The CyberWire Daily Briefing, 10.21.19

Special Section

2019 ICS Cyber Security Conference

We're in Atlanta this week for the 2019 ICS Security Conference, which opened this morning. We'll have notes and updates throughout the duration of the conference. This morning we had the opportunity to hear presentations on the state of operational technology (OT) security and on the risk social engineering poses to industrial control systems.

The state of OT security: the good, the bad, and the ugly.

Mark Carrigan, COO of PAS Global, used his Eastwoodian title to sum up the mixed state of industrial control system security. He saw the good as increased signs of cooperation between OT and IT, with OT beginning to catch up to IT, particularly with respect to access management. Across the industry, he said initiatives have tended to focus on the right things: visibility, audits, and security awareness programs. And above all, companies now understand that OT security deserves investment.

The bad? Attacks on OT are no longer simply collateral damage from attacks against IT systems. The adversaries, especially nation-state threat groups, are now researching OT systems and developing attacks designed specifically for those systems. And unfortunately companies remain reluctant to share information about attacks.

And then there's the ugly, chiefly the confusing OT security market, and the tendency companies have to fixate on "shiny objects," the latest buzzwords and trends. We also find, Carrigan observed, that solution results seem to fall short of expectations, and too much information overwhelms understanding. To much focus on detection is also ugly: basic protection and recovery mechanisms "can have massive risk reduction."

He closed with four pieces of advice: "Fundamentals matter. Don't chase the shiny object. Integration is key. Industrie 4.0 is coming--get ready."

Social engineering and critical facilities: attack the human, not the technology.

Chad Lloyd, Security Architect, Schneider Electric, began by pointing out that compromising a system very often starts with compromising a human being. Studies indicate, he said, that 97% of cyberattacks try to trick a human being. He reviewed principles of social engineering, and emphasized that social engineering enables an attacker to bypass cyber defenses in depth and physical security measures. He pointed out a mismatch between IT and OT. IT worries about confidentiality, integrity and availability. OT, by way of contrast, is concerned with safety, availability and integrity (which together make up reliability), and only then confidentiality. Social engineering will seek to exploit these different interests.

After a description of how social engineers pull off their confidence games, Lloyd offered some general considerations for making an organization more resistant to this threat. He recommended instituting a security awareness program, with a primary focus on social engineering. Do a baseline assessment, and target training to risky positions. Make the training short, interesting, and interactive. He recommended that organizations include social engineering in risk assessments and penetration tests, and extending such assessments to third-parties.

With respect to technology, Lloyd suggested that organizations consider control escalation and mutual control. Two-factor authentication is valuable. He urged that enterprises not permit unmanaged devices on their networks. Endpoint security is valuable (but he cautioned that this isn't a panacea, and that organizations shouldn't rely on it exclusively). One-way sneaker-netting and unidirectional data diodes are also useful.

In sum, he agreed with Carrigan: attention to the basics matters. And those basics include training.

Summary

By the CyberWire staff

Another example of the difficulty of attribution may be found in a joint report issued today by the UK's NCSC and the US NSA. The agencies find that the Russian government group Turla (also known as "Venomous Bear," "White Bear," "Snake," "Waterbug," and "Uroburos") hijacked Iranian tools to mount an effective false-flag operation in which Turla effectively posed as APT34 (or "Helix Kitten"). The espionage operation not only used APT34 backdoors, but also prospected known APT34 victims. According to Reuters, the NCSC says it's not aware of any official attributions influenced by the misdirection, but officials point out that the discovery should serve as a cautionary tale against hasty attribution. (Compare a similar false-flag during the Winter Olympics, when Russian services impersonated North Korean operators. WIRED is running a long series on that incident.)

Often there's uncertainty with respect to whether an incident involves a cyberattack at all. A social media report out of Iran yesterday said that a refinery fire in that country was caused by a cyberattack, but these reports remain unconfirmed (and the tweet's assertion of confirmation doesn't count.) Reuters, sourcing Iranian state media, said there was fire in a canal carrying waste from the Abadan refinery, but that the fire was under control. Dragos counsels caution in accepting reports of a cyberattack at face value. After all, while cyberattacks can and have caused physical damage, accidents do happen.

