the Intelligence and National Security Summit
We continue our coverage of last week's Intelligence and National Security Summit.
Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.
We continue our coverage of last week's Intelligence and National Security Summit.
Chaos Computer Club white hats report finding vulnerabilities in voting software used in several German Länder. The Federal Republic's sixteen constituent states will hold elections on September 24th. Berlin has been preparing for Russian interference for a year.
Facebook's discovery that it had been selling ads to Russian catphish prompts a look by the New York Times and others at one prominent influence-operations tactic: the creation of fictitious personae in social media. These were evidently used to cast doubt on the integrity of US political institutions during the last election cycle. Disruption and mistrust were apparently more important than any particular balloting outcome.
The Equifax breach continues to strike observers as arguably the worst of its kind. Speculation about how the hackers got in centers on an Apache Struts vulnerability, although which one and how it may have been exploited remains unclear. State attorneys general and the plaintiff's bar are already queuing up legal action action against the credit bureau, as are the US Congress and any number of regulatory bodies.
Equifax's stock price continues to drop. (So do the prices of its competitors, uninvolved in any breach.) The consensus advice experts are giving to those affected (pretty much anyone reading this) is to freeze their credit. The company's incident response, particularly its public communications, have been widely excoriated.
Kaspersky Lab remains in bad official US odor. It's also taken a hit in the consumer marketplace, as Best Buy announces it will no longer carry the Russian security company's products.
Today's issue includes events affecting Australia, Canada, Germany, Malaysia, Russia, Uganda, United Kingdom, United Nations, and United States.
A note to our readers: summaries of various aspects of the Equifax breach, including reaction and commentary from security industry veterans, may be found here. Coverage includes speculation about causes, notes on implications, and discussion of lessons learned.
Threat actors are always looking for the easiest, fastest, and most inexpensive way to get what they want – enter third party breaches. How can organizations prioritize their efforts to reduce third party risk? Learn more in a webinar with LookingGlass Cyber Solutions’ Senior Sales Engineer Ryan Curran on Thursday, September 14 @ 2pm ET. Ryan will discuss how to tell if your vendors are already compromised, and how to use threat intelligence for actionable intelligence on your vendors’ vulnerabilities. Sign up now.
In today's podcast we hear from our partners at Level 3 Communications, as Dale Drew shares some sobering statistics on attack trends.
The view from the National Security Council (The CyberWire) Tom Bossert (Assistant to the President for Homeland Security and Counterterrorism, National Security Council, Executive Office of the President) addressed the state of the Intelligence Community, recommended some directions he thought it might usefully take, and offered some thoughts on the nature of cyber deterrence.
The view from Congress (The CyberWire) The ranking members of the House and Senate Intelligence Committees shared their perspective on bipartisanship, trust, election hacking, and the future of the Intelligence Community.
Innovation and the Intelligence Community (The CyberWire) Technologists, venture capitalists, and Intelligence Community leaders share their thoughts on emerging technologies (especially artificial intelligence) and how you bring them into the Government market to serve the intelligence mission.
Countering the cyber threat to critical infrastructure (The CyberWire) An approach to protecting critical infrastructure, and the role intelligence plays in that protection. (And by "intelligence" the infrastructure operators don't necessarily mean just what the Intelligence Community can share with them.)
Technology Is a Wonderful Thing--For Terrorists (SIGNAL Magazine) A panel of security and counterterrorism experts shared insights into the ability of terrorist groups to use a variety of technologies to wield destruction around the world.
Anti-Terror Chiefs Want Social Media Help with 'Lone Wolves' (The Bull) As jihadist attacks are increasingly being carried out by home-grown "lone wolves," top counter-terror chiefs of four Western powers said Thursday they need more support from social media companies to detect potential threats.
Staying Ahead of the Threat (Federal Bureau of Investigation) During a meeting of intelligence and national security leaders, FBI Director Christopher Wray stressed the importance of partnerships and intelligence in staying ahead of evolving threats.
Security vs. Privacy: A Looming Showdown in Congress (SIGNAL Magazine) Intelligence officials call for foreign data collection reauthorization.
States Affected by Election Hacking Don't Know What the Feds Know (SIGNAL Magazine) Federal government officials cannot share information on Russian hacking because state officials lack the requisite clearances.
