The CyberWire Daily Briefing 6.21.17

Summary

By The CyberWire Staff

Today's news involves consideration of nation-state cyber conflict. US Senators push the Department of Homeland Security to release a full report on its investigation into US election influence operations. Former Homeland Security Secretary Johnson calls for more Federal assistance with election security. (New York State isn't waiting.)

The hybrid war in Ukraine continues; Ukraine looks to the US for support and finds encouragement in US President Trump's meeting with Ukrainian President Poroshenko.

The US Congress also wants some answers about what appear to be, and are generally regarded as, leaks from within the US Intelligence Community. The House Armed Services Committee is looking into establishing closer oversight of the Intelligence Community, particularly with respect to cyber operations. NSA itself seems likely to receive an enhanced inspector general's office as the agency responds to a Defense Department investigation into past leaks, including progress made since the Edward Snowden affair.

Leaks from US agencies are also regarded as having produced significant collateral damage as tools and information found their way into criminal hands. Dr. Web, for one, is tracking the progress of such tools as they're used to infect machines with Bitcoin mining software.

In the course of the anti-trust lawsuit Kaspersky filed against it, Microsoft is detailing the security features and use cases of Windows 10.

Trustwave has released its 2017 Global Security Report, which looks back at the past year's security trends. There's some good news—enterprises are detecting intrusions faster, for example—but more trends are negative than positive.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Canada, European Union, France, Qatar, Russia, Saudi Arabia, Ukraine, United Arab Emirates, United Kingdom, United States and Zimbabwe

We're still in New York today, and we'll be here tomorrow as well, attending Borderless Cyber USA, the conference convened by OASIS. We'll have coverage beginning Friday; in the meantime watch for live tweets.

On the Podcast

In today's podcast we hear from our partners at Lancaster University, as Awais Rashid discusses security stakeholder biases. Our guest is Arlen Frew from Nominum, who takes us through small business vulnerabilities.

Sponsored Events

The Cyber Security Summit: DC (Washington, DC, USA, June 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Cybraics, CenturyLink, Alert Logic and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Selected Reading

Dateline

Hiring the right people. And what vendor approaches don't work. (The CyberWire) Don't pester prospective customers with cold calls when they're in the throes of incident response. But stay engaged and helpful with your existing customers.

How and why enterprise website security fails. (The CyberWire) There are two trends affecting enterprise website security: the emergence of the browser as the basic tool of data access and collaboration in the workplace, and the rapid disappearance of lines between business and personal accounts.

SINET Thinks Forward: "Fundamentals for the Future of Successful Security Programs" (The CyberWire) The conference's second "SINET Thinks Forward" talk was given by Roland Cloutier (Senior Vice President and Chief Security Officer, ADP). Cloutier outlined five fundamentals: a successful program should be converged, by design, with active decisioning, transparent integration, and ubiquitous ecosystem defense.

Cyber Attacks, Threats, and Vulnerabilities

The Microsoft security hole at the heart of Russian election hacking (Computerworld) We’re reliving the Visual Basic-spawned bad times of 1999.

A Change in Diplomacy with the Click of a Mouse (LookingGlass Cyber Solutions Inc.) US officials believe that Russian hackers planted a fake news story in Qatar’s state news agency, contributing to tensions among key US allies in the Gulf.

How intelligence data leaks caused collateral damage for infosec (SearchSecurity) Intelligence data leaks, like the recent ones at the NSA and CIA, can cause serious damage for cybersecurity. Here's how.

Valerie Plame warns of increased nation-state cyberattacks (SearchSecurity) Former CIA officer Valerie Plame spoke at the 2017 Cloud Identity Summit about the growing threat of nation-state cyberattacks.

Muslims fast in Ramadan to practice compassion and self-restraint. Terrorists see it as a time to step up violence (Los Angeles Times) Islamic State terrorists have skewed the meaning of Ramadan to justify violence and killing of civilians, the majority of whom have been Muslims. Here’s why jihadists politicize Islam's holiest month

CENTCOM confirms Islamic State’s ‘Grand Mufti’ killed in airstrike | FDD's Long War Journal (FDD's Long War Journal) US Central Command (CENTCOM) confirmed today that the Islamic State's Turki al-Bin’ali was killed in a May 31 airstrike in Mayadin, Syria.