The Telegraph reports that British police will soon begin predicting hate crimes on the basis of Twitter content.

Join 300+ cyber security peers on Oct 22 in DC – Use DMV30 for 30% OFF

Notes.

Today's issue includes events affecting Australia, Canada, China, Estonia, Ethiopia, Holy See, Iceland, India, Iran, Democratic Peoples Republic of Korea, Mongolia, Russia, Ukraine, United Kingdom, United States, and and Zimbabwe.

Bring your own context.

The SOHO routers used in homes and small businesses have given attackers points-of-entry for some time. Have the manufacturers made significant progress in securing them?

"I would say we have not come very far at all. While these manufacturers have made attempts to implement security controls that not only make it harder to reverse engineer the devices, but in some cases are actual legitimate attempts to protect against vulnerability classes, we were still able to exploit, remotely, most of these devices – twelve out of thirteen – and get root shells on them. So, I would say that the progress that these manufacturers have made is insufficient."

—Shaun Mirani, security analyst at Independent Security Evaluators, on the Research Saturday, 10.19.19.

So it would seem that SOHO security remains a work in progress.

Zero-Trust in the Modern Workplace

The modern workplace is infiltrated everyday — bring your own device policies and increased vendor access have introduced a whole new layer of cyber risk to the office environment. Since no vendor or customer should be automatically trusted, Zero-Trust frameworks have become more prevalent. How can organizations best protect themselves and their networks? Join LookingGlass’ Eric Olson & James Carnall for a webinar discussing best practices and war stories at 1 pm ET October 31, 2019.

On the Podcast

In today's Daily Podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan discusses the ease with which one’s identity can be determined using previously anonymized data sets.

Sponsored Events

Georgetown University Programs in Cybersecurity Webinar (Online, October 29, 2019) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on October 29 at noon ET to learn more.

IMAGINE, A MISI salon-style bespoke dinner event (Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.

Cyber Security Summits: November 6 in Boston and November 21 in Houston (Boston, Massachusetts, United States, November 6, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com

NXTWORK 2019 (Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Misuse of Alphabet’s Virus Scanner is Exposing Sensitive Files (Bloomberg) Flaw stems from poor configuration of security applications. Israeli company Otorio raises red flag for manufacturers.

Alexa and Google Home abused to eavesdrop and phish passwords (Ars Technica) Amazon- and Google-approved apps turned both voice-controlled devices into "smart spies."

Hacking the hackers: Russian group hijacked Iranian spying operation, officials say (Reuters) Russian hackers piggy-backed on an Iranian cyber-espionage operation to attack g...

Fire in waste canal at Iran's Abadan refinery under control - state media (Reuters) A fire in a canal carrying waste from Iran's Abadan oil refinery was brough...

Claims of a Cyber Attack on Iran's Abadan Oil Refinery and the Need for Root Cause Analysis | Dragos (Dragos) On October 20th, 2019, the Twitter account @BabakTaghvaee posted that there was a fire at the Abadan Oil Refinery in Iran; notably the account claimed that the fire was a result of a confirmed cyber attack. A video was posted of the fire and the news organization Retuers had posted just prior to the tweet about the fire as well. The purpose of this blog is to add some context to such events for the purpose of avoiding hype but to clearly point out a gap in the industrial cybersecurity community that we have around root cause analysis and the importance of setting forth a strategy across collection, visibility, and detection to ever get to the point where response scenarios can account for such processes.

UC Browser app abuses may have exposed 500 million users (Zscaler) UC Browser app with 500 million+ downloads installs and downloads third-party app store in violation of Google Play policies and the downloads are sent over unsecured channels.

Norwegian Newspaper Website Taken Offline After Content Hack (Forbes) Hackers inserted false stories and quotes on to the Dagbladet.no website, including a pro-pedophilia comment attributed to Norway’s Prime Minister, Erna Solberg.

