The CyberWire Daily Briefing 9.6.17

Special Section

the Intelligence and National Security Summit

The Intelligence and National Security Summit opened in Washington, DC, this morning. Sponsored jointly by AFCEA and INSA, the annual two-day conference affords the US Intelligence Community an opportunity to exchange ideas in a public, unclassified forum.

The first day began with a keynote by Tom Bossert (Assistant to the President for Homeland Security and Counterterrorism, National Security Council, Executive Office of the President). His remarks suggested several themes the conference is likely to pursue.

First, he urged the symposiasts to consider the need to move from geographical to functional mission organization. The days of running intelligence from regional desks are, and in his view should be, passing.

Second, he noted that a rising generation already working in the Intelligence Community has little or no direct memory of 911. It is to them as Pearl Harbor was to Bossert's generation: an important, significant event, but one without immediate personal resonance. Training and educating that rising generation is a challenge, but there's a sound model for meeting it: the Goldwater-Nichols Act, which famously introduced a requirement for joint service as a condition for promotion to flag or general officer rank. That act served to improve, significantly, the feeder pool, and thus the quality of more junior officers as well.

Bossert would hope to see the Intelligence Community adopt a similar approach of sharing personnel. "Let your best people go." He also mentioned the cyber labor shortage, and issued a familiar call for ideas that might help with training and certification. ("Vo-tech shouldn't be a bad word.")

Third, he addressed the challenges of deterrence. He discussed the complexity of bringing privately controlled infrastructure under Government protection. This will require building trust, no simple matter in this regard. There are two international models he commended for further discussion: the British model and the Israeli model (this latter characterized as a "virtual Iron Dome," and contrasted with the existing US trigger-based system). He suggested that this depends on development of sound international norms and reliable attribution. And he also suggested a preliminary direction for current thinking about deterrence, prompted by the President's Executive Order on cybersecurity. That deterrence must involve a response that's both proportionate and revocable, and, in all probability, not a cyber response at all, but some other imposition of costs on an adversary.

Summary

By The CyberWire Staff

Symantec researchers warn that the "Dragonfly" threat group has been actively pursuing, and has to some measure achieved, access to US and European power grid operational networks. This means, Symantec says, that Dragonfly has no further hurdles to clear were it to decide to disrupt power distribution. The effects would be similar to those Sandworm had on Ukraine's power grid, but differences in approach suggest that Sandworm and Dragonfly are distinct actors. There's no attribution yet—both Russian and French text appears in the code, but that's consistent with false-flagging.

Researchers have found a serious vulnerability in Estonian national identification cards.

GlobeImposter, SynAck, Princess, and Locky ransomware continue to surge in the wild. Other DDoS-based extortion campaigns are hitting some online gambling sites, which of course are highly sensitive to service disruption.

Latin American social media service Taringa (described as "Reddit-like") has sustained a major breach. Twenty-eight million accounts have been compromised.

KrebsOnSecurity has a long profile of Marcus Hutchins, the white hat hacker the FBI arrested in Las Vegas. Mr. Hutchins is, according to the profile, a complex man with a complicated history.

China has banned VPNs, and a man already convicted under the ban faces nine months in prison.

China has also banned initial coin offerings.

Russian Communications Minister Nikiforov has called for an indigenous cryptocurrency. Bitcoin and Ethereum are based on "foreign cryptography," and thus undesirable. (Russia's already got Voppercoin. Mr. Nikoforov can stroll to the Burger King in the Arbat and supersize himself to financial security.)

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Brazil, China, Estonia, European Union, India, Pakistan, Russia, Ukraine, United Kingdom, and United States.

Are you good at identifying and eliminating hidden threats?

E8 Security has an exciting opportunity for a Senior Solutions Architect. We are a fast-growing technology startup led by experienced management team and visionary entrepreneurs. Our big data security analytics helps enterprises defend themselves against continual growth of sophisticated cyber criminals. We are building a breakthrough platform that can ingest, model and analyze massive flow of machine generated security data using cutting edge machine learning algorithms and massively scalable big data platforms. Learn more.

Podcast Summary

In today's podcast we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses resignations from US President Trump's critical infrastructure advisory board. Our guest, Tom Billington, will discuss what's on tap at the upcoming Billington CyberSecurity Summit.

You'll also want to listen to Recorded Future's newest podcast, produced in partnership with the CyberWire. In it they discuss the role of intelligence in protecting the financial sector.

