The CyberWire Daily Briefing 9.19.17

Summary

By The CyberWire Staff

Here's something out of the ordinary: WikiLeaks has posted documents purporting to describe the Russian state surveillance apparatus and some of its operations. This dump has received a very mixed reception: WikiLeaks has looked to many observers like a Russian cat's paw, so why this dump, now? Some read it as a refutation of the Russian connection. Many others see it as dragging a red herring across the path that leads back to Moscow.

Some lessons on how wage information operations come from Ukraine, as Germany continues to look for the signs of Russian activity they've long expected as they prepare for Sunday's elections.

In other news on state-sponsored cyber operations, North Korean cryptocurrency raids draw more attention. Chinese intelligence services are being considered possible suspects in the cyber attacks against Scotland's parliament. And from the company's perch in Mountain View, California, a senior Google executive says they think of the US NSA as a nation-state threat actor.

The compromise of Avast's CCleaner with a backdoor prompts discussion and concerns about software supply chains.

It seems clearer that Equifax was aware of the Apache Struts vulnerability and the patch was available for the bug. The credit bureau is seen by some as finally getting a handle on its messaging, but the breach is drawing more law suits.

In industry news, Mantech has bought InfoZen for $180 million. Threat Stack has raised a $45 million investment. And the US Senate attached an amendment to the Defense Authorization bill banning Kaspersky products.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, Germany, Japan, Russia, Singapore, Ukraine, United Kingdom, and United States.

Worried About Third Party Data Breaches?

We all know the consequences of a third party data breach; one vulnerability can cost your organization millions. But do you know what security measures to implement to successfully reduce your attack surface and prevent third party risk? Learn how in LookingGlass Cyber Solutions' webinar featuring VP of Intelligence Operations Eric Olson and Forrester Senior Analyst Nick Hayes on Wednesday, October 18, 1:30pm ET. Sign up now.

On the Podcast

In today's podcast, we talk with our partners at Lancaster University, as Awais Rashid explains why security is the responsibility of everyone in an organization, not just the IT folks. Our guest, Mike Kail from Cybric, takes us through the DevSecOps trend.

And be sure to listen to Recorded Future's latest podcast, produced in partnership with the CyberWire. It's a conversation with BT about the challenges of protecting a global telecommunications company.

Sponsored Events

Earn a master’s degree in cybersecurity from SANS (Online, September 28, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, September 28th, at 12:00 pm (noon) ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

CyberMaryland Job Fair, October 11, Baltimore visit ClearedJobs.Net or CyberSecJobs.com for details. (Baltimore, Maryland, USA, October 11, 2017) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 11 in Baltimore. Meet leading cyber employers including Delta Risk, Choice Hotels, Lockheed Martin, the NSA and more. Visit ClearedJobs.Net or CyberSecJobs.com for info.

Florida’s Annual Cybersecurity Conference (Tampa, Florida, USA, October 27, 2017) Networking the Future, the Florida Center for Cybersecurity's fourth annual conference, will host hundreds of technical and non-technical stakeholders from industry, government, the military, and academia to explore emerging threats, best practices, and the latest research and trends.

The International Information Sharing Conference on October 31 and November 1 in Washington, D.C. (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the ISAO SO. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations and from information sharing newcomers to well-established cybersecurity organizations.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Wikileaks releases documents it claims detail Russia mass surveillance apparatus (TechCrunch) Wikileaks has released a new cache of documents which it claims detail surveillance apparatus used by the Russian state to spy on Internet and mobile users...

Was China Behind the Recent Holyrood Cyber Attack? (Digit) China has been accused by senior Holyrood figures of being behind the recent 'brute force' cyber attack on the Scottish Parliament.

North Korea's nefarious links to cryptocurrency theft (Security Brief) North Korean state-sponsored actors may be behind campaigns to steal virtual currencies in order to fund the state’s activities.

'Mother' Merkel, who knows how to deal with Russian hacking, set to win German elections (Philly.com) In "Mutti" Merkel, Germany has a leader who can handle Putin and his shenanigans, and is set to win a fourth term.

As Germans prepare to vote, a mystery grows: Where are the Russians? (Washington Post) The country braced for leaks, bots and disinformation. But evidence of meddling has been scant.

