The CyberWire Daily Briefing 7.30.18

Summary

By The CyberWire Staff

Australia's Electoral Commission says its by-elections went off without a hitch, and with no sign of vote hacking, despite warnings and concerns. Various state election officials in the US express concern over their systems' vulnerabilities—Wisconsin and Montana are among the worried—and Senator McCaskill (Democrat of Missouri) confirms an attempt on her network. She (and others) attribute the attack (said to have been both outrageous and unsuccessful) to Fancy Bear, Russia's GRU. Observers draw a lesson from the McCaskill case: the most vulnerable points in the US political system appear to be campaigns.

In general, however, US officials think there's a lower degree of Russian activity directed toward election hacking and influence operations during the current midterms than was observed in 2016. Instead, it's believed that Russian intelligence services are devoting more attention to the power grid. Observers find this disturbing. Temporary outages, which might not have much more effect than an ice storm (or perhaps even as much effect) are worrisome, but less so than attacks that might damage or destroy difficult-to-replace power-generation equipment.

Last week's report from the US National Counterintelligence and Security Center is the topic of much chatter. That report described extensive foreign (especially Russia) collection against intellectual property. Politico describes increased espionage against California tech industry targets, where the marriage of progressive hipster sensibility and buccaneer capitalism have not exactly produced a culture of security.

Technische Universität Graz researchers describe NetSpectre, a CPU speculative execution hack that can read arbitrary memory over a network.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Bahrain, Cambodia, China, Egypt, European Union, Ghana, Iran, Jordan, Kuwait, Qatar, Russia, Saudi Arabia, Singapore, Ukraine, United Arab Emirates, United Kingdom, and United States.

What do Floppy Disks, Han Solo, and Insider Threats Have in Common?

Visit the ObserveIT booth at Black Hat USA to find out! They’re going back to the 80s to reminisce about throwback technology and show you how to take a 21st-century approach to your insider threat management strategy—so you don’t have to be stuck in the past with your DLP and Flock of Seagulls haircut. And before you head out to Vegas, take ObserveIT’s quiz on which 80’s pop culture icon best represents your insider threat management strategy.

On the Podcast

In today's podcast we hear from our partners at the University of Maryland, as Jonathan Katz discusses the timeline for practical quantum computers.

Sponsored Events

Billington Automotive Cybersecurity Summit (Detroit, Michigan, United States, August 3, 2018) Top automotive executives and government representatives will detail the latest cybersecurity threats and best safety practices at the second Billington Automotive Cybersecurity Summit on Aug. 3 at Cobo Center in Detroit. In the age of connected and autonomous cars, cybersecurity is a top priority for automakers and their suppliers.

XM Cyber is coming to Black Hat (Las Vegas, Nevada, United States, August 4 - 9, 2018) Visit XM Cyber at the Innovation City, booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.

Schedule a meeting with Terbium Labs at Black Hat. (Las Vegas, Nevada, United States, August 8 - 9, 2018) Matchlight by Terbium Labs is the world's most comprehensive and only fully private dark web monitoring solution, capable of quickly detecting compromised account data and minimizing the damage caused by a data breach. Book a 1:1 session with Terbium Labs' leadership team to learn how Matchlight can help your organization assess its sensitive data exposure on the dark web.

CyberTexas Job Fair, August 14, San Antonio visit ClearedJobs.Net for details. (San Antonio, Texas, United States, August 14, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the CyberTexas Job Fair, August 14 in San Antonio. Meet leading cyber employers including Bank of America, USCYBERCOM, USAA and more.

Wombat Wisdom Conference, September 18 to 20, 2018, Pittsburgh, PA. (Pittsburgh, Pennsylvania, United States, September 18 - 20, 2018) Gain expert insights for strengthening your security awareness program at the Wombat Wisdom Conference, Sept. 18-20, 2018. Ideal for CISOs and infosec professionals looking to share ideas and actionable concepts for improving security awareness and training.

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Russian Hackers Appear to Shift Focus to U.S. Power Grid (New York Times) Intelligence and technology officials report there are surprisingly few attempts to disrupt the campaigns of major American political figures.

With hacking of US utilities, Russia could move from cyberespionage toward cyberwar (Fifth Domain) Even before the revelation on July 23 that Russian government hackers had penetrated the computer systems of U.S. electric utilities and could have caused blackouts, government agencies and electricity industry leaders were working to protect U.S. customers and society as a whole. These developments, alarming as they might seem, are not new. But they highlight an important distinction of conflict in cyberspace: between probing and attacking.

