The CyberWire Daily Briefing 8.3.18

Summary

By The CyberWire Staff

The US Intelligence Community has reiterated warnings about a clear and present threat of Russian activity against elections and infrastructure. Those same agencies, and the White House, pledged what they characterize as a "vast, government-wide effort" to protect the coming midterm elections against foreign interference. General Paul Nakasone, who leads both NSA and US Cyber Command, indicated that both of his organizations will be involved in that effort.

Kaspersky Lab reports a criminal campaign against roughly four-hundred Russian industrial companies. It begins with highly targeted spearphishing designed to induce the victims to install remote administrative tools on their systems.

A large cryptojacking effort is underway. Trustwave and Censys.io report that more than 170 thousand MicroTik routers have been infected with the CoinHive cryptominer. Ground zero of the campaign appears to be in Brazil, but the infestation is thought to be spreading rapidly.

Two attacks on municipal systems are drawing attention. The smaller is the attack Matanuska-Susitna Borough sustained last week in Alaska. The town has declared that the incident amounts to an official emergency, and is taking various measures to contain and remediate its problems, including reversion to typewriters for routine tasks like preparing receipts. The attack included installation of the Emotet Trojan and BitPaymer cryptolocker ransomware.

Matanuska-Sustina is calling it the biggest attack on a US city or town, but Atlanta might dispute the claim. Atlanta's cost to remediate the SamSam ransomware attack it sustained in March is now estimated at $17 million, according to the Atlanta Journal Constitution.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Brazil, China, European Union, Russia, United Kingdom, and United States.

What do Floppy Disks, Han Solo, and Insider Threats Have in Common?

Visit the ObserveIT booth at Black Hat USA to find out! They’re going back to the 80s to reminisce about throwback technology and show you how to take a 21st-century approach to your insider threat management strategy—so you don’t have to be stuck in the past with your DLP and Flock of Seagulls haircut. And before you head out to Vegas, take ObserveIT’s quiz on which 80’s pop culture icon best represents your insider threat management strategy.

On the Podcast

In today's podcast, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses a New York Times story on records being seized from a reporter. Our guest is David Spark, cohost of the CISO Security Vendor Relationship podcast.

Sponsored Events

Billington Automotive Cybersecurity Summit (Detroit, Michigan, United States, August 3, 2018) Top automotive executives and government representatives will detail the latest cybersecurity threats and best safety practices at the second Billington Automotive Cybersecurity Summit on Aug. 3 at Cobo Center in Detroit. In the age of connected and autonomous cars, cybersecurity is a top priority for automakers and their suppliers.

XM Cyber is coming to Black Hat (Las Vegas, Nevada, United States, August 4 - 9, 2018) Visit XM Cyber at the Innovation City, booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.

Schedule a meeting with Terbium Labs at Black Hat. (Las Vegas, Nevada, United States, August 8 - 9, 2018) Matchlight by Terbium Labs is the world's most comprehensive and only fully private dark web monitoring solution, capable of quickly detecting compromised account data and minimizing the damage caused by a data breach. Book a 1:1 session with Terbium Labs' leadership team to learn how Matchlight can help your organization assess its sensitive data exposure on the dark web.

CyberTexas Job Fair, August 14, San Antonio visit ClearedJobs.Net for details. (San Antonio, Texas, United States, August 14, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the CyberTexas Job Fair, August 14 in San Antonio. Meet leading cyber employers including Bank of America, USCYBERCOM, USAA and more.

Wombat Wisdom Conference, September 18 to 20, 2018, Pittsburgh, PA. (Pittsburgh, Pennsylvania, United States, September 18 - 20, 2018) Gain expert insights for strengthening your security awareness program at the Wombat Wisdom Conference, Sept. 18-20, 2018. Ideal for CISOs and infosec professionals looking to share ideas and actionable concepts for improving security awareness and training.

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Russian Threat ‘Is Real,’ Trump Officials Say, Vowing to Protect U.S. Elections (New York Times) The leaders of the national security agencies promised to help state and local governments counter what they called Russia’s efforts to influence the elections.

US security chiefs: our country is in Russian crosshairs (Times) President Trump pledged a “vast, government-wide effort” to protect November’s midterm elections from foreign meddling last night as intelligence agency chiefs issued the sharpest warning yet that...

Power Grid Security: How Safe Are We? (Dark Reading) Experiencing a power outage? It could have been caused by a hacker ... or just a squirrel chewing through some equipment. And that's a problem.