Kaspersky finds samples of Dtrack spyware tools in many Indian states (The Times of India) India Business News: New Delhi, Oct 18 () Cybersecurity solutions provider Kaspersky on Friday said it has discovered samples of 'Dtrack' - which comprises a set of tools .

Phishy text message tries to steal your cellphone account (Naked Security) Which sort of company is most likely to contact you via SMS? Why, your mobile phone provider, of course!

Zimperium finds massive security and privacy breaches in all top travel apps (Gadget Guy Australia) Zimperium has found massive security and privacy breaches in the 30 most used travel and price comparison apps. Zimperium (report here) found that of the 30 most used apps that 45% of Android apps and 100% of iOS apps get a failing grade in protecting users’ privacy and that 97% of Android apps and 100% …

Italians Rocked by Ransomware (Infosecurity Magazine) Ransomware attacks blast Rammstein tunes while wreaking havoc in Italy

WordPress Servers Are Being Targeted by New Cryptojacking Plugins (BeInCrypto) WordPress plugins are used to provide more website functionality. But, some of these plugins contain a hidden cryptocurrency mining exploit.

Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks (Ethio CERT) The cyber criminal group behind BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability affecting a little-known component that comes bundled with Apple's...

Much-attacked Baltimore uses ‘mind-bogglingly’ bad data storage (Naked Security) IT workers have been storing files on their computers’ hard drives. One councilman’s alleged response: “That can’t be right? That’s real?”

SIM swap: The latest cyber fraud to worry about. (And what you can do to limit the damage.) (Daily Herald) If your phone stops working or you can't send or receive texts, don't assume it's a glitch. Call using an alternate method or visit your carrier immediately to report phone takeover fraud.

Ransomware attack may be affecting 911, emergency dispatch in Jasper Co. (WTOC) We’re finding out that there is more to the cybersecurity issues Jasper County is having then just backlog data.

Report: RCC cyber attack was first successful of this scale at NC community college | Richmond County Daily Journal (Richmond County Daily Journal) The cyber disturbance that temporarily took out all of Richmond Community College’s internet-based services in July and apparently stunted the college’s fall enrollment was part of a…

We asked a hacker to try and steal a CNN tech reporter's data. Here's what happened (CNN) I thought my social media posts merely betrayed my desperate need for attention and likes. It turns out, though, that they're also a goldmine for hackers.

Vatican's wearable rosary gets fix for app flaw allowing easy hacks (CNET) Are you there, God? It’s me, a serious security flaw.

'I lost £4,000 in a call centre scam' (BBC News) Indian police shut two call centres and arrest seven people suspected of involvement in the scam.

Cyber Trends

James Bond today would be an analyst: Intel Chiefs (Deccan Herald) Hollywood may have long tried to glamorize the business of spycraft, but in real-life, James Bond would be an analyst poring over reams of data, rather than a man of action causing havoc in the field, intelligence chiefs said.

6% of Law Firms Are Protecting Themselves From Email Spoofing (Today's Conveyancer) The survey reviewed whether firms have adequate protection against email spoofing, and found that only 6% had DMARC, meaning that 94% didn’t.

Marketplace

Facebook Reaches Deal With Wall Street Journal Publisher, Others for News Section (Wall Street Journal) News Corp has reached a deal to let Facebook feature headlines from The Wall Street Journal and other Dow Jones media properties, as well the New York Post, in the social-media giant’s upcoming news section, the companies said.

Booz Allen, National Technical Information Service to Support Joint AI Center (Valdosta Daily Times) Booz Allen today announced that the firm has entered into a letter agreement, under its joint venture partner agreement with the U.S. Department of Commerce’s National Technical Information Service (NTIS), to assist the U.S. Department of Defense’s (DoD) Joint Artificial Intelligence Center (JAIC).

Army AI task force looks for cyber project as industry day nears (FCW) The Army Artificial Intelligence Task Force is looking to start a cyber project this year just in time for its third annual industry day.

