The CyberWire Daily Briefing 3.20.18

Summary

By The CyberWire Staff

ICS security experts take the occasion of US Government warnings that Russian cyber operators are working against the US power grid to reiterate their own warnings. Electrical generation and distribution systems remain dangerously vulnerable to attacks that could in the worst case induce catastrophic failure. Cylance has determined that one of the ways attackers are getting access to utilities' networks is through compromised Cisco routers.

Emerging consensus appears to be that AMD vulnerabilities CTS Labs reported are real, but not particularly serious.

London-based Cambridge Analytica is reported to have at least discussed using sparrows, honey traps, to compromise political targets. It also obtained data on some fifty-million Facebook users. Cambridge Analytica categorically denies accusations of blackmail and improper use of data. The data first collected were obtained consensually, in the course of a university psychologist's research, then passed to Cambridge Analytica enriched with data from connections of those who consented and data harvested from other sources.

The incident has been very bad for Facebook, which insists there was no data breach. Observers say, right: it's worse. The data collection wasn't, notes Motherboard, a bug, but a feature. Facebook's privacy policies apparently permitted the kind of data harvesting conducted, but only within certain (easily transgressed, according to reports) limits. Facebook has retained Stroz Friedberg to help mop up the damage.

We are shocked, shocked, to hear that President Putin's reelection may have been aided by ballot-stuffing. On the other hand, wouldn't ballot-stuffing in Russia's presidential election be an act of supererogation?

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Afghanistan, Australia, Canada, China, European Union, India, Pakistan, Russia, United Kingdom, United States

A note to our readers: the CyberWire is happy to have been selected as a finalist for the Maryland Cybersecurity Diversity Award (and the Cybersecurity Association of Maryland's People's Choice Award). You can find out more about the awards (and how to vote for us, if you'd like) here.

Don’t be liable for your third party’s data breach

Third party risk has spiked in the past few years, and with new regulations – GDPR, NY Cyber Regulations, etc. – in place, organizations need to be as informed as possible to arm themselves against a third party breach. However, third party risk exists across a spectrum – and not all vendors require the same level of attention. Read more in our eBook to learn how to match your solution to your third party risk.

On the Podcast

In today's podcast, we talk with our partners at Booz Allen Hamilton: Chris Poulin discusses malware evolution. And our guest is Patrick Craven from the Center for Cyber Safety and Education, a not-for-profit that provides scholarships in cybersecurity.

If you haven't caught it yet, give a listen to Recorded Future's latest podcast, produced in partnership with the CyberWire. The topic is "Resiliency in the Face of High-Profile Breaches and Trendy Threats."

Sponsored Events

The Startup Journey: From Public Service to Successful Entrepreneurship (Fulton, Maryland, USA, March 22, 2018) At this DataTribe Meetup, Will Grannis, Managing Director Google CTO Office, will discuss his professional experiences spanning across entrepreneurship, public service, and Silicon Valley. Free food & beverages will be provided.

Cyber Security Summits: Denver on March 22 & May 15 in Dallas (Denver, Colorado, USA, March 22, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350) https://CyberSummitUSA.com

CYBERTACOS San Francisco (San Francisco, California, United States, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

XM Cyber is coming to RSA (San Francisco, California, United States, April 16 - 20, 2018) Visit XM Cyber at the Israeli Pavilion, South Hall booth 635, to experience the first automated APT simulation platform to expose, assess and amend every attack path to organizational critical assets.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Russian APT Compromised Cisco Router in Energy Sector Attacks (Dark Reading) DragonFly hacking team that targeted US critical infrastructure compromised a network router as part of its attack campaign against UK energy firms last year.

Energetic DragonFly DYMALLOY Bear 2.0 (Cylance) New research from Cylance identifies for the first time the use of a compromised core router as one of the tools wielded by the threat actor that has recently been accused by the United States government of acting in the interests of Russia to attack government agencies and organizations in the “energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”

The electric grid continues to be cyber vulnerable and susceptible to catastrophic impacts (Control Global) The Russians have been in the US electric grids since at least 2014. The Defense Science Board stated the US critical infrastructure doesn’t have the ability to prevent damage. What is happening to provide resilience and recovery?

India: Chinese hackers spying on Indians using WhatsApp, warns army (Deutsche Welle) The Indian Army has put out a video warning Indians about Chinese hackers extracting personal information using the social media application. Cyber security experts say hacking WhatsApp groups is no "rocket science."

