The CyberWire Daily Briefing 9.7.18

Summary

By The CyberWire Staff

Russian authorities responded to British accusations before the UN that the GRU carried out an attempted assassination in England by doubling down on increasingly implausible denial and counter-accusation. The information operation may be wearing thin, but it would probably be a mistake to regard the apparent recklessness of the GRU operation as evidence that Moscow's hoods are stumblebums. The brutal directness of the attack carries a message of its own. The UK and in all probability its closest allies are preparing to strike back in cyberspace.

The US indicted a North Korean hacker yesterday in conjunction with Lazarus Group attacks on Sony and the Bangladesh Bank, and also in connection with WannaCry. Park Jin Hyok worked for Chosun Expo Joint Venture, a Reconnaissance General Bureau front with offices in both North Korea and China.

FOIA.gov, an information site administered by the US Environmental Protection Agency, inadvertently exposed inquirers' personal information. This issue was a self-inflicted misconfiguration, not a hack.

British Airways has reported a data breach. 380,000 sets of payment details were obtained by criminals who hacked into the airline's data.

Group-IB is tracking an underworld development. The small (two-person) but "scrappy" gang called "Silence" is giving the Cobalt Group a run for its ill-gotten money in the ATM jackpotting field.

InfoWars' Alex Jones, last seen vigorously tugging on Superman's cape as he vamped for the camera in the background as Twitter CEO Jack Dorsey testified before the Senate Wednesday, has got his wish: Twitter just banned him for life.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Democratic Peoples Republic of Korea, Russia, Saudi Arabia, Ukraine, United Kingdom, and United States.

Leaving trails when you do online research?

Traditional browsers betray you by revealing your identity. Security teams who use a cloud browser manage attribution and can reduce the time spent investigating cases by more than 50%. Instead of wasting time spinning up a VDI, using Tor or connecting to a jumpbox, get online in seconds with Authentic8 Silo, a secure cloud browser and egress from hundreds of points of presence around the world.

On the Podcast

In today's podcast, Dr. Charles Clancy from our partners at Virginia Tech’s Hume Center describes the Virginia Commonwealth Cyber Initiative. Our guest is Rich Baich, Wells Fargo CISO, who shares insights on protecting a major financial institution.

Sponsored Events

Rapid Prototyping Event: The Chameleon and the Snake (Columbia, Maryland, United States, September 17 - 20, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event that specifically targets malware signature diversity and signature measurement for Microsoft Windows in a simulated operational environment at a realistic pace. Join us September 17-20, 2018 at UMBC Training Center in Columbia, MD.

The force is stronger when MSPs and MSSPs come together. (Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.

FireEye Cyber Defense Summit 2018 (Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

This is a test (NorthPole, Canada, December 23 - 28, 2018) this is a test

Selected Reading

Dateline

GCHQ spy boss says Britain is ready to retaliate against Russia's "real and active" threat (Newsweek) In the wake of the Salisbury nerve agent attack, Britain pledges to fight back.

DHS cyber official: Federal cybersecurity is the "number one priority" (Axios) Just yesterday, DHS Secretary Kirstjen Nielsen warned of the threat from cyber attacks.

DOD CIO Dana Deasy: The CAC is here to stay 'for the foreseeable future' (Fedscoop) Two years ago, then-Department of Defense CIO Terry Halvorsen announced a plan to replace the common access card within two years. Today, the CAC is still alive and well as the Pentagon’s primary means of identity authentication, and according to new CIO Dana Deasy, the cards aren’t going anywhere anytime soon. “Now I know what you’re thinking. …

Cyber Attacks, Threats, and Vulnerabilities

Salisbury poisoning: Russia hits out at West over novichok ‘lie’ (Times) Russia hit back at the international community this morning, saying that accusations that its agents were responsible for the novichok attack on Salisbury were a “frank lie”. Moscow was accused...

NSA official: Foreign hackers have ‘pummeled’ U.S. by stealing IP (Cyberscoop) Hackers sponsored by foreign governments have chipped away at the United States’ global economic advantage through a steady campaign of intellectual property theft, according to a top National Security Agency official.