Industrial Sector Targeted in Highly Personalized Spear-Phishing Campaign (Dark Reading) At least 400 companies in Russia have been in the bullseye of new, sophisticated spear-phishing attacks, Kaspersky Lab says.

Phishing Campaign Steals Money From Industrial Companies (Threatpost) Phishing emails purported to be commercial offers - but were really installing remote administration software on victims’ systems.

Cryptojacker Campaign Hits MikroTik Routers (Dark Reading) More than 200,000 routers hit with a sophisticated cryptomining attack that appears to be spreading.

Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally (Threatpost) Carrier-grade MikroTik routers are delivering potentially millions of daily cryptomining pages to the attacker.

Insider threat – the Card Shark (LinkedIn) Despite seeing most attacks coming from outside sources (e.g., hacking, spear phishing, etc.), occasionally we see attacks emanating from within a victim organization’s own network environment.

Supply Chain Attacks Increase As Cybercriminals Focus On Exploiting Weak Links (Forbes) A new report from CrowdStrike highlights the growing risk of supply chain attacks and how unprepared most organizations are to detect or respond to them.

Mat-Su Borough declares disaster after cyber attack (KTUU) On Tuesday, officials with the Matanuska-Susitna Borough officially declared a disaster, owing to a cyber attack being called 'the worst of its type in the nation.'

Town Reverts to Ancient Technologies After Getting Hacked (Motherboard) Matanuska-Susitna officials declared a state of emergency when a serious malware attack took down their systems.

CONFIDENTIAL REPORT: Atlanta’s cyber attack could cost taxpayers $17 million (Atlanta Journal Constitution) Taxpayers foot bill for years of neglecting network security

Nearly 15 Million Consumers Exposed by Breach & Vulnerable Website (Credit Union Times) One expert blames a web team that lacked a basic understanding of website authentication and security.

Warning: Your Data Has Been Compromised – Terbium Labs Releases Top 10 Dark Web Warning Signs an Unwanted Incident has Occurred (GlobeNewswire News Room) Informative List Outlines the Most Common Signs that Something's Amiss on the Dark Web – A Call to Action for Organizations with Data at Risk

Spam Click Rates High, 2FA Use Low at Work (Infosecurity Magazine) Insider threats and lack of identity management policies put organizations at risk, according to three new surveys

Security Patches, Mitigations, and Software Updates

Mozilla warns it plans to distrust all Symantec-chained certs in October (ZDNet) If you are among the 3 percent still with a Symantec certificate, you really need to shift -- that means you, PayPal.

Cyber Trends

Anticipating Black Hat USA 2018 (CSO Online) Looking forward to learning more about new developments in artificial intelligence, cloud security, enterprise risk management, and lots of other topics

Cybercrime gangs continue to go where the money is (Help Net Security) According to the APWG’s new Phishing Activity Trends Report, phishing in the first part of 2018 surged 46 percent higher than late 2017.

Rise in email impersonation attacks makes companies re-assess their security efforts (Help Net Security) 80% of respondents are very concerned about the state of their companies’ ability to reduce email-based threats, as well as email impersonation attacks.

Employees who witness compliance violations twice as likely to leave company (Help Net Security) Twenty-nine percent of employees observed compliance violations at work in 2016 or 2017, according to a survey by Gartner.

We Learn From Death (CTOvision.com) Why are we perpetually surprised (or not, depending on how you look at it) at the failure of so many at both the organizational and individual level to take cybersecurity seriously? I would argue that most people are placing cybersecurity exactly where it should be when it comes to the myriad risks in their lives, [...]

Marketplace

Google Might Be Ready to Play By China’s Censorship Rules (WIRED) Eight years after leaving China, Google hopes to offer search results again, through an Android app.

China's AI Giants Can't Say No to the Party (Foreign Policy) Open debate about the ethics of tech is a strength, not a weakness, of the U.S. system.

Faced With Crippling Sanctions, ZTE Loaded Up on Lobbyists (New York Times) A Chinese company waged a furious — and ultimately successful — lobbying campaign to win a reprieve from penalties in Congress.

Spotify becomes the latest tech platform to reject Alex Jones (TechCrunch) Yesterday, Spotify became the third tech platform in just over a week to take a stance on Alex Jones’s controversial far-right and conspiracy theorist content. The streaming service removed several Infowars podcast episodes due to their violation of the policy against hate content that Spotif…

IAI makes cyber push through DGS purchase (Washington Technology) Integrity Applications International purchase Dependable Global Solutions to add cybersecurity and counterintelligence related work for defense and intelligence agencies.

