The CyberWire Daily Briefing 2.17.17

Summary

By The CyberWire Staff

Hybrid conflict, with its ambiguities and fog, continues in Eastern Europe. Deutsche Welle reports a Russian disinformation campaign in the Baltic, with phoney news stories planted alleging that German soldiers on NATO deployments have been responsible for a wave of assaults in Lithuania. Researchers at CyberX look at a cyber campaign in Ukraine (possibly criminal, possibly state-directed, possibly a mix of the two) that's been responsible for a widespread spyware infestations in Ukrainian businesses. More than seventy enterprises are said to have been affected by what CyberX is calling BugDrop. Synack researchers have been taking a look at tools that appear to have recently eaked from Fancy Bear's paws, and they conclude that those tools look a great deal like lawful intercept products from Hacking Team. (Fancy Bear is generally believed to be Russia's GRU.) Synack sees a "weirdness" in the code that suggests a copy-and-paste job.

Bitdefender believes it's found evidence that there's now a variant of Fancy Bear's X-Agent malware that targets MacOS.

Senior US officials, including the Vice President and the Secretaries of State and Defense are making the diplomatic rounds in Europe, and cyber matters have inevitably arisen during their discussions. Secretary of Defense Mattis said "there's very little doubt" that Russia has interfered with elections. (One might add that historically it's not just Russia.)

Panda Labs reports a new criminal hack, "RDPPatcher," which simply sells third-parties access to a victim computer.

Cato Networks describes "Ticketbleed," a vulnerability whose exploitation could let attackers intercept SSL traffic.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Austria, Cambodia, Canada, China, Germnay, Indonesia, Iran, Democratic Peoples Republic of Korea, Republic of Korea, Laos, Lithuania, Myanmar, Philippines, Russia, Saudi Arabia, South Africa, Ukraine, United Kingdom, United States, and and Vietnam.

A note to our readers: we'll be taking Monday off as we observe the US Federal holiday Presidents Day. We'll be back as usual Tuesday, February 21st, 2017, with some wrap-up coverage of RSA in addition to our regular news and notes. Enjoy the long weekend if you're celebrating with us.

On the Podcast

Attention bookworms: today's podcast features some thoughts on your reading life. Our partners at Palo Alto Networks make an appearance in the form of reflective security maven Rick Howard, who updates us on the recommended reading in Palo Alto's Cybersecurity Canon. We also hear from our guest, Gary Hayslip, who's not only the City of San Diego's CISO, but also coauthor of The CISO Desk Reference Guide.

Interested in some big-picture informed speculation about 2017? Give the special prognostication edition of our podcast a listen. In this one we speak with industry experts and editors covering the cyber beat to get their take on the outlook for 2017 in cyber security.

Sponsored Events

E8 Security (Chronicle Books Metreon, San Francisco, CA, USA, February 15, 2017) E8 Security Invites You To An Exclusive Book Signing and Cocktail Party at RSA with Author Gary Hayslip

Hacking The Home (Fulton, MD, USA, February 26, 2017) DataTribe, a startup crucible for entrepreneurs, is sponsoring a February 2017 Hacking the Home contest. Teams will be competing to develop new product functionality, integrations, skills, and/or exploits around the growing ecosystem of home automation devices.

Selected Reading

Dateline

Photos: RSA Conference 2017 Expo, part 2 - Help Net Security (Help Net Security) RSA Conference 2017 is underway at the Moscone Center in San Francisco. Here are a few photos from the Expo floor. Featured companies: Dome9 Security, Bitg

RSA Conference goes smaller, focuses more on timeless problems (SD Times) Issues like static analysis and machine learning were brought up at this year's conference

Current national defense models don’t work in cyberspace (Fifth Domain | Cyber) Former presidential cybersecurity adviser Michael Daniel walks through the various models for national defense, then explains why none of them work in cybersecurity.

Setting Expectations Between States on Cyberwar (Threatpost) A RSA Conference panel tackles the difficulty in defining cyberwar.

RSAC17: Cyber defence involves all levels of society, says Microsoft (ComputerWeekly) Microsoft calls for a global convention on cyber security and an independent organisation to keep nation state attackers in check.