AMD Chip Flaws Confirmed by More Researchers (SecurityWeek) An increasing number of researchers confirm existence of vulnerabilities in AMD processors, but no impact on the chip giant’s stock

AMD Processor Flaws Real, But Limited (Dark Reading) A vulnerability report threatened falling skies over AMD processor vulnerabilities that are real but limited in impact.

Check Point says CTS Labs' AMD disclosure was 'irresponsible' (iTWire) Security firm Check Point Research has revived the controversy over the flaws reported in some AMD processors by Israel-based CTS Labs last week, by s...

Cambridge Analytica and Facebook's privacy storm: Latest developments (Help Net Security) A day before the most recent exposé on Strategic Communication Laboratories (SCL)/Cambridge Analytica's exploitation of user data syphoned out of Facebook to fuel election campaigns, Facebook finally publicly confirmed that it happened.

The Noisy Fallacies of Psychographic Targeting (WIRED) Cambridge Analytica’s targeting efforts probably didn’t work, but Facebook should be embarrassed anyway.

Facebook Rocked by Data breach Scandal as Investigations Loom (SecurityWeek) Facebook shares plunged following revelations that Cambridge Analytica harvested data on 50 million users, as analysts warned the social media giant's business model could be at risk.

Facebook suspends firm that took 50M users' data, says wasn't a breach (CSO Online) Facebook suspended Trump-linked data firm Cambridge Analytica, which pilfered 50 million Facebook users’ data, claiming the collected personal data was not the result of a breach.

Facebook Plunges as Pressure Mounts on Zuckerberg Over Data (Bloomberg.com) Facebook Inc. shares posted their steepest drop since 2015 as U.S. and European officials demanded answers to reports that a political advertising firm retained information on millions of the social network’s users without their consent.

Selling data on millions ‘is the opposite of our business model,’ says Facebook’s Boz (TechCrunch) Facebook's former VP of ads has weighed in on the ongoing disaster involving his company's apparent negligence in allowing data on as many as 50 million users to be used for nefarious purposes by Cambridge Analytica. In a post on (what else) Facebook, Andrew "Boz" Bosworth gave variations on the li…

Why We're Not Calling the Cambridge Analytica Story a 'Data Breach' (Motherboard) Facebook insists that Cambridge Analytica didn't get information on 50 million Americans because of a 'data breach.' It's right. What really happened is much worse.

Facebook Data Privacy Policies Bashed By Critics After Cambridge Analytica Incident (Threatpost) Facebook is in hot water after acknowledging that a consulting group – that has worked on several high profile political campaigns, including that of President Donald Trump's – used the social media platform to harvest the data of 50 million users.

Cambridge Analytica's Ad Targeting Is the Reason Facebook Exists (Motherboard) Thousands of third party apps were designed solely to obtain and sell your data. It's no surprise that the data ended up being used again on Facebook, one of the biggest advertising platforms on Earth.

Facebook’s security chief to depart role over company’s handling of misinformation [Updated] (Ars Technica) CSO Alex Stamos clashed with other executives over handling of Russian meddling.

Cambridge Analytica: Firm at the Heart of Facebook Scandal (SecurityWeek) Cambridge Analytica, a firm hired by those behind Donald Trump's successful US presidential campaign, is at the center of a scandal over alleged misuse of Facebook users' personal data.

Cambridge Analytica sends ‘girls’ to entrap politicians (Times) The chief executive of a British company at the centre of allegations of electoral interference boasted about using “beautiful Ukrainian girls” to entrap the political opponents of clients.

Facebook and friends assume we are fools (Times) In 2004, a young student at Harvard called Mark was chatting online to a friend about his new website. A mildly abbreviated transcript reads as follows: Mark: Yeah so if you ever need info about...

No one can pretend Facebook is just harmless fun any more (the Guardian) From its stance on extremist content, to its vast caches of user data, Facebook is a corporation whose power must, finally, be reined in, says freelance journalist Ellie Mae O’Hagan

Meet Christopher Wylie, the millennial whistleblower behind Facebook’s data controversy (CNBC) If you're one of 2.13 billion Facebook users, data scientist Christopher Wylie recommends using social media with a "healthy dose of skepticism."

Uber self-driving car hits and kills pedestrian [Updated] (Ars Technica) An Arizona pedestrian died in the hospital following the crash.

Police chief: Uber self-driving car “likely” not at fault in fatal crash (Ars Technica) Tempe police chief says victim "came from the shadows right into the roadway."

Prilex ATM Malware Modified to Clone Chip-and-Pin Payment Cards (HackRead) It is just another day with just another ATM malware targeting unsuspecting users - This time, the malware comes with cloning capabilities.