Symantec to cut up to 880 staff with US$50 million restructure (CRN Australia) To address residual costs after last year's divestitures.

Cisco doubles down on 2FA with $2.35bn Duo Security deal (CRN) Two-factor authentication vendor to become a business unit in Cisco's security group

Heads-up: 2FA provider Duo Security to be acquired by Cisco (ugh) (Ars Technica) Both companies insist nothing will change, but this former Cisco customer has doubts.

FireEye stock falls despite earnings, outlook beat (MarketWatch) FireEye Inc. manages to hit financial expectations, a rarity in a volatile security sector that has had a difficult time living up to high valuations recently.

Cybersecurity is red-hot for investors — here's what Duo and the rest of those companies actually do (CNBC) Cisco's announcement it would acquire Duo Security makes sense, as companies race to increase their network security. But what do all of those cybersecurity companies do?

Raytheon hires CSRA vet Sullivan (Washington Technology) Raytheon brings onboard former CSRA executive Sally Sullivan as vice president of U.S. business development.

Products, Services, and Solutions

Recorded Future Introduces Takedown Services to Complete Comprehensive Brand Protection Offering (PRNewswire) Go From Brand Monitoring to Active Response With Recorded Future Through FraudWatch Partnership

WatchGuard Technologies Launches Artificial Intelligence-Based Antivirus to Help Defend Against Zero Day Malware (PRNewswire) Latest version of Fireware operating system introduces new IntelligentAV service for malware detection

Securonix Announces Revolutionary AI-based Innovations to Enhance Security Operation Center Efficiency (Globe Newswire) Advanced AI Allows Security Analysts to Respond Faster to Cybersecurity Alerts Across Cloud and Hybrid Architectures

DFLabs Transforms Security Operations with Automated Triage for Incident Response (BusinessWire) New IncMan SOAR platform uses automated triage to assess alerts and determine whether or not they merit creating a security incident for investigation

Carbon Black Introduces Cb LiveOps for Real-Time Query and Response, Surpassing Tanium and CrowdStrike With Its Complete, Cloud-Delivered Security Platform (Nasdaq) Cb LiveOps is built on an industry-leading security platform that combines real-time query and response, next-generation antivirus, endpoint detection and response, and managed threat hunting services within a single console and from a single agent.

Akamai Puts Intelligent Edge Security On Display In Las Vegas At Black Hat USA 2018, DEF CON 26 (PRNewswire) Akamai Security Researchers to Present on IoT Penetration Testing, Intel SGX Deployment at Scale

Microsoft Launches "Election Defense Technologies" Ahead of 2018 US Midterms (Wccftech) Microsoft Launches "Election Defense Technologies" Ahead of 2018 Midterms to Offer Security Solutions for Political and Election Organizations

Arete Advisors Partners with SentinelOne to Provide Next Generation, Intelligent, Incident Response Services (PRNewswire) The partnership enables Arete Advisors elite Incident Response teams and SentinelOne software, A.I. and Intelligence product teams to develop integrated, intelligent, technology-enabled services. Arete will employ SentinelOne's Endpoint Protection Platform to help clients prepare for and respond to evolving cyber-attacks.

Bay Dynamics and CyberSponse Empower Organizations to Prioritize and Respond to Critical Threats Faster and More Effectively (GlobeNewswire News Room) Security analytics and orchestration technology integration helps cybersecurity defenders reduce risk and optimize limited resources

Bkav rolls out high-end SmartHome Security devices (News VietNamNet)   Internet security firm Bkav on July 30 launched a kit featuring high-end security devices, called Bkav SmartHome Security, to provide multilayered protection for houses, covering walls, gardens, doors and rooms.

NHS boosts digital immune system with an extra dose of Darktrace (Business Weekly) The NHS in the UK has widened its adoption of cyber defence technology from Cambridge specialist Darktrace to safeguard more systems and patient in formation. Several hospitals and NHS foundations have taken Darktrace’s Enterprise Immune System. – enhanced as Antigena – which detects and repels cyber attacks in real time. CEO Nicole Eagan is presiding over a record worldwide

Technologies, Techniques, and Standards

New CAB Forum Validation Rules Go Into Effect Today (DigiCert) As of August 1, 2018, Certificate Authorities (CAs) are not allowed to use Methods #1 and #5 from section 3.2.2.4 of the Baseline Requirements to validate domain ownership when issuing publicly trusted certificates for use on the web.