How SAIC helps vets boost their cyber career paths (Washington Technology) Many companies put a value on hiring veterans and here's how SAIC is supporting veterans by using a scholarship to advance their cyber careers.

GCHQ director says cyber agency is targeting dyslexic people to work as analysts (The Telegraph) It was once thought that a tap on the shoulder from an Oxbridge don was the only way to get a job with the secret services.

Salient CRGT Wins $115M IT Services Contract for GAO (WashingtonExec) Salient CRGT, through its wholly owned subsidiary Advanced Technology Systems Inc., will manage many IT issues remotely under a recently awarded contract

Brisbane's RIoT Solutions scores QLD govt managed security contract (CRN Australia) Replacing incumbent service installed for the 2014 G20 summit.

US cyber vendor KnowBe4 lands in A/NZ (ARN) Phishing and awareness training specialist KnowBe4 has become the latest US cyber security vendor to stamp a footprint on Australian and New Zealand soil.

Cash injection drives Menlo Security to Australian launch (CSO) ‘Isolation’ architecture prevents malicious online content from reaching users’ devices

Nozomi Networks Hosts Italian President Sergio Mattarella at US Headquarters (West) Co-Founders Andrea Carcano and Moreno Carullo Recognized for Italian Cybersecurity Innovation

Products, Services, and Solutions

Blackbird.AI launches AI-Based Solution for Governments and Businesses to Combat Deliberate Online Falsehoods in Real-time (BLACKBIRD.AI) Technology, Regulation, and Education must work hand-in-hand to tackle disinformation threats now seen as the new normal

InEight launches new risk intelligence software (Hydrocarbon Engineering) InEight has announced the debut of its new risk intelligence software for construction projects.

Radiflow and Asset Guardian Introduce Joint Solution to Enrich Industrial Asset Monitoring and Risk Assessment (PR Newswire) Radiflow, a leading provider of cybersecurity solutions for industrial automation...

Technologies, Techniques, and Standards

Microsoft Tackles Election Security with Bug Bounties (Threatpost) Researchers can earn up to $15,000, depending on the severity of the bug found.

Get Proactive to Better Arm Yourself Against Cyberattacks (Nextgov.com) Agencies must move to an integrated data-driven approach aimed at predicting and preventing cyber threats.

The Need for a Cybersecurity Paradigm Shift (Stripes Korea) Cyber threats against federal agencies, including across the Department of Defense and the U.S. Navy, are increasing in frequency, sophistication and impact, opening to attack vast amounts of sensitive data housed on government information technology systems and the nation’s critical infrastructure.

Army special operators look to counter disinformation, cyberwarfare in new strategy (Stars and Stripes) Trends like climate change, urbanization and rapid technological advances will test Special Forces soldiers in new ways, according to a new U.S. Army Special Operations Command Strategy.

What infosec pros can learn from Tony Stark (IT World Canada) Infosec pros usually toil unappreciated in organizations, often fighting sometimes losing battles against well-armed opponents, and sometimes seemingly deaf employees. They ache

How to Control the Privacy of Your Facebook, Instagram, Twitter, and Snapchat Posts (Wired) Whether it's Facebook, Instagram, Twitter, or Snapchat, lock down who can see what you're up to.

At an Outback Steakhouse Franchise, Surveillance Blooms (Wired) Fried onion meets 1984.

Design and Innovation

AI targets insider threats by analysing employee writing for malice (CSO) Scanning user emails, social media for emotional state can identify a potential threat before it compromises the business

Pennsylvania to test an extra layer of election security — math (NBC News) The system, known as a "risk-limiting audit," uses advanced statistical analysis and a dose of randomness to look for irregularities in vote tallies.

Academia

Australian universities are the world’s most frequently targeted (CSO) As ANU shares forensic breach analysis, figures suggest ACU, ANU are the tip of the iceberg

UT requires enrollment in two factor authentication soon (Tennessee Journalist) Starting Oct. 22, two factor authroization will be mandatory for all UT faculty, staff and students. Here's everything you need to know.