Hacking the human component of cyber readiness (FCW) The DOD knows information-sharing is key to being ready for the next big cyberattack. But attracting and retaining talent to facilitate it proves challenging.
UNITEDRAKE and Hacking Under FISA Orders (Empty Wheel) As I noted yesterday, along with the encrypted files you have to pay for, on September 6, Shadow Brokers released the manual for an NSA tool called UNITEDRAKE
German Hackers Say Vote Software a Security 'Write-off' (Security Week) German IT security experts said Thursday that they had found "serious flaws" in the ballot software being used for the September 24 elections in which Chancellor Angela Merkel is seeking a fourth term.
The Fake Americans Russia Created to Influence the Election (New York Times) Posing as ordinary citizens on Facebook and building “warlists” of Twitter accounts, suspected Russian agents intervened last year in the American democratic process.
Gerakan leaders and coordinators told to use social media to win cyber war (NST Online) IPOH: Gerakan leaders and coordinators have been urged to utilise the social media to win the cyber war as part of their preparations to face the 14th general election.
16 years after 9/11: The state of the terrorist threat (CNN) Most attacks by jihadists in the US are by citizens or permanent residents who were inspired by ISIS but had no direct contact with the group, writes Peter Bergen.
Equifax’s Hacking Nightmare Gets Even Worse For Victims (Bloomberg) First one of the biggest hacks ever. Then a delay in revealing who was affected. Now consumers are infuriated about fine print that may bar lawsuits.
Web App vulnerability enables Equifax breach affecting up to 143m in US (SC Media UK) Cyber-criminals gained unauthorised access to Equifax files in a breach that could affect as many as 143 million consumers in the U.S.
The hackers who broke into Equifax exploited a flaw in open-source server software (Quartz) The credit reporting agency Equifax announced on Sept. 7 that hackers stole records containing personal information on up to 143 million American consumers.
The Apache® Software Foundation Issues Statement on Equifax Security Breach (Business Insider) The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, today issued the following statement regarding the Equifax security breach...
Security firm Mandiant said to be helping Equifax in hack aftermath (ZDNet) Equifax earlier on Thursday revealed a massive data breach of 143 million consumers.
Impact of Massive Equifax Breach Will Likely Ripple Into the Future (SurfWatch Labs, Inc.) On Thursday, the consumer credit reporting agency Equifax announced a massive data breach affecting 143 million U.S. consumers, and today several actors on the dark web and Twitter are claiming to …
Credit card fraud spikes after Equifax cyber-attack (New York Post) Thieves appear to have started using the data stolen in the gigantic Equifax cyber-heist, one expert said Friday. Credit card fraud unexpectedly spiked in August — and the expert said the jump was …
Is Equifax Data On The Dark Web? Not Yet, But It Will Be (International Business Times) Despite two noteworthy claims of attempts to sell stolen Equifax data, there is no evidence the hacked database is available yet—though experts warn it's inevitable.
Your social security number probably got leaked and that’s very, very bad (Popular Science) The Equifax hack exposed more than 100 million people to the worst kind of identity theft.
Equifax Inc. (EFX) Announces Significant Data Breach; -13.4% in After-Hours (Baird Equity Research) Significant data breach obviously a material negative, but -13.4% after-hours seems like over-reaction based on our understanding of events
Equifax: Panic Exits After-Hours (Seeking Alpha) Equifax joins the long list of recent massive data breaches. Panicked sellers gave away shares in a rush to exit after-hours. A reality check reveals Much Ado About Nothing.
Equifax Data Breach: Stock Price Falls as Criticism Mounts (Fortune) The market has its say.
Equifax mega-leak: Security wonks smack firm over breach notification plan (Register) A Wordpress site? Really?
Equifax Breach Response Turns Dumpster Fire (KrebsOnSecurity) I cannot recall a previous data breach in which the breached company’s public outreach and response has been so haphazard and ill-conceived as the one coming right now from big-three credit bureau Equifax, which rather clumsily announced Thursday that an intrusion jeopardized Social security numbers and other information on 143 million Americans.
Ten lessons from the Equifax breach (V3) 'Assume you are already hacked. At all times,' warns Carbon Black security strategist Rick McElroy,Security ,Equifax,security,Rick McElroy,data breach
We’re losing the confidence game (NY Daily News) Oops!