Industrial cybersecurity: Protecting OT from IT (Help Net Security) A powerful technique for protecting OT from IT involves controlling the direction of traffic into or out of an ICS enclave.

The Quest for Continuous ATO (Telos) Achieving and maintaining security compliance in the cloud—quickly and efficiently—is now possible.

The Two-Step Process to Fix the Internet’s Identity Problem (Infosecurity Magazine) Two steps to get over the internet's identity problem.

uPort's Danny Zuckerman on Self-Sovereign Identity (CoinCentral) In May 2018, Facebook exploited the personal data of almost 100 million people, firmly placing data privacy and security as hot topics of national conversation.

UK cyber security boffins dispense Ubuntu 18.04 wisdom (Register) GCHQ: Yeah, but maybe don't make it too secure, ok?

Fannie Mae CISO calls for more data on security incidents (SearchSecurity) In this interview, Fannie Mae CISO Chris Porter explains how his earlier work as a lead analyst and author of Verizon's Data Breach Investigations Report helps him build the security programs at the primary housing lender.

Design and Innovation

The DNC Enlists Kids in Its Fight Against Hackers (WIRED) The Democratic National Committee will award $500 to the child who comes up with the best defensive strategy for state election websites at Def Con next week.

Research and Development

Plurilock Awarded $200K by US Department of Homeland Security to Improve Smart Device Security | Markets Insider (markets.businessinsider.com) Plurilock Security Solutions ('Plurilock'), provider of AI-based behavioral biometrics cybersecurit...

How quantum computers will destroy and (maybe) save cryptography (CSO Online) Quantum computers advance mean we might have only a few years before they can break all public key encryption. The day when every secret is known is near.

Richard Hallock Awarded Patent in Cybercrime Industry (PRNewswire) Richard Hallock, a longtime software engineer, writer, and technologist, today announced receipt of US Patent No. 10037419, July 31, 2018, covering a new technology that portends the end of cybercrime by leveraged credentials.

Academia

One Trailblazing Southern California College Supports Servicemembers to Transition to the Civilian World (PRNewswire) One Trailblazing Southern California College Supports Servicemembers to Transition to the Civilian World

Cybersecurity Education in CCs Gets ED Boost (Campus Technology) To help community colleges make technology upgrades that will help them deliver cybersecurity education, the U.S. Department of Education has been allotted $1 million in an omnibus spending law, H.R. 1625, approved by Congress earlier this year. According to an explanatory document that accompanied the spending bill, the money is to be spent on a pilot grant program to help the schools make their programs 'state of the art.'

High School Women Train in Cybersecurity at NYU School of Engineering (The Journal) Recently, a group of high school women spent three weeks as participants in the Computer Science for Cyber Security (CS4CS) program, picking up fundamentals at the NYU Tandon School of Engineering.

Legislation, Policy and Regulation

Government Security Analysts Submerged with Threats (Infosecurity Magazine) FoI request lays bare skills shortages in public sector

National Security Agency, Cybercom Defend Against Election Meddling (U.S. Department of Defense) Preventing foreign interference in U.S. elections is a "vital mission for us and our nation," Army Gen. Paul M. Nakasone, director of the National Security Agency and commander of U.S. Cyber Command,

U.S. Seeks More Cooperation with Private Sector to Fight Cyber Attacks (Insurance Journal) The U.S. Department of Homeland Security on Tuesday said it will bolster collaboration with the private sector to defend the nation against cyber attacks

DOE looks to double number of electric utilities sharing cyber threat data (FCW) Energy Secretary Rick Perry announced big plans for expanding participation in DOE's Cybersecurity Risk Information Sharing Program.

Protecting America's Technology Industry From China (Foreign Affairs) Washington needs a grand strategy to protect U.S. high-tech companies from China.

Senate Rejects Additional Funding for Election Security Despite Intel Warnings (The Daily Beast) The Republican-led Senate on Wednesday shut down a Democratic proposal to appropriate more funds to bolster election systems, ignoring intelligence officials' warnings.

Updates to State Data Breach Laws (Password Protected) Personal information has become the prey of relentless poachers. In light of the influx of data breaches, state legislatures are taking action.