Global geopolitical changes driving encryption adoption (Help Net Security) Recent geopolitical changes have made people and organizations worry about the privacy of their data, and consider increasing their use of encryption.

7 tips to turn threat data into true threat intelligence (Computerworld) Threat intelligence can be your best friend or your worst enemy. Here are some tips to make sure you are making the most of it.

Alphabet's Eric Schmidt: Security Is Key For Preserving Internet As We Know It (CRN) The executive chairman of Google's parent company, Eric Schmidt, said at the 2017 RSA Conference that security is a key factor preserving the openness of the Internet, as well as further innovations in artificial intelligence and machine learning.

Google Tells RSA Show Audience How it Secures a Billion Android Users (eWeek) How Google secures over a billion Android users; Amazon moves into teleconferencing business with Chime; Former NSA chief optimistic about cloud security; and there's more.

RSA 2017: Palo Alto Networks CEO, Cisco VP Call For Next Iteration Of Platform Security (CRN) Palo Alto Networks CEO Mark McLaughlin and Cisco Security Group Vice President David Ulevitch called for the "platform of the future," which leverages visibility, analysis, enforcement and automation to get ahead of threats.

Trump reps skip big cyber security conference, a break with past (USA TODAY) The White House was expected to release its executive order on cybersecurity during RSA.

Cyber steers clear of tech vs. Trump feud (TheHill) Cybersecurity companies are steering clear of the growing feud between President Trump and Silicon Valley, underscoring their willingness to continue to do business with the federal government.

Security Central: RSA Cybersecurity Conference Reveals Inconvenient Truths, Organizations Lack Proper Technology to Thwart Attacks (VAR Guy) This week’s Security Central takes a look at key takeaways from the 2017 annual RSA cybersecurity conference, peeks inside a new Tripwire study highlighting the reality that organizations lack the technology to address top attack types, and peeks inside the new tool from Mimecast designed to combat internal email threats.

New Pulse Secure Access Suite strengthens security, simplifies management and reduces cost of deploying Secure Access (Yahoo! Finance) Delivers a complete Secure Access Solution for mobile, cloud and data center Available in three editions to meet the diverse needs of any organization

Insider threat solution for rapid response to in-progress attacks (Help Net Security) CyberArk announced advanced insider threat detection capabilities available through the CyberArk Privileged Account Security Solution.

Bitglass announces integration with Trustwave Managed Security Services (Help Net Security) Bitglass announced new integration with the Trustwave Managed Detection service, enhanced to support events, additional threat intel from CASB providers like Bitglass.

CipherCloud Wins Nine 2017 Info Security Products Guide (ISPG) Global Excellence Awards at RSA 2017 (Yahoo! Finance) CipherCloud, the industry pioneer and leader in cloud security, data protection and governance, today announced that it has been named a winner in nine different award categories, including ...

Splunk Customers Find Threats Faster with Adaptive Response (Yahoo! Finance) Splunk Inc. , provider of the leading software platform for real-time Operational Intelligence, today announced five new members of the Splunk Adaptive Response Initiative.

Netskope Recognized as Leader in Cloud Security for the 2017 Cyber Defense Magazine InfoSec Awards (PRNewswire) Netskope, the leader in cloud security, today announced that Cyber...

Cylance and CylancePROTECT Recognized for Innovation by Cybersecurity Excellence Awards and CDM InfoSec Awards (Yahoo! Finance) Cylance® Inc., the company replacing traditional antivirus with AI-powered prevention that blocks everyday malware along with today’s most advanced cyber threats, announced company and product recognition as Most Innovative Cybersecurity Company in the Cybersecurity Excellence Awards and Most-Innovative

CrowdStrike Wins 2017 SC Award for Best Security Company and Best Behavior Analytics/Enterprise Threat Detection (SAT PR News) CrowdStrike, the leader in cloud-delivered endpoint protection, today announced that the company was recognized by the 2017 SC Awards as Best Security Company and Best Behavior Analytics/Enterprise Threat Detection. Awards were announced at the SC Awards 2017 ceremony on February 14, 2017 in San Francisco.

eSentire Takes Home Excellence Award for Best SME Security Solution at 2017 SC Awards (Marketwired) Company's managed detection and response service honored with cybersecurity's gold standard of excellence

TopSpin Security honored in Multiple Categories in 2017 Info Security PG's Global Excellence Awards (Yahoo! Finance) TopSpin Security, Inc., the leader in intelligent deception and detection solutions, today announced that Info Security Products Guide, the industry's leading information ...

