying to Help Wikileaks (Motherboard) In his first interview, former US government lab worker Jason Scott Katz tells Motherboard about how trying to decrypt one file led to an FBI raid, losing his job, moving to Iceland, and founding the Pirate Party there.

Fears over warning system as more known extremists slip through net (Times (London)) For the third time in three months, a terrorist attack has been carried out by people known to the police and intelligence services. Questions about the security services’ capacity to track...

Apple hints it’s handed over metadata on UK terror suspects (TechCrunch) Apple CEO Tim Cook has revealed the company has been co-operating with the UK government in handing over metadata in the wake of a series of terror attacks in..

London attacker Khuram Butt linked to 7/7 bombing suspect (Times (London)) One of the London Bridge attackers was free to carry out the atrocity despite working for a man accused of helping to train the July 7 bombing ringleader and being under investigation by police and...

Police say one of the London Bridge attackers was previously known to authorities (ABC News) One of the three men who were shot and killed by police following the terrorist attack that killed seven people on the London Bridge on Saturday night was previously known to authorities.

ISIS rock star Choudary extends Islamist influence – even from behind bars (Fox News) A jailed British hate preacher who’s become ISIS’ rock star radicalizer in the U.K. has been linked to one of the suspected jihadis behind Saturday’s van and knife attack in London – but it’s only the latest example of the Islamist leader’s tentacles touching ISIS plots in England.

Knifeman Rachid Redouane used a false name to leave Dublin for London (Times (London)) Rachid Redouane, one of the attackers shot dead by police in the London Bridge attack, was able to move from North Africa via Dublin to a tower block in Dagenham, east London, without officials...

‘I Trusted Him’: London Attacker Was Friendly With Neighbors (New York Times) The police identified two of the three suspects in Saturday’s attack, as Prime Minister Theresa May faced questions over her record on security.

There Is No Intelligence Solution to Britain’s Rivers of Blood (Observer) After three jihadist attacks in as many months, the United Kingdom is facing a protracted insurgency—not mere terrorism.

UK police arrest man via automatic face-recognition tech (Ars Technica) Camera-equipped van in South Wales apparently spotted man whose face was in database.

Police in Oklahoma Have Cracked Hundreds of People's Cell Phones (Motherboard) Usage logs obtained by Muckrock show departments are cracking phones hundreds of times a year

Following the Money Hobbled vDOS Attack-for-Hire Service (KrebsOnSecurity) A new report proves the value of following the money in the fight against dodgy cybercrime services known as “booters” or “stressers” — virtual hired muscle that can be rented to knock nearly any website offline

Woman Accused of Hacking Company and Redirecting Money to Her Bank Account (BleepingComputer) The Royal Canadian Mounted Police (RCMP) have arrested and charged a Canadian woman for hacking into the email of a local company's CEO and redirecting 52,000 Canadian dollars ($38,600) to her own bank account.

Sabre, Travelport Hacker Sentenced to Prison (Dark Reading) A West African man who stole airlines tickets from Global Distribution System companies via a phishing campaign and fraud operation was sentenced to prison for four years and 10 months.

Why ‘I forgot my password’ won’t go down well with a judge (Naked Security) Two cases in Florida suggest that claiming you can’t remember your phone’s password mean you could end up in even more trouble

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Global Insider Threat Summit (London, England, UK, June 22, 2017) Companies are spending millions on cybersecurity, but breaches are still on the rise. Multinational enterprises, small businesses, healthcare organizations, and even national governments are all feeling the effects. At the Global Insider Threat Summit, we'll discuss why the changing tech landscape means adapting a new approach to cybersecurity -- and why user behavior is the starting point.

upcoming Events

Cyber Resilience Summit: Measuring and Managing Software Risk, Security and Technical Debt (Brussels, Belgium, June 6, 2017) The Consortium for IT Software Quality is bringing the Cyber Resilience Summit to Europe, to take place on 6 June 2017 in Brussels, Belgium, the vibrant heart of political Europe and headquarters of the European Commission. All are invited to attend! The theme of the Summit is “Measuring and Managing Software Risk, Security and Technical Debt.” Discussion will focus on the latest strategic thinking from innovative American and European CIOs and IT policy makers.

National Cyber Security Summit (Huntsville, Alabama, USA, June 6 - 8, 2017) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. The summit attracts commercial and defense companies as well as healthcare, automotive and energy industries.

Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information security solutions and products to 13,500 visitors.