Maui students help guard against cyberattacks | News, Sports, Jobs (Maui News) Do not click to win a $1,000 Amazon gift card. Do not spin the wheel that just popped up onscreen. And definitely do not use the word “password

Legislation, Policy and Regulation

Zuckerberg Doubles Down on Free Speech—the Facebook Way (Wired) The Facebook CEO didn't announce new initiatives in a highly promoted speech, but reaffirmed his view that the company makes the world a better place.

Zuckerberg’s speech draws ire from 2020 candidates, civil rights advocates (Washington Post) Facebook chief executive Mark Zuckerberg drew fresh ire from Democratic presidential candidates, free speech experts and civil rights advocates, who argued his speech in Washington this week failed to acknowledged the troubles with the tech giant’s practices.

[Letter to Activision Blizzard from Senators and Members of Congress] (US Congress) Dear Mr. Kotick: We write to express our deep concern...

China's propaganda chief says Cold War mentality hindering mutual trust in cyber space (The Straits Times) A "Cold War mentality" and"bully behaviour" are hindering mutual trust in cyber space, China's propaganda chief said on Sunday (Oct 20) at the start of the World Internet Conference in the eastern Chinese town of Wuzhen.. Read more at straitstimes.com.

Opinion | Washington gives Chinese diplomats a taste of their own medicine (Washington Post) The Trump administration just launched a major shift in policy toward China.

Deterring Chinese Military Ambitions Before It's Too Late (The Federalist) Natsec reporter Bill Gertz's book, 'Deceiving the Sky: Inside Communist China's Drive for Global Supremacy,' offers vital reporting on the Chinese threat.

Huawei lashes out at Estonia for 'unfounded' security claims (Hartford Courant) Chinese telecom company Huawei has criticized the Estonian government and media for spreading what it says are "arbitrary and unfounded" allegations about

Huawei 5G Technology: Is It Coming To America Despite Trump’s Blacklist? (Forbes) Despite Trump's rhetoric, Huawei claims its 5G technology could now be coming to America.

U.S. Government Still Uses Suspect Chinese Cameras (Wall Street Journal) Thousands of Chinese-made surveillance cameras remain in use at U.S. military installations and other government sites after purchases of such devices were banned.

Australian Newspapers Redact Front Pages in Call for Press Freedoms (Wall Street Journal) Newspaper front pages across Australia were blacked out Monday, as the country’s biggest media companies are calling on Canberra to enshrine press freedoms and protect whistleblowers.

Artificial Intelligence and the Evolution of Cloud Computing: Evaluating How Financial Data is Stored, Protected, and Maintained by Cloud Providers (US House of Representatives) Statement for the Record, Steve Grobman, Senior Vice President and Chief Technology Officer, McAfee, LLC, before the U.S. House of Representatives Taskforce on Artificial Intelligence

Pentagon Receives 2,000 Comments on Vendor Cyber Certification Program (Nextgov.com) The next iteration of the framework will be released in early November, according to Undersecretary for Acquisition and Sustainment Ellen Lord.

The Army’s defensive cyber solutions team looks for growth (Fifth Domain) The Forge's project manager discusses its successes and how it could grow in the next year.

Baker-Polito Administration Announces New Program to Assist Municipalities in Bolstering Cyber Resiliency (Mass.gov) Baker-Polito Administration Announces New Program to Assist Municipalities in Bolstering Cyber Resiliency

Survey says Canadian Legislation is Lacking Cybersecurity Awareness (CISO MAG) Cybersecurity experts opined the Canadian government isn’t doing enough to protect businesses and consumers from data breaches.

Public, election officials may be kept in the dark on hacks (Baltimore Sun) If the FBI discovers that foreign hackers have infiltrated the networks of your county election office, you may not find out about it until after voting is

Litigation, Investigation, and Enforcement

'An open secret': Government urged to release Parliament cyber attack report (The Sydney Morning Herald) A detailed report on the Parliament cyber attack is said to blame a Chinese ministry, but the government is reluctant to release an unclassified version.