The age of cyberwar is here. Now, citizens need to have a say (the Guardian) Unlike nuclear weapons, there is no clear protocol for when cyberwarfare should be used, or how to respond to an attack writes David Sanger, author of The Perfect Weapon

Iranian Cyber Activity Rising: Leafminer, OilRig Leading the Way (Latest Hacking News) Once again, cybersecurity researchers have Iran in their sights. Symantec, Palo Alto Networks, and German intelligence are all accusing Tehran

New Iran-based APT uses NSA exploits in its malware arsenal (iTWire) A newly discovered threat actor or advanced persistent threat, that is targeting government and private sector organisations in the Middle East, is us...

With China’s help, Cambodia strongman set to extend 33-year rule (PostBulletin.com) As Cambodians prepare to go to the polls on Sunday, a win is all but assured for Prime Minister Hun Sen in an election that highlights

By-elections are cyber-attack free: AEC (NewsComAu) The electoral commission says its computers have not been subject to a cyber attack, despite high-level concerns about the prospects of foreign interference in five by-elections and worries about vulnerabilities in government systems.

Democratic Sen. McCaskill confirms Russian hacking attempt (Fifth Domain) Democratic Sen. Claire McCaskill of Missouri says Russian hackers tried unsuccessfully to infiltrate her Senate computer network, raising questions about the extent to which Russia will try to interfere in the 2018 elections.

Russian Hackers Targeted The Most Vulnerable Part Of U.S. Elections. Again (WAMU) Campaigns are easy marks for hackers, and this week, a Democrat running for re-election in a deeply red state announced that her staff recently came under attack.

An official now says Russian hackers targeted this state’s 2016 election (Fifth Domain) The acknowledgement Friday appears to contradict a previous statement by state elections officials.

Economic cyber espionage will only get worse, ODNI report say (FCW) A new report says companies in the IT, defense, energy, biotechnology, environmental protection and manufacturing sectors have the most to fear from nation-state groups looking to conduct economic cyber espionage.

How Silicon Valley Became a Den of Spies (POLITICO Magazine) The West Coast is a growing target of foreign espionage. And it’s not ready to fight back.

US warns of supply chain cyber-attacks (BBC News) National Counterintelligence and Security Center says 2017 was a "watershed" year for such hacks.

British ex-spies warn of risks dealing with Chinese telecom Huawei (ABC News) Two of Britain's top cyber security experts warn against ignoring Huawei.

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China (KrebsOnSecurity) Here’s a timely reminder that email isn’t the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned.

‘Petty cybercriminals” adopt advanced supply chain attacks (CSO) Of course, to mine cryptocurrency.

Brace for PowerGhost cryptominer, warns Kaspersky Lab (ComputerWeekly.com) Corporate networks are the target of a new illicit cryptocurrency mining malware that is difficult to detect and eradicate, security researchers warn.

Malware Author Building "Death" Botnet Using Old AVTech Flaw (BleepingComputer) A malware author by the name of EliteLands is currently building a botnet named "Death" by targeting unpatched AVTech devices.

Where Posting Selfies on Facebook Can Get You Killed (Wall Street Journal) Enemies have targeted U.S. military assets with the help of social media.

Naval Dome warns of continuing threat from Cosco cyber attack (Seatrade Maritime) Free daily maritime shipping industry news across all shipping sectors in North, South & Central America. Including maritime hubs of New York, US West Coast & Panama City

Nerves jangled by new ransomware attack on shipping giant (Naked Security) The US network of one of the world’s largest shipping companies, COSCO (China Ocean Shipping Company), has been hit by a disruptive ransomware attack.

COSCO's cyber attack and the importance of maritime cybersecurity (FreightWaves) COSCO shipping came under a cyber attack this week, which reinforces the need for comprehensive cybersecurity regulations within the maritime industry as the future moves towards port automation and autonomous shipping.

NetSpectre: Read Arbitrary Memory over Network (Graz University of Technology) Speculative execution is a crucial cornerstone to the performance of modern processors

How rogue data puts organisations at risk of GDPR noncompliance (Help Net Security) There is an undiscussed oversight lurking just under the surface which still leaves organisations exposed to potential risks and hidden costs.

LifeLock Breach Highlights Weak Web App Security (Infosecurity Magazine) A web application design flaw results in a LifeLock data breach.

UMB collaborates with security forces to foil cyber attack (Ghana Web) Management of Universal Merchant Bank (UMB) hereby wishes to notify its customers...