Litigation, Investigation, and Enforcement

'Prolific' Hackers Infiltrated 100 U.S. Targets, Posed as Russian Front: DOJ (Newsweek) An Eastern European hacking group that infiltrated the computer networks of businesses across America used a front company to help recruit new talent, the Department of Justice (DoJ) said Wednesday. Three high-ranking members are now in custody, it revealed.

Defamation Suit Over Fox News' Retracted Story About DNC Staffer's Murder Is Tossed (New York Law Journal) U.S. District Judge George Daniels dismissed the suit agreeing that it failed to state a claim because the statements at issue couldn't be proven to be false.

Apple ordered to pay US$145 million in damages to Canada's WiLan (CRN Australia) Court rules in favour of Canadian patent licensing company.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

2018 ISSA International Conference (Atlanta, Georgia, USA, October 17 - 18, 2018) Join us for solution oriented, proactive and innovative sessions focused on Securing Tomorrow Today. Every day, cyber threats become increasingly intricate and difficult to detect. No cyber security professional can become an expert on these dangers without continued efforts to educate themselves on the industry’s latest trends and technologies. We look forward to welcoming you and over 1,000 of your colleagues and peers in Atlanta as we discuss topics ranging from incident response, to emerging technologies, to business skills for the information security professional. Join us at the 2018 ISSA International Conference and we’ll help you prepare to Secure Tomorrow Today.

Fifth Annual Cyber Warfare Symposium (New York, New York, USA, October 18, 2018) The Fifth Annual Cyber Warfare Symposium is an annual one-day event presented by the Journal of Law & Cyber Warfare in conjunction with academia, government and private industry organizations at NYU School of Law in New York City. The theme, “Attend. Engage. Learn,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side.

Cyber Investing Summit (New York, New York, USA, May 16, 2019) The Cyber Investing Summit is an all-day conference focused on investing in the cyber security industry, which is predicted to exceed $1 trillion in cumulative spending on products and services over the five years between 2017 and 2021, according to Cybersecurity Ventures’s quarterly Cybersecurity Market Report. Panels will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. Speakers include leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. Attendees will have the opportunity to network with key influencers in the investment and cyber security industries. A cocktail reception will be held following the presentations.

upcoming Events

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, community college students interested in learning about security or expanding their current knowledge, and students attending the 3CS Pre-Summit Job Fair and National Cyber League (NCL) on Thursday, August 2nd.

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological Education Connections (BATEC), which are all funded by the National Science Foundation (NSF). The outcomes of 3CS leverage community college cybersecurity programs across the nation by introducing the latest technologies, best practices, curricula, products, and more.

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included, among others, the CEO of GM Mary Barra and the U.S. Secretary of Transportation Anthony Foxx, resulting in media coverage from The New York Times and The Wall Street Journal and attracting 500 attendees. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event.

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days of technical Trainings (August 4 – 7) followed by the two-day main conference (August 8 – 9) featuring Briefings, Arsenal, Business Hall, and more.

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in Q2 2017 were focused on manufacturing. It's likely you have a cybersecurity program and team in place, but do you know how to assess your level of risk? Audit Your Digital Risk is designed for cybersecurity and audit professionals, risk managers, and others focused on protecting a company's people, assets, and IP.

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio and the state of Texas. This conference is brought to you be the CyberTexas Foundation and the Federal Business Council (FBC), in conjunction with CyberUSA, and leaders from federal and local government agencies, industry, and academia. Key features of this conference include building on the four pillars of CyberUSA: Communication, Education, Innovation, and Workforce Development. Each topic will feature prominent speakers and panels from Texas and beyond to strengthen the cybersecurity ecosystem.

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection of Air Force IT experts, prominent IT academics, and some of America’s top cyber security companies, the AFITC offers a full of slate events and activities, with 3 days of speakers, expanded education/training opportunities, and an exhibitor-driven trade show that all revolves around the ways we can better defend America from cyber-attacks, advanced persistent threats, and proactively lead in this in this increasingly digital world.

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Intelligence & National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will include five plenary sessions, where senior leaders from the intelligence and national security communities will discuss top priorities, challenges, and assessments of key threats, as well as nine breakout sessions that will examine issues of vital importance to our national wellbeing and the readiness of the intelligence and national security workforce.

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

Incident Response 18 (Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community, connections and change. IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve Incident Response processes. If you are interested in contributing to the event, your company can sponsor one of the exclusive innovation categories. Contact Sponsors@IncidentResponse.com for more information.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) An opportunity to hear, meet, and interact with cybersecurity leaders from Government and industry.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses within government and the private sector. This year's summit, like the previous eight, will bring together leaders from government and industry for a comprehenive look at the challenges of cybersecurity.