How to Wage an Information War (VOA) West needs to avoid losing credibility as it counters Russian disinformation, says former Ukrainian minister, and not trade propaganda for propaganda

Information Warfare: Russia’s “Active Measures.” (Global Security Review) Conceptually, Information warfare is by no means a new concept. However, the broad reach of social media has created an entirely new and highly effective avenue for Russian ‘active measures’ to penetrate into and influence the minds of the American public.

A Google security chief considers the NSA a state-sponsored threat (TechCrunch) Today at TechCrunch Disrupt SF 2017 Google's Manager of Information Security Heather Adkins sat down for a fireside chat. Among the varying topics discussed,..

Equifax - UK impact 'minimal', Argentina hit, execs quit, Co culpable (SC Media UK) In contradictory reports, Equifax Ltd (UK) issued a statement on Friday confirming that UK systems are not affected but some data is

Heads roll, as it's revealed Equifax's IT team knew about web app vulnerability (Graham Cluley) Patches should have been in place, but Equifax's music-loving CSO has been unfairly vilified.

Equifax Exec Departures Raise Questions About Responsibility for Breach (Dark Reading) Disclosed details suggest a failure by the technology team but senior executives and the board are not above responsibility as well, experts say.

Is Equifax starting to get a grip? (Enterprise Times) Is Equifax finally getting a grip as it looks to deal with its data breach, other security incidents and senior officers with poor security awareness

Misleading headlines about Equifax's *earlier* hack (Graham Cluley) Woah! Calm down media. Equifax *did* go public about the earlier incident, and it was reported in the security press.

Equifax Victim? Now What? (Inside Indiana Business) I'm frustrated and mad! I do everything I can to protect my personal information by changing passwords and keeping them secure. Then a major bank, insurance company or credit agency gets hacked! An...

Three Lessons IBM i Shops Can Learn From The Equifax Hack (IT Jungle) The recent Equifax data breach exposed extremely sensitive data of 143 million consumers, putting more than half of Americans at risk. While an IBM i server was likely not involved here, Equifax’s actions – and more importantly, its inactions – can teach IBM i shops something about data security. Just when you thought the string

Red Alert 2.0: New Android Banking Trojan for Sale on Hacking Forums (StormInfoSec) The Recent discoveries of dangerous variants of the Android banking Trojan families, including Faketoken, Svpeng, and BankBot, present a significant threat to online users who may have their login …

Hackers hid malware on CCleaner for a month: Over 2 million infected (CSO Online) The 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were infected with malware. Affected systems need to be restored to a state before Aug. 15, 2017.

Hackers compromised free CCleaner software, Avast's Piriform says (Reuters) Hackers broke into British company Piriform Ltd's free software that optimizes computer performance last month, potentially allowing them to control the devices of millions of users, the company and independent researchers said on Monday.

Software Has a Serious Supply-Chain Security Problem (WIRED) Hackers have targeted software's supply chain in three high profile attacks discovered over the summer.

Attackers Use Undocumented MS Office Feature to Leak System Profile Data (Threatpost) An undocumented Microsoft Office feature allows for spying via specially crafted Word documents—no macros, exploits or any other active content needed.

Locky Ransomware Pushed Alongside FakeGlobe in Upgraded Spam Campaigns (TrendLabs Threat Intelligence Blog) In the beginning of September, a sizeable spam campaign was detected distributing the latest Locky variant.

Pirate Bay Spotted Hosting Monero Cryptocurrency Miner (Threatpost) A cryptocurrency miner surfaced on The Pirate Bay for a day over the weekend.

IBM: Crypto-Mining Attacks Increased Six-Fold in 2017 (Infosecurity Magazine) IBM: Crypto-Mining Attacks Increased Six-Fold in 2017. Vulnerable enterprise servers increasingly targeted

Report: Government among most targeted for web application attacks (Fifth Domain) At 1,184 average attacks per day, government followed only the IT sector (1,346) as the most targeted industry for web application attacks.

Quantum Computing – Risk for Cryptography And Bitcoin? (LeapRate) Quantum computing may be the next big thing. The concept of quantum computing comes from the fact that unlike the...