Telstra emails exposed in search error (CRN Australia) Telco disables Your Telstra Tools.

Security Patches, Mitigations, and Software Updates

Microsoft releases new driver and firmware updates for Surface Pro to improve system stability and reliability (MSPoweruser) Microsoft has recently released new driver and firmware updates for the Surface Pro (Model 1796) and Surface Pro with LTE Advanced (Model 1807) devices running Windows 10 Fall Creators Update and above. These updates include improvements to system stability and reliability, and also fixes several potential security vulnerabilities including Microsoft security advisory ADV180012 and ADV180013. …

Facebook’s “downvote” system begins rolling out wider in US—here’s how it works (Ars Technica) Includes clear dictate to "demote" comments that are "uncivil or irrelevant."

Twitter will suspend repeat offenders posting abusive comments on Periscope live streams (TechCrunch) As part of Twitter’s attempted crackdown on abusive behavior across its network, the company announced on Friday afternoon a new policy facing those who repeatedly harass, threaten or otherwise make abusive comments during a Periscope broadcaster’s live stream. According to Twitter, the…

Cyber Trends

'Identity Has Become the Perimeter': Oracle Security SVP (Dark Reading) Eric Olden, Oracle's new leader in security and identity, shares how the enterprise tech giant plans to operate in a cloud-first world.

268 Simulated Cyberattacks By Rapid7 Shows 84% Of Engagements Exploited (Information Security Buzz) Rapid7 conducted hundreds of simulated cyberattacks, and recently published the results in a study that showed at least one vulnerability was exploited in 84% of engagements. The study, titled “Under the Hoodie,” reflects 268 tests conducted across a number of industries. Justin Jett, Director of Audit and Compliance at Plixer: “With the latest results from Rapid7’s Under …

Risks grow, yet security is still an afterthought in many IoT strategies (Help Net Security) Close to half of IT decision makers and security decision makers say that security is an afterthought when implementing IoT projects.

Marketplace

Pentagon Creates ‘Do Not Buy’ List of Russian, Chinese Software (Defense One) Increasingly alarmed at foreign hacking, DOD and intelligence officials are racing to educate the military and defense contractors.

ZTE Racks Up $790M Q1 Loss on US Ban (Light Reading) Chinese equipment vendor issues revised earnings report to calculate full impact of US ban that nearly destroyed its business.

‘Very tight controls over Huawei security’ (Times) The chief executive of BT has said the company has “very tight controls” on where Huawei is used in its network amid fears about the risk to national security from Huawei, the Chinese telecoms...

Cybersecurity stocks roughed up in high-expectations earnings season (MarketWatch) Cybersecurity stocks fell Friday after a few misses from reporting firms gave an indication of how high the bar is set for the sector this earnings season.

Twitter vows to continue spam fight despite negative impact on user numbers (TechCrunch) Twitter has no intention of easing up on its fight against spam users and other factors that jeopardize the “health” of its service, despite the approach costing it three million in ‘lost’ monthly active users. Investor panic sent Twitter’s stock price down by nearly 2…

Facebook trips on its own moderation failures (TechCrunch) After weeks of speculation around how it plans to handle conspiracy website Infowars, its creator Alex Jones and others that spread false information, Facebook finally gave us an answer: inconsistently. The company hit Jones with a 30-day ban after it removed four videos that he shared on the Infow…

Opinion | The ghost of MySpace haunting Facebook and Twitter (Washington Post) One potential reason the markets panicked over Facebook and Twitter this week implicates the very business model that made these companies so successful.

Is Fortinet Built for Long-Term Growth? (The Motley Fool) A closer look at some key metrics will tell us if this cybersecurity stock is one for the long haul.

Tenable: Exciting Cybersecurity IPO (Seeking Alpha) Tenable, a Maryland-based cybersecurity company, has closed its IPO at $23 per share.

Proofpoint reports Q2 beats; cyber stocks slide on Imperva miss (Seeking Alpha) Proofpoint (PFPT -6.5%) reports Q2 results that beat EPS and revenue estimates with a 41% Y/Y revenue growth.

CrowdStrike Raises $200M To Gain Share From McAfee, Symantec In $35B Market (Forbes) Just because your company is selling into a big market, it doesn't mean you'll be successful. In the multi-billion cyber security industry, Symantec is shrinking and privately held CrowdStrike is on a roll.