Mexico accused of spying on journalists and activists using cellphone malware (Guardian) Targets received SMS messages with links which installed software that recorded keystrokes and compromised contact lists

SophosLabs analysis: why the surge in Word docs hiding ransomware? (Naked Security) The bad guys are using old tricks to hide very modern nasty surprises in Word documents. We take a look at how they’re doing that

Cybercriminals targeting Apple’s Mac users with malware attacks (ETCIO.com) Apple devices no longer safe against security breaches as new attack opportunities and threat vectors make Macs an easier target, according to Fortine..

Stack Clash bug could give root privileges to attackers on Unix, Linux systems (Help Net Security) Qualys researchers have unearthed Stack Clash, a serious privilege escalation bug affecting a wide variety of Unix and Unix-based operating systems.

NSA Malware Used to Infect Windows PCs with Cryptocurrency Miner (BleepingComputer) Windows computers are being targeted with a new cryptocurrency miner that uses an NSA hacking tool to infect users' PCs. Detected under the generic name of Trojan.BtcMine.1259, this trojan was first spotted last week by Russian antivirus vendor Dr.Web.

Phishing – how this troublesome crime is evolving [Security SOS Week] (Naked Security) Join us today to learn from Sophos expert Peter Mackenzie how to keep your organisation safe from the pernicious problem of phishing.

Hackers extorted a cool $1 million from South Korean web hosting provider (Help Net Security) Hackers extorted 1 million after using Erebus ransomware to infect 153 Linux servers, which were hosting the websites of some 3,400 businesses.

()

Harare Institute of Technology allegedly hit with cyber attack (Techzim) Harare Institute of Technology university website may have been hacked. Here are the details of what the attacker is demanding.

New ‘Orange is the New Black’ season leaked by hackers targeting Windows 7 (Digital Trends) Post-production company Larson Studios was hacked by a group targeting Windows 7, and the new Orange Is The New Black season was leaked.

When Hiring and Firing Puts Your IP at Risk (Cylance) Employees aren’t permanent fixtures. They come and they go. When employees arrive or leave, you need to have in place capabilities to protect against intellectual property theft.

Security Patches, Mitigations, and Software Updates

Did you know? Mac Office 2011 support conks out on Oct. 10 (Computerworld) Companies with employees running Office for Mac 2011 have until Oct. 10 to replace the suite's applications with those from Office for Mac 2016.

Cyber Trends

Automation 'big as the introduction of nuclear weapons,' says intel official (C4ISRNET) Automation and algorithms will open up previously unperceived possibilities for the Defense Department.

2017 Trustwave Global Report Reveals Cybersecurity Trends (Trustwave) Trustwave today released the 2017 Trustwave Global Security Report which reveals the top cybercrime, data breach and security threat trends from 2016. The report demonstrates both good and bad news in the world of cybersecurity as intrusion detection and breach containment times were relatively better, but other threats like malvertisements became cheaper and malicious spam saw increases.

Gains, losses in efforts to combat cyber crime in 2016: Trustwave (Canadian Underwriter) The fight against cyber crime showed both advances and retreats in 2016, with improvements on the intrusion detection and breach containment fronts matched by cyber crime increasingly being treated as a business, suggests a Trustwave report released Tuesday. Findings in…

Organizations Are Detecting Intrusions More Quickly (Dark Reading) But almost every other metric in Trustwave's 2017 global cybersecurity report card is headed in the wrong direction.

IBM & Ponemon Institute Study: Cost of a Data Breach (IBM) IBM Security & Ponemon Institute study shows that the average cost of a data breach is $3.62M globally. Check out the full results to see what factors increased or decreased the cost of a breach across industries.

IoT malware doubled in 2016, according to Kaspersky (Internet of Business) The amount of malware targeting IoT devices has more than double in 2016, according to a report by It security company Kaspersky.

How GDPR will affect marketing (Computing) DLA Piper's Rachel DeSouza explains what marketers need to consider with GDPR on the horizon

Public Anxiety Over Internet Security is on the Rise, Unisys Finds (Meritalk) The Unisys 2017 Security Index found that public concern over Internet security has increased more than any other security concern since their 2014 survey.

The cybersecurity landscape according to Carbon Black's CEO (ZDNet) How does 'next-generation' antivirus software improve on the traditional variety? How can the IoT be made more secure? These are just some of the questions we put to Carbon Black's Patrick Morley.