Infosec weakest links: Negligent employees and poor password policies (Help Net Security) 54% of respondents to a Ponemon Institute study that involved 1,000 IT professionals said negligent employees were the root cause of a data breach.

Security Patches, Mitigations, and Software Updates

‘NBA 2K18’ gets emergency patch to fix data-wiping Xbox One bug (Engadget) 'NBA 2K18' gets an emergency patch to fix a data-deleting bug for Xbox One users hours before the game officially launches.

Cyber Trends

The future of advertising is AI or die (VentureBeat) In today's consumer market, every company needs to be a tech company, and retailers are no exception. Giants like Amazon, Walmart, and Alibaba are racing to redefine the retail experience. They're quickly proving that advancements in both brick-and-mortar and ecommerce capabilities are needed. The problem is, many retailers haven’t implemented the technology necessary to compete. I hear a lot of buzzwords in the tech startup field, but the term that seems to be thrown around most frequently of late is "artificial intelligence."

Marketplace

Worldwide security appliance revenue increased to $3 billion (Help Net Security) Worldwide security appliance revenue increased 9.2% year over year to $3 billion and shipments grew 7.0% year over year to 706,186 units.

U.S. Senate votes to oust Russian security software vendor Kaspersky from federal use (TechCrunch) Following a directive from the Department of Homeland Security last week banning the use of Kaspersky Lab security software in the executive branch, the U.S...

Threat Stack snares $45 million investment as spotlight shines brightly on security (TechCrunch) Threat Stack, the Boston-based security startup that helps companies stay protected in the cloud, reeled in a $45 million investment today. It seems that they..

ManTech International snaps up InfoZen in $180M ‘perfect storm’ (Washington Business Journal) ManTech International Corp. is acquiring InfoZen for $180 million in cash in a deal that brings together two government technology contractors with an eye on the IT modernization business.

$50m deal to keep government websites going in a cyber attack (The Straits Times) Singtel and StarHub are among six firms that have won a multimillion-dollar bulk tender as Singapore further tightens its defence against sophisticated attacks that aim to disable government websites.. Read more at straitstimes.com.

Put Silicon Valley in D.C. With a Cyber Workforce Incubator (Lawfare) It is no secret that Silicon Valley and Washington have dramatically different workplace cultures and attitudes toward risk and technology. In the valley, savvy entrepreneurs look to disrupt the status quo. Meanwhile in Washington, many of our elected representatives and government personnel are stuck decades in the digital past, forced to use equipment that would be better housed in a museum

Former U.S. Department of Defense Special Agent and InfoSec Leader Joins BakerHostetler's Globally Ranked Privacy and Data Protection Team (Baker Hostetler) Former state and federal law enforcement officer Andreas Kaltsounis brings more than 18 years of high-profile government and private consulting experience

Products, Services, and Solutions

Aruba Unveils Security Framework (IT Business Edge) The primary point of any cybersecurity attack is usually an endpoint that in one way or another has been comprised by malware. Aruba, a unit of Hewlett-Packard Enterprise, today announced it has developed a security framework for networks designed to thwart such attacks.

Technologies, Techniques, and Standards

Protecting a Global Telecommunications Company (Recorded Future) Learn about the challenges BT faces when it comes to protecting itself and its clients and the affect upcoming GDPR regulations may have on the company.

Four Key Takeaways from GlobalPlatform’s TEE Seminar (Trustonic) After a busy day hearing from the industry’s trusted execution environment (TEE) experts at GlobalPlatform’s TEE Seminar in Beijing, I’m back to business as usual. Amid the varied use cases, new deployments and vast potential for the TEE to provide security for digital services and devices, there were several stand-out themes and important takeaways for organisations involved in delivering digital services.

Addressing security concerns around connected ecosystems (Help Net Security) The convergence of IoT applications with emerging technologies could help address current security concerns around connected ecosystems.

How Can Data Forensics Help The Fight Against Malware? (Infosecurity Magazine) IT teams need better intelligence, that insight can come from remediation in the form of network forensics.

Cybersecurity training programs your employees won't hate (CSO Online) Training providers offer unique twists to help engage employees on security awareness education and make the process less painful.