A Brief History Of Equifax Security Fails (Forbes) The leak of data on as many as 143 million Americans, announced by Equifax yesterday, was not the first rodeo for the credit monitoring and (irony alert) breach recovery firm. It's had problems protecting its customers' information dating back years.
Industry Reactions to Equifax Hack: Feedback Friday (Security Week) News broke on Thursday that U.S. credit reporting agency Equifax suffered a massive data breach that could impact as many as 143 million customers, including people in the U.K. and Canada.
Unpatched D-Link Router Vulnerabilities Disclosed (Security Week) A researcher has disclosed the details of several unpatched vulnerabilities affecting D-Link DIR-850L routers and mydlink cloud services.
Xafecopy Trojan: A Malware Which Steals Money Through Phones (Criticism News) Xafecopy Trojan: It is a malware identified by Kaspersky Lab in September 2017 which can steal money through mobiles, enters phones with useful applications
Syringe infusion pumps can be fiddled with by remote attackers (Help Net Security) Syringe infusion pumps vulnerabilities can be exploited by remote attackers and impact operations. The product is manufactured by Smiths Medical.
Navy Still Probing Possibility of Cyberattack in Ship Collisions (Defensetech) The service continues to investigate whether a deadly collision involving a destroyer in the Pacific was caused by a cyberattack. Read more.
The U.S. Oil Patch Has A Serious Cybersecurity Problem (OilPrice.com) Cybersecurity heavyweight Symantec has reported that the oil and gas industry has a serious problem that needs to be addressed
Dark Web Explained: Shining a Light on Dark Web Activity (Recorded Future) Stephen E. Arnold, the author of the “Dark Web Notebook" shares some little-known facts about the dark web as well as tips on how to safely explore it.
Apple suffers 'major iPhone X leak' (BBC News) The operating system of unreleased iPhones is leaked to two websites, revealing secret details.
Patch your Android device to foil Toast Overlay attacks (Help Net Security) Overlay attacks are nothing new for Android users, and Palo Alto Networks Unit 42 researchers have found yet another way for attackers to perpetrate them.
Security update for the Linux Kernel (important) (Vulners) The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.
Security update for xen (important) (Vulners) This update for xen to version 4.7.3 fixes several issues.
Google Chrome to warn users when application tries to hijack internet connection (Computing) Users will be alerted when a 'man-in-the-middle' attack is attempted
The False Prophecy of Hyperconnection (Foreign Affairs) Network theory, too often overlooked, reveals that the connections that increasingly rule the world are not as benign as advertised.
Defy Gravity and Rise Above the Bias of Belief (SecurityInfoWatch.com) Physical security industry needs to take its cues from IT side
Best Buy Stops Selling Security Software Made by Russian Firm (Apps for PC Daily) U.S. electronics retailer Best Buy has stopped selling products by leading computer security firm Kaspersky Lab amid concerns the company has links to Russian intelligence, the two companies confirmed Friday.
Despite making peace with Microsoft storm clouds continue to gather for Kaspersky (MSPoweruser) Last year Kaspersky was at the giving and receiving end of two very different government complaints…
Insurers increasingly concerned about silent cyber exposure (Help Net Security) Around half of industry practitioners see the risk of silent cyber exposure, as growing over the coming year, according to Willis Re.
Cyber tops reinsurers’ concerns for first time (Intelligent Insurer) Cyber risk has topped the list of concerns for reinsurers for the first time, reflecting the anxieties around underwriting a risk that’s constantly changing and the rising threat to reinsurers themselves, according to a new report by PwC.
TransUnion, Experian shares not immune to Equifax hack news (The Times of India) BUZZ-TransUnion, Experian shares not immune to Equifax hack news:BUZZ-TransUnion, Experian shares not immune to Equifax hack news
Equifax hack lifts cybersecurity stocks (TheStreet) Shares of the huge credit reporting agency plunged, but cybersecurity stocks rallied.
Sandvine shareholders approve sale to U.S. firm (The Record) Sandvine Corporation shareholders have overwhelmingly approved the sale of the Waterloo tech company to an American private equity firm.
Cloudera acquires artificial intelligence firm (Computer Business Review) Cloudera’s facing stiff competition in the big data Hadoop market, with Hortonworks piling on the pressure with collaboration deals with IBM.