Scrappy 'Silence' Cybercrime Gang Refines Its Bank Attacks (BankInfo Security) A cybercrime gang called "Silence," which appears to have just two members, has been tied to attacks that have so far stolen at least $800,000, in part

Silence: Moving into the darkside (Group-IB) A mobile, small, and young cybergang group has been progressing rapidly. While successful attacks were detected in Russian banks, Group-IB experts have discovered the group’s activity in 25+ countries worldwide. Learn more about tactics and tools employed by Silence in first detailed report presented by Group-IB.

Attackers Abuse Age Restrictions to Hide Apps on iOS Devices (SecurityWeek) Malicious actors are using age restriction settings in iOS to hide legitimate apps so that victims will only able to access rogue variants instead.

Mobile spyware maker mSpy leaks millions of records – AGAIN (Naked Security) The irony: Parents put it on kids’ phones to protect them, but this breach exposed sensitive data including Whatsapp and Facebook messages.

PowerPool Malware Uses Windows Zero-Day Posted on Twitter (Dark Reading) Researchers detected the vulnerability in an attack campaign two days after it was posted on social media.

Recent Windows ALPC zero-day has been exploited in the wild for almost a week (ZDNet) ESET says it detected PowerPool group using recently disclosed Windows ALPC zero-day to improve the efficiency of its malware.

Social Security numbers exposed on US government transparency site (Naked Security) The US government exposed dozens of people’s’ personal details, including social security numbers, due to an online mishap on a public transparency portal.

British Airways hacked as 380,000 sets of payment details stolen (The Telegraph) British Airways has launched an “urgent” investigation and notified police after hundreds of thousands of customers’ personal and financial details were stolen.

BA boss apologises for data breach (BBC News) Airline promises compensation as data breach sees personal and financial details of customers compromised.

Over 50,000 customers' information exposed in Orrstown Bank cyber attack (Public Opinion Online) The bank said it discovered the incident, which involved two of its employees falling victim to an email phishing attack, in July.

Flaw in Schneider PLC Allows Significant Disruption to ICS (SecurityWeek) A vulnerability affecting some of Schneider Electric’s Modicon controllers can be exploited by malicious actors to cause significant disruption in ICS networks, researchers warn

Malware Found on USB Drives Shipped With Schneider Solar Products (SecurityWeek) Some of the USB flash drives shipped by Schneider Electric with its Conext Combox and Conext Battery Monitor solar energy products found to contain malware

Threat Landscape for Industrial Automation Systems in H1 2018 (Securelist) In this report, Kaspersky Lab ICS CERT publishes the findings of its research on the threat landscape for industrial automation systems conducted during the first half of 2018.

Using just a laptop, boffins sniff, spoof and pry – without busting browser padlock (Register) Researchers break certificate authorities' domain validation

IoT risk often 'cannot be managed' in Massachusetts state government, auditor finds (StateScoop) A paucity of controls and standards for the emerging technology has placed many agencies in an uncomfortable position, according to a new report.

'I'm looking out your front door': Stranger warns homeowner about faulty security system (CBC) Last Monday, Shelan Faith of Saskatoon received a letter from a stranger. Moments later she burst into tears.

Security Patches, Mitigations, and Software Updates

Cisco Patches Serious Flaws in RV, SD-WAN, Umbrella Products (SecurityWeek) Cisco patches critical and high severity vulnerabilities in its RV series, SD-WAN, Umbrella and other products

Firefox Drops Support for Windows XP (SecurityWeek) Effective this week, Windows XP is no longer supported by Firefox. More than four years after Microsoft stopped supporting the platform, Mozilla is making a similar move.

