The CyberWire Daily Briefing 10.24.17

Summary

By The CyberWire Staff

Brief denial-of-service attacks interrupted vote-counting in Czech parliamentary elections as the government had to take down two sites temporarily, but effects seem transitory and of little consequence. It's unknown who was responsible.

People are still waiting for the Reaper (or "IoTroop") botnet to unleash its expected distributed denial-of-service hurricane, but so far Reaper remains the cyber equivalent of a just forming tropical depression. The Mirai botnet to which Reaper is being compared incorporated about half-a-million IoT devices—Reaper is thought to have accumulated at least twice that many. Its bot-herding differs from Mirai's: where Mirai relied on exploiting default or hard-coded passwords, Reaper uses at least nine known vulnerabilities present in the products of more than ten device manufacturers.

"Oh you silly APT28, show some respect," is Bleeping Computer's admonition to the Russian hackers who phished for people likely to attend the upcoming CyCon conference on cyber conflict. Apparently few have taken the bait. We get the joke, but before we're willing to second APT28's nomination for a Pwnie Award, we'll wait and see. Kids swallow the darndest phishbait.

Kaspersky's offer to subject its source code to independent public review is about as much as the security firm can do to recoup reputational damage sustained from a US Government ban, Observers are skeptical that this will work: a code audit wouldn't preclude compromise by, or collaboration with, intelligence services, and those are the fundamental concerns that customers have.

The US FBI reengages in the cryptowars, still on the anti-encryption side.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, Czech Republic, Germany, Iraq, Kenya, Russia, Syria, United States

Maturing a threat intelligence program.

Whether you are getting started with threat intelligence or seeking to expand an existing program, the Threat Intelligence Maturity Model provides a systematic guide to help you understand where your organization resides on the path to a mature threat intelligence program. Download this white paper to learn how to apply threat intelligence to identify adversaries, prioritize your efforts, and take decisive action to keep your business on course.

On the Podcast

In today's podcast, we hear from our partners at Webroot, as David DuFour discusses trends in phishing. Our guest, Phil Neray from CyberX, reviews his company's Global ICS & IIoT Risk Report, which is being released today.

Sponsored Events

Earn a master’s degree in cybersecurity from SANS (Online, October 30, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Monday, October 30th, at 3:00 pm ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Cyber Security Summit: Boston and Los Angeles (Boston, Massachusetts, USA, November 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 8 in Boston and November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Selected Reading

Dateline

ICS Security: Safety and Availability (The CyberWire) Industrial control system security has distinctive features that set it apart from other regions of cybersecurity. Here as nowhere else concerns are dominated by safety and availability.

What do you do when you can't patch? (The CyberWire) Patching software is a fundamental part of sound digital hygiene. Unfortunately, with industrial control systems, patching is seldom as straightforward as it is with IT systems generally considered (and even there it's not always an easy or unproblematic process). So where patching is impractical or impossible, what alternatives do ICS operators have?

Automated Indicator Sharing (The CyberWire) The US Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC) manages the Automated Indicator Sharing (AIS) system to facilitate sharing of cybersecurity indicators. An overview from NCCIC Project Manager Omar Cruz discussed how industry can benefit from AIS.

Thinking like an attacker (The CyberWire) To move beyond compliance to risk management in industrial control systems, CyberArk's Brandon Traffanstedt said you should think like an attacker. This becomes especially clear when one considers that, according to Traffanstedt, fifty-three of one hundred-fifty-nine successfully intrusions the US Department of Energy sustained between October 2010 and October 2015 were root compromises in which the attackers gained administrative privileges in Energy Department systems. He offered a framework for reducing the attacker's ability to access systems, establish persistence, move laterally, and escalate privilege.

Mocana Joins Leading Silicon Vendors to Protect the Internet of Things (GlobeNewswire News Room) Industrial IoT Security Leader to Support Platform Security Architecture from Arm

Nozomi Networks Answers the Call for Advanced ICS Threat Detection and IT/OT integration with Latest Release (Nozomi Networks) Delivers the industry’s first hybrid ICS threat detection. Advances solutions for IT/OT integration; and offers industry’s only solution to support MSSPs with multitenant architecture.

Skybox Security and SecurityMatters Join Forces to Secure Industrial Networks (GlobeNewswire News Room) Seamless visibility and analysis of hybrid IT and OT networks will help critical infrastructure protect against the increased cyberthreat

Canada worried about infrastructure hacks: intelligence official (Reuters) The Canadian government is "really worried" about cyber attacks that have targeted critical infrastructure and has helped companies improve their defenses without disclosing hacks to the public, a senior intelligence official said on Monday.