Rhino Raises $1.94 Million Seed Round to Launch the First Smart Alternative to Security Deposits for Renters and Landlords (BusinessWire) Rhino Raises $1.94 Million Seed Round to Launch the First Smart Alternative to Security Deposits for Renters and Landlords
Recent IPO That Is Still Under The Radar (NASDAQ) Last night Okta ( OKTA) reported earnings for just the second time in company history.
For this company, online surveillance leads to profit in Washington’s suburbs (Washington Post) Babel Street helped the Pentagon track trouble online. Then the private sector took notice.
Computer Security Firm CounterFlow AI, Inc., Starts Up in Crozet (Crozet Gazette) Randy Caldejon of Crozet and Peter Shaw, his partner in founding nPulse Technologies, have formed a new company that will use machine learning, also called artificial intelligence, to help protect computer networks from intruders.
ViaSat wins wearable network cyber contract (C4ISRNET) The company's ViaSat Mobile Dynamic Defense cybersecurity software will protect Tactical Local Area Network Field Computing Device - Wearable platforms.
Samsung offers up to $200,000 for bugs in its devices, services (Help Net Security) South Korean giant Samsung Electronics is now offering bounties for reported bugs in its mobile devices, software and services.
IBM offers free cyber security training to military veterans (BetaNews) We've seen quite a bit recently about the difficulties of recruiting cyber security personnel, and how the skills needed for the role have changed.
New infosec products of the week: September 8, 2017 (Help Net Security) Vectra introduces attack campaign detection and prediction Vectra is advancing automated threat hunting with the introduction of Attack Campaigns. The Vect
Trustonic Completes FIPS 140-2 Certification (Trustonic) Certified cryptographic library enables service providers to secure applications on devices in line with world-leading security standard
Orfox app brings Tor’s security slider to Android (Naked Security) Adding a slider means users can dial up the privacy settings without having to dig into the settings, making security that much easier – and better
Iron Bow Technologies Completes SOC 2 Type 1 Certification for Call Center Services (BusinessWire) Iron Bow Technologies, an IT services provider that serves commercial, healthcare and government customers, today announced that it has successfully c
Why patch management to protect against ransomware is easier said than done (IT Pro Portal) You can’t secure what you can’t see.
How I Learned to Stop Worrying and Embrace the Security Freeze (KrebsOnSecurity) If you’ve been paying attention in recent years, you might have noticed that just about everyone is losing your personal data.
The Equifax Breach: Former White House CIO Believes Marketers Need To Be Engaged In Cybersecurity (Forbes) From the Target breach to the Sony intrusion to the recent WannaCry global ransomware attack, the frequency and scale of cyberattacks is increasing.
The DNC Begins Cybersecurity Effort To Try To Make Sure 2016 Doesn’t Happen Again (BuzzFeed) Phishing drills, top Silicon Valley hires, constant cybersecurity education, emails in the cloud, Tom Perez on Signal, and end-to-end encryption apps like Wickr, which the rest of the Democratic party
Democrats Are Ramping Up Cybersecurity. But They're Still Not Encrypting Their Emails. (BuzzFeed) The DNC's new CTO hopes to usher in a more secure party after 2016's hacks. But email encryption is low on his list of priorities.
Nobody But Us: The Rise and Fall of the Golden Age of Signals Intelligence (Lawfare) Ben Buchanan's new Aegis paper examines how the NOBUS approach works, its limits, and what comes next.
In an engineering paper, bunnie Huang and Ed Snowden describe a malware-resistant hardware Iphone privacy overlay (BoingBoing) In July 2016, Andrew "bunnie" Huang and Edward Snowden presented their research on journalist-friendly mobile surveillance resistance at the first MIT Media Lab Forbidden Research conference; a little over a year later, they have published an extensive scholarly paper laying out the problems of detecting and interdicting malware in a mobile device
AT&T, Sprint, T-Mobile and Verizon Team to Develop Mobile Authentication Solution (AT&T) Mobile users are faced with the challenge of managing dozens of difficult-to-remember passwords for many applications. Even with the best user practices, hackers can social engineer passwords from users, leaving consumers and enterprises vulnerable to identity theft, bank fraud, fraudulent purchases and data theft.