Cyber Trends

Attack Landscape of 2018, So Far - Cyber security news, articles and tips (Cyber security news, articles and tips) 2017 had WannaCry, NotPetya, and an explosion of activity on our global network of honeypots. 2018 in comparison has been, well, a little quieter. For the last two years, we’ve been reporting traffic seen on our honeypot network. These honeypots, or decoy servers that are set up to attract the interest of attackers, provide an …

Latest Research Shows Security Teams Review an Average 12,000 Alerts/Week, Setting the Stage for Automation (Press of Atlantic City) Demisto, an innovator in Security Orchestration, Automation and Response (SOAR) technology, today announced the results of their second annual State of SOAR Report 2018. Notably, the

The State of SOAR Report 2018 (Demisto) Technological advancements have made it easier to conduct business, but the job of securing these technologies falls upon already overworked security teams. Demisto conducted a study of security professionals around the world to delve deeper into security challenges, their manifestations, and possible solutions.

Beyond the Cyber Leviathan: White Hats and U.S. Cyber Defense (War on the Rocks) When the WannaCry ransomware created a global hospital crisis in 2017, locking emergency rooms and medical centers out of their systems, it was Marcus

A Scoville Heat Scale For Measuring Cybersecurity (Forbes) The Scoville Scale is a measurement chart used to rate the heat of peppers or other spicy foods. It can have a useful application for measuring cybersecurity threats.

Marketplace

Official: Acquisition Limits Hindering Cyber Command, Want Contracting Cap Raised To $250 Million (Defense Daily Network) Cyber Command is looking to make the most of the extension of its acquisition authority through 2025, but officials are still pushing Congress to raise its

Analysis: How data breaches affect stock market share prices (2018 update) (Comparitech) Data breaches can have serious consequences for companies and customers but what impact do they have on share prices? We dig in to the data to find out.

DNotes Global CEO Alan Yong Cites NextGen VC as Solution for ICO Conundrum (DNotes Global) In a new interview with DCEBrief, DNotes Global, Inc. CEO Alan Yong stressed the importance of ensuring that the cryptocurrency industry works to comply with existing government regulations. He specifically addressed the controversy surrounding initial coin offerings and suggested that the industry must change the way it uses that fundraising tool if it wants to avoid additional regulations to rein in ICO excesses.

Aramco Weighs $1 Billion Venture Capital Fund For Tech (Wall Street Journal) Saudi Arabia’s national oil company is considering a $1 billion fund to invest in international technology firms, as the kingdom deepens efforts to diversify its economy.

VPN Company AnchorFree Raises $295 Million (SecurityWeek) AnchorFree, the company that makes the Hotspot Shield VPN, raised $295 million in a new funding round, bringing the total raised to date to nearly $358 million

Announcing the Fall 2018 Cohort of Startups in Dreamit SecureTech (Medium) Seven startups were accepted into the inaugural program, led by Managing Director Bob Stasio

Optiv Security Announces Additional Key Appointments in Europe to Support International Growth Strategy (Optiv) Optiv Security, the world’s leading security solutions integrator, today announced two key appointments in Europe to support its international growth strategy.

Ola Sergatchov joins GuardiCore as VP of corporate strategy (Help Net Security) In his new role, Sergatchov will lead GuardiCore’s corporate strategy and go-to-market initiatives to drive growth on a global scale.

Products, Services, and Solutions

Corelight Launches Virtual Sensor and New Core Collection of Curated Bro Packages for Out-of-the-Box Traffic Insights (GlobeNewswire News Room) Corelight Virtual Sensor enables more pervasive network monitoring; Core Collection includes detections for bitcoin mining and port scanning, as well as efficient hostname annotation

Infoblox Offers Managed Service Providers New Core Network Solutions (PRNewswire) Consumption Based Model Fills Critical Gap to Strengthen DDI Infrastructure

WhiteHat Security unveils AI capabilities for Sentinel Dynamic DAST solution to empower DevSecOps (Help Net Security) New Sentinel Dynamic enhancements enable accuracy, make real-time risk assessment a reality and empower developers to create secure web applications.

Security Compass expands support for OpSec, adding Microsoft Azure to its knowledge library (Help Net Security) Policy-to-Procedure platform, SD Elements, now features operational security requirements for Microsoft Azure, AWS, and Apache.