ERPScan is Best Solution for Security Monitoring According to Cybersecurity Excellence Awards (PR.com) ERPScan Security Monitoring Suite for SAP won the Cybersecurity Excellence Award as the best solution for Security Monitoring.

Products highlighted by recent infosec awards (Help Net Security) Bitglass was named by Cyber Defense Magazine the winner of the Hot Company award in the Cloud Security Solutions category. Bitglass is a Cloud Access Secur

Cyber Attacks, Threats, and Vulnerabilities

Spies used malware to eavesdrop on Ukrainian businesses and media, researchers say - Cyberscoop (Cyberscoop) Security researchers have found that a mysterious hacking group is spying on dozens of Ukrainian businesses by infecting their computers with highly sophisticated malware that allows for eavesdropping and data exfiltration. The espionage campaign successfully compromised at least 70 victims, according to research published Wednesday by threat intelligence firm CyberX. Dubbed BugDrop, the clandestine hacking collective …

DNC Hackers Are Using Apple Mac Spyware Code From FBI Surveillance Vendor, Claims Ex-NSA Researcher (Forbes) Earlier this week, malware said to belong to the Russian group behind the hack of the Democratic National Committee, known as APT28 or Fancy Bear, leaked online.

NATO: Russia targeted German army with fake news campaign (Deutsche Welle) Emails accusing German soldiers stationed in Lithuania of rape were sent to local news outlets and the parliamentary president. NATO officials allege that Russia is targeting the military alliance.

Mattis: 'Very little doubt' Russia has interfered in elections (The Hill) Defense Secretary James Mattis on Thursday said that there was "very little doubt" Russia has attempted to interfere in democratic elections in the past.

Lone hacker Rasputin breaches 60 universities, federal agencies (ZDNet) Rasputin has danced around the defenses of organizations from NYU and Oxford to the Oklahoma state government.

RDPPatcher, the Attack that Sells Access to your Computer at a Low Price (Panda Security Mediacenter) PandaLabs has discovered a new attack whose aim in not data theft, nor encryption, but rather to sell access to your computer to third parties.

Security researchers at Bitdefender find evidence of X-Agent malware variant for macOS (O'Grady's PowerPage) The malware that may have swung the U.S. presidential election could be on its way to a Mac near you. Security researchers have discovered a macOS malware program that’s likely part of the arsenal …

Mac Malware Linked to Infamous Russian Cyber-Espionage Group (BleepingComputer) Russian cyberspies known as APT28 have created a Mac version of their famous XAgent (X-Agent, Sofacy) malware, which already has versions for Windows, iOS, and Android.

Ticketbleed Undermines SSL Security (Cato Networks) The recent report that F5’s Big-IP leaks memory once again underscores the risks of relying heavily on security appliances. The exploit, called “Ticketbleed” could enable attackers to intercept SSL traffic.

The Rise in SSL-based Threats (Cloud Security Solutions | Zscaler) The majority of Internet traffic is now encrypted. With the advent of free SSL providers like Let’s Encrypt, the move to encryption has become easy and free.

Hermes Ransomware Decrypted in Live Video by Emsisoft's Fabian Wosar (BleepingComputer) Today Fabian Wosar decided to live stream his analysis of the new Hermes Ransomware. It was a pleasure surprise when it was discovered that the ransomware could be decrypted and Fabian quickly demonstrated how to generate a key and create a decryptor. This article contains further technical analysis of the Hermes ransomware.

Cerber Ransomware Doesn't Encrypt Files Belonging to Security Products (BleepingComputer) A variant of the Cerber ransomware spotted in the wild in the past month contains a function that searches for locally-installed security products and avoids encrypting their files, so firewalls, antivirus or antispyware products can continue working even after Cerber has locked the computer.