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

CornCon IV: Quad Cities Cybersecurity Conference & Kids' Hacker Camp (Davenport, Iowa, USA, September 7 - 8, 2018) CornCon is a 2-day conference held in Davenport, Iowa including a professional development workshop on Friday and a full-day cybersecurity conference on Saturday. The workshop covers enterprise risk, privacy and security. The conference has a keynote track with top international speakers, and a technical track with cutting edge exploits, demos and presentations. There will be a hacker village, vendor expo, contests, t-shirts, food drinks and a great after party. There is also a Saturday kids' hacker camp running alongside the conference. "A little DEFCON in a corn field!"

2018 International Information Sharing Conference (Tysons Corner, Virginia, USA, September 11 - 12, 2018) Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they come together to discuss the impact ISAOs have had on the nation’s security, share lessons learned, and discover the latest in cybersecurity policy. Attendees will gain the knowledge needed to learn how to improve information sharing with keynote addresses by industry experts, senior government, and international thought leaders, presentations on key topics and panel discussions of interest to the Information Sharing community, technology demonstrations from service providers and vendors addressing information sharing challenges. There will be many networking opportunities and exhibits.

SecureWorld Detroit (Detroit, MIchigan, USA, September 12 - 13, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cybersecurity for Small & Medium Sized Businesses (Gaithersburg, Maryland, USA, September 13, 2018) Learn about technical, legal, cultural and policy cybersecurity issues facing small and medium sized businesses. Panelists include: Markus Rauschecker, J.D. University of MD. Center for Health and Homeland Security (CHHS); Ira Kolmaister, Network Alarm Corporation; Yossi Applebaum, SEPIO Systems; Ken Stalder, Sherpas Cyber Security Group; Moderator: Ellen Cornelius, University of MD CHHS. Panel discussion with questions and answers from 3:30- 5:00pm, with a networking reception to follow. More information and RSVP at the link.

FutureTech Expo (Dallas, Texas, USA, September 14 - 16, 2018) With over 2,000 expected attendees, 70 top-notch speakers and 100+ exhibitors from the Blockchain & Bitcoin, Artificial Intelligence, Cyber Security / Hacking, Quantum Computing, 3D Printing, and Virtual / Augmented Reality worlds, and talks from ICOs and blockchain startups and more, this Expo is going to be a diverse, wonderful, and potentially profitable experience for all who attend.

Insider Threat Program Development-Management Training Course (San Antonio, Texas, USA, September 17 - 18, 2018) Insider Threat Defense will hold its highly sought-after Insider Threat Program Development-Management Training Course, in San Antonio, Texas, on September 17-18, 2018. This two-day training course will provide the Insider Threat Program (ITP) Manager, Facility Security Officer, and others (CIO, CSO, CISO, Human Resources, IT, Network Security, Etc.) supporting an ITP, with the knowledge and resources (Templates, Checklits, Etc.) to develop, manage, or enhance an ITP. This training covers, and goes beyond compliance regulations for an ITP (National Insider Threat Policy, NISPOM Conforming Change 2). Insider Threat Defense is one of the few ITP training vendors to offer a guarantee with their training. Insider Threat Defense has provided training and services (In Over 14 U.S. States) to an impressive list of 540+business-organizations / 680+ security professionals.

International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference (Atlanta, Georgia, USA, September 17 - 19, 2018) The International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference continues to elevate the national dialogue on the very necessary strategic, tactical and operational imperatives needed to attract and develop minority cybersecurity practitioners. By providing a combination of thought leadership, awareness and engagement, the 3rd Annual National Conference will seek to break from the norm of day-long sessions of talking-heads through interactive “decode sessions” intended to include conference attendees in helping to devise innovative strategies to tackling cybersecurity’s diversity challenges.

Air Space & Cyber Conference (National Harbor, Maryland, USA, September 17 - 19, 2018) Gain new insights and skills to advance your career. Be among the first to see the latest innovations in airpower, space, and cyber capabilities all the while bonding with your fellow Airmen. Inspiring addresses from recognized leaders in your Air Force will give you drive for taking your career to the next level. You can do all of this and more at AFA’s annual Air, Space & Cyber Conference (ASC).

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Protecting elections and infrastructure. Spearphishing. Cryptojacking routers. Municipal cyberattacks. Automotive cybersecurity.