Washington, DC: the latest from the Intelligence and National Security Summit

President's Commentary: It's Not Top Secret That Intelligence Needs More Resources (SIGNAL Magazine) New threats are emerging constantly, old threats are becoming more serious, and capabilities menacing national security are increasingly innovative.

Cyber Attacks, Threats, and Vulnerabilities

Hackers lie in wait after penetrating US and Europe power grid networks (Ars Technica) Intrusion into power companies' operational networks is a dramatic escalation.

Hackers Gain ‘Switch-Flipping’ Access to US Power Systems (WIRED) Hackers had the power to cause blackouts, Symantec says. And yes, most signs point to Russia.

Security flaw affects 750,000 Estonian ID cards (Help Net Security) An international group of cryptographers has flagged a serious security vulnerability in the chip embedded in 750,000 Estonian ID cards.

Key-logging malware, dubbed EHDevel, found intelligence gathering (SC Media UK) Security researchers have found a sophisticated malware framework EHDevel, being used for espionage in Asia.

Ongoing email campaign spreading GlobeImposter Ransomware (Netskope) Last week, Netskope Threat Research Labs blogged about the resurgence of Locky Ransomware encrypting files to the LUKITUS extension. Since then, we have seen a surge of spam emails delivering...

SynAck Ransomware Sees Huge Spike in Activity (BleepingComputer) Over the past two days, there was an increase in activity from a relatively unknown ransomware strain named SynAck, according to submissions to the ID-Ransomware service and users who complained on the Bleeping Computer ransomware support forums.

Princess Ransomware: Not So Pretty in Pink (BankInfo Security) PrincessLocker ransomware is back, although it's less demanding than it used to be, with attackers decreasing the quantity of bitcoins they require to unlock

No incidents of Locky ransomware cases in India claims cyber security firm Trend Micro (Tech2) After an alert was issued last weekend about the spread of a new ransomware Trend Micro said no incidents involving Locky have been reported in India.

Attacker demands ransom after series of DDoS attacks on Poker site (HackRead) On the evening of September 1st, 2017, an unknown attacker conducted a series of massive DDoS attacks on the servers of America’s Cardroom and its Winning

Spam Campaigns Using Trickbot Banking Trojan Against Cryptocurrencies (HackRead) Spam Campaigns Using Trickbot Banking Trojan on the Rise Targeting Cryptocurrencies and Non-traditional currencies. A campaign involving Trickbot banking T

Autodesk’s A360 Drive Abused to Deliver Adwind, Remcos, Netwire RATs (TrendLabs Security Intelligence Blog) We recently saw Autodesk® A360 Drive being abused to host and deliver certain malware—Remcos RAT and Adwind/jRAT, to name a few.

Six-Year-Old "Loop Bug" Re-Discovered to Affect Almost All Major PDF Viewers (BleepingComputer) A bug discovered in an obscure PDF parsing library back in 2011 is also present in most of today's top PDF viewers, according to German software developer Hanno Böck.

TrustZone Downgrade Attack Opens Android Devices to Old Vulnerabilities (BleepingComputer) An attacker can downgrade components of the Android TrustZone technology to older versions that feature known vulnerabilities and use older exploits against smartphones running an up-to-date operating system.

Latin American social media giant Taringa hacked; 28M accounts stolen (HackRead) Another day, another data breach - This time Taringa, a Reddit-like social network website for Latin American users has suffered a massive data breach in w

Easily exploitable Apache Struts vulnerability opens businesses to attack (Help Net Security) A vulnerability in the Apache Struts open source framework for developing web apps opens any server running an app built using it to remote attackers.

Researchers reverse 320 million hashed passwords (Help Net Security) A password research collective has reversed the hashes of nearly 320 million hashed, pwned passwords provided by security researcher Troy Hunt.

App-Stores: Wie steht es um die Sicherheit? (Datenschutz PRAXIS) Immer wieder entfernt Google Android-Apps aus dem Play Store, weil sie als Spyware enttarnt wurden. Leider haben Nutzer diese Tools zuvor bereits teils millionenfach heruntergeladen. Können Sie den App-Stores trauen?

Hackers stole contact info of 6 million Instagram users and are selling it online (Help Net Security) Instagram pushed out a patch for a bug in the service's API that allowed attackers to discover users' email address and/or phone number.

Instagram breach deepens with dark web 'Doxagram' domain (Graham Cluley) Attackers have set up a dark web domain for their "Doxagram" site that offers for sale the email addresses and phone numbers of high-profile Instagram users.