Frost Bank Says Data Breach Exposed Check Images (SecurityWeek) Frost Bank, a subsidiary of Cullen/Frost Bankers said it discovered the unauthorized access to images of checks stored electronically.

Cyber Trends

ISC West Reflects the 2018 Security Megatrends™ (ISC West) ISC West and The Security Industry Association (SIA) dive into this year’s most significant emerging threats and business opportunities, mirroring what’s to come at ISC West 2018

Akamai warns of UK chaos from shoddy smart home security (BroadbandDeals.co.uk) Akamai’s influential State of the Internet Security Report has warned that the current poor level of cybersecurity around smart homes and interconnected home devices have opened the door to hackers and their like to exploit us as much as they please.

Algorithms don’t have biases and other dangerous cyber assumptions (CSO Online) Everyone makes assumptions on a daily basis...even algorithms.

Marketplace

Detectify Raises $6.15 Million in New Funding Round (ReadITQuik) Detectify makes use of automation to scan websites for vulnerabilities, thus utilizing crowd-sourced knowledge of white-hat hackers to enable customers to ensure the security of their websites

DocuSign has filed confidentially for IPO (TechCrunch) DocuSign is gearing up to go public in the next six months, sources tell TechCrunch. The company, which pioneered the e-signature, has now filed confidentially, we are hearing. Utilizing a commonly used provision of the JOBS Act, DocuSign submitted its IPO filing behind closed doors and will reveal…

CACI makes bid for CSRA in hopes of breaking up General Dynamics deal (Washington Business Journal) CACI International has made a $7.2 billion cash-and-stock offer to acquire CSRA Inc. in a bid to break up the government IT services company’s blockbuster sale to General Dynamics Corp.

Former top Canadian security officials warn Ottawa to sever links with China’s Huawei (The Globe and Mail) Public Safety Minister Ralph Goodale said in a statement on Friday that Huawei is being monitored and does not pose a risk to Canada’s cybersecurity

Verizon shareholders want executive pay tied to how well it improves its cybersecurity (Fast Company) With data breaches at Yahoo, Equifax, and seemingly every other company plugged into the internet, who hasn’t had their personal information compromised?

Unisys wins contract to provide biometric identity service with IDEMIA matching engine for Australian Home Affairs (BiometricUpdate) Unisys has won an AUD $44.2 million (US$34 million) contract to provide the Australian Department of Home Affairs’ with a new Enterprise Biometric Identity Service (EBIS) to aid visa, border crossi…

KnowBe4 Completes Rigorous SOC 2 Data Security Audit (PRWeb) KnowBe4, the world’s largest provider of security awareness training and simulated phishing, has successfully completed a rigorous third-party audit of its

Telos Corporation Appraised at CMMI Maturity Level Three (Telos) Telos highly rated for level of work and processes, proactive approach to managing projects, and dedication to continuous improvement.

Products, Services, and Solutions

Introducing Deep & Dark Web External Threats Module (RiskIQ) Organizations should monitor both the open internet and the dark web for holistic visibility and a proactive approach to external threats.

Cybersecurity Insiders Product Review Recognizes DFLabs IncMan SOAR for Unique Security Automation and Orchestration Features (BusinessWire) DFLabs recognized for R3 Rapid Response Runbooks which use machine-learning to orchestrate and automate security incident response and contain threats

Linux Foundation Announces ACRN —Open Source Hypervisor for IoT Devices (BleepingComputer) The Linux Foundation announced a new project called ACRN (pronounced "acorn") that will provide generic code for the creation of hypervisors for IoT devices.

BlackRidge Technology Receives FIPS 140-2 Government Validation for the Cryptography in its Cyber Security Products | Markets Insider (Business Insider) BlackRidge Technology International, Inc. (OTCQB: BRTI), a leading provider of next generation cyber defense sol...

StrongVPN Unveils All-New Rebranding and Apps (PR Newswire) StrongVPN, one of the oldest VPN service providers in the industry, has...

Technologies, Techniques, and Standards

FIDO Alliance Extends Certification Program to Further Strengthen Trust in Standards-based Authentication Devices - FIDO Alliance (FIDO Alliance) First 10 Products Awarded New FIDO Authenticator Security Certification MOUNTAIN VIEW, CA, MARCH 20, 2018 — The FIDO Alliance, the . . .

A Handbook for Elections Infrastructure Security (CIS) Protect your elections infrastructure with this free best practices handbook and other resources from CIS and our elections partners.