Technologies, Techniques, and Standards

Study: Grid security needs to be a team sport (FCW) Electrical grid infrastructure providers and federal agencies need to do even more collaboration on operational preparation, response and recovery planning, according to a new study.

Preventing the Other Kind of Hack Back (SecurityWeek) Taking proper care during your security research activities can ensure that you get the information you need without putting yourself at risk.

How metrics can enhance the effectiveness of security programs (Help Net Security) Choosing the right metrics is not one size fits all. Metrics must be aligned with the organization organization, its industry, size and attack surface.

'Tiger Stance' focuses on realistic, state-of-the-art cyber task force training (DVIDS) Cyber warriors from the Army Cyber Protection Brigade (CPB) had an opportunity for realistic state-of-the-art cyber training at the Indiana National Guard’s Muscatatuck Urban Training Center (MUTC) here, Aug. 20-24.

Homeland Security head: Colorado tops US in vote security (AP News) Colorado, whose election systems are ranked among the nation's safest, held a cyber-security and disaster exercise Thursday for dozens of state, county and federal e

Fighting Alert Fatigue With Security Orchestration, Automation and Response (SecurityWeek) Security orchestration, automation and response (SOAR) has the potential to improve proactive threat hunting, standardize incident processes, improve investigations, accelerate and scale incident response, simplify security operations.

Back to school: Lessons in endpoint security (Help Net Security) There are simple, but effective steps you can provide to your school’s employees and students to help them be more secure.

Academia

Secure Channels Blending Academic Theory and Practical Experience by Partnering with Georgetown University's Technology Management Graduate Program (PRNewswire) Program Headed by Dr. Maria F. Trujillo Brings Together Graduate Students and Secure Channels Executives to Work on Dynamic Cybersecurity Problems

National Cyber League Hones in on Specific Skills Needed for Cybersecurity (PRWeb) As the shortage of qualified employees in the cybersecurity industry continues, the National Cyber League (NCL) is helping get those folks into careers

Legislation, Policy and Regulation

PM 'orders cyberwar' on Russian spy network after novichok charges (Evening Standard) Theresa May has vowed to take on Russia’s spy network as she called an emergency UN security meeting amid reports Britain is preparing for cyberwarfare. It comes after two Russians were charged with carrying out the Salisbury Novichok poisonings in a dramatic breakthrough in the major investigation.

What's GRU? A Look at Russia's Shadowy Military Spies (SecurityWeek) Russia's GRU military intelligence service is attracting increasing attention as allegations mount of devious and deadly operations on and off the field of battle.

Russia’s Military Intelligence Agency Isn’t Stupid (Foreign Policy) Don’t let the reporting on the suspected Skripal attackers fool you: Moscow got what it wanted.

Russian Sovereign Debt in the Crosshairs (Atlantic Council) On September 6, the US Senate Banking Committee will hear expert testimony on draft Russia sanctions legislation, including the Defending American Security from Kremlin Aggression Act introduced this summer following US President Donald J. Trump’s...

Homeland Security vows change in face of cyber ‘pandemic’ (Fifth Domain) Department of Homeland Security Secretary Kirstjen Nielsen outlined a reorganization of the agency to focus on nation-state threats amid a growing number of cyberattacks, but lawmakers seem unaware of the changes.

The surprising test ground for DoD information operations (Fifth Domain) The intensity of operations in the Middle East over the past decade-plus has provided an unprecedented learning laboratory for Cyber Command to test concepts and forces.

Pompeo Eyes Fox News Reporter to Head Counterpropaganda Office (Foreign Policy) The troubled agency is charged with responding to Russian influence operations.

Senate Committee Approves Top White House Tech Advisor (Nextgov.com) Office of Science and Technology Policy hasn't had a permanent leader since the last administration.