Before trying robot judges, let's learn from robot referees (Popular Science) Automated rulings in sports can help inform the development of criminal justice tech.
Ugandan Government Obtains Mysterious, South Korean-Built Anti-P0rn Machine (TechDirt) At long last, Uganda's anti-p0rn "machine" has arrived.
Researchers turn to the universe in the name of quantum cryptography (Tech News | The Star Online) Researchers in Germany are looking to route sensitive information through space as a way of encrypting it in light of advances made in quantum computing that could threaten critical infrastructures.
Industry explores cyber defense specific to Navy ships at sea (Defense Systems) As an investigation into the collision involving the Navy’s USS John McCain moves forward, industry innovators have sharpened their focus on technologies designed to secure ships from cyberattack.
DHS awards $8.6 million in mobile cybersecurity grants (Inside Cybersecurity) The Department of Homeland Security’s Science and Technology Directorate has awarded five research and development grants for projects to enhance mobile application security for the federal government.
NSF Funds Project to Enhance Cybersecurity of Electronic Circuits (University of Arkansas News) Jia Di, professor of computer science and computer engineering, has received $349,551 from the National Science Foundation to support his research into security issues in computing hardware.
Students seen as increasingly capable of school hackings (EdScoop) Americans believe it would be "easy" for over half of high school and college students to carry out a cyberattack on schools and colleges, a recent Radware survey found.
Give (cyber) peace a chance (Policy Forum) The recent collapse of United Nations negotiations on cyberwarfare should worry everyone concerned with preventing the next world war, Dan Svantesson writes.
Artificial Intelligence Fuels New Global Arms Race (WIRED) Russia, China, US rush to weaponize artificial intelligence.
Markets, GPS could be first to go in the event of global cyber conflict (TheHill) OPINION | In its effort to respond to the North Korean nuclear threat, America would do well to remember the havoc a cyberattack could cause.
The Islamic State’s Foreign Policy (Modern Diplomacy) The ideology of the so-called Islamic State of Iraq and the Levant (ISIL) that conquered substantial parts of Syria and Iraq has been described as based on Salafi-jihadism.
India’s Need to Guard Its Cyberspace (Siliconeer) The Silicon Valley - India Connection
Tensions with North Korea present a test for key US cyber program (Washington Examiner) The possibility that cyber aggression with North Korea raises the question of how well a centerpiece of U.S. cybersecurity policy is actuall...
Equifax Data Breach Prompts Calls For Tougher Security Requirements On Data Aggregators (Dark Reading) Credit report bureau discloses breach that exposed data on 143 million US consumers.
Report: How federal agencies can improve data security, decision-making (Federal Times) The Commission on Evidence-Based Policymaking has unveiled its comprehensive final report, offering federal agencies recommendations for data security, privacy and service.
National Infrastructure Advisory Council (NIAC) Contains No Recognizable Cybersecurity Luminaries (Security Week) In August, eight out of 28 members of President Trump's National Infrastructure Advisory Council (NIAC) resigned -- seven en masse on the day before publication of the council's draft report 'Addressing Urgent Cyber Threats to Critical Infrastructure', and an eighth at the end of the same week.
Moving cyber security centre from ASIO building creates opportunity: adviser (Canberra Times) Relocating the Australian Cyber Security Centre will boost knowledge sharing, adviser says.
Lieu Calls for Investigation into Equifax Breach (Meritalk) After the credit monitoring company Equifax announced that it had detected a data breach affecting potentially 143 million U.S. consumers, Rep. Ted Lieu, D-Calif., is calling for a House Judiciary Committee hearing to investigate the breach.
One Thing Government Agrees on: Equifax Deserves a Grilling (Bloomberg) Equifax Inc. faces multiple state and federal investigations, and congressional grillings, over its disclosure that the personal consumer data of more than 140 million Americans may have been compromised in a cyberattack.
Here comes the class action lawsuit after Equifax’s massive hack (TechCrunch) Yesterday, Equifax announced that a hacker obtained information about 143 million consumers. This data included Social Security numbers, birth dates,..
Mueller Is Right to Follow the Money (Foreign Policy) Ignoring financial evidence would severely hamstring most federal criminal investigations.
Five major revelations from Congress's Russia probes (TheHill) A new wrinkle emerged in the congressional investigations into Russian election interference this week as Facebook found evidence that it had sold political ads to fake Russian accounts in the lead up to the 2016 vote.