2 Cybersecurity Names For Contrarian Stock Traders (Forbes) Cybersecurity stocks Fortinet and CyberArk landed on a list of stocks to buy

Comodo CA Achieves Significant First Half 2018 Revenue Growth and Rapid Expansion into IoT and Web Security Solutions (GlobeNewswire News Room) Digital Identity Leader Gains Momentum After Unveiling Innovative New Product Offerings, Forging Strategic Partnerships and Opening New Headquarters

Exclusive: Fast-growing cybersecurity company moves into new Emeryville headquarters (San Francisco Business Journal) Cybersecurity company Tanium is moving next week into its new Emeryville headquarters in 2100 Powell St., where it leased 65,000 square feet.

EZShield Executive Team Grows, John Evans Named New Executive Vice President of Sales (Markets Insider) EZShield, a provider of innovative cybersecurity solutions specializing in digital identity protection a...

Products, Services, and Solutions

AlgoSec Delivers Complete End-to-End Security Management for Cloud Security Controls (GlobeNewswire News Room) AlgoSec Security Management Solution 2018.1 Includes Enhanced Security Management Automation for Microsoft Azure, Cisco ACI, and Check Point R80 Devices; Out of the Box Support for GDPR

Financial Institutions Fight Cybercrime with Intelligent Platform from Fiserv and BlueVoyant (BusinessWire) Fiserv and BlueVoyant enter a strategic alliance to deliver a managed security platform that addresses the unique needs of financial institutions.

Facebook also removes 4 Infowars videos, including one it previously cleared (TechCrunch) Days after defending its decision to give a voice to conspiracy theory peddler Alex Jones and his Infowars site, Facebook has removed four of his videos for violating its community standards. But one of the four had already been allowed to slip through the firm’s review system. A source withi…

Twitter says it does not shadow ban, despite complaints by Republicans (TechCrunch) After President Donald Trump accused Twitter of “shadow banning” prominent Republicans, the company denied that it uses the practice, in which someone’s posts are made invisible or undiscoverable without them knowing. In a blog post titled “Setting the record straight on shadow banning,” Vijaya Gad…

Technologies, Techniques, and Standards

The AI that protects DoD networks from zero-day exploits (Fifth Domain) A top NSA cybersecurity program for protecting Department of Defense's network from malware threats is being transferred to the Defense Information Systems Agency.

Targeting the future of the DoD’s controversial Project Maven initiative (C4ISRNET) The Defense Department will build its signature artificial intelligence program without Google. But can the Pentagon convince Silicon Valley it’s using AI for good?

Booz Allen's Brad Stone on the effectiveness of threat intelligence (Cyberscoop) Booz Allen's Brad Stone on how organizations can get a better handle on their threat intelligence feeds.

Mitigate threats, not workers’ ability to do their jobs (Fifth Domain) The hijacking of user credentials by hackers is a troubling trend, but organizations must seek a balance between better security and giving employees the freedom necessary to accomplish their missions.

Building a sound security strategy for an energy sector company (Help Net Security) Energy and industrial automation companies have to deal with a distinct array of cyber threats—including not only traditional IT concerns.

Recovery is key in cyber attack (The Business Times) THE financial services industry is more complex and globally interconnected than ever before. When coupled with the rise of new and innovative technologies, we are in an environment of heightened cyber risks.

Cyber X-Games takes on critical infrastructure defense (Defense Systems) The Army's latest Cyber X-Games competition featured attack scenarios on industrial control networks in the finance, public utility and health care sectors.

Design and Innovation

Rebuilding it ... Better, stronger, faster. (C4ISRNET) Capt. Sean Heritage, acting managing partner of Defense Innovation Unit Experimental, shares lessons learned as the organization embraces its role solving national defense problems and scaling capabilities across the Defense Department.

How a Bunch of Lava Lamps Protect Us From Hackers (WIRED) Inside Cloudflare's San Francisco office, 100 units of Edward Craven Walker’s groovy hardware help guard the internet.

Decentralising the web: Blockstack on decoupling data from applications (Computing) 'User data - like photos and messages - are completely decoupled from the applications. Apps can no longer lock users and their social graph in, since they no longer store anything'

Research and Development

Neural network implemented with light instead of electrons (Ars Technica) Can do basic character, object recognition.