Google’s bad day in Congress came at the worst possible time (The Verge) Washington is gearing up for a fight with big tech — and Google could be at the center of it

Cybersecurity Exercise Reveals Authority Confusion (Meritalk) A cybersecurity exercise hosted by the Intelligence and National Security Alliance (INSA) revealed complications that can arise in the response to an attack on critical infrastructure including challenges in establishing authority among multiple agencies and levels of government.

Cyber threats 'blurring' line between agencies' foreign, domestic intel (FederalNewsRadio.com) DHS has been pushing greater cyber threat information sharing with the private sector. But the advance of cyber threats might bring together the government’s foreign and domestic intelligence operations.

Litigation, Investigation, and Enforcement

U.S. Charges North Korean Over Lazarus Group Hacks (SecurityWeek) US charges North Korean national for Lazarus Group attacks, including the 2014 Sony hack, the $81 million Bangladesh Bank heist, the WannaCry ransomware attack, and targeting of US defense contractors

U.S. Accuses North Korea of Plot to Hurt Economy as Spy Is Charged in Sony Hack (New York Times) Only one North Korean was named in a complaint, but it described a team of hackers for the North’s main intelligence agency who caused hundreds of millions of dollars of damage to the global economy.

U.S. charges North Korean operative in conspiracy to hack Sony Pictures, banks (Washington Post) The criminal complaint marks the first such case against Pyongyang.

DOJ criminal complaint against an alleged spy for the North Korean goverment (Washington Post) The Justice Department announced charges Thursday against an alleged spy for the North Korean government in connection with a series of cyberattacks including the 2014 assault on Sony Pictures Entertainment, marking the first time the United States has brought such charges against a Pyongyang operative.

US indicts North Korean agent for WannaCry, Sony attacks [Updated] (Ars Technica) Justice Department charges agents of Reconnaissance General Bureau in broad indictment.

Analysis | The Cybersecurity 202: Trump's praise for Kim Jong Un on same day as Sony hacking charges undercuts deterrence strategy (Washington Post) It's a clash of messages.

Analysis | The Cybersecurity 202: From encryption to deepfakes, lawmakers geek out during Facebook and Twitter hearing (Washington Post) They displayed a solid understanding of the technical issues.

Twitter Permanently Bans Alex Jones After New Violations (Wall Street Journal) Twitter Inc. on Thursday said it permanently banned Alex Jones and his website Infowars, effectively taking away one of the last few online microphones available to the right-wing provocateur.

Feds shut down alleged ‘copycat' military recruiting sites (Military Times) The companies say they helped a network of 7,500 military recruiters across the services.

Just and Unjust Leaks (Foreign Affairs) Revealing official secrets and lies involves a form of moral risk-taking. And drawing the line between the right and wrong kinds of disclosures has grown harder than ever in the Trump era.

Ten-fold increase in security breach cases since GDPR, claim lawyers (Computing) Last year, Fieldfisher handled about three new cases a month. Today, it's handling one new case every day.

Leader of DDoS-for-Hire Gang Pleads Guilty to Bomb Threats (KrebsOnSecurity) A 19-year-old man from the United Kingdom who headed a cybercriminal group whose motto was “Feds Can’t Touch Us” pleaded guilty this week to making bomb threats against thousands of schools.

Teen hacker admits to SWATting schools, airline flight (Naked Security) The teenager made bomb threats to schools, and to a flight between the UK and San Francisco while it was in mid-air.

Justice Department Probing Wells Fargo’s Wholesale Banking Unit (Wall Street Journal) The Justice Department is probing whether employees committed fraud in Wells Fargo’s wholesale banking unit, following revelations that employees improperly altered customer information.