4th Annual Cybersecurity Summit (Arlington, Virginia, USA, June 7, 2017) Federal agencies are facing ever more sophisticated adversaries and threats that place our privacy, our economy, and our nation at risk. Cybersecurity is a dynamic and crosscutting field that is ever changing and increasingly challenging to address. This in-depth, half-day session will gather an all-star line-up of chief information officers, chief information security officers, and other thought leaders from government and industry who will explore growing threats as well as innovative approaches to attract and retain the best cyber talent. The 4th Annual Cybersecurity Summit is a place for important discussions about the challenges with cyber-security and is also a significant benefit both for the AFFIRM scholarship program, which helps students focused on IT skills... and is the largest support for USCC's summer camp program, which focuses on cybersecurity.

Cyber 8.0 Conference (Columbia, Maryland, USA, June 7, 2017) Join the Howard County Chamber of Commerce for their 8th annual cyber conference, where they will explore innovation, funding, and growth. Participants can expect riveting discussions from cyber innovators and entrepreneurs, from leading venture capitalists and financiers, and from government agencies who look to our industry base for technologies and solutions.

2017 ICIT Forum: Rise of The Machines (Washington, DC, USA, June 7, 2017) The 2017 ICIT Forum brings together over 300 cybersecurity executives from across critical infrastructure sectors to receive the latest ICIT research from our experts, share knowledge, develop strategies and identify next-generation technologies to improve their resiliency. Topics include Artificial Intelligence, IoT, Advanced Analytics, APT Profiles, Blockchain, Cloud and more!

SecureWorld Chicago (Rosemont, Illinois, USA, June 7, 2017) Join your fellow security professionals for high-quality, affordable training and education. Attend featured keynotes, panel discussions, and breakout sessions—all while networking with local peers. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders.

NYS Cyber Security Conference (Albany, New York, USA, June 7 - 8, 2017) June 2017 marks the 20th Annual New York State Cyber Security Conference and 12th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. Technology's increasing sophistication has driven new trends in device mobility, social media, and expanded connectivity. Cyber security once considered an issue for IT staff has evolved into a concern for the entire organization. This year's conference examines the broad range of today's cyber challenges and the ways in which organizations can improve security, and create resiliency against cyber threats.

RSAC Unplugged (London, England, UK, June 8, 2017) Informal, up close and personal, intimate…that’s RSAC Unplugged. Ignore the background noise and focus on what’s important in information security right now as part of a one-day program focused on excellent content. Raw and uncut, it’s the best of RSA Conference in a single day.

Insider Threat Program Development / Management Training For NITP-NISPOM CC 2 (Huntsville, Alabama, USA, June 8 - 9, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program (ITP) Development / Insider Threat Risk Management (National Insider Threat Policy (NITP), NISPOM Conforming Change 2) on June 8-9, 2017, in Huntsville, AL. For a limited time the training is being offered at a $795. This training will provide the ITP Manager-Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP and NISPOM CC2 / DSS ISL-2016-02 - ITP requirements. Any organization (State Government Agencies, Businesses, Etc.) that is not required to implement an ITP, but is concerned with Insider Threat Risk Mitigation will also benefit greatly from this training. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Development / Insider Threat Risk Management Training.

BSides Pittsburgh 2017 (Pittsburgh, Pennsylvania, USA, June 9, 2017) BSides Pittsburgh is part of a global series of community-driven conferences presenting a wide range of information security topics from technical topics, such as dissecting network protocols, to policy issues such as managing information leakage via social networks. Pittsburgh has a flourishing information security community; this is a great chance to meet each other, share ideas and work together.

29th Annual FIRST Conference (San Juan, Puerto Rico, USA, June 11 - 16, 2017) FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.

21st Colloquium, Cyber Security Education Innovation for the 21st Century (Las Vegas, Nevada, USA, June 12 - 14, 2017) The Colloquium for Information Systems Security Education (CISSE) provides a forum for dialogue among academia, industry and government. Protection of the information and infrastructure used to create, store, process, and communicate information is vital to business continuity and security. CISSE supports cyber security educators, researchers and practitioners in their efforts to improve curricula and foster discussion of current and emerging trends, working to define education requirements and encourage development of information security curricula and courseware.

ETSI Security Week 2017 (Sophia Antipolis, France, June 12 - 16, 2017) This year's event will address key cybersecurity standardization challenges in the short, medium and longer term. The event will look at the different aspects of cybersecurity underpinning our digital world. The cybersecurity community will come together at ETSI to network and exchange on the state of standardization for cybersecurity.