Marketplace

Cybereason security firm wins $100m SoftBank backing (Financial Times) Latest funding is part of a surge in VC support for online security companies

How Palo Alto Networks, Inc. Makes Most of Its Money (The Motley Fool) Here are the key contributors to this fast-growing cybersecurity business.

Akamai Technologies' CEO Is Buying Stock - Should You? (Seeking Alpha) Shares of Akamai Technologies have trended lower after the company beat both its Q1’17 earnings and revenue estimates but offered disappointing Q2’17 guidance.

Email Security Firm 'Matches Wits with Bad Guys' (CFO) Email security firm Proofpoint, aiming to double in size within three years, leverages innovation and luck on the way there, its finance chief says.

Building a Threat Intelligence Company (Recorded Future) In this episode, we’ll talk about how Recorded Future made its transition from the virtual garage to an international company with offices around the world.

Cisco hopes artificial intelligence and subscription pricing can make it cool again (MarketWatch) Cisco Systems Inc. says it has figured out how to transform its sales to the new age, and believes it can do the same with intelligent networks.

Security startup confessions: Attending industry events (Help Net Security) Kai Roer, CEO of security startup CLTRe, talks about attending industry events. Learn how to organize, what to do, and most importantly, what not to do.

Comodo and Servertastic Announce New Strategic Partnership (PRNewswire) Comodo, a global innovator and developer of cybersecurity solutions...

Fort Gordon garrison commander says cyber growth will spur growth in other areas (Augusta Chronicle) Fort Gordon’s garrison commander said Tuesday that the projected growth of the U.S. Army Cyber Center of Excellence will touch several areas of business and economic growth.

Cybersecurity firm Infoblox to hire up to 100 more in Tacoma (The Suburban Times) Infoblox Inc., the Silicon Valley-based network control and security company, has designated its Tacoma, WA office as a “Center of Excellence for Technology Innovation” and a “Hiring Hub.” The comp…

MKACyber, Inc. Bolsters Team with New Key Executives (MKA Cyber) MKACyber, a rapidly expanding Managed Security Operations Services Provider (MSSP) and security consulting firm with elite SOC expertise, today announced the addition of Cindy Gagliano as president. Teaming with MKACyber Founder...

CACI and American Cyber Receive Department of Defense Nunn-Perry Award for Mentor-Protégé Excellence (BusinessWire) CACI International Inc (NYSE: CACI) and American Cyber, Inc. announced today that the companies have received the prestigious Nunn-Perry Award from th

Virtru's Co-Founder and CTO, Will Ackerly, Named a 2017 Washington Business Journal 40 Under 40 Honoree (BusinessWire) Virtru today announced that the company’s Co-Founder and CTO, Will Ackerly, has been named to the Washington Business Journal’s 2017 40 Under 40...

Zscaler Appoints Howard Ting as Chief Marketing Officer (MarketWired) Former Nutanix CMO Brings Track Record for Building Industry Leading Brands to Propel Zscaler's Leadership in Secure Cloud Transformation

Products, Services, and Solutions

2 handy yet hidden Chromebook security features (Computerworld) Chromebook security gets simpler with these ultra-useful but off-the-beaten-path options.

MyDigitalShield Unveils OmniWAN, a SD-WAN Solution Designed for the SMB Market (Benzinga) New solution brings the high quality and reliability of expensive MPLS networks to low-cost broadband with baked in enterprise security.

Machine learning by ESET: The road to Augur (WeLiveSecurity) Machine learning (ML) in eight blogposts!? In our last post, let’s take a peek under the hood of ESET’s cybersecurity engine and its ML gears.

Cisco creates self-learning network (Computer Dealer News) Cisco Systems latest network will be able to recognize intent. For example, it will be able to automate incoming actions

Iron Bow Adds Cisco® Hosted Collaboration Solution to its Federal Services Suite (BusinessWire) Iron Bow Technologies, a leading technology solutions provider to the government, commercial, and healthcare markets, is proud to announce it has been

Swimlane Updates Its Automated Security Platform With RSA NetWitness® Suite Interoperability (PRNewswire) Swimlane, a leader in automated incident response and security...

ShieldX Reinvents Cloud Security to Tackle Escalating Cybersecurity Threats (BusinessWire) Gartner “Cool Vendor” ShieldX Explodes into the Market with the Most Powerful Cybersecurity Innovation in the History of Cloud Computing

Contrast Brings Security into the DevOps Era (PRNewswire) Contrast Security, the first company to enable self-protecting...