Consumers need to stay alert as skimming grows (Help Net Security) The number of cards compromised at U.S. ATMs and merchants rose 39 percent in the first six months of 2017, compared to the same period in 2016.

Pro-Hillary Clinton Site Hit With Cyber Attack (The Daily Caller) Verrit, a news website dedicated to former Secretary of State Hillary Clinton, was reportedly hacked Sunday just after the two-time presidential candidate tweeted out support for the media platform.

West Cumbrian college hit by cyber attack (News and Star) West Cumbria's Lakes College has been hit by a cyber-attack – however it is open for new students this week.

Want to write Android ransomware but don't know how to code? No problem (Graham Cluley) You don't need to know how to write a single line of code to write Android ransomware.

Breaches Double at UK Unis as State Spies Circle (Infosecurity Magazine) Breaches Double at UK Unis as State Spies Circle. FOI request reveals world-leading research is being stolen by governments

Scammers Are Targeting Naive Bitcoin Owners With Terribly Simple Trick (Motherboard) PSA: don’t give anyone your Bitcoin private key.

What Is DNS Hijacking? (WIRED) A recent attack on WikiLeaks illustrates a vulnerability deep in the routing system of the internet itself.

Boston Red Sox caught red-handed using Apple Watch to steal signs (Ars Technica) Boston was apparently stealing signs from opposing teams’ catchers and pitchers.

Red Sox Reportedly Caught Using Electronic Devices to Steal Yankees' Signs (Bleacher Report) Major League Baseball has reportedly determined the Boston Red Sox used electronic devices to steal signs from the New York Yankees and other clubs over the past several weeks...

Security Patches, Mitigations, and Software Updates

Serious Flaws Found in Westermo Industrial Routers (Security Week) Sweden-based industrial data communications company Westermo has released firmware updates for some of its wireless 3G and 4G routers to address several potentially serious vulnerabilities.

Apache Struts Update Patches Critical Vulnerabilities (eSecurity Planet) Widely uses Java framework is once again updating for some highly impactful issues.

Cyber Trends

2017 Q2 Quarterly Threat Report (eSentire) The 2017 Q2 Quarterly Threat Report provides a quarterly snapshot of threat events investigated by the eSentire Security Operations Center (SOC).

77% of Educational Institutions Are not Prepared for IT Risks, Says Netwrix Survey (Netwrix) Securing sensitive data tops the agenda of educational institutions, with the majority of them planning to invest in protection against data breach and fraud.

Data Breach Costs Vary Significantly by Organization (Dark Reading) Don't use publicly reported breach costs at other organizations as an estimate for what you might end up paying for a breach, Forrester says.

Enterprises Struggle to Contain “Information Security Debt” (Infosecurity Magazine) Enterprises Struggle to Contain “Information Security Debt”. 451 Research claims consolidation must focus on data and risk-centric approaches

Americans More Likely to Use VPNs (Infosecurity Magazine) Just 44% of 1,000 respondents in Britain said they used a VPN.

Marketplace

Is cyber insurance necessary or a racket? What to know before you sign on (Financial Review) All the big insurers offer cyber security policies, but before you sign up you need to know what you are getting into.

Does Your Small Business Need Data Breach Insurance? (Small Business Trends) Cyber security breaches cost businesses billions of dollars each year. Breaches in 2016 reached ...

Young People, Those Without IT Backgrounds Key to Solving Skills Gap (Infosecurity Magazine) Security pros believe young people would be more attracted to cybersecurity if the industry’s image were improved.

Axonius announces $4M seed round to secure the explosion of connected devices (Help Net Security) Israeli startup Axonius announced $4 million in seed funding for its mission to secure and manage the billions of connected devices in use by businesses.

Symantec CEO Clark Open to Large Deal After Proving Period (Bloomberg) Symantec isn’t done making deals.

Products, Services, and Solutions

Dunbar's Cyphon extends physical protection-as-a-service into cyber security (CSO Online) For armored car service Dunbar, protecting its clients' money is more than just building secure physical structures and deploying armored trucks with armed guards. It’s also about protecting the digital infrastructure and cyber assets that support those operations.

Snowflake’s newest cloud data warehouse takes aim at regulated industries (TechCrunch) Snowflake, makers of a cloud data warehouse service, announced a new virtual private product that should appeal to highly regulated companies like financial..

Technologies, Techniques, and Standards

Follow the Money: Threat Intelligence for Financial Institutions (Recorded Future) When you’re responsible for safeguarding the money and the personal financial information of clients, what are your specific threat intelligence needs?