Design and Innovation

How Encryption Will Survive the Crypto-Apocalypse (Motherboard) Quantum computing poses a mortal threat to computer security as we know it.

Research and Development

Can the US Military Re-Invent the Microchip for the AI Era? (Defense One) As conventional microchip design reaches its limits, DARPA is pouring money into the specialty chips that might power tomorrow’s autonomous machines.

Embedded security for IoT lies in the chip (IoT Agenda) Embedded security for IoT gives connected devices the smarts they need to recognize rogue data or instructions before they execute.

Toshiba speeds quantum key beyond 10 Mb/s (Optics) Engineers at the Japanese firm push single-photon encryption method with new high-speed detectors.

New Analysis Suggests That Commercial Quantum Computers Are Kinda Slow (Motherboard) D-Wave's quantum annealers face a fundamental limitation when it comes to scaling: temperature.

Academia

Missoula College gains national recognition for cyber defense education (KECI) Missoula College is now the first and only higher education institution in Montana to be designated as a National Center of Academic Excellence in Cyber Defense.

Legislation, Policy and Regulation

Singapore’s Cybersecurity Bill delayed to 2018 (Channel NewsAsia) The Government has extended the public consultation period in response to the interest in the formulation of the Bill, says Minister for Communications and Information Yaacob Ibrahim.

ISI to have more civilians at the top (Dawn) PM approves three new DG posts in grade 21, seven deputy director slots in grade 20.

NY Proposes Regulating Credit Reporting Agencies (New York Law Journal) Following the massive security breach at Equifax Inc. disclosed earlier this month, New York Gov. Andrew Cuomo on Monday proposed new regulations that would ...

DOJ lets itself off the privacy hook (Naked Security) The Department of Justice has excused its insider threat database from multiple provisions of the 1974 Privacy Act

National Guard could be America's next cyber defenders (Washington Examiner) A bill would make Air and Army National Guard members part of the cybersecurity civil support teams to aid states.

Litigation, Investigation, and Enforcement

US government wiretapped Trump campaign chair (CNN) US investigators wiretapped former Trump campaign chairman Paul Manafort under secret court orders before and after the election, sources tell CNN.

John Podesta meets Senate investigators involved in Russia probe (POLITICO) Podesta was seen leaving the secure Intelligence Committee spaces on Monday afternoon.

U.K. police make second arrest in London subway attack case (NBC News) The 21-year-old was arrested in Hounslow in West London just before midnight Saturday, the Metropolitan police said in a statement Sunday.

May: Not 'helpful' for Trump to speculate on London attack (POLITICO) Britain's prime minister was dubious of the president's speculation.

Preventing terrorism: What powers do German security forces have? (Deutsche Welle) In the wake of deadly attacks in Germany and across Europe, the federal government has boosted its security and anti-terror laws. DW looks at the powers German authorities have at their disposal to combat terrorism.

Investors Jumping Into Legal Fray Over Equifax Data Breach (New York Law Journal) Among the lawsuits piling up against Equifax Inc. stemming from the massive data breach that put approximately 143 million consumers' data at risk are propos...

Equifax Hit with Lawsuit (Dark Reading) Victims living or doing business in Florida can send a certified letter to seek relief and still remain in compliance with the state's credit laws, attorney says.

Equifax Executives' Stock Sales Raise 'Fundamental Questions' Tied to Breach (National Law Journal) Equifax Inc. has maintained that three executives were unaware of a massive data breach when they made stock trades on Aug. 1-worth more than $1 millio...

Browser Beware: Second Circuit Sizes Up 'Reasonable Smartphone User' in Uber Dispute (New York Law Journal) In the summer of 2017, over 20,000 people in the United Kingdom agreed to perform unpaid community service—tasks such as picking up animal waste from local parks, cleaning portable toilets, providing hugs to stray cats and dogs, and painting snail shells.

Interview with Edward Snowden: 'There Is Still Hope - Even for Me' (Spiegel) In an interview, whistleblower Edward Snowden discusses his life in Russia, the power of the intelligence apparatuses and how he will continue his battle against all-encompassing surveillance by governments.

