Advanced Persistent Threats - The Hacker's Latest Weapon or Just Marketing Spin?

Modern vehicles are, as Bruce Schneier recently put it, actually computers with wheels rather than cars with a computer added on. Every part of the vehicle's operation is supervised, logged, and managed by digital signals on a complex vehicle network. If you have a crash, your car will tell investigators if you were speeding or swerved to avoid the impact. If you spend too long dawdling at the convenience store instead of visiting your customers, your employer will know about it. If you waste fuel, drive dangerously, or don't turn your lights on when you should, it'll be recorded.

This introduces a lot of familiar debates in security circles. Who owns the data? What counts as personally identifiable? What are acceptable standards for logging, retention, and disclosure? What happens if we get it wrong?

The bad news is the vehicle landscape, like enterprise security, is badly fragmented. The good news is we've learned a lot of useful lessons over the past 20 years which can be brought to bear on the problem, so solving it shouldn't take another 20.

In this presentation we'll review some of the mechanics of how vehicle data is generated, who can see it, and how it can be used and abused. We'll then talk about points of leverage for the industry, the manufacturers, the owners, and law enforcement, and see what common ground exists. Finally, we'll lay out some basic ideas any fleet operator or concerned individual can use to make decisions about what vehicles to use and how to manage the data footprints they generate.

Software plays an expanding and critical role in the success of future vehicles such as automobiles and trucks. Novel technologies that depend on the flexibility of software create new vulnerabilities and new ways to attack systems. This talk explores the expanding landscape of vulnerabilities that accompany the increasing reliance on software and then examines some key steps to help mitigate the increased risk: development of appropriate requirements from an analysis of risks, techniques that can be applied during development, and evaluation approaches for existing systems. The talk will conclude with a view of emerging approaches to further improve the delivery and sustainment of such critical software.

About the Presenter:
Dr. Mark Sherman is the Director of the Cyber Security Foundations group at CERT within CMU’s Software Engineering Institute. His team focuses on foundational research on the life cycle for building secure software and on data-driven analysis of cyber security. Before coming to CERT, Dr. Sherman was at IBM and various startups, working on mobile systems, integrated hardware-software appliances, transaction processing, languages and compilers, virtualization, network protocols and databases. He has published over 50 papers on various topics in computer science.

We are surrounded by 2-ton IoT devices on wheels. The auto industry has rapidly evolved in the last five years; vehicles now have phone apps for remote control, built-in WiFi hot spots, heads-up displays, lane correction systems, and other Advanced Driver Assistance Systems. These convenience and road safety features are in high demand, but they also introduce cybersecurity concerns.

Automakers are now software companies, and this talk will address some of the cybersecurity-related issues faced by the transportation industry, including some of the growing pains a “traditional” industry has when it starts to become internet connected to the outside world. Mr. Smith will share techniques currently used by hackers and show some of the security defenses being put into place. You will see the vulnerabilities of vehicles on the road today, as well as take a peek into the future of fully autonomous cars. And if your head isn’t spinning already, learn what it will mean to "own" a car in the future. Key topics will include:
•What makes car hacking so intriguing?
•Who are the adversaries in this space and what are they after?
•How self-driving cars can be used as a model for corporate infrastructure.
•How IoT can be locked down without locking out the customer.

About the Presenter:
Craig Smith is the Founder of Open Garages and Research Director of Transportation Security at Rapid7. Open Garages is a distributed collective of performance tuners, mechanics, security researchers and artists. Craig is also the author of the Car Hacker's Handbook and runs a Security Consulting firm that specializes in automotive reverse engineering. Craig has developed many open source utilities to teach CAN bus to students and well as security penetration tools that can uncover vulnerabilities in vehicle and diagnostic systems. He has worked in the security field for over 20 years with the last 5 years focused on automotive.

With the proliferation of the Internet of Things (IoT) into every aspect of our society, cyber attacks on a massive scale are becoming a possibility, and in some cases, a reality. Attackers can take out city grids, hijack control systems and engage in cyber war remotely.