Academia

Winners Recognized by State and Federal Officials at the Annual U.S. Cyber Challenge Competition in Delaware (US Cyber Challenge) Cyber Camp Closes with Intense Cybersecurity Competition Dover, DE, July 27, 2018 – Following four long hours of intense competition, the winning team of the U.S. Cyber Challenge (USCC) Delaware Capture-the-Flag (CTF) competition has been determined. Teammates Krystian Bates, Patrick Mahoney, Alex Reuben and Hannah Tattan came out on top among a very talented

Legislation, Policy and Regulation

Is Singapore ready for cyber warfare? (The Straits Times) On the heels of the SingHealth data breach, Insight investigates if the country is ready for cyber warfare, even as it works towards becoming a Smart Nation. . Read more at straitstimes.com.

Security or Progress? (Global Risk Insights) China’s growing influence has given rise to a dilemma for its partners, between preserving national security and maintaining access to China's economic and technological progress. The long-term consequences of how Australia resolves this dilemma may provide insights for the rest of the world.

US bids to revive 'Arab NATO' alliance as part of measures against Iran (Deutsche Welle) The alliance would serve as a bulwark against Iran. The Shiite state has been the focus of the US president's threats, and a travel ban has seen US visa approvals for Iranians plummet.

Analysis | The Cybersecurity 202: The fight over election security comes to the Senate floor (Washington Post) Democrats are hoping for a public fight.

Trump administration working on consumer data privacy policy (Reuters) The Trump administration is working to develop consumer data privacy policies, and the Commerce Department is meeting with big companies like Facebook Inc, Comcast Corp and Alphabet Inc as it looks to eventually seeing the policies enshrined in legislation, two officials said on Friday.

FBI Boss Chris Wray: We Put A Man On The Moon So Why Not Encryption Backdoors? (Techdirt.) Despite the FBI finally admitting it had greatly exaggerated the number of encrypted devices it can't get into, FBI Director Chris Wray keeps pushing the "going dark" theory to whoever will listen. This time it was NBC's Lester...

Speed Drives Navy Cyber Actions (SIGNAL) Modernization is a must if the fleet is going to maintain effective operations.

Litigation, Investigation, and Enforcement

First Suit Over Facebook's Stock Plunge Is Filed in Manhattan Federal Court | New York Law Journal (New York Law Journal) The complaint comes after the social media giant lost nearly $100 billion in stock value in one day.

Wikileaks founder Julian Assange faces embassy expulsion (Times) Julian Assange faces imminent expulsion after six years at the Ecuadorean embassy in central London, a source close to the case has told The Times. The latest sign that the Wikileaks founder’s...

When a Stranger Decides to Destroy Your Life (Gizmodo) Monika Glennon has lived in Huntsville, Alabama, for the last 12 years. Other than a strong Polish accent, she fits a certain stereotype of the All-American life. She’s blonde. Her husband is a veteran Marine. Her two children, a boy and a girl, joined the military as adults. She sells houses—she’s a real estate agent at Re/Max—helping others realize their own American dream.

UK CNP Fraud Drops as Banks Fight Back (Infosecurity Magazine) FICO claims technology is making an impact

Amazon: cops should set confidence level on facial recognition to 99% (Ars Technica) Amazon also calls government's input a "very reasonable idea."

Bull-Riding Lawyer Indicted For Allegedly Launching Cyberattacks Against His Critics (Above the Law) Is this really a cyberattack?

How Sellers Trick Amazon to Boost Sales (Wall Street Journal) The digital giant battles click farms, reviewers-for-hire and other scams as merchants try to outsmart its product-ranking system.

Idaho Prisoners Hack Tablets and Steal Nearly a Quarter of a Million Dollars in Credits (Motherboard) More than 300 inmates hacked their tablets to avoid the high cost of cruising the internet while jailed.

Drugs, (Non)Violence, and Video Games: A Brief History of Silk Road (CoinCentral) ATM hacking tutorials, cocaine energy drinks, and high-quality crystal meth – these things comprise a short list of a much more extensive inventory of items that were once available on Silk Road. Hell, you could even hire a hitman if you had deep enough pockets.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days of technical Trainings (August 4 – 7) followed by the two-day main conference (August 8 – 9) featuring Briefings, Arsenal, Business Hall, and more.

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.

Retail Cyber Intelligence Summit (Denver, Colorado, USA, October 2 - 3, 2018) Network with 250+ CISOs and their teams from retail and consumer facing industries: restaurants, hospitality, gaming, convenience, grocery and more. Share best practices, gain insights, network. This conference is organized by R-CISC, the retail ISAC.

Federal IT Security Conference: FITSC 2018 (College Park, Maryland, USA, November 7, 2018) Phoenix TS and Federal IT Security Institute (FITSI) are partnering to host the third annual Federal IT Security Conference (FITSC) this November. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. Attendance is free for government and military and can earn attendees up to 6 continuing education units (CEUs).

upcoming Events

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to Cybersecurity challenges.