No standard adequately addresses instrument failure modes for security and safety (Control Global) The Namur NE43 standard gives guidance on how a sensor fault can be indicated to a control system by means of the 4-20mA signal. However, it doesn’t address cyber security considerations.

Automating The Intel War Against Islamic State Militants (Aviation Week) For Tech Sgt. Richard, it was a typical workday.

Now more than ever It’s time to invest in cybersecurity (Essextec) “We are too small to be a target.” “We are not regulated.” “We passed our audit with flying colors.” “We don’t have anything a hacker would want.”

Our spy agencies know less about cybersecurity than the Daily Mail (Crikey) The Australian Signals Directorate still wants people to generate ridiculous passwords that are very insecure.

Cloud-based identity governance: The four things to know before you make the move (Dynamic Business) Being “cloud first” is not only a mandate for many organisations today, it’s a reality. Cloud is transforming the way we work. Across the board, we’re seeing business applications being delivered as a service due to the relative ease of purchasing and deploying cloud solutions. As a result, today’s

Endpoint Security Overload (Dark Reading) CISOs and their teams are over-investing in endpoint security tools, driving inefficiency and a need to consolidate data.

Immediate cyber threats: Alert as a service (IT Pro Portal) In dealing with immediate threats, it’s all about thinking ahead, providing options and being prepared.

Seven Steps to Improve Your Security Operations and Response (Security Intelligence) Organizations can improve their security operations and response capabilities by adopting a multilayered approach driven by cognitive technology.

Design and Innovation

‘Foreign’ Bitcoin and Ethereum Need Homegrown Version: Russian Minister (Cointelegraph) Bitcoin and Ethereum should have alternatives in Russia due to their “foreign cryptography,” the country’s telecoms minister has said.

How blockchain technology can transform the security industry (ZDNet) Implemented correctly, the blockchain may provide the enterprise with more trust in their security systems.

Research and Development

Data 61 unveils secure platform (The Australian) CSIRO’s Data 61 and Defence Science and Technology Group (DSTG) have jointly developed a new secure platform that solves the problem of securing information and access across multiple and segregated networks.

Terrorism and the copycat effect (Deutsche Welle) A new study says the more the media covers terrorism, the more we inspire copycat attacks. What's at work? Is it a conscious plan by terrorists or the psychological phenomenon known as the Werther effect?

Can You Get Addicted to Trolling? (Motherboard) It’s becoming increasingly evident that, for some people, trolling isn’t just playing an a[**]hole on the internet.

Academia

Purdue earns top cybersecurity study ranking among universities (Purdue University News) Purdue University received the top ranking among 20 institutions for its multidisciplinary work in the area of cybersecurity.

Legislation, Policy, and Regulation

China's 'betrayal' - BRICS leaders slam Pakistan-based jihadi groups (Deutsche Welle) The BRICS nations have expressed concern about Pakistan-based militant groups like LeT and the Haqqani Network. It is a diplomatic defeat for Islamabad, which heavily depends on Beijing's support amid a global isolation.

China censors discussion of North Korea's bomb test (BBC News) Chinese media appear to be blocking posts that mention North Korea during the Brics summit.

Bitcoin falls as China bans initial coin offerings (Ars Technica) Unregulated initial coin offerings have raised hundreds of millions of dollars.

Harvey throws Congress' priorities for cybersecurity into question (Washington Examiner) Congress is in session, but priorities could change as lawmakers deal with disaster relief, spending bills and the debt ceiling.

4 Ways The U.S. Could Fight Future Election Interference (WNYC) Protecting the casting and counting of votes is only one potential issue for policymakers. How a cyberattack might disrupt Election Day in 2018 or 2020 is one of the big unanswered questions.

The White House’s new 36-point plan to modernize federal IT (FederalNewsRadio.com) The American Technology Council present a framework plan the White House hopes will jumpstart a new wave of IT modernization efforts.

Republicans relaunch Ukrainian cyber counter-offensive (Intelligence Online) With the White House in a tight spot due to the probe by Congress into its links with Moscow, the Republican establishment has taken up Ukraine's cause against Russia again.

DHS offering more free cyber career training options for feds (Fifth Domain) The Department of Homeland Security is beefing up a free online learning tool aimed at helping government IT professionals build up their cyber skills.

U.S. Deputy Attorney General Calls Encryption a Threat to Public Safety (eSecurity Planet) And if tech companies don't provide access, Rosenstein said, "legislation may be necessary."

Why Should Americans Care About Foreign Privacy? (Forbes) In the summer of 2013, Edward Snowden sparked an uproar by leaking top secret documents about U.S. government surveillance to the media.