InfoArmor: Operatively-sourced threat intelligence (Help Net Security) Mike Kirschner talks about InfoArmor, a dark web operatively sourced intelligence firm, focused on dark web surveillance and sourcing of breach data.

Technologies, Techniques, and Standards

Why We Need Fair and Accurate Cybersecurity Ratings (U.S. Chamber of Commerce) What is the professional standard for cybersecurity? Whose program is secure and whose isn’t? These are just two of the many questions that arise when discussing the crucial importance of a business’s

The Security Rating Services Market Pioneered by BitSight Achieves Significant Industry Milestone (PRNewswire) BitSight, the Standard in Security Ratings, today announced that a...

Mapping the Top Five CSC to Four Cybersecurity Pillars (The State of Security) Tripwire can map the top five CSC down to four cybersecurity pillars. Are you applying these basic pillars of security?

Three investments a security program should make to mitigate risk (Business Insider Australia) There is no doubt cybersecurity provides longevity to a business and can help differentiate it from its competitors — for both good and not-so-good reasons. The Australian government took important steps to help raise Australia’s cyber resilience with the release of its Cyber Security Strategy in April 2016.

3 Use Cases in Network Security for Threat Hunting (Bricata) Modern network security solutions enable advanced detection and threat hunting across three priorities: prevent known threats, detect anomalies and hunt for what is hiding.

Evaluating artificial intelligence and machine learning-based systems for cyber security (Help Net Security) All indicators suggest that 2017 is shaping up to be the year of artificial intelligence and machine learning technology for cyber security. As with most t

Research and Development

Phone home: how photon entanglement could secure our interplanetary internet (Deutsche Welle) Think we're on the back foot with cybersecurity? Well the deeper we explore space the more we are going to need an interplanetary internet, and the more we'll need it to be secure. Could photon entanglement help?

New Fortscale Patent Advances User and Entity Behavior Analytics (UEBA) Market (Benzinga) Identifies risks, without having to establish rules or thresholds.

Academia

Cloud Security Alliance Scholarship Founded at WWU (Western Today) The Cloud Security Alliance, a global cybersecurity organization based in Bellingham that focuses on ensuring a secure cloud-computing environment, has provided a gift to the Western Washington University Foundation that will award an annual $2,500 scholarship for students studying cybersecurity in the university’s Computer Science Department.

Chantilly Academy, Northrop Grumman, GMU to Host Cybersecurity Summer Camp (Fairfax County Public Schools) To meet the demand for cybersecurity and STEM (science, technology, engineering, and mathematics) among middle and high school students, Chantilly Academy, a Governor’s STEM Academy, is again partnering with Northrop Grumman and the Volgenau School of Engineering at George Mason University (GMU) to host its annual cybersecurity summer camp, July 31-August 4, at George Mason University.

Why Boeing revealed its cybersecurity secrets to Cal State Fullerton students (Orange County Register) When you are the Boeing Co., making airplanes on which millions of people’s lives depend, you sure don’t want a bunch of college students to hack into your computer systems. So what do you do? You …

Legislation, Policy and Regulation

Trump meets Ukrainian leader amid Russia investigation (Military Times) President Donald Trump met with his Ukrainian counterpart Tuesday amid intensifying questions over whether his administration will step in to protect partners in the face of Russian aggression.

Goulard resigns as French armed forces minister (Defense News) That surprise resignation was in response to a French judicial inquiry that opened June 9 into the alleged payment of fictitious assistants in the European Parliament.

New national security approach lets electronic spy agency play cyber-offence (National Post) Canada is going all-in when it comes to cyberwarfare.Weeks after giving the military permission to start developing cyberweapons and other offensive capabilities, the Trudeau government…

NHS needs 'massive' spending increase to prevent another cyber attack, expert warns (HeraldScotland) A "massive" increase in spending is needed to prevent another "avoidable" cyber attack on NHS computer systems, an expert has…

Jeh Johnson: Congress, Trump must protect elections from cyber attacks (USA TODAY) Former Homeland Security secretary Jeh Johnson will testify Wednesday that the threat of cyber attacks against future U.S. elections will only get worse unless Congress and the White House take action to strengthen cybersecurity and protect democracy.