Apple to provide online tool for police to request data: letter (Reuters) Apple Inc plans to create an online tool for police to formally request data about its users and to assemble a team to train police about what data can and cannot be obtained from the iPhone maker, according to a company letter seen by Reuters.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Hack the Capitol (Washington, DC, USA, September 26 - 27, 2018) The National Security Institute is partnering with the Wilson Center and ICS Village to host Hack the Capitol, a two-day event focused on Industrial Control Systems (ICS) and security. ICS are used throughout industrial infrastructure and have many military applications. Recent high-profile attacks on these systems have demonstrated ICS’ vulnerabilities and inspired debate about the practical and political means of defending the industrial base against malicious actors. Hack the Capitol will include demonstrations, hands-on learning, and policy conversations tailored toward a non-technical audience. Interact with ICS, including Human Machine Interfaces and Actuators and learn about the threats these components face. The event will provide hands-on education and awareness to members of the public, as well as to Congress, think tanks, and the press. This is a truly unique event that will raise awareness of our nation’s challenges with critical infrastructure and provide kinesthetic learning at multiple levels.

upcoming Events

CornCon IV: Quad Cities Cybersecurity Conference & Kids' Hacker Camp (Davenport, Iowa, USA, September 7 - 8, 2018) CornCon is a 2-day conference held in Davenport, Iowa including a professional development workshop on Friday and a full-day cybersecurity conference on Saturday. The workshop covers enterprise risk, privacy and security. The conference has a keynote track with top international speakers, and a technical track with cutting edge exploits, demos and presentations. There will be a hacker village, vendor expo, contests, t-shirts, food drinks and a great after party. There is also a Saturday kids' hacker camp running alongside the conference. "A little DEFCON in a corn field!"

2018 International Information Sharing Conference (Tysons Corner, Virginia, USA, September 11 - 12, 2018) Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they come together to discuss the impact ISAOs have had on the nation’s security, share lessons learned, and discover the latest in cybersecurity policy. Attendees will gain the knowledge needed to learn how to improve information sharing with keynote addresses by industry experts, senior government, and international thought leaders, presentations on key topics and panel discussions of interest to the Information Sharing community, technology demonstrations from service providers and vendors addressing information sharing challenges. There will be many networking opportunities and exhibits.

SecureWorld Detroit (Detroit, MIchigan, USA, September 12 - 13, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cybersecurity for Small & Medium Sized Businesses (Gaithersburg, Maryland, USA, September 13, 2018) Learn about technical, legal, cultural and policy cybersecurity issues facing small and medium sized businesses. Panelists include: Markus Rauschecker, J.D. University of MD. Center for Health and Homeland Security (CHHS); Ira Kolmaister, Network Alarm Corporation; Yossi Applebaum, SEPIO Systems; Ken Stalder, Sherpas Cyber Security Group; Moderator: Ellen Cornelius, University of MD CHHS. Panel discussion with questions and answers from 3:30- 5:00pm, with a networking reception to follow. More information and RSVP at the link.

FutureTech Expo (Dallas, Texas, USA, September 14 - 16, 2018) With over 2,000 expected attendees, 70 top-notch speakers and 100+ exhibitors from the Blockchain & Bitcoin, Artificial Intelligence, Cyber Security / Hacking, Quantum Computing, 3D Printing, and Virtual / Augmented Reality worlds, and talks from ICOs and blockchain startups and more, this Expo is going to be a diverse, wonderful, and potentially profitable experience for all who attend.

Insider Threat Program Development-Management Training Course (San Antonio, Texas, USA, September 17 - 18, 2018) Insider Threat Defense will hold its highly sought-after Insider Threat Program Development-Management Training Course, in San Antonio, Texas, on September 17-18, 2018. This two-day training course will provide the Insider Threat Program (ITP) Manager, Facility Security Officer, and others (CIO, CSO, CISO, Human Resources, IT, Network Security, Etc.) supporting an ITP, with the knowledge and resources (Templates, Checklits, Etc.) to develop, manage, or enhance an ITP. This training covers, and goes beyond compliance regulations for an ITP (National Insider Threat Policy, NISPOM Conforming Change 2). Insider Threat Defense is one of the few ITP training vendors to offer a guarantee with their training. Insider Threat Defense has provided training and services (In Over 14 U.S. States) to an impressive list of 540+business-organizations / 680+ security professionals.