Cyber Tech Fairfax (McLean, Virginia, USA, June 13, 2017) Cybertech Fairfax will provide attendees with a unique opportunity to learn about the latest innovations and solutions from the cyber community. It will serve as an incredible B2B platform with a strong focus on networking, strengthening existing alliances and forming new ones. Get acquainted with the products and people leading the industry and creating new technological solutions to tackle today’s cyber challenges.

Cyber Tech Fairfax (McLean, Virginia, USA, June 13, 2017) A thought-provoking conference and exhibition on global cyber threats, solutions, innovations and technologies. At Cybertech Fairfax, high-profile speakers and panelists will focus on the global cyber threat, and strategies and solutions that meet the diverse challenges for a wide range of sectors including finance, transportation, utilities, defense, communication and government, to protect operations, infrastructure and people.

LegalSec Summit 2017 (Arlington, Virginia, USA, June 13 - 14, 2017) Whatever your role in security, there’s something here for you! Hear from experts who will share their experiences related to information security, and develop takeaways to use in your organization. The target audience for ILTA’s LegalSEC Summit is legal technology professionals at every level and general counsel who touch legal security in their law firm or law department and want to learn more and connect with peers. Organized by the International Legal Technology Association.

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, June 13 - 15, 2017) Cyber operations are a challenging mission for the U.S. Defense Department and government community that builds, operates and defends networks. Cyber leaders and warriors must continually evolve to adapt to future innovations and develop and leverage cutting-edge tools and technologies. AFCEA’s Defensive Cyber Operations Symposium provides an ethical forum where government and industry will focus on “Connect and Protect.” Participants will discuss requirements and solutions to ensure that the networks within DoD are adaptive, resilient and effective across a range of uses and against diverse threats. Speakers will include leaders in the Defense Information Systems Agency, Joint Force Headquarters-DoD Information Network and DoD Chief Information Office.

Global Cybersecurity Summit 2017 (Kiev, Ukraine, June 14 - 15, 2017) During the two-day summit, participants will be exposed to cybersecurity best practices, cutting-edge advancements, and emerging innovations in defensive security across a series of categories, including policy and government, Internet of Things (IoT), industrial controls, and more.

Information Assurance Symposium (Baltimore, Maryland, USA, June 19 - 21, 2017) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today's challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2017 IAS is expecting upwards of 2,500 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, three distinct tracts and panel discussions spanning over three days.

Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 19 - 21, 2017) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the first annual Cyber Security Summit in June 2017. The summit, presented in a continuing education format, welcomes Norwich alumni and their guests interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level. Register today to reserve your space at the summit.

Hack in Paris (Paris, France, June 19 - 23, 2017) Hack In Paris brings together major professional IT security and technical hacking experts to attend training and talks exclusively in English. Intrusion attempts grow more frequent and sophisticated, regardless of their target (state or corporation). In this context, international hacking events are multiplying. A few events took place in France but until now, no one had covered hacking practices with a technical approach including both professional training and information aspects. Hack In Paris aims at filling this gap. The program includes state of the art IT security, industrial espionage, penetration testing, physical security, forensics, malware analysis techniques and countermeasures.

SANS Minneapolis 2017 (Minneapolis, Minnesota, USA, June 19 - 24, 2017) Get relevant, practical cybersecurity training at SANS Minneapolis 2017 (June 19-24). This event features the information needed to build crucial skills in protecting your organization from the latest cyber-attacks. Now is the time to enhance your skills and further your career.

Naval Future Force Science and Technology Expo (Washington, DC, USA, June 20 - 23, 2017) The Office of Naval Research’s (ONR) biennial 2017 Naval Future Force Science and Technology (S&T) EXPO will take place July 20-21, 2017. The Expo is the premier S&T event for the Navy and Marine Corps and is held every two years. It draws several thousand attendees and is designed to support the objectives of the Naval S&T Strategy. An updated version of the strategy will be unveiled at the event. It also will showcase some of the Navy’s and Marine Corp’s latest technologies and bring together the brightest minds from around the world to share information; discuss research opportunities; and build partnerships between the Navy, Marine Corps, industry and academia.

Borderless Cyber USA (New York, New York, USA, June 21 - 22, 2017) Borderless Cyber is an international, executive-level conference series that began in 2015. It’s designed to bring together the private sector and policy makers to evaluate, debate, and collaborate on cyber security best practices and solutions. Hosted by the OASIS open consortium, previous Borderless Cyber events were held in partnership with The World Bank in Washington, D.C., with the European Parliament in Brussels, and with Keio University in Tokyo. In 2017, the conference will be held in New York City and The Hague.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.