Media Obsession with Fake Russia Scandal a ‘Historic Con Job’ - GOP Congressman (Sputnik) Washington’s new rule of thumb is ‘When something goes wrong, blame the Russians.’
Another 'Cracka' sentenced for hacking feds' personal accounts (Fifth Domain) Liverman hacked into government databases to obtain personal details that could be used to harass them. More than 10 people were victimized, causing at least $1.5 million in damage.
Feds indict Buster Hernandez on 26 counts in 'Brian Kil' cyber threats case (RTV6) Buster Hernandez, the man accused of terrorizing juvenile victims across the country under the online moniker “Brian Kil,” was formally indicted Thursday on 26 federal charges in U.S. district court.
Just Say No To Verizon's New Discriminatory Behavioral Advertising Program (Shear on Social Media & Technology) According to The Wall Street Journal, Verizon Communications has a new rewards program, Verizon Up, that provides credits that wireless subscribers can use for concert [...]
For a complete running list of events, please visit the Event Tracker.
Plan B Tech S3: Security Solutions Summit (National Harbor, Maryland, USA, Oct 13, 2017) Join Plan B Technologies, Inc. on Friday, the 13th of October for this highly anticipated half-day security seminar! Hear the latest cybersecurity research, stats, and insights from IDC Program Director of Security Products, Sean Pike. We will also have 2 Q&A panels with industry leaders and technology experts. Anyone who wants to avoid costly security scenarios should attend including IT engineers, executives and business owners.
Finovate Fall 2017 (New York, New York, USA, Sep 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s inspiring short-form demos, stay on for another day and a half of practical advice from your peers and industry gurus alike. Determine just how you will incorporate the latest fintech innovations into your product road map.
Insider Threat Program Management With Legal Guidance Training Course (Laurel, Maryland, USA, Sep 12 - 13, 2017) Insider Threat Defense will hold a two-day training class, Insider Threat Program (ITP) Management With Legal Guidance (National Insider Threat Policy (NITP), NISPOM Conforming Change 2). For a limited time the training is being offered at a $1295. This training will provide the ITP Manager / Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP /NISPOM CC2, and go beyond these regulations to establish a robust and effective ITP. Any individual involved with supporting an ITP will also gain valuable knowledge. A licensed attorney with extensive experience in Insider Threats and Employment Law will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Any organization (State Government Agencies, Businesses, Etc.) that are not required to implement an ITP, but are concerned with Insider Threat Risk Mitigation will also benefit greatly from this training.
PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, Sep 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Community Meetings.
DSEI 2017 (London, England, UK, Sep 12 - 15, 2017) Defence and Security Equipment International (DSEI) is the world leading event that brings together the global defence and security sector to innovate and share knowledge. DSEI represents the entire supply chain on an unrivalled scale.
8th Annual Billington CyberSecurity Summit (Washington, DC, USA, Sep 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia. Keynotes from The Honorable Daniel Coats, Director of National Intelligence, Representative William Hurd, R-Texas, General Joseph Votel, Commander, United States Central Command, Robert Joyce, Special Assistant to the President and Cybersecurity Coordinator, The White House, Grant Schneider, Acting CISO, Office of Management and Budget, (invited), plus CISOs from DHS, DoD, HHS and the CIO for USCYBERSOM. Full agenda <a href="http://www.billingtoncybersecurity.com/8th-annual-billington-cybersecurity-summit/agenda/" target="_blank">here</a>.
Cyber Security Summit: New York (New York, New York, USA, Sep 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: New York is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
Cyber Security Conference for Executives (Baltimore, Maryland, USA, Sep 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.
4th Annual Industrial Control Cybersecurity Europe (London, England, UK, Sep 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.
Cyber Everywhere: Collaboration, Integration, Automatio (Washington, DC, USA, Sep 20, 2017) We’ve seen all of the cyber headlines this year – new policies emerging, old policies evolving, the cyber workforce is multiplying, and rapidly growing connected devices are complicating governance. While the Federal government is focused on security, new adversaries and attack vectors still emerge hourly. What are the early grades on the new Administration’s response to the growing cyber threat? How can collaborative tactics and integrated intelligence tools strengthen a proactive cyber defense? Join us at the sixth annual Cyber Security Brainstorm on September 20 at the Newseum to discuss the cyber strategies and opportunities that can keep our Federal government one step ahead at all times.