Spooks on the Hill: Senate, House intelligence panels rely heavily on ex-spies (Miami Herald) Veterans of spy agencies occupy catbird seats on the intelligence committees on Capitol Hill. Is true oversight hampered?

The Deep State Is Real (POLITICO Magazine) But it might not be what you think.

Litigation, Investigation, and Law Enforcement

European court says workplace surveillance must not violate workers’ privacy (Help Net Security) European companies must strike a fair balance between workplace surveillance and their employees' right to privacy, the ECHR has ruled.

GDPR awareness: 1 in 5 businesses claim a fine wouldn't bother them (Help Net Security) GDPR awareness is definitely high, with 95% of business leaders knowing they need to comply with the regulation, and 85% having reviewed its requirements.

Who Is Marcus Hutchins? (KrebsOnSecurity) In early August 2017, FBI agents in Las Vegas arrested 23-year-old British security researcher Marcus Hutchins on suspicion of authoring and/or selling “Kronos,” a strain of malware designed to steal online banking credentials.

Chinese Man Who Sold VPNs Gets 9 Months Prison Sentence (HackRead) In July this year, it was reported that Apple had removed all major VPN apps from Chinese App Store on the request of the government. Now reports are that

FTC slaps Lenovo on the wrist for selling computers with secret adware (Ars Technica) Companies need user "affirmative consent" to preinstall MITM adware, FTC says.

Yahoo! braces itself for enormous class-action suit over breaches (Naked Security) A court ruling means that Yahoo! and its parent company, Verizon, could end paying a heavy price for the huge breaches that saw more than 1bn people’s details compromised

London police’s use of facial recognition falls flat on its face (Naked Security) Rolled out for a second year at the Notting Hill Carnival, the technology ‘couldn’t tell the difference between a young woman and a balding man’, said observers

One State's Bail Reform Exposes the Promise and Pitfalls of Tech-Driven Justice (WIRED) In its quest to eliminate bail, New Jersey has turned to tech tools that speed up the process of deciding who does and doesn't await trial behind bars.

YouTube MP3 Converter Site Shut Down After Labels Win Lawsuit (HackRead) In 2016, Youtube-mp3.org (YTMP3), a popular YouTube-ripping site was taken to court by Recording Industry Association of America (RIAA) with intentions to

Industry Events

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

Intelligence & National Security Summit (Washington, DC, Sep 6 - 7, 2017) The fourth annual Intelligence & National Security Summit will be held this week in Washington, D.C. Hosted by the two leading professional associations – AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) – this is the premier gathering of senior decision makers from government, military, industry and academia. In its first three years the summit drew more than 3,000 attendees, exhibitors and journalists.

SANS Network Security 2017 (Las Vegas, Nevada, USA, Sep 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses taught by SANS' world-class instructors, with dynamic content on the hottest information security issues. Join us for immersion training that will provide you with the cutting-edge skills to defend your organization against security breaches and prevent future attacks.

Finovate Fall 2017 (New York, New York, USA, Sep 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s inspiring short-form demos, stay on for another day and a half of practical advice from your peers and industry gurus alike. Determine just how you will incorporate the latest fintech innovations into your product road map.

Insider Threat Program Management With Legal Guidance Training Course (Laurel, Maryland, USA, Sep 12 - 13, 2017) Insider Threat Defense will hold a two-day training class, Insider Threat Program (ITP) Management With Legal Guidance (National Insider Threat Policy (NITP), NISPOM Conforming Change 2). For a limited time the training is being offered at a $1295. This training will provide the ITP Manager / Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP /NISPOM CC2, and go beyond these regulations to establish a robust and effective ITP. Any individual involved with supporting an ITP will also gain valuable knowledge. A licensed attorney with extensive experience in Insider Threats and Employment Law will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Any organization (State Government Agencies, Businesses, Etc.) that are not required to implement an ITP, but are concerned with Insider Threat Risk Mitigation will also benefit greatly from this training.

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, Sep 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Community Meetings.

DSEI 2017 (London, England, UK, Sep 12 - 15, 2017) Defence and Security Equipment International (DSEI) is the world leading event that brings together the global defence and security sector to innovate and share knowledge. DSEI represents the entire supply chain on an unrivalled scale.