This panel of top cybersecurity experts will discuss how connected devices are affecting our critical infrastructure security, the IoT and cyber warfare, and what we need to do today to address the security challenges posed by IoT devices.

Speakers:
- Demetrios "Laz" Lazarikos, Three Time CISO, Founder of Blue Lava
- Mark Weatherford, Chief Cybersecurity Strategist at vArmour
- Robert M. Lee, CEO and Founder of Dragos, Inc.

Today we fight adversaries individually, not collectively. Companies are working in silos to defend their individual infrastructures. Security operators and defense teams do not have visibility into cyber security incident information from their peers, even though they may be seeing the same attack methods or adversaries. The lack of an effective exchange and collaboration between companies is the Achilles heel our enemies continue to exploit.

Come and join a discussion about a new cybersecurity model that maximizes the use of the network (much like the bad guys) and incentivizes the exchange of actionable threat incident data.

We'll look at recent critical infrastructure hacks such as Grizzly Steppe, WannaCry and CrashOverride and discuss how we can better protect ourselves for future attacks.

Would a hack on one Internet connected thermostat stop a nation? Maybe not, but imagine hundreds of connected devices being meddled with in order to cause havoc?

Join our IOT experts to discuss the real impact of an IOT device hack. Wieland Alge, GM EMEA at Barracuda Networks and Mark Harrison, Consultant at Pen Test Partners, will look into why cyber criminals are interested in hacking IOT devices and the true impact of such an attack to organisations. Join this webinar to learn:

• The true impact of an IOT hack
• Methods used by hackers
• Demos of IOT devices being hacked
• Major challenges in protecting smart cities
• How to mitigate these threats

BrightTALK caught up with Giovanni Vigna from University of Santa Barbara & Lastline for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- The difference between traditional AI & Machine Learning and the tools when applied to cyber security

- Whether the buzz surrounding the tools is legitimate

- How the human still needs to fit into the picture when using machine learning based security techniques

- How AI & Machine learning can be used for threat hunting purposes

- The WannaCry virus and what it means for the ransomware landscape and how we protect ourselves from attacks

- The value of security culture in an organisation

- Trends in the techniques used in cyber warfare

- The exponential growth of the IoT and what it means for securing the connected devices

We live in an IoT world. Connected devices now include TVs, refrigerators, security systems, phones, music players, smart assistants, DSL modems, cars, and even toothbrushes. Besides privacy and personal security concerns, these devices pose significant risk of cyber attacks. IoT devices have been used in devastating DDoS attacks that have paralyzed key Internet services, emergency services, and heating systems. In addition to run-of-the-mill hackers and hacktivists, they are the first line of attack in any low-to-medium scale cyber conflict between nation states.

Vulnerable IoT devices represent a direct threat to safety, life, property, business continuity, and general stability of the society.

This talk will discuss the security challenges surrounding IoT devices, and what is needed for a balanced framework that forces vendors to implement a reasonable level of best practice without causing them undue burden and risk.

About the Presenter:
Tatu Ylonen is a cybersecurity pioneer with over 20 years of experience from the field. He invented SSH (Secure Shell), which is the plumbing used to manage most networks, servers, and data centers and implement automation for cost-effective systems management and file transfers. He is has also written several IETF standards, was the principal author of NIST IR 7966, and holds over 30 US patents - including some on the most widely used technologies in reliable telecommunications networks.

Internet of Things devices are notoriously lacking in security, making them easy targets for attackers to hijack and leverage in DDoS attacks. How have cyber attacks evolved in the last few months? What is the impact of the IoT devices on cybersecurity across organizations and industries? How can we better protect our organizations when it comes to attacks coming from the IoT?

This panel of security experts will discuss the current state of IoT security and the IoT trends seen across industries. Join this interactive Q&A session and discover where the vulnerabilities lie and how we can improve cybersecurity.