Southern Rail ticket kiosks allegedly open to cyber-attack (SC Magazine UK) Ticket kiosks used by Southern Rail to sell customers tickets in stations with fewer staff are wide-open to cyber-attacks, according to a security research

Security Patches, Mitigations, and Software Updates

Patch Tuesday put on hold, SMB zero-day exploit likely to blame (Inquirer) Microsoft blames delay on 'last minute issue'

Windows 10 - Microsoft just DELAYED a vital security update, but there's a good reason why (Express.co.uk) MICROSOFT misses due date for latest Patch Tuesday release, meaning some users may not have all the essential Windows 10 security protection they need.

Cyber Trends

How many hacks happen every minute against healthcare? More than 700,000, Fortinet says (Healthcare IT News) The security vendor’s research also found that Internet of Things and medical devices are at the center of the storm.

CynergisTek Releases Redspin Annual Report on the State of Cybersecurity in Healthcare (BusinessWire) Report shows hacking attacks on healthcare providers increased 320% in 2016; identifies ransomware as prominent threat to hospitals

What small businesses need to know about cybercrime in 2017 (Digital Forensics Magazine) Cyber attacks can happen to anyone and attackers can strike at any time. It can be challenging for small businesses to deal with cyber attacks as they lack the resources and appropriate security to keep themselves protected. Creating a business online can have its vulnerabilities and keeping your data protected is crucial for all businesses

Marketplace

F-Secure Acquires Inverse Path (Yahoo! Finance) Cyber security company F-Secure has acquired privately-held company Inverse Path, an industry leader in providing security services to the avionics, automotive and industrial control sectors. Inverse Path's ...

Cybercrime is generating market opportunity for small cyber specialty companies (Opne PR) The Global Cyber Security market is estimated at $74.2 billion and is expected to reach $224.48 billion by 2022 growing at a CAGR of 14.84% during the forecast period 2014-2022.

IDC Canada Evaluates 11 Canadian Security Services Vendors in New IDC MarketScape (www.idc.com) International Data Corporation (IDC) Canada announced today the release of a new report assessing security service providers in the Canadian business landscape.

Cisco profit beats on strong demand for security products (Reuters) Cisco Systems Inc (CSCO.O) reported higher-than-expected quarterly revenue and profit, helped mainly by strong demand for its security products.

Intel Security Outlines New, Unifying Approach for the Cybersecurity Industry (IT News Online) Intel Security has outlined a new, unifying approach for the cybersecurity industry that strives to eliminate fragmentation through updated integrated solutions, new cross-industry partnerships and product integrations within the Intel Security Innovation Alliance and Cyber Threat Alliance (CTA).

Will former White House cyber security adviser Michael Daniel be an effective advocate as president of the Cyber Threat Alliance? (Geek Time) Intel, Palo Alto Networks, and Cisco are founding members of the cyber security organization

Former NSA techies raise $8m for their data governance startup (Register) Immuta to free up data scientists in 'highly regulated' environments

General Dynamics gets $170 million cybersecurity order (UPI) The U.S. Defense Intelligence Agency has awarded General Dynamics a $170 million contract to perform various cybersecurity services.

BAE Systems to Hire More Cyber Workers to Address Future Demand in UK - GovCon Wire (GovCon Wire) TYSONS CORNER, VA, Feb. 16, 2017 — BAE Systems aims to hire 80 new cyber professionals in 2017 to ad

Products, Services, and Solutions

NSS Labs rated 13 advanced endpoint security products, flagged 2 with caution rating (Network World) NSS Labs released the results from its advanced endpoint protection group test; 2 products were flagged with "caution" ratings, one with a "neutral" rating, 9 were "recommended" and only one was awarded a "security recommended" rating.

NSS Labs Announces Agreement With Exodus Intelligence for 0-Day Vulnerability Research (Yahoo! Finance) NSS Labs, Inc., the global leader in operationalizing cybersecurity, today announced that it has entered into an agreement with Exodus Intelligence, LLC which will enhance ...

Nuance Inks Deal With BioCatch On Biometrics | PYMNTS.com (PYMNTS.com) Nuance Communications announced Tuesday (Feb. 14) that it inked a deal with BioCatch, the behavioral biometrics company, to deliver continuous authentication on the internet and mobile devices. According to a report, BioCatch will provide the service as part of Nuance’s Security Suite. Nuance said, with the partnership, it is able to expand its Security Suite to move...