US Critical Infrastructure Target of Russia-Linked Cyberattacks (Dark Reading) Attacks have been under way since May, targeting energy, nuclear, aviation, water, and manufacturing, FBI and DHS say.

DHS Alert on Dragonfly APT Contains IOCs, Rules Likely to Trigger False Positives (Threatpost) A DHS/FBI alert TA17–293A, describing the activities of a Russian APT may contain signatures and rules likely to trigger false positives in some security systems

Cyber Attacks, Threats, and Vulnerabilities

DDoS attack takes down two Czech Parliamentary Election Websites (TEISS) The two Czech Parliamentary Election websites were temporarily down followed the DDoS attack but the overall progress of the elections was not affected.

New digital ‘hurricane’ churns, gathering strength to land blow on the internet (Kansas City Star) At least a million organizations have devices enslaved into a zombie botnet army, awaiting orders on where on the internet to strike, cybersecurity firm says.

Reaper malware outshines Mirai; hits millions of IoT devices worldwide (HackRead) Last year the world was startled when Mirai malware managed to infect a whopping 500,000 IoT devices and formed a massive army of botnets and then disrupte

Reaper: Calm Before the IoT Security Storm? (KrebsOnSecurity) It’s been just over a year since the world witnessed some of the world’s top online Web sites being taken down for much of the day by “Mirai,” a zombie malware strain that enslaved “Internet of Things” (IoT) devices such as wireless routers, security cameras and digital video recorders for use in large-scale online attacks.

Reaper Botnet Malware - What Is It and How to Protect IoT Devices (How to, Technology and PC Security Forum | SensorsTechForum.com) What is Reaper Botnet Malware? Which IoT (Internet-of-things) devices does the Reaper Botnet malware affect? How to protect yourself from Reaper malware?

Russian Cyberspies Carry Out the Silliest Cyber-Espionage Campaign of the Year (BleepingComputer) A Russian cyber-espionage group has tried to infect security researchers with malware via a spear-phishing campaign that can easily receive a Pwnie Awards nomination for one of the year's biggest epic fails.

Russia-Backed Hackers Use US Cyber Conflict Conference as a Bait (Wccftech) Russia Backed Hackers Use Cyber Conflict Conference in Washington to Infect High Profile Targets in US Military & Intelligence

Cyber security 1: Satellite constellations' mass markets come with vulnerability (Space Intel Report) Cyber security experts said the arrival of multiple satellite constellations threatens to make satellite networks just as vulnerable as terrestrial systems, with potentially disastrous consequences. The democratization of the satellite sector — many players, off-the-shelf technologies and a “build your own satellite” approach — is likely to wipe out the advantage …

Beware fake Android cryptocurrency trading apps on Google Play (Help Net Security) Cybercriminals are increasingly targeting users by placing fake Android cryptocurrency trading apps for download on Google Play.

Office DDE attack works in Outlook too – here’s what to do (Naked Security) DDE attacks can be run from within Outlook emails and calendar invites

Banking smart cards vulnerable to cryptographic attack (Computing) Gemalto smartcards widely used by banks are being targeted by cyber criminals,Hacking ,Roca,cyber attack,Security,Infineon,Gemalto

Why Cryptojacking Is The Next Big Cybersecurity Threat (Fortune) The cybercrime trend is more common than you might think.

Proud to keep on protecting – no matter the false allegations in the U.S. media. (Nota Bene) I doubt you’ll have missed the unrelenting negative news coverage about KL of late. The most recent accusation is that alleged Russian hackers and the hidden hand of the Kremlin have somehow used our products to spy on American users and pilfer their secrets.

Kaspersky: security firm tries to win back trust after Russian spying scandal (Guardian) New transparency initiative aims to open up software and security practices to independent auditors to prove firm’s antivirus program is safe

Kaspersky to open security code, but will it restore trust? (ABC News) Moscow-based cybersecurity firm Kaspersky Lab, battered by suspicion of Russian government influence, wants to reassure customers by opening up its software's underlying code for outside review. But security experts and some U.S. politicians say the move is mostly meaningless. In September,...

Kaspersky code review doesn’t solve the spying problem (CSO Online) Earlier this month, a report in The Wall Street Journal says that hackers working for the Russian government used Kaspersky's Anti-Virus software to steal documents from a contractor's computer. The company denies any involvement, and plans to open their software up to review in order to prove it's safe. But the former Deputy Director of the National Security Agency says this doesn't address the underlying issue.