International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference (Atlanta, Georgia, USA, September 17 - 19, 2018) The International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference continues to elevate the national dialogue on the very necessary strategic, tactical and operational imperatives needed to attract and develop minority cybersecurity practitioners. By providing a combination of thought leadership, awareness and engagement, the 3rd Annual National Conference will seek to break from the norm of day-long sessions of talking-heads through interactive “decode sessions” intended to include conference attendees in helping to devise innovative strategies to tackling cybersecurity’s diversity challenges.

Air Space & Cyber Conference (National Harbor, Maryland, USA, September 17 - 19, 2018) Gain new insights and skills to advance your career. Be among the first to see the latest innovations in airpower, space, and cyber capabilities all the while bonding with your fellow Airmen. Inspiring addresses from recognized leaders in your Air Force will give you drive for taking your career to the next level. You can do all of this and more at AFA’s annual Air, Space & Cyber Conference (ASC).

SecureWorld St. Louis (St. Louis, Missouri, USA, September 18 - 19, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

SINET Global Cybersecurity Innovation Summit (London, England, UK, September 18 - 19, 2018) SINET, an organization focused on advancing cybersecurity innovation through public-private collaboration, today announced that its annual Global Cybersecurity Innovation Summit (GCIS), will take place September 18-19, 2018. SINET’s collaborative forum brings together a notable group of senior level industry and government cybersecurity professionals. The event, supported by Her Majesty’s Government and the U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T), will be held at The British Museum in London.SINET GCIS will provide exclusive opportunities for attendees to engage directly with a select network of influential thought leaders, solution providers, researchers and investors from the global security community. The events are recognized among technology companies as a unique and exclusive opportunity for sponsors to schedule 1:1 meetings with top-level decision makers. These 15-minute meetings grant technology companies the opportunity to introduce their solution to high-level executives within targeted industries and source feedback from knowledgeable buyers.

5th Annual Industrial Control Cyber Security USA (Sacramento, California, USA, September 18 - 19, 2018) Now in its 5th year, this two day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges associated with the adoption and convergence of operational technologies in enterprise facing architecture. Practitioners will gain further insight into how to best respond to evolving cyber threats, the importance of effective risk management throughout the industrial control supply chain, innovations in detection and mitigation, configuration management and how can we incorporate resilience into critical control system components and business process.

Security in our Connected World (Beijing, China, September 19, 2018) This year’s seminar will not only examine critical security technologies, such as the Trusted Execution Environment (TEE) and Secure Element (SE), but will also delve into their associated business and technical use cases, to explore more deeply the need for security in our connected world. Timely and relevant seminar topics to include a focus on the Internet-of-Things (consumer, industrial and enterprise), identification and authentication, payment and value-added services, premium content protection, device trust, and certification. And, as always, delegates will be able to witness ‘real world’ solutions from our sponsoring/exhibiting member organizations.

Detect 18 (National Harbor, Maryland, USA, September 19 - 21, 2018) Detect '18 is the single largest conference dedicated to threat intelligence. This year we're calling on fellow "Threatbusters" to wage a high-tech battle against apparitions (aka bad actors) and learn how to better save the world from cyber destruction! At Detect '18 you will be able to: immerse yourself in 30+ hours of education and training; chooose from 30+ breakout sessions designed for every experience level; listen to peer presentations highlighting real-world issues and solutions; network, network, network with your peers in a social setting; and earn CPE Credits to keep your credential current.

Cyber Beacon (Washington, DC, USA, September 20, 2018) Cyber Beacon is the flagship event of the National Defense University's College of Information and Cyberspace (NDU CIC). The conference brings together cyber experts from across the national security community, private sector, and academia to discuss the most pressing problem sets concerning cyberspace and national security. This year's theme is "decision making in cyberspace". Cyber Beacon V will be held on Wednesday 19 and Thursday 20 September 2018 at the NDU campus on Fort McNair in Washington, DC.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Russia doubles down on implausible denial. DPRK indictment. Data breaches. "Silence" jackpots. Notes from the Billington Summit.