Mimecast combats internal email threats (IT-Online) Mimecast has introduced the latest capability of its Targeted Threat Protection service, Internal Email Protect, the first-to-market cloud-based security service providing threat capabilities for i…

You can now make encrypted video calls with Signal (WIRED UK) The new features are being used in a beta mode at present but will be rolled-out to everyone

Corero Network Security Expands Real-Time DDoS Mitigation Capabilities to Include 100Gbps Ethernet (My Host News) Corero Network Security (LSE: CNS) today announced the expansion of its award-winning, real-time, DDoS mitigation solutions, with the SmartWall® Network Threat Defense 1100 (NTD1100).

NEC to Provide Cyber-Attack Defense Training for Six ASEAN Countries (ACN Newswire) NEC Corporation (TSE: 6701) today announced that it received an order from the Japan International Cooperation Agency (JICA) to provided cyber-attack defense for officials from governmental institutions responsible for cyber security in six members of the Association of Southeast Asian Nations (ASEAN)...

Juniper inks technology alliance partnerships to enahnce software-defined secure networks - ET Telecom (ETTelecom.com) These partners will integrate their technologies with Juniper’s Software-Defined Secure Networks (SDSN) platform, allowing customers to create cohes..

Thales Announces Plan to Deliver Trust for IoT Devices and Data (IoT Evolution) Thales, a provider of critical information systems, cybersecurity and data security, has announced a series of solutions that are designed to deliver security and trust for the Internet of Things (IoT). Designed to authenticate IoT devices and protect IoT data from the point of collection to aggregated data repositories, Thales’s digital birth certificate, code signing and transparent encryption solutions will allow organizations to manage device security and protect data efficiently.

Thales Partners With 4 Cloud Service Providers to Support Customer Encryption Key Mgmt (ExecutiveBiz) Thales has integrated its data security technology with cloud technology platforms from Amazon Web Services, Google, Microsoft and Salesforce as part of efforts to help customers manage their encryption keys. Microsoft collaborated with Thales to provide key management services for Azure and Office 365, which will support users’ efforts to control their data on premise or in the cloud,...

Unisys Launches Elevate (ReadITQuik) The digital banking software platform enables financial institutions to deliver secure omni-channel banking experience

Intercom Launches Bugcrowd Bug Bounty Program (Dark Reading) Bugcrowd's curated crowd, simple-to-use platform and deep program expertise helps Intercom to secure customer data.

Technologies, Techniques, and Standards

Retailers push back against plans to boost security of online shopping (Naked Security) EU banking organisation suggests requiring a passcode for purchases over €10, but retailers and payments providers warn of potential hit to sales

What To Do When All Malware Is Zero-Day (Dark Reading) The industry needs new methods to fingerprint malware in order to determine who's behind breaches, and what can be done to stop them.

SCADA Part 2: Mission critical, highly vulnerable, almost un-protectable. (Radware Blog) Hey folks, I’m back with my second installment on protecting the un-protectable: Last week we discussed the SCADA environment and some of the unique business and technology challenges we face when trying to secure it both from availability and cyber security hazards. The questions you are all asking yourself now are “how did we get …

Chevron injects data science into infosec operations (iTnews) How ops got on board with emerging IT.

Cyber Security Risk: You Can't Secure It If ... (The State of Security) Let's take a look at how common themes often limit a business's ability to assess and mitigate cyber security risk. You can't secure it if ...

CISOs need to keep up with the hyper pace of security (CSO Online) Innovations are causing a seismic shift in how we consider information security, pushing the protection of consumer payments beyond the traditional role of finance and/or IT departments to design and manufacturing of everyday products that make up the Internet of Things (IOT).

Design and Innovation

How the Equihash Algorithm Could Democratize Zcash Mining (Bitcoin Magazine) Mining centralization is probably one of the biggest challenges digital currencies face.

Raytheon to assess effectiveness of cyber, electronic warfare tools (C4ISRNET) Raytheon has been awarded a contract from the Missile Defense Agency for a tool that provides assessments on the effectiveness of using kinetic and non-kinetic tools based upon numerous scenarios.

Research and Development

AI And Quantum Computing Pose No Threat To Cryptography, Experts Say (The Merkle) Quantum computing and artificial intelligence have seen significant gains over the past few years. Some people have grown concerned about what this means for the cryptographic sector, as powerful quan

DARPA's Spectrum Collaboration Challenge picks contenders (C4ISRNET) The 30 competitors include 22 teams from academia and business, plus eight individuals.