NY gov directs review of voting infrastructure cybersecurity (TheHill) Cuomo's move follows reports of Russian efforts to target election systems.

Armed Services panel aims to toughen cyber oversight in defense bill (TheHill) The House Armed Services Committee will seek to increase oversight of the military’s cyber operations and partnerships with allies on cyber capabilities in this year’s annual defense policy bill.

NSA May Finally Get Independent Internal Watchdog (US News & World Report) The president nominates Robert Storch, three years after Congress voted to require Senate confirmation for NSA inspectors general.

Litigation, Investigation, and Enforcement

US Election Officials, Cybersecurity Experts to Testify on Russian Hacking (VOA) US Senate panel will be probing vulnerability of election systems across America

Warner demands Homeland Security disclose 'full scope' of election interference (WJLA) Senate Intelligence Committee Vice Chairman Mark Warner is demanding the Department of Homeland Security disclose information revealing the full extent of foreign interference in the 2016 presidential election. “While I am not aware of evidence that the 20

Senator Probes Top US Defense Contractor Over Leaked Data Tied to Pentagon Project (Gizmodo) One of America’s top defense contractors is facing questions over its security practices after sensitive files tied to a Pentagon project were discovered on a publicly accessible Amazon server.

Dem senator presses intelligence contractor on breaches (TheHill) Sen. Claire McCaskill (D-Missouri) demanded one of the country's largest intelligence contractors explain how login credentials for employees with security clearance were left visible online to anyone with security clearance.

European Human Rights court rules Russian 'gay propaganda' law illegal | News | DW | 20.06.2017 (DW.COM) Europe's human rights court ruled that Russian restrictions on homosexuality violate rights to freedom of expression. Russia says it plans to appeal.

Microsoft details its security process, amid antitrust complaint filed by Kaspersky (Neowin) In a new post, Microsoft has detailed its process of ensuring that its customers stay secure when using Windows 10. The post details Defender and its relationship with third parties.

Education Goes Along With Policy on Cyber Risk (PYMNTS.com) Hitting the ground running with the next big thing in services or products or payments can be a thrill, but for startups with blinders on, ignoring cyber risk can be a lethal misstep. Lucas Morris, senior manager with Crowe Horwath’s technology risk consulting group, and Mike Neal, risk consulting manager at Crowe Horwath, weighed in on the roadmap that helps lead to an effective cyber-risk mindset.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Global Insider Threat Summit (London, England, UK, June 22, 2017) Companies are spending millions on cybersecurity, but breaches are still on the rise. Multinational enterprises, small businesses, healthcare organizations, and even national governments are all feeling the effects. At the Global Insider Threat Summit, we'll discuss why the changing tech landscape means adapting a new approach to cybersecurity -- and why user behavior is the starting point.

Chertoff Group Security Series: Security in the Boardroom (East Palo Alto, California, USA, June 22, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

Cyber Week (Tel Aviv, Israel, June 25 - 29, 2017) Bringing together international cybersecurity experts and enthusiasts, Cyber Week provides the opportunity to gain insight into the latest global developments in cybersecurity. The conference welcomes distinguished speakers from all corners of the world, representing a rich consortium of thought leaders who are advancing cybersecurity in various sectors. Learn first-hand from top government officials, industry leaders, and researchers during the Main Plenary at Cyber Week with access to the most recent updates and predictions.

cybergamut Tech Tuesday (Elkridge, Maryland, USA, June 27, 2017) The cyber security universe remains an increasing and dynamic threat to the American national infrastructure. This presentation provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention is paid to the protocols engaged, attack patterns, and trends seen in these attacks. (Accessible through various online nodes.)

O’Reilly Artificial Intelligence Conference (New York, New York, USA, June 27 - 29, 2017) From bots and agents to voice and IoT interfaces, learn how to implement AI in real-world projects, and explore what the future holds for applied artificial intelligence engineering.

SIA GovSummit (Washington, DC, USA, June 28 - 29, 2017) The 2017 SIA GovSummit focuses on how government leverages security technologies to drive success across a wide spectrum of missions. Held annually in Washington, the Security Industry Association's government summit examines emerging policy trends, technology needs of the government and changes in the risk environment that shape development of products and advanced systems integration to meet evolving security challenges.