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, community college students interested in learning about security or expanding their current knowledge, and students attending the 3CS Pre-Summit Job Fair and National Cyber League (NCL) on Thursday, August 2nd.

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological Education Connections (BATEC), which are all funded by the National Science Foundation (NSF). The outcomes of 3CS leverage community college cybersecurity programs across the nation by introducing the latest technologies, best practices, curricula, products, and more.

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included, among others, the CEO of GM Mary Barra and the U.S. Secretary of Transportation Anthony Foxx, resulting in media coverage from The New York Times and The Wall Street Journal and attracting 500 attendees. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event.

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in Q2 2017 were focused on manufacturing. It's likely you have a cybersecurity program and team in place, but do you know how to assess your level of risk? Audit Your Digital Risk is designed for cybersecurity and audit professionals, risk managers, and others focused on protecting a company's people, assets, and IP.

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio and the state of Texas. This conference is brought to you be the CyberTexas Foundation and the Federal Business Council (FBC), in conjunction with CyberUSA, and leaders from federal and local government agencies, industry, and academia. Key features of this conference include building on the four pillars of CyberUSA: Communication, Education, Innovation, and Workforce Development. Each topic will feature prominent speakers and panels from Texas and beyond to strengthen the cybersecurity ecosystem.

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection of Air Force IT experts, prominent IT academics, and some of America’s top cyber security companies, the AFITC offers a full of slate events and activities, with 3 days of speakers, expanded education/training opportunities, and an exhibitor-driven trade show that all revolves around the ways we can better defend America from cyber-attacks, advanced persistent threats, and proactively lead in this in this increasingly digital world.

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Intelligence & National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will include five plenary sessions, where senior leaders from the intelligence and national security communities will discuss top priorities, challenges, and assessments of key threats, as well as nine breakout sessions that will examine issues of vital importance to our national wellbeing and the readiness of the intelligence and national security workforce.

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

Incident Response 18 (Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community, connections and change. IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve Incident Response processes. If you are interested in contributing to the event, your company can sponsor one of the exclusive innovation categories. Contact Sponsors@IncidentResponse.com for more information.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) An opportunity to hear, meet, and interact with cybersecurity leaders from Government and industry.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses within government and the private sector. This year's summit, like the previous eight, will bring together leaders from government and industry for a comprehenive look at the challenges of cybersecurity.

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

CornCon IV: Quad Cities Cybersecurity Conference & Kids' Hacker Camp (Davenport, Iowa, USA, September 7 - 8, 2018) CornCon is a 2-day conference held in Davenport, Iowa including a professional development workshop on Friday and a full-day cybersecurity conference on Saturday. The workshop covers enterprise risk, privacy and security. The conference has a keynote track with top international speakers, and a technical track with cutting edge exploits, demos and presentations. There will be a hacker village, vendor expo, contests, t-shirts, food drinks and a great after party. There is also a Saturday kids' hacker camp running alongside the conference. "A little DEFCON in a corn field!"

2018 International Information Sharing Conference (Tysons Corner, Virginia, USA, September 11 - 12, 2018) Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they come together to discuss the impact ISAOs have had on the nation’s security, share lessons learned, and discover the latest in cybersecurity policy. Attendees will gain the knowledge needed to learn how to improve information sharing with keynote addresses by industry experts, senior government, and international thought leaders, presentations on key topics and panel discussions of interest to the Information Sharing community, technology demonstrations from service providers and vendors addressing information sharing challenges. There will be many networking opportunities and exhibits.

SecureWorld Detroit (Detroit, MIchigan, USA, September 12 - 13, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cybersecurity for Small & Medium Sized Businesses (Gaithersburg, Maryland, USA, September 13, 2018) Learn about technical, legal, cultural and policy cybersecurity issues facing small and medium sized businesses. Panelists include: Markus Rauschecker, J.D. University of MD. Center for Health and Homeland Security (CHHS); Ira Kolmaister, Network Alarm Corporation; Yossi Applebaum, SEPIO Systems; Ken Stalder, Sherpas Cyber Security Group; Moderator: Ellen Cornelius, University of MD CHHS. Panel discussion with questions and answers from 3:30- 5:00pm, with a networking reception to follow. More information and RSVP at the link.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Election hacking: none in Australia, some in the US. Power grid threats. IP theft. NetSpectre demonstrated in Graz.