Even though many of us are still in the dog days of summer, autumn is also just around the corner. Here are some of the active cyber highlight events for me over the summer of 2019 and some that I am looking forward to this autumn. Let me know about your active cyber highlights of Summer 2019.

Bird Foundation – I attended a mid-June reception for the Bird Foundation that was hosted at the Israeli embassy. BIRD is an acronym for Israel-U.S. Bi-national Industrial Research and Development. The BIRD Foundation was established by the U.S. and Israeli governments in 1977 to generate mutually beneficial cooperation between U.S. and Israeli companies, including start-ups and established organizations. BIRD provides both match-making support between U.S. and Israeli companies, as well as funding covering up to 50 percent of project development costs, up to $1M per project. BIRD takes no equity in the companies. BIRD’s scope extends to Agriculture, Communications, Construction Technologies, Electronics, Electro-optics, Life Sciences, Software, Homeland Security, Renewable and Alternative Energy and other technology sectors. BIRD supports approximately 20 projects annually. The cumulative sales of products developed through BIRD projects have exceeded $10 billion.

Cybersecurity has been a key focus area for funding of the Bird Foundation for several years as both Israel and US have been hotbeds of innovation for cybersecurity. At the reception, BIRD’s Executive Director, Dr. Eitan Yudilevich, announced the approval of $8.2 million for the funding of nine new projects. Among them were projects with innovation relating to agrotech, cleantech, healthcareIT and media. Dr. Walter G. Copan, Under Secretary of Commerce for Standards and Technology and Director, National Institute of Standards and Technology, U.S. Department of Commerce and Dr. Ami Appelbaum, Chief Scientist, Ministry of Economy and Industry, and Chairman, Israel Innovation Authority spoke on the need for continued technology innovation while Dr. Kelvin Droegemeier, Director, White House Office of Science and Technology Policy spoke about the commitment and spirit of partnering among the two nations.

Governor Hogan Strengthens MD’s Cybersecurity – Many states are getting serious about cybersecurity and my home state recently took action as well as Governor Larry Hogan issued a new executive order on cybersecurity. Larry Gordon – a previous contributor to Active Cyber™ and a Professor at the Smith School of Business, University of Maryland provided the following testimony to the issuance of this executive order in mid-June.

“In today’s world of interconnected digital computer-based networks, cybersecurity risks have become a critical concern to organizations in both the public and private sectors of our economy. In U.S. federal government agencies and major U.S. corporations, it is common to have a Chief Information Officer (CISO) as a member of the organization’s C-Suite of executives. CISOs are responsible for providing leadership related to the prevention of cybersecurity breaches in their organizations. In addition, since 100% security is not possible, CISOs are also responsible for providing leadership in terms of responding to successful cyber-attacks against their organizations.

Although many U.S. States do not have a formal CISO position, a growing number do have such a position. Thanks to Governor Hogan’s recent Executive Order .01.01.2019.07 that addresses Maryland’s Cyber Defense, as of June 18, 2019 the state of Maryland now has such a position. The person occupying that position will Chair the Maryland Cybersecurity Coordinating Council and manage the Office of Security Management, both of which were also established by the Governor’s Executive Order. The Governor’s decision to establish the position of CISO, the Maryland Coordinating Council, and the Office of Security Management for the State of Maryland is a clear signal that the Governor recognizes the need to minimize the risks associated with cyber-attacks on Maryland’s citizens, private sector businesses, and government agencies. Kudos to Governor Hogan!”

Cybersecurity Activities at NIST – The National Institute of Standards and Technology located near me in Gaithersburg, MD has been quite busy this summer with several announcements and activities.

Cyber Readiness Program – Small businesses from across the country now have the ability to access the Cyber Readiness Institute’s (CRI) Cyber Readiness Program through the National Institute of Standards (NIST) Small Business Cybersecurity Corner. This program is designed to educate and equip small and medium-sized enterprises (SMEs) with free tools and resources to address four primary cybersecurity issues: passwords, phishing, software updates, and USB use.

NISTIR 8228 – Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks, June 2019 – Appliances from refrigerators to thermostats are now available in models that interact with a wireless network, making them easier to control with a computer or smartphone. Because these devices can also put our security at risk, the National Institute of Standards and Technology (NIST) has released a guide to help us all adjust to a world where seemingly everything is connected — and potentially vulnerable. The guide identifies a set of voluntary recommended cybersecurity features to include in network-capable devices, whether designed for the home, the hospital or the factory floor.

Workshop on Core IOT Cybersecurity Baseline – August 13, 2019 – This Workshop gathered feedback on NIST’s approach to the IoT Cybersecurity Baseline as well as discussed current status and future directions of this work. Download the outcomes of the workshop at the link.

The NIST Cybersecurity Team announced a new blog – Cybersecurity Insights: a NIST blog. The new Cybersecurity Insights: a NIST blog will cover the extensive work being done at NIST in the cybersecurity and privacy arenas such as: Privacy Engineering, the Internet of ThingsArtificial Intelligence, the Cybersecurity FrameworkCryptographySmall BusinessCybersecurity Education, the Privacy Framework, and more… and we will  provide updates from the Computer Security Resource Center,  National Cybersecurity Center of Excellence (NCCoE) and the National Initiative for Cybersecurity Education (NICE).