Unpatched Bugs Rampant on Mobile Devices in Financial Services Firms (Dark Reading) More than a quarter of mobile devices used by financial services employees carry known vulnerabilities, according to a recent report.

Crime keeps pace with rise in cryptocurrency prices (Financial Times) Technical advances play into extortionists’ hands, warns cyber security group

How much do you know about impostor email scams? (Silicon Republic) With cybercrime on the rise for businesses, it’s wise to be aware of the different varieties of impostor email threats.

Facebook security chief stands by “college campus” comments (Naked Security) Stamos took to Twitter to clarify his leaked remarks

London Plastic Surgeon to the Stars Victim of Cyber Attack (E! Online) London Bridge Plastic Surgery says police have launched an investigation

Security Patches, Mitigations, and Software Updates

Windows 10's "Controlled Folder Access" Anti-Ransomware Feature Is Now Live (BleepingComputer) With the release of Windows 10 Fall Creators Update last week, the "Controlled Folder Access" that Microsoft touted in June is now live for millions of users.

Microsoft tears into Chrome security as patching feud continues (Naked Security) Everybody wins as Google and Microsoft’s security one-upmanship continues

Cyber Trends

Young Adults More Likely to Fall for Phishing Scams (Infosecurity Magazine) Young Adults More Likely to Fall for Phishing Scams. Get Safe Online finds over-55s are more cautious online

Exclusive interview: Sailpoint talk about the evolution of identity (Security Brief) Identity and Access Management (IAM) is becoming increasingly important for a number of reasons within large organisations and IT departments.

Marketplace

KnowBe4 Expands Its Security Vision With the Acquisition of Securable.io (PRWeb) The addition allows for a more personalized approach to security awareness training.

Cisco buys BroadSoft for $1.71 bln in software push (Reuters) Cisco Systems Inc (CSCO.O) will buy software company BroadSoft Inc (BSFT.O) for $1.71 billion, it said on Monday, in a deal that boosts Cisco's collaboration tools and helps the company diversify its offerings away from switching and routing.

Cisco's BroadSoft Purchase Could Be Followed By Other Surprising Software Deals (Real Money) The networking giant's $1.9 billion deal to buy BroadSoft was eyebrow-raising in multiple respects. Here are some other names Cisco could target if it's willing to think big.

Rubica start-up targets wealthy with personal cyber insurance (Financial Times) Service offered to individuals not companies promises $1m protection

Two-year DHS DOMino contract protest saga concludes (Defense News) GAO has denied Northrup Grumman’s third protest of the DOMino contract award, allowing Raytheon and DHS to begin work under the contract.

Guardtime and Intrinsic ID Awarded Dutch Government Contract for Distributed Energy Marketplace via a Decentralized Trading Platform (PRWeb) Joint development will deliver secure distributed trading platform, enabling consumers to trade excess energy

Tech Firms Seek Washington’s Prized Asset: Top-Secret Clearances (Bloomberg) Under siege for letting their platforms be co-opted by Russian hackers during the 2016 election, Silicon Valley companies are learning what many businesses with interests in Washington have long known: It pays to have staff with government security clearances.

Need a Cybersecurity Job? Indiana Has Plenty of Those (93.1 WIBC) The state's first cyber-security job fair is set for Oct. 26 at the Indiana Government Center.

ClearedJobs.Net and CyberSecJobs.com Announce 2017 Best Recruiters (Business Insider) ClearedJobs.Net and CyberSecJobs.com, veteran-owned defense, intelligence and cyber security career sites and job fair companies, announce their ninth annual Best Recruiters.

Products, Services, and Solutions

Netskope Context-Aware Information Rights Management Program Provides Protection That Follows the Data (PRNewswire) Netskope, the leader in cloud security, today announced the Netskope...

GuardiCore Announces Availability of Centra Security Platform on AWS Marketplace - GuardiCore - Data Center and Cloud Security (GuardiCore - Data Center and Cloud Security) Provides Enterprise Customers with a Simple, Flexible Approach to Securing Hybrid Cloud Environments as Part of its Broader Cloud Service Through AWS Marketplace San Francisco, CA and Tel Aviv, Israel – GuardiCore, a leader in internal data center and cloud security, today announced the availability of its award-winning data center and cloud security solution on AWS …

Samsung SDS America Adds BioCatch Behavioral Biometrics to Nexsign™ Platform to Enable Secure, Frictionless Mobile Experiences (PRNewswire) BioCatch, the global leader in behavioral biometrics, announced today that it...