Moderator:
- Vince Tocce, Founder of Vince in the Bay Podcast

Speakers:
- Jay Beale, CTO of Inguardians
- John Bambenek, Threat Systems Manager at Fidelis Cybersecurity
- Mike Hamilton, SVP Product at Ziften Technologies

Many security teams find it challenging to prove their value and effectiveness, especially in the absence of compromise or breach activity. Learn how top-performing security teams take advantage of their visibility across the environment to provide ongoing, deeply insightful measurements and reporting that support broader business decisions. Applying these techniques can exponentially increase the overall value of your security team to the entire organization.

In this webinar, you will learn:
- A framework with actionable ways to report the effectiveness of your security program and tools
- How to translate technical data into business objectives
- Methods for identifying performance issues and opportunities across your team, processes, and tools
- A simple calculation to systematically prioritize your alerts
- Guidelines for driving strategic decisions based on the measurement of security tools

About the Presenter: Joe Moles, Director of Detection Operations

An IR and digital forensics specialist, Joe Moles has more than a decade of experience running security operations and e-discovery. As Director of Detection Operations at Red Canary, he leads a team of security analysts to help organizations defend their endpoints against threats. Prior to joining Red Canary, Joe built and led security operations, incident response, and e-discovery programs for Fortune 500 companies like OfficeMax and Motorola. He is regarded as an industry thought leader and regularly contributes to the Red Canary blog.

The IoT explosion means billions of new, “smart” devices gathering petabytes of data from a host of environments, many new and unfamiliar to IT. How can security possibly keep up with it all? Recent events such as the Mirai botnet suggest we’re already behind the curve – and that the need is not just to defend against threats to IoT, but to protect against threats arising from compromised IoT. In this talk, we’ll explore:

- The primal forces pulling security in diametrically opposite directions (hint: “the cloud” isn’t everything)
- The reality of IoT endpoints (many are far more complex than you’d suspect)
- Breaking it down: Where is security making inroads? What are the areas to watch for innovation?
- The road ahead: How will the evolution of IoT security impact society?

About the Presenters:
As a Senior Research Associate in 451 Research’s Information Security Channel, Patrick Daly covers emerging technologies in Internet of Things (IoT) security.

Scott Crawford is Research Director for the Information Security Channel at 451 Research, where he leads coverage of emerging trends, innovation and disruption in the information security market. Well known as an industry analyst covering information security prior to joining 451 Research, Scott has experience as both a vendor and an information security practitioner.

We live in a world enabled by and surrounded by technology - and each day there's a new device to hit the market designed to make our lives easier, more convenient, and perhaps even healthier. As a society - both as individuals and as organizations serving us - we snatch up these new devices as quickly as they hit the shelves and use them with open arms, unknowingly putting privacy and safety at risk.

FEATURED EXPERTS
> Ted Harrington, Executive Partner at Independent Security Evaluators
> Debra J Farber, Security & Privacy Executive | Founder of Orinoco.io & WISP
> Chris Roberts, Chief Security Architect at Acalvio Technologies

YOUR MODERATOR
> Sean Martin, CISSP, Founder and Editor-in-Chief, ITSPmagazine

This expert panel will look at a variety of these connected things - from connected cars to automated homes to the IoT-enabled medical devices we will have implanted in our bodies.

Join us for this expert, engaging conversation where we’ll explore:
- What personal data must we share with these devices to get the most out of them?
- What price are we willing to pay for an easier, smarter, connected life? Are we willing to sell our soul for a digital future? Because, willingly or not, we are.

- Do we actually know that we are doing that? Do we know what are we giving up in return for this streamlined world we live in? Are we able to make an informed, conscious decision? Will we ever be?

Be sure to join us for this exciting and engaging conversation!

Bad things happen, but the potential of IoT will be limited if those in any connected system of devices cannot share data of adverse incidents more effectively. This webcast introduces 5 keys to doing so successfully, all toward improving security across those systems.

The Internet of Everything affects everyone from multi-nationals to private citizens. The universal adoption of machine to machine communications in every aspect of our lives offers criminals a hugely expanded attack surface. How do we defend ourselves without undermining the benefits of the IoE?