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, Sep 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia. Keynotes from The Honorable Daniel Coats, Director of National Intelligence, Representative William Hurd, R-Texas, General Joseph Votel, Commander, United States Central Command, Robert Joyce, Special Assistant to the President and Cybersecurity Coordinator, The White House, Grant Schneider, Acting CISO, Office of Management and Budget, (invited), plus CISOs from DHS, DoD, HHS and the CIO for USCYBERSOM. Full agenda <a href="http://www.billingtoncybersecurity.com/8th-annual-billington-cybersecurity-summit/agenda/" target="_blank">here</a>.

Cyber Security Summit: New York (New York, New York, USA, Sep 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: New York is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Cyber Security Conference for Executives (Baltimore, Maryland, USA, Sep 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, Sep 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

Cyber Everywhere: Collaboration, Integration, Automatio (Washington, DC, USA, Sep 20, 2017) We’ve seen all of the cyber headlines this year – new policies emerging, old policies evolving, the cyber workforce is multiplying, and rapidly growing connected devices are complicating governance. While the Federal government is focused on security, new adversaries and attack vectors still emerge hourly. What are the early grades on the new Administration’s response to the growing cyber threat? How can collaborative tactics and integrated intelligence tools strengthen a proactive cyber defense? Join us at the sixth annual Cyber Security Brainstorm on September 20 at the Newseum to discuss the cyber strategies and opportunities that can keep our Federal government one step ahead at all times.

10th Cyber Defence Summit (Dubai, UAE, Sep 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create further awareness of cyber security among the youth of the UAE.

Maine Cyber Safety Institute (Waterville, Maine, USA, Sep 20 - 21, 2017) The Summit intends to help business protect themselves from possible losses. The Information Security Community, representing cyber professionals, found that 54% of anticipated cyberattacks against their organizations would be successful this year. Top causes for this exposure relates to a lack of skilled people, budget, and awareness. New techniques for mobility, using personal devices, and applications represent a more than 60% risk. Only 11% of organizations rate their defenses very effective (Schulze, 2017).

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, Sep 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful information that attendees can develop into an action plan. Key Areas of Focus Include: Strategy, Process Improvement and Alignment, Innovation and Technology; Career Management and Leadership Development.

Connect Security World (Marseille, France, Sep 25 2017 - Sep 27 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment.

(ISC)2 Security Congress (Austin, Texas, USA, Sep 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking organizations. The goal of our conference is to advance security leaders by arming them with the knowledge, tools and expertise to protect their organizations. (ISC)² members are eligible for special discounted pricing and will have opportunities to attend exclusive member events.

Connect Security World (Marseille, France, Sep 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment. (Note: the call for speakers is open through April 4, 2017.)

SINET61 2017 (Sydney, Australia, Sep 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to cybersecurity challenges.

O'Reilly Velocity Conference (New York, New York, USA, Oct 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, Oct 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals, it is the most participative and productive event of the year. Undoubtedly the world's best annual source of advice in Information Security, COSAC makes available to you, in a fully residential format, presenters and facilitators who are the very best in the world. Collectively they have many hundreds of years of practical experience, have published thousands of major articles and books, and have proven records of success all over the globe.

Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, Oct 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You need to be aware of the most effective tactics and tools to meet the ever-growing threat. CSX 2017 offers keynote speakers and sessions that dive deep into what you need to know now.

Atlanta Cyber Week (Atlanta, Georgia, USA, Oct 2 - 6, 2017) Atlanta Cyber Week is a public-private collaboration hosting multiple events during the first week of October that highlight the pillars of the region’s cybersecurity ecosystem and create an opportunity for meaningful interaction between growth oriented cybersecurity companies and our Fortune 1000 client base.

4th Annual Industrial Control Cyber Security USA Summit (Sacramento, California, USA, Oct 3 - 4, 2017) Against a backdrop of targeted Industrial Control System cyber attacks, such as those against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity USA meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure

4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, Oct 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the continued threats such as Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransome ware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

CyberSecurity4Rail (Brussels, Belgium, Oct 4, 2017) Facilitated by Hit Rail, this conference will bring together experts in cybercrime and digital security, plus leaders in ICT and representatives from transport and railway companies, European organisations and international bodies, to discuss the threats and set out a vision for safer, more secure digital communications and data networks in the transport industry. CyberSecurity4Rail will draw on the experience of recent incidents and the expertise of those who are working to protect systems and prevent cyberthreat.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Dragonfly is in the US and EU's power grids, warns Symantec. Ransomware varieties surge. Major breach at Taringa. No ICOs or VPNs in China. Russia wants a national cryptocurrency. March Hutchins profiled. Notes from the INSA/AFCEA Intelligence and National Security Summit.