2017 Community College Cyber Summit (C3S) (National Harbor, Maryland, USA, June 28 - 30, 2017) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Four tracks are available for college faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, and community college students interested in learning about security or expanding their current knowledge.

Cyber Security Summit: DC (Washington, DC, USA, June 29, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: DC. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: DC is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives. (New York, New York, USA, June 29, 2017) SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

CyberSecurity International Symposium (Chcago, Illinois, USA, July 10 - 11, 2017) The Symposium will take an in-depth look at the latest cyber security threats and trends, as well as real-world strategies for securing critical networks and data in enterprise, commercial, government and industrial environments. The event will bring together several hundred industry practitioners, researchers, regulators and solution providers for two days of in-depth, focused networking and information sharing at the cutting edge of cyber security. Many leading companies in the sector will be presenting.

East Midlands Cyber Security Conference and Expo (Leicester, England, UK, July 11, 2017) The conference and expo will bring together over 150 businesses, information security providers and key influencers to discuss the threats posed by online criminals and the practical ways in which business make themselves more resilient to cybercrime. Core themes will include: the evolving cyber threat; cyber resilience in the supply chain; and essential cyber skills.

Electronic Warfare Olympics & Symposium (Colorado Springs, Colorado, USA, July 13 - 14, 2017) The 2017 Electronic Warfare Olympics & Symposium will improve the capability, and marketability, of spectrum warriors by building the local EW/IO community. and bringing awareness to the capabilities in the region. The event will consist of speakers, government and industry exhibits, and Electronic Warfare Olympics.

3rd Edition CISO Summit India 2017 (Mumbai, India, July 14, 2017) Cyber security has gone through a tremendous change over the last couple of months. Ecosystem disruptions like demonetization, emergence of payment banks and fintech play have put technology as the sine qua non and a savior for banks. But gifts are bundled often with miseries. While technology works as a catalyst for scale and speed, security unpreparedness could play a spoilsport.

CYBERCamp2017 (Herndon, Virginia, USA, July 17 - 28, 2017) Always wondered what “cyber attacks” really are? How a special group of cyber warriors protect and defend our banks, stores, and electric plants every second? Join experts from the FBI and the foremost companies in the nation for an interactive #CYBERcamp in the National Capital Region. Cyber Camp 2017 is a summer camp in which students will have the opportunity to learn about various aspects of cyber security. Students will also gain practical skills through instruction by experienced security and information technology (IT) professionals, and hands-on exercises. The camp is divided into two 1-week segments:

National Insider Threat Special Interest Group - Insider Threat Symposium & Expo (Laurel, Maryland, USA, July 18, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce that it will hold a 1 day Insider Threat Symposium & Expo (ITS&E), on July 18, 2017, at the Johns Hopkins University Applied Physics Laboratory, (JHU-APL) in Laurel, Maryland. This is a MUST ATTEND event if you are involved in Insider Threat Program Management or are interested in Employee Threat Identification and Mitigation.

2nd Annual Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 18, 2017) The 2017 Billington Automotive Cybersecurity summit will build on the 2016 inaugural summit that brought together a who’s who of speakers including the CEO of GM and the Secretary of Transportation, prestigious media coverage from The New York Times and The Wall Street Journal and some 500 attendees. NOTE: Attendees must be citizens of U.S. or allied nations to attend this event.

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANSFIRE 2017 (July 22-29) is Washington Marriott Wardman Park.

ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll cover secure-by-design concepts inherent in DevSecOps, effective training and awareness practices, and how to lead organizational change management to embed security into your company’s DNA.

AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities. Through the camp, students will learn how to protect their personal devices and information from outside threats, as well as how to harden entire networks running Windows 7 and Ubuntu operating systems. The AFA CyberCamp will culminate in an exciting final team competition that simulates real cybersecurity situations faced by industry professionals and mimics AFA’s CyberPatriot National Youth Cyber Defense Competition.

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics will include an update to the Capabilities Portfolio, Baseline and Sunset Lists, the UCDSMO SharePoint sites, Labs and Lab Testing, updates on the CDS Overlays and the Cross Domain Risk Management process.

Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more.

RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. Highly respected speakers from the public and private sectors will address emerging trends, technology and best practices. The event is open to the public and will feature information for individuals, families, educators, business professionals, law enforcement and government officials. The summit agenda will feature internationally recognized keynote speakers as well as experts from across the county to lead breakout sessions on featured industry topics.

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.