Justice official: Feds have expanding role in fighting abusive cybercrime (Fifth Domain) Acting Assistant Attorney General Kenneth A. Blanco delivered the 2017 Cybercrime Symposium Keynote address, with the symposium’s topic being “When Cybercrime Turns Violent and Abusive.” Blanco spent much of the speech calling for more federal and private sector involvement in combating cyberbullying, cyber harassment, cyberstalking, sextortion, doxing and non-consensual pornography.

China arrests yet another alleged Japanese spy (The Japan Times) Chinese authorities arrest Japanese citizen suspected of spying, local state media said.

Former Whistleblower, Lawyer Start Free Law Firm for Federal Workers (National Law Journal) National security lawyer Mark Zaid and former State Department employee John Tye launched Whistleblower Aid on Monday.

Web Cam Child Exploitation Gang Get 171 Years in Jail (Infosecurity Magazine) Web Cam Child Exploitation Gang Get 171 Years in Jail. Final four were sentenced on Friday

“Fake” net neutrality comments at heart of lawsuit filed against FCC (Ars Technica) Lawsuit: FCC ignored public records request for data on mass comment uploads.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cyber Security Conference for Executives (Baltimore, Maryland, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, September 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

Cyber Everywhere: Collaboration, Integration, Automatio (Washington, DC, USA, September 20, 2017) We’ve seen all of the cyber headlines this year – new policies emerging, old policies evolving, the cyber workforce is multiplying, and rapidly growing connected devices are complicating governance. While the Federal government is focused on security, new adversaries and attack vectors still emerge hourly. What are the early grades on the new Administration’s response to the growing cyber threat? How can collaborative tactics and integrated intelligence tools strengthen a proactive cyber defense? Join us at the sixth annual Cyber Security Brainstorm on September 20 at the Newseum to discuss the cyber strategies and opportunities that can keep our Federal government one step ahead at all times.

10th Cyber Defence Summit (Dubai, UAE, September 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create further awareness of cyber security among the youth of the UAE.

Maine Cyber Safety Institute (Waterville, Maine, USA, September 20 - 21, 2017) The Summit intends to help business protect themselves from possible losses. The Information Security Community, representing cyber professionals, found that 54% of anticipated cyberattacks against their organizations would be successful this year. Top causes for this exposure relates to a lack of skilled people, budget, and awareness. New techniques for mobility, using personal devices, and applications represent a more than 60% risk. Only 11% of organizations rate their defenses very effective (Schulze, 2017).

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful information that attendees can develop into an action plan. Key Areas of Focus Include: Strategy, Process Improvement and Alignment, Innovation and Technology; Career Management and Leadership Development.

Connect Security World (Marseille, France, September 25 2017 - September 27 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment.

(ISC)2 Security Congress (Austin, Texas, USA, September 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking organizations. The goal of our conference is to advance security leaders by arming them with the knowledge, tools and expertise to protect their organizations. (ISC)² members are eligible for special discounted pricing and will have opportunities to attend exclusive member events.

Connect Security World (Marseille, France, September 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment. (Note: the call for speakers is open through April 4, 2017.)

SINET61 2017 (Sydney, Australia, September 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to cybersecurity challenges.

O'Reilly Velocity Conference (New York, New York, USA, October 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, October 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals, it is the most participative and productive event of the year. Undoubtedly the world's best annual source of advice in Information Security, COSAC makes available to you, in a fully residential format, presenters and facilitators who are the very best in the world. Collectively they have many hundreds of years of practical experience, have published thousands of major articles and books, and have proven records of success all over the globe.

Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, October 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You need to be aware of the most effective tactics and tools to meet the ever-growing threat. CSX 2017 offers keynote speakers and sessions that dive deep into what you need to know now.

Atlanta Cyber Week (Atlanta, Georgia, USA, October 2 - 6, 2017) Atlanta Cyber Week is a public-private collaboration hosting multiple events during the first week of October that highlight the pillars of the region’s cybersecurity ecosystem and create an opportunity for meaningful interaction between growth oriented cybersecurity companies and our Fortune 1000 client base.