Anti-Money-Laundering Watchdog Puts More Pressure on Iran (Wall Street Journal) The Financial Action Task Force is increasing pressure on Iran to meet its standards while giving the country more time to do so.

WSJ News Exclusive | Congress Ramps Up Scrutiny of Boeing Executives, Board (Wall Street Journal) U.S. lawmakers probing the 737 MAX jet crisis are ratcheting up scrutiny of Boeing leaders as new details point to management pressure on engineers and pilots in its commercial-aircraft unit.

Boeing ‘knew of 737 Max flaws’ before crash (Times) Boeing appeared to know about problems with a flight control system on board its 737 Max aircraft nearly two years before its malfunction caused or contributed to a fatal crash in Indonesia. The...

Police to 'predict' hate crimes through Twitter for the first time (The Telegraph) Police will use artificial intelligence to predict real-life hate crimes based on Twitter comments in the first trial of its kind in the UK.

38 people cited for violations in Clinton email probe (AP NEWS) WASHINGTON (AP) — The State Department has completed its internal investigation into former Secretary of State Hillary Clinton's use of private email and found violations by 38 people, some of...

State Dept. finds no ‘systemic’ classified violation in Hillary Clinton private-server emails (POLITICO) A State Department investigation into former Secretary of State Hillary Clinton’s private email account found no widespread effort by her aides or other staffers to mishandle classified information.

State Department probe of Clinton emails finds no deliberate mishandling of classified information (Washington Post) The years-long inquiry is an anticlimactic end to a controversy that overshadowed the 2016 campaign.

GOP House Intel members accuse Dems of withholding impeachment inquiry docs (The Washington Times) Republicans on the House Intelligence Committee are accusing the majority party of withholding documents central to the impeachment inquiry.

Holding Ukraine hostage: How the president and his allies, chasing 2020 ammunition, fanned a political storm (Washington Post) Gordon Sondland, the U.S. ambassador to the European Union, seized control of the Ukraine portfolio to help Trump.

'Storage Wars' Property Seized by Federal Investigators in Possible 'Espionage Attack' Case (Reality TV) One of the lockers typically auctioned off on Storage Wars has reportedly been seized by federal [...]

The hunt for Satoshi Nakamoto: a brief history (Decrypt) The human; the myth; the legend – but who exactly is Satoshi Nakamoto? We look back at the various attempts to dig up who he or she really is.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Industrial Control Systems (ICS) Cyber Security Conference (Atlanta, Georgia, USA, October 21 - 24, 2019) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. Since its first edition in 2002, the conference has attracted a continually rising interest as both the stakes of critical infrastructure protection and the distinctiveness of securing ICSs become increasingly apparent.

PCI SSC 2019 Europe Community Meeting (Dublin, Ireland, October 22 - 24, 2019) The PCI Security Standards Council’s 2019 Europe Community Meeting is the place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

Omaha Cybersecurity Conference (Omaha, Nebraska, USA, October 24, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.

Florida Cyber Conference 2019 (Tampa, Florida, USA, October 24 - 25, 2019) Join hundreds of stakeholders from Florida's cybersecurity community and beyond for innovative content, in-depth discussion, hands-on demos, networking, and more! With more than 20 breakout sessions across multiple themed tracks, pre-conference workshops, a capture-the-flag competition, and interactive experiences, Florida Cyber Conference 2019 is a can't-miss event for Florida's cybersecurity community.

National Security Leaders Symposium (Naples, Florida, USA, October 27 - 29, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and the high stakes at play in terms of cyber threats. From the outlook for 2019 and beyond, tech shaping the future, CISO role innovation and quantum leaps in cyber- to the ways that agents of change are affecting the role of the CISO in the future, the National Security Leaders Symposium is sure to deliver on what security leaders need to see over the horizon.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

A false Iranian flag. Don't jump to attack conclusion. Predictive policing. Notes from the Atlanta ICS security conference.

The state of OT security: the good, the bad, and the ugly.

Social engineering and critical facilities: attack the human, not the technology.

Bring your own context.