Dreamport – If your air conditioning breaks down, then grab your latest cyber innovation and head over to Dreamport in Columbia MD and learn about Dreamport’s state of the art facilities and mission to find that spark that leads to unparalleled capability for USCYBERCOM and the warfighters at large. Armed with Other Transaction Authority (OTA) for Prototype Projects 10 USC 2371b, Dreamport provides a quick on-ramp for innovative cyber capabilities. Check out their latest technical challenges at this link. I was able to attend an innovation session this summer as I mentioned in a recent post.

George Mason Wins Cyber Award – I would be remiss to not mention that Washington DC area George Mason University was recognized in July as a Cyber FastTrack National “Top Tier College” that is the best in the nation in Cybersecurity Talent Discovery. Mason topped a nationwide Cyber FastTrack field of 5,200 U.S. colleges for the honor, with a contest-best 312 students discovering their aptitude for cybersecurity careers through a competition sponsored by the SANS Technology Institute. Cyber FastTrack is a free online program for college students and graduates that was designed by world leaders in cybersecurity and backed by 25 U.S. governors in the hopes of closing the nation’s cyber skills gap with China and Russia. Southern Arkansas University’s Main Campus, Austin Peay State University, Michigan State University and Old Dominion University rounded out the top five finishers.

Survey for cURL – cURL is open source software used extensively with IoT devices such as cars, television sets, routers, printers, audio equipment, mobile phones, tablets, settop boxes, and media players to transfer data, and is the internet transfer backbone for thousands of software applications affecting billions of humans daily. Participate in a poll from cURL, a critical open source project that is seeking feedback from its consumers. The link to the poll is here: https://docs.google.com/forms/d/e/1FAIpQLSe-T5IrWq73d6QXvdsn8zVhCWKHCwq97J7KrNktOPL0g2Y7pA/viewform

Summer ReadingOFFENSIVE COUNTERMEASURES: THE ART OF ACTIVE DEFENSE – 2ND EDITION, By John Strand with Paul Asadoorian, Benjamin Donnelly, Bryce Galbraith & Ethan Robish – The title of this book caught my eye at a conference over the summer and it has proven to be quite interesting and a quick read. It is not the type of active defense that I usually talk about – this one discusses techniques [along with the need for legal review and approval] to annoy, attribute, and attack back against those who are trying to impose cyber harm on you. It is definitely worth a good look and a discussion over a drink or two at an upcoming conference with a group of your cyber colleagues…

Podcasts – I also started podcasting this summer. Check them out at this link. Look for some new ones soon.

Black Hat 2019 – One of my highights for this summer – you can read about what I did and what I learned at this link.

Upcoming Conferences – Leave the dog days of summer behind and check out these fall conferences. Maybe you can learn about a new active defense that will allow you to leave behind those data breaches as well. Anyway, here are a few conferences I am tracking this fall. Let me know if you are going and want to meet and talk or just grab a coffee or drink.

10th Annual Billington Cybersecurity Summit, Sept 4-5, WASHINGTON CONVENTION CENTER, Washington, DC – A world class lineup of 75+ speakers are scheduled to speak at this leading government cybersecurity summit…now entering its landmark 10th anniversary and expanding in length.

CISA Cybersecurity Summit 2019, Sept 18-20, Gaylord National Resort & Convention Center, National Harbor, MD – The Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) will bring together critical infrastructure stakeholders from around the world to a forum with presentations focused on emerging technologies, vulnerability management, incident response, risk mitigation, and other current cybersecurity topics at the 2nd Annual National Cybersecurity Summit. The Summit provides the opportunity for Federal, state, local, tribal, and territorial agencies, private sector organizations, and international partners to highlight successes and opportunities for collective action.
The Summit is a no-cost event. It is not a vendor or sales event.

Borderless Cyber USA, Oct 8-10, Washington, DC – OASIS Open Consortium, KuppingerCole Analysts, and The Integrated Adaptive Cyber Defense (IACD) team up to bring you a three-day, two track program addressing advances in automation and autonomous systems for network defense. CyberNext Summit 2019 will also take place in parallel to Borderless Cyber US 2019.

Industrial Control Systems (ICS) Cyber Security Conference USA, Oct 21-24, Atlanta – SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest ICS cyber-incidents, analyze their causes and cooperate on solutions. Since its first edition in 2002, the conference has attracted a continually rising interest as both the stakes of critical infrastructure protection and the distinctiveness of securing ICSs become increasingly apparent.

MILCOM 2019, Nov 12-14, Norfolk, Virginia – MILCOM 2019 will address the technical and operational challenges inherent in Multi-Domain Command and Control. Norfolk, Virgina is the ideal location to bring the ideas and interests of the key players in this national effort together. All Services and key national and international organizations have a senior presence in Tidewater. Critical homeland infrastructure is broadly present. Check out Track 3 – Cyber Security and Trusted Computing.

CyberMaryland 2019, Dec 5-6, Hyatt Regency, Baltimore, MD – The CyberMaryland Conference is an annual two-day event presented jointly by the National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The CyberMaryland Conference provides unique trust-building opportunities for stakeholders, information sharing for improved situational awareness and resilience, networking for business development and communication opportunities to further unify cyber assets across Maryland.

And thanks to my subscribers and visitors to my site for checking out ActiveCyber.net! Please give us your feedback because we’d love to know some topics you’d like to hear about in the area of active cyber defenses, PQ cryptography, risk assessment, simulation and modeling, autonomous security, digital forensics, securing ICS / IIoT and IoT systems, augmented reality, or other security and emerging technology topics. Also, email chrisdaly@activecyber.net if you’re interested in interviewing, podcasting. and advertising with us at Active Cyber™.