10th Cyber Defence Summit (Dubai, UAE, Sep 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create further awareness of cyber security among the youth of the UAE.
Maine Cyber Safety Institute (Waterville, Maine, USA, Sep 20 - 21, 2017) The Summit intends to help business protect themselves from possible losses. The Information Security Community, representing cyber professionals, found that 54% of anticipated cyberattacks against their organizations would be successful this year. Top causes for this exposure relates to a lack of skilled people, budget, and awareness. New techniques for mobility, using personal devices, and applications represent a more than 60% risk. Only 11% of organizations rate their defenses very effective (Schulze, 2017).
2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, Sep 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful information that attendees can develop into an action plan. Key Areas of Focus Include: Strategy, Process Improvement and Alignment, Innovation and Technology; Career Management and Leadership Development.
Connect Security World (Marseille, France, Sep 25 2017 - Sep 27 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment.
(ISC)2 Security Congress (Austin, Texas, USA, Sep 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking organizations. The goal of our conference is to advance security leaders by arming them with the knowledge, tools and expertise to protect their organizations. (ISC)² members are eligible for special discounted pricing and will have opportunities to attend exclusive member events.
Connect Security World (Marseille, France, Sep 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment. (Note: the call for speakers is open through April 4, 2017.)
SINET61 2017 (Sydney, Australia, Sep 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to cybersecurity challenges.
O'Reilly Velocity Conference (New York, New York, USA, Oct 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.
24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, Oct 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals, it is the most participative and productive event of the year. Undoubtedly the world's best annual source of advice in Information Security, COSAC makes available to you, in a fully residential format, presenters and facilitators who are the very best in the world. Collectively they have many hundreds of years of practical experience, have published thousands of major articles and books, and have proven records of success all over the globe.
Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, Oct 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You need to be aware of the most effective tactics and tools to meet the ever-growing threat. CSX 2017 offers keynote speakers and sessions that dive deep into what you need to know now.
Atlanta Cyber Week (Atlanta, Georgia, USA, Oct 2 - 6, 2017) Atlanta Cyber Week is a public-private collaboration hosting multiple events during the first week of October that highlight the pillars of the region’s cybersecurity ecosystem and create an opportunity for meaningful interaction between growth oriented cybersecurity companies and our Fortune 1000 client base.
4th Annual Industrial Control Cyber Security USA Summit (Sacramento, California, USA, Oct 3 - 4, 2017) Against a backdrop of targeted Industrial Control System cyber attacks, such as those against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity USA meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure
4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, Oct 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the continued threats such as Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransome ware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.
CyberSecurity4Rail (Brussels, Belgium, Oct 4, 2017) Facilitated by Hit Rail, this conference will bring together experts in cybercrime and digital security, plus leaders in ICT and representatives from transport and railway companies, European organisations and international bodies, to discuss the threats and set out a vision for safer, more secure digital communications and data networks in the transport industry. CyberSecurity4Rail will draw on the experience of recent incidents and the expertise of those who are working to protect systems and prevent cyberthreat.
Infosecurity North America (Boston, Massachusetts, USA, Oct 4 - 5, 2017) Organized by Infosecurity Group, which has provided the global information security community with some of the largest, longest established conferences and expos over the past 22 years including Infosecurity Europe, Infosecurity North America will focus on bringing together the information security community and end users to discuss how to overcome the most pressing cybersecurity challenges today. The topics include malware, cloud security, governance, regulation and compliance, threats, professional development, application security and digital forensics.
Hacker Halted (Atlanta, Georgia, USA, Oct 9 - 10, 2017) The theme for Hacker Halted 2017 is The Art of Cyber War: Lessons from Sun Tzu. 2,500 years ago, Sun Tzu wrote 13 chapters on military strategy. Fast forward to today and we are still learning from those chapters and applying them in our newfound digital age. In an age where war is waged over cables and microchips instead of battlefields, one challenge is defining what war is and when war should be declared. Boundaries are being eroded as the globalization of technology continues its march across our physical landscape. Come learn strategies for Cyber War: Hacker Halted 2017.