Every Time You Upload a Malware Sample... (SafeBreach) Online sandboxing services as a data exfiltration intermediary.

Cloud Data Remains Your Responsibility (Infosecurity Magazine) Your data may be held in an external cloud, but you cannot abdicate your own security responsibilities.

Our Journey to GDPR Compliance: Lessons learned on our way to May 25th (CSO) With the European Union’s (EU) General Data Protection Regulation (GDPR) date fast approaching, we have been working hard to make sure our already strong security culture and policies will align ...

ThreatQuotient to Participate in 2018 DEFNET Exercise (BusinessWire) ThreatQuotient today announced their participation in the 5th Annual DEFNET exercise, hosted by the French CyberCommand of Ministry Armed Forces.

A Mirai Botnet Postscript: Lessons Learned (Threatpost) Threatpost's Tom Spring sits down with Flashpoint and Akamai to discuss how the two companies worked together to address the 2016 Mirai DDoS attacks.

Design and Innovation

Inside the Army’s cyber ‘Shark Tank’ (Fifth Domain) The Cyberspace Real-time Acquisition Prototyping Innovation Development promises generate cutting-edge solutions to evolving cyber threats through a rapid, 30-day process.

This Call May Be Monitored for Tone and Emotion (WIRED) Call centers are using voice-analysis software that detects mood in both customers and agents, and offers motivational suggestions.

Research and Development

IBM predicts Lattice Cryptography will be big within 5 years to stop hackers (NextBigFuture.com) IBM predicts Lattice Cryptography will be big within 5 years to stop hackers

Cryptographic crumpling: The encryption 'middle ground' for government surveillance (ZDNet) Researchers believe a new encryption technique may be key to maintaining a balance between user privacy and government demands.

Legislation, Policy and Regulation

US Charges Russia With Cyber Attacks At Power Plants (Impacts, Attribution, "Digital Geneva Convention") (Information Security Buzz) In response to reports that the U.S. blames Russia for cyber attacks on energy grid , Nick Bilogorskiy, a Cybersecurity Expert at Juniper Networks commented below on attack attribution, potential impacts of such attacks, and considerations for a “Digital Geneva Convention.” Nick Bilogorskiy, Cybersecurity Strategist at Juniper Networks: Considering a Digital Geneva Convention: “I think the world needs a set of …

Why New Russia Sanctions Won't Change Moscow's Behavior (Foreign Affairs) The newest round of U.S. sanctions against Russia are unlikely to produce any substantive policy changes from Moscow.

Vladimir Putin secures landslide election victory . . . thanks to Britain (Times) Vladimir Putin secured a decisive victory in the Russian presidential election last night, with his campaign claiming that turnout was bolstered by the confrontation with Britain over the poisoning...

Putin's Biggest Enemies Threw A Powwow Just To ‘Piss Him Off.’ Here's What They Said (Task & Purpose) "I think there was a somewhat naive hope that if we drew a thick red line under the bad behavior the Russians engaged in prior to Obama ... they might shift their behavior and become more cooperative."

White House: No plan to congratulate Vladimir Putin on his election victory (Washington Examiner) President Trump does not plan to congratulate Russian President Vladimir Putin on his election for a new six-year term, the White House said Monday, days after the U.S. agreed with Britain's assessment that Moscow was behind a nerve agent attack in London earlier this month.

Labour’s moderates have hit breaking point (Times) It is bizarre, but oddly revealing, that Jeremy Corbyn’s supporters spent the weekend accusing the BBC of doctoring an image of the Labour leader’s hat to make him look like a Soviet stooge. While...

Nicholson: US Planning Religious, Diplomatic, Military and Social Pressure on Taliban (VOA) Effort aims to get comprehensive peace talks organized

House approves legislation to authorize Homeland Security cyber teams (TheHill) Legislation would codify Homeland Security cyber teams that respond to attacks on critical infrastructure.

3 reasons why CIOs will feel more heat in 2018 (FederalNewsRadio.com) Lawmakers on the House Oversight and Government Reform Subcommittee on IT are concerned that the IT modernization effort is losing momentum.

Defence industry urges government to relax controls on crypto exports (ComputerWeekly) Trade body representing defence, aerospace and security companies calls on government to make it easier to export “non-contentious” cryptography needed to secure organisations against hacking and cyber crime.

Entire broadband industry will help FCC defend net neutrality repeal (Ars Technica) NCTA, CTIA, and USTelecom sign up to defend net neutrality repeal in court.