Securing the Nation's Water: WaterISAC and Perch Security Partner to Improve Water/Wastewater Utility Cybersecurity (PRNewswire) The Water Information Sharing and Analysis Center...

Cytellix provides NIST SP 800-171 compliance-based cybersecurity services (SecurityInfoWatch.com) DOD manufacturers must be compliant by December 31, 2017

The Cloud Native Computing Foundation adds two security projects to its open source stable (TechCrunch) The Cloud Native Computing Foundation (CNCF) is probably best known for being the home of the Kubernetes container orchestration project, but there plenty of..

BrainChip Ships First BrainChip Accelerator To a Major European Car Maker for Evaluation in ADAS and AV Systems (Design And Reuse) BrainChip, a leading developer of software and hardware accelerated solutions for advanced artificial intelligence (AI) and machine learning applications, today announced that it has shipped its first BrainChip Accelerator card to a major European automobile manufacturer.

Technologies, Techniques, and Standards

A Second Bitcoin Fork Is Looming and Battle Lines Are Being Drawn (Motherboard) Bitcoin, Bitcoin Cash, and soon... Bitcoin Gold.

Cloud security: How CIOs deal with the risks (Computing) A panel of CIOs at a recent Computing event discuss their strategies for mitigating risks to their data in the cloud,Cloud and Infrastructure,Services and Outsourcing,Security ,Cloud,I,CIO,Cyber security,Forcepoint

The 10 misconceptions of using a policy-based approach for access control (Help Net Security) Attribute Based Access Control is the evolution from simple access control lists and role-based access control, to a highly flexible system.

Two-star: Every soldier must be a cyber defender (Army Times) Maj. Gen. Patricia Frost talks about priorities and what's ahead for the growing Army cyber force.

Arm isn't saying IoT firmware sucks but it's writing a free secure BIOS for device makers (Register) Take the hint, manufacturers of weak kit

Design and Innovation

Facebook downplays test banishing all Pages to buried Explore Feed (TechCrunch) Facebook has caused a 60-80 percent drop in referral traffic to news outlets in six countries due to a test that removed Page posts from the News Feed and..

Representative asks internet CEOs to explain ‘absurd’ content policies (TechCrunch) Facebook, Google and Twitter are under great scrutiny lately for their rather inconsistent approaches to moderating content on their platforms, and..

How You Swipe and Hold Your Phone Could Be a Clue to Stop Fraudsters (Fortune) Meet "behavioral biometrics."

A Decentralized Dispute Resolution Platform Emerges on the Blockchain (Cointelegraph) Jury.Online is creating a protocol for interaction between judges and parties, as well as a transparent, secure and convenient platform for making deals using Blockchain and modern cryptographic systems

Research and Development

How to quantum secure optical networks (Fibre Systems) Will quantum-resistant encryption be enabled by quantum technology or mathematics? Helmut Griesser examines technologies for the post-quantum world

Academia

New cybersecurity master's program approved at Hood College (The Frederick News-Post) Hood College has gained approval from the Maryland Higher Education Commission for a new master’s degree program in cybersecurity.

CyberPatriot Breaks Registration Record Again (Business Insider) The Air Force Association’s (AFA) CyberPatriot program announced today that it has registered 5,584 teams for its tenth season of the National Youth Cyber Defense Competition, a 26 percent increase from the 2016-2017 competition year.

Legislation, Policy and Regulation

Call to tighten UK law over data breaches (TechCrunch) Consumer group Which? is unhappy with the U.K. data protection bill and has called on the government to amend the draft legislation to allow third-party..

Deputy CTO Rob Palmer leaving DHS (Fedscoop) Department of Homeland Security Deputy CTO Rob Palmer is leaving this week, after more than eight years of federal service, FedScoop has learned. His last day will be Oct. 28, he confirmed. He told FedScoop he will be joining a new cybersecurity services firm, ShorePoint, adding he would have more to share about those plans when it …

Litigation, Investigation, and Enforcement

Kenya Braces for a Disaster of an Election (Foreign Policy) Amid unprecedented uncertainty, this week’s rerun presidential vote could get very ugly.

Mueller now investigating Democratic lobbyist Tony Podesta (NBC News) The probe of Tony Podesta, brother of Hillary Clinton's campaign chair, grew out of Mueller's look into the finances of ex-Trump campaign chair Paul Manafort.