4th Annual Industrial Control Cyber Security USA Summit (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of targeted Industrial Control System cyber attacks, such as those against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity USA meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure

4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the continued threats such as Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransome ware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

CyberSecurity4Rail (Brussels, Belgium, October 4, 2017) Facilitated by Hit Rail, this conference will bring together experts in cybercrime and digital security, plus leaders in ICT and representatives from transport and railway companies, European organisations and international bodies, to discuss the threats and set out a vision for safer, more secure digital communications and data networks in the transport industry. CyberSecurity4Rail will draw on the experience of recent incidents and the expertise of those who are working to protect systems and prevent cyberthreat.

Infosecurity North America (Boston, Massachusetts, USA, October 4 - 5, 2017) Organized by Infosecurity Group, which has provided the global information security community with some of the largest, longest established conferences and expos over the past 22 years including Infosecurity Europe, Infosecurity North America will focus on bringing together the information security community and end users to discuss how to overcome the most pressing cybersecurity challenges today. The topics include malware, cloud security, governance, regulation and compliance, threats, professional development, application security and digital forensics.

Hacker Halted (Atlanta, Georgia, USA, October 9 - 10, 2017) The theme for Hacker Halted 2017 is The Art of Cyber War: Lessons from Sun Tzu. 2,500 years ago, Sun Tzu wrote 13 chapters on military strategy. Fast forward to today and we are still learning from those chapters and applying them in our newfound digital age. In an age where war is waged over cables and microchips instead of battlefields, one challenge is defining what war is and when war should be declared. Boundaries are being eroded as the globalization of technology continues its march across our physical landscape. Come learn strategies for Cyber War: Hacker Halted 2017.

European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) The Fourth Industrial Revolution is in full swing, giving a strong impulse to the growth of Europe’s innovation-driven economy that can compete with world’s economic superpowers. Let’s start the dialogue together to unlock our potential and use the opportunities ahead. CYBERSEC’s mission is to foster the building of a Europe-wide cybsersecurity system. Our goal is to create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

2017 ISSA International Conference (San Diego, California, USA, October 9 - 11, 2017) Each day, cyber threats become increasingly intricate and difficult to detect. Over the past year, we saw that with the rise of device connectivity came boundless opportunities for malicious hackers to attack device vulnerabilities. No cyber security professional can become an expert on these digital dangers without continued efforts to educate themselves on the industry’s latest trends and technologies. We look forward to welcoming you and as many as 900 of your colleagues and peers in San Diego as we discuss topics ranging from incident response to application security to business skills for the information security professional. Join us at the 2017 ISSA International Conference and we’ll help you navigate the Digital Danger Zone.

Maryland Cyber Day Marketplace (Baltimore, Maryland, USA, October 10, 2017) Hundreds of cybersecurity providers and buyers in one location on one day. Maryland Cyber Day Marketplace provides the opportunity for cybersecurity buyers to connect with, get to know and purchase cybersecurity solutions from Maryland's cybersecurity providers. This event combines face-to-face meetings, technology demos, brief educational sessions, "Ask an Expert" information stations, networking with a keynote and a wrap-up luncheon.

Cyber at the Crossroads (Adelphi, Maryland, USA, October 10, 2017) Join the Cyber Center for Education & Innovation (CCEI), Home of the National Cryptologic Museum (NCM) for a one-day symposium of renowned national cybersecurity leaders, including experts from past and current administrations, the U.S. military, industry, and academia for a discussion of the past, present, and future of the security of our nation’s cyber infrastructure.

ManuSec USA (Chicago, Illinois, USA, October 11 - 12, 2017) This series will bridge the gap between the process control and corporate IT senior level professionals, allowing them to discuss challenges, critical issues and debate best practice guidelines.

CyberMaryland (Baltimore, Maryland, USA, October 11 - 12, 2017) Maryland is recognized as a cybersecurity leader - nationally and internationally. The state has developed cybersecurity experts, education and training programs, technology, products, systems and infrastructure. With over 10 million cyber hacks a day resulting in an annual worldwide cost of over $100 billion, the United States is at risk. Ensuring that our nation has the workforce, technology and resources to protect our citizens, businesses, infrastructure, intellectual property and more is of paramount importance. Maryland continues to be a leader on this front.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

WikiLeaks dumps Russian docs? State actors. Equifax update. Software supply chain, Industry notes.