Why the first state with a net neutrality law isn’t scared of lawsuits (Ars Technica) Washington lawmaker: FCC can’t preempt state laws “just because it says so."

State Starts New Unit to Combat Cyberattacks (Caldwell Journal) The N.C. Department of Public Safety is partnering with the N.C. Department of Information Technology to combat the growing threat of cyberattacks. A new entity – housed in the State Bureau of Investigation’s N.C Informat

Trump Signs Executive Order Banning Venezuela’s Petro Cryptocurrency (Bitcoin News) U.S. president Donald Trump has signed an executive order banning American citizens from using Venezuelan cryptocurrencies. In effect, this means that the petro, recently launched by Venezuelan president Nicolas Maduro, is now illegal in the U.S. The controversial cryptocurrency was widely seen as a means to evade economic sanctions imposed by the U.S. The executive …

Litigation, Investigation, and Enforcement

Cambridge Analytica: ICO Seeks Warrant to Search London Office (Infosecurity Magazine) The ICO urgently seeks court warrant to enter the CA's London HQ

Salisbury attack: Anger at delays in seizing car linked to Skripals (Times) Police investigating the nerve agent attack on a Russian spy and his daughter have been accused of incompetence after they took more than a fortnight to seize a car linked to the Skripals. The...

Claims of ballot-stuffing taint Putin’s victory in Russian elections (Times) Vladimir Putin secured an overwhelming victory last night in presidential elections marred by widespread reports of vote-rigging and attempts to bolster the turnout. Millions of Russians went to...

Britain must wean itself off Russia’s dirty money (Times) Vladimir Putin has been elected president of Russia for a fourth term amid gloating claims that his turnout was boosted by Britain’s furious reaction to the poisoning in Salisbury of Sergei and...

Ex-French president Nicolas Sarkozy 'arrested over campaign financing' (Sky News) The Former French president is being questioned in connection to alleged Libyan funding for his 2007 election campaign.

What Michael Flynn Could Tell the Russia Investigators (Bloomberg.com) The former national security adviser mingled business with government. That could help Robert Mueller look for similar overlaps among Trump insiders.

McCabe just made life tough for Comey and the special counsel (TheHill) The fired FBI deputy director is lashing out and posing problems for James Comey and Robert Mueller.

Ajit Pai celebrates after court strikes down Obama-era robocall rule (Ars Technica) FCC rule improperly treated everyone with a smartphone as potential robocaller.

Report: Police are now asking Google for data about all mobile devices close to certain crimes (TechCrunch) According to a new report from Raleigh, N.C. television affiliate WRAL, Google might have quietly helped local detectives in their pursuit of two gunmen who committed separate crimes roughly one-a-half years apart. How? According to the story, Raleigh police presented the company with warrants not …

SEC Announces Its Largest-Ever Whistleblower Awards (US Securities and Exchange Commission) The Securities and Exchange Commission today announced its highest-ever Dodd-Frank whistleblower awards, with two whistleblowers sharing a nearly $50 million award and a third whistleblower receiving more than $33 million. The previous high was a $30 million award in 2014.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Secutech (Taipei, Taiwan, April 25 - 27, 2018) To meet the rising demand for intelligent and customised solutions, Secutech converges security and safety, ICT, IoT, artificial intelligence, big data, edge computing, intelligent video analytics and deep learning to enable you to create new value in the rapidly evolving market, and provide intelligent solutions in factory, retail, healthcare, transportation, home, building and safe city sectors.

upcoming Events

Infosecurity Magazine Spring Virtual Conference (Online, March 21, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

3rd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought leaders to engage in high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Infosecurity Magazine North America Virtual Conference (Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option.

Northeast Regional Security Education Symposium (Jersey City, New Jersey, USA, March 23, 2018) The Professional Security Studies Department at New Jersey City University (NJCU) will hold its Northeast Regional Security Education Symposium on Friday, March 23, 2018, from 8 am to 2 pm. The symposium will feature discussions about national, corporate and cybersecurity implications related to the public and private sectors. This year’s symposium will take place at the NJCU School of Business’ Skyline Room, 147 Harborside Financial Center in Jersey City, NJ, with stunning views of Manhattan across the Hudson River. The event will feature a dark web overview, national security and media coverage, careers in security, and risk assessment and security.

KNOW Identity Conference 2018 (Washington, DC, USA, March 26 - 28, 2018) The premier global event for the identity industry, the KNOW Identity Conference is the nexus for identity innovation, offering a uniquely differentiated, powerful, and immersive event that convenes the world’s most influential organizations and smartest minds across industries to shape the future of identity.