Academia

CyberPatriot IX National Finalists Announced (Yahoo! News) The Air Force Association today announced the 28 National Finalist teams that will compete at the CyberPatriot IX National Finals Competition in Baltimore, Md., April 2-6, 2017. Teams will travel all-expenses-paid to compete for the title of National

Legislation, Policy and Regulation

The Rules of the Brave New Cyberworld (Foreign Policy) A chaotic, dangerous cyber-enabled landscape is on the horizon. Can Trump — and the United States — define the rules and harness the power to…

A Comparative Guide to Russia’s Use of Force: Measure Twice, Invade Once (War on the Rocks) In the 20th century, the Soviet military's penchant for area of effect artillery and armored firepower had earned it the reputation of a large hammer alway

Defense secretary Mattis speaks out on military collaboration with Russia (AOL.com) In a blow to Moscow's hopes for repairing U.S. ties, James Mattis on Thursday said he did not see conditions for military collaboration with Russia.

Team Trump Talks Tough on Russia (The American Interest) Despite frenzied speculation about Trump’s Russia ties, his team's early diplomacy hardly suggests an Administration in thrall to the Kremlin.

Top US, Russian military officials agree on 'enhanced communications' to avoid 'unintended incidents' (The Hill) The first meeting between the top military officers in the United States and Russia since 2014 resulted in an agreement on enhancing communication to avoid “unintended incidents," the Office of the Joint Chiefs of Staff said Thursday.

Robert Harward turns down national security adviser's job (Defense News) Kellogg remains acting national security adviser.

Special Operations and the Fall of Michael Flynn (The Atlantic) “Everybody thinks the world of him. But integrity is something you have to give away. Nobody can take it from you.”

CIA director: Agency isn't hiding intelligence from Trump (Military Times) CIA director Mike Pompeo said Thursday that the agency is providing President Donald Trump with the best intelligence it can, disputing reports that the spy community is withholding information from the commander in chief.

Trump Is Showing How the Deep State Really Works (Foreign Policy) America's intelligence agencies aren’t operating outside the law – they’re using the vast power they’ve acquired within it.

Democrat invites Trump to tour NSA after he called it 'un-American' (Washington Examiner) A Maryland Democrat has invited President Trump to tour the National Security Agency to become better acquainted with its mission and workers, after Trump questioned the intelligence community's loyalty to the American people amid a series of leaks. In a letter to Trump, Rep. Dutch Ruppersberger wrote Thursday he thinks it's critical for the president to witness the work of the dedicated men and women do every day to protect our soldiers on the battlefield, as well as everyday Americans who work at NSA headquarters in Fort Meade, Md., which is in Ruppersberger's district. Responding to intelligence agency leaks that led to the resignation of National Security Advisor Michael Flynn on Monday, Trump criticized the integrity of the Federal Bureau of Intelligence and the NSA, calling them un-American and suggesting that they act just like Russia.

Trump Must Fix the National Security Council, Says Former Intelligence Chair (Fortune) Mike Rogers weighs the possibility of a "cyber 9/11," "Flynn turmoil," and growing politicization.

White House prepping government reorg executive order (FederalNewsRadio.com) The potential reorganization executive order comes as agencies also are preparing for budget cuts that could range between 5 percent and 20 percent.

JIE: What’s in a name? (C4ISRNET) Outgoing DoD CIO Terry Halvorsen said one of the things he learned in his tenure was that he never would have used the term "JIE" for DoD IT modernization.

NHS plan to access users' web browsing history to provide 'personalised' NHS.uk health advice (Computing) NHS Digital project for NHS.uk to request access to users' internet logs

Governor signs amended budget to fund Georgia Cyber Innovation and Training Center (WRDW) Gov. Nathan Deal signed the Amended fiscal year budget in Augusta on Wednesday to fund the Georgia Cyber Innovation and Training Center.

Should companies be forced to report cybercrime attacks? (Business Live) Criminal hacking of public and private businesses happens at a rate some experts describe as

Litigation, Investigation, and Enforcement

Samsung head faces arrest in South Korea (CNET) The reported ruling reverses last month's decision to not arrest Samsung Vice Chairman Jay Y. Lee for alleged bribery.