Hopes Dim for Congressional Russia Inquiries as Parties Clash (New York Times) Three congressional investigations into Russian interference in the 2016 election have run into serious obstacles, and definitive conclusions are now unlikely.

Germany terrorism prosecution cases soar: report (Deutsche Welle) A nearly four-fold increase in terrorism-related cases is stretching the manpower of federal prosecutors. So far this year nearly 900 terrorism cases have been opened.

Generation ISIS: Syrian parents deal with children brainwashed by ISIS (NBC News) Families grapple with the effect the ISIS school system has had on their children and the reality of what could be a generation of radicals.

FBI director: Unbreakable encryption is a “huge, huge problem” (Ars Technica) “I get it, there’s a balance that needs to be struck,” Christopher Wray said.

FBI couldn't access nearly 7K devices because of encryption (Fifth Domain) The FBI hasn’t been able to retrieve data from more than half of the mobile devices it tried to access in less than a year, FBI Director Christopher Wray said Sunday, turning up the heat on a debate between technology companies and law enforcement officials trying to recover encrypted communications.

BAE Systems says it lost 1,000-page Parliament House security manual (Guardian) Defence contractor, which is on shortlist to win a $35bn navy frigates contract, says mistake will not be repeated

What In-House Counsel Are Doing to Prepare for the GDPR (Corporate Counsel) With the European Union's General Data Protection Regulation set to go into effect in less than a year companies and in-house counsel have been considering the implications—and the massive potential fines—for some time now. The May 2018 date is looming so what are legal departments doing to prepare?

Third Man Pleads Guilty to “Celebgate” iCloud Attacks (Infosecurity Magazine) Third Man Pleads Guilty to “Celebgate” iCloud Attacks. Scores of celebs fell for simple phishing campaign

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government and private sector decision makers, buyers, and influencers in order to meet and do business and to advance resilience against cyber attack.

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive comprehensive guidance and best practices for establishing and managing an Insider Threat Program. Anyone concerned with employee threat identification and mitigation will gain valuable knowledge from attending meetings. This meeting will focus on human resources interaction with an insider threat program and behavioral indicators of insider threat.

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Los Angeles is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems. The conference will also promote essential collaboration between decision makers and technology experts, in order to streamline solutions to resist cyber threats and attacks.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling with security concerns. INsecurity will feature some of the industry’s most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation.You’ll have a chance to meet colleagues in the cybersecurity profession to discuss the everyday challenges you face in protecting enterprise data. And you’ll get in-depth insights on how other organizations perform security best practices, and how they manage their teams.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department, and real-life methods that you can use to shore up your own enterprise defenses. It will also feature some of the industries most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation. Use Promo Code CYBERWIRE100 for $100 off the current rate.

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity building. The fifth conference, planned to be the biggest in magnitude, shall take place at New Delhi, India on 23-24 November 2017.

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain and third party risk, incident response, integrating of cyber security and safety, IT and OT convergence, Security Operations Centres and much more as we further develop our collective insight in how we can mitigate risk and develop resilient end to end networks capable of delivering safety and value to all stakeholders.

Cyber Security Opportunities in Mexico Webinar (Washington, DC, USA, November 15, 2017) Learn about the cyber security opportunities in Mexico. Mexico is ranked 28th out of 164 countries in the ITU's 2017 Global Cyber Security Index. Companies spend approximately 3.5% of their IT budgets on cyber security products and services. Currently, the cost to Mexico's overall economy imposed by cyber attacks is more than US$3 billion. The country is a manufacturing powerhouse and is increasingly implementing automated processes. It is also highly integrated with the global financial system.

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape.

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors.

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees can expect up to three days of professional skills training prior to the two-day main conference. All content will be delivered by some of the world's most knowledgeable and influential IT security experts in private, public, and research sectors.

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This black-tie event will celebrate the accomplishments of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used to help sustain and grow the Institute’s research, publications, and educational activities for the communities it serves.

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for presenting cutting-edge, practical, and balanced training for cyber security lawyers, in-house legal personnel, cyber security service providers, law enforcement, military, members of the bar, bench, and ambassadors and consul generals from all over the world.

Fourth Annual JLCW Conference (New York, New York, USA, November 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues.

SINET Showcase 2017 (Washington, DC, USA, November 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event showcases the SINET 16, the annual list of the most innovative young companies in the industry.

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information exchange across the cyber community, and includes participation from military, government, academia, and industry from around the world. The conference promotes security initiatives and furthers research on cyber threats and opportunities. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of engaging sessions and intense networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.