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

National Cyber League Spring Season (Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between Easy, Medium and Hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season is 2/26/18-3/25/18.

4th Middle East Cyber Security Summit (Riyadh, Saudi Arabia, April 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit will be block-chains & artificial intelligence in existing technical infrastructure in order to protect organizations from external attacks. The need of the hour is to create an ecosystem of trust aided with cybersecurity capabilities.

Cybersecurity: A Shared Responsibility (Auburn, Alabama, USA, April 8 - 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect the use of information that is stored in, transmitted by, and processed with technology.

Sea-Air-Space: The Navy League’s Global Maritime Exposition (National Harbor, Maryland, USA, April 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete. Win.” reminds us that every day our men and women in uniform are learning new strategies, tactics and energy technology to compete against the world's best, where winning is the only option. The challenge is always on, and Sea-Air-Space is your place to participate in interactive exhibits, professional development sessions, and open forums disclosing timely information. Hear from active duty military, government and industry leaders on key issues and future strategies for the U.S. Navy, Marine Corps, Coast Guard U.S.-flag Merchant Marine.

2018 Mississippi College Cybersecurity Summit (Clinton, Mississippi, USA, April 10 - 11, 2018) The 2018 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. The 2018 Cybersecurity Summit will provide valuable cybersecurity tools and resources for a variety of industries and topics, including: critical infrastructure, healthcare, government, education, large and small business issues, and cryptocurrencies.

ISC West 2018 (Las Vegas, Nevada, USA, April 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing everything from access control to unmanned vehicles from over 1,000 Exhibitors & Brands.

CYBERTACOS San Francisco (San Francisco, California, USA, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

RSA Conference 2018 (San Francisco, California, USA, April 16 - 20, 2018) Take this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Our Security Advocates (San Francisco, California, USA, April 17, 2018) OUR Security Advocates highlights a diverse set of experts from across information security, safety, trust, and other related fields. OURSA is a single-track, one-day conference with four topic sessions. In each session, you'll hear short talks from multiple experts followed by a moderated discussion.

Industrial Control Systems (ICS) Cyber Security Conference Asia (Singapore, April 25 - 27, 2018) The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region. Three days of multi-track training & workshops for days for operations, control systems and IT security professionals to connect on SCADA, DCS PLC and field controller cyber security.

INFILTRATE (Miami Beach, Florida, USA, April 26 - 27, 2018) INFILTRATE is a "pure offense" security conference aimed at the experienced to advanced practitioner. With the late-90s hacker con as its inspiration, the event has limited attendance in order to foster a close-knit, casual and open environment for speakers and attendees. There are no sponsored talks, panels or other gimmicks, just two days of carefully vetted, highly technical talks which present new research in advanced exploitation techniques, vulnerability discovery, malware/implant design, anti-forensics and persistent access. Speakers include hackers from all across the offensive spectrum. The conference also hosts advanced training classes in web hacking, exploit development, cryptanalysis, kernel exploitation, Java attacks and other techniques (April 22-25). Now in its eighth year, the two-day, single track conference is organized by Dave Aitel and Immunity Inc., and is held in warm, sunny Miami Beach.

Automotive Cybersecurity Summit 2018 (Chicago, Illinois, USA, May 1 - 8, 2018) Smart Vehicles. Smart Infrastructures. The 2nd annual Automotive Cybersecurity Summit brings together public and private-sector manufacturers, suppliers, assemblers, technology providers and V2X partners to discuss the increasingly complex and interdependent relationships between smart vehicles and ever-expanding smart infrastructures. The SANS Automotive Cybersecurity Summit was created to develop and foster a culture of cyber-awareness in organizations across the vehicle supply chain as we work together to understand risks, safeguard organizations, their products, and their customer from the evolving threat landscape.

Global Cyber Security in Healthcare & Pharma Summit (London, England, UK, May 3 - 4, 2018) The number of cyber-attacks in healthcare is on the rise, and the industry must do more to prevent and respond to these incidents. The Global Cyber Security in Healthcare & Pharma Summit 2018 will bring together high-level representatives from around the globe to create a cybersecurity roadmap for the future. Attendees will come from all areas of cybersecurity for the healthcare, medical devices and pharmaceutical sectors. Experts will examine the cybersecurity landscape in these three industries, with a particular focus on strategies for protection and incident response, as well as on business/regulatory considerations. Central to the aims of this event is facilitating collaboration and cooperation amongst the diverse stakeholders that will be in attendance.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.