Flynn changed story to FBI, no charges expected (CNN) The FBI is not expected to pursue any charges against former national security adviser Michael Flynn regarding a phone call with Russia's ambassador, barring new information that changes what they know, law enforcement officials told CNN Thursday.

General Flynn and the Privacy of US Person Information Under FISA (Lawfare) The ongoing revelations about Lt. Gen. Michael Flynn’s alleged pre-inaugural contacts with Russian Ambassador Sergey Kislyak have generated some confusion about what privacy protections extend to US persons—i.e., citizens, permanent residents, or certain entities—under the Foreign Intelligence Surveillance Act (FISA).

Governor says no state agency paid 'cyber ransom' (Tulsa World) On Tuesday, Gov. Mary Fallin and Preston Doerflinger, director of the Office of Management and Enterprise Services, said an investigation by OMES' Cyber Command unit found no ransom had been paid.

Brig "goon squad" allegation fuels request for time off in Navy espionage case (Virginian-Pilot) A Navy officer accused of espionage has been a victim of a "sadistic goon squad" at a brig in Chesapeake, defense attorneys said Thursday.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Insider Threat Program Development Training For NISPOM CC 2 (Simi Valley, CA, USA, February 22 - 23, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 22-23, 2017, in Simi Valley, CA. For a limited time the training is being offered at a discounted rate of $795 (Normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop, implement and manage a robust Insider Threat Program / Working Group. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for Insider Threat Program Development Training.

Maritime & Port Security ISAO: Operationalizing Cyber Resilience (Cape Canaveral, Florida, USA, February 22 - 24, 2017) The Maritime & Port Security Information Sharing & Analysis Organization (MPS-ISAO) convenes its inaugural conference “Maritime & Port Cyber Resilience - Adding a New Layer of Cybersecurity” February 22-24, 2017 at the Global Situational Awareness Center at NASA/Kennedy Space Center, Florida.

Risky Business (London, England, UK, February 23, 2017) How are you tackling Cyber Crime in the Property Transaction? Join our panel of expert speakers at the IET in London to find out more about cyber crime in the property transaction and the steps you can take to protect the best interests of your firm and your client.

The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, February 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers, Automotive insurance companies, and automotive cyber security experts to address government regulations developing trends, Automotive cyber security standards, updated vulnerabilities, “Black Hat” behaviour motivations, State-of-the-Art technology solutions, critical cyber security challenges and collaboration initiatives; Help you to understand tailored smart car cyber security products and solutions, build up a set of effective cyber security management system and improve the capability of protecting smart cars. This second to non Automotive cyber security industry event will assure you to understand China Automotive cyber security industry business opportunities, network with China local customers and consolidate your worldwide leadership.

Second Annual International Security Conference (Riyadh, Saudi Arabia, February 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify their portfolio into international companies, particularly in the field of cyber security sectors where innovation could benefit the regional cyberdefense capacity.

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security courses to provide you with the training and certification that you need to boost your career by learning from the best! SANS instructors are industry professionals who will ensure that you not only learn the material, but that you will also be able to apply what you learn your first day back in the office.

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders including: Mary McCord, Asst. Attorney General for National Security, U.S. Dept. of Justice & Chad Alvarado, Supervisory Special Agent, Cyber Task Force, FBI Denver Division. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, March 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons learned, and methodology on cyber security. We are delighted to build on last year’s very successful ICRMC. Cyber security has grown into a global pandemic and organizations of all sizes are struggling with questions on how to mitigate, manage, and transfer cyber risk. We’ve structured our agenda based on delegate feedback and our exceptional 2017 Advisory Committee is determined to provide engaging high-profile speakers and compelling content to share knowledge, captivate and educate. Visit www.icrmc.com for details.

SANS San Jose 2017 (Milpitas, California, USA, March 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment. SANS San Jose 2017 offers six hands-on, intensive cyber security training courses.

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations and cutting edge training opportunities, including hands-on demonstrations and workshops.

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.

SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

#RSAC2017, consolidation, international norms, and things seen on the floor. Fresh hacks and information operations in Eastern Europe. US IC notes.