Author Archive

UCI Researchers Draft Legislation to Incentivize Better Cybersecurity

March 9, 2022
by Shani Murray

This vision of critical energy infrastructure crippled from a series of cyberattacks might read like a Hollywood screenplay, but it’s actually pulled from the Connecticut Insurance Law Journal. This scenario sets the stage for the article, “Uncle Sam RE: Improving Cyber Hygiene and Increasing Confidence in the Cyber Insurance Ecosystem via Government Backstopping,” written by Bryan Cunningham, executive director of UCI’s Cybersecurity Policy and Research Institute (CPRI), and Shauhin Talesh, a UCI law professor and director of UCI’s Law and Graduate Studies Program.

Uncle Sam Re: Improving Cyber Hygiene and Increasing Confidence in the Cyber Insurance Ecosystem via Government Backstopping

H. Bryan Cunningham and Shauhin A. Talesh
Published in the Connecticut Insurance Law Journal.

The year 2020 was a wake-up call, for the world and specifically for the cyber insurance ecosystem. The COVID-19 global pandemic reminded insurers, observers, and policymakers that actual or newly plausible attacks—including catastrophic cyberattacks—could pose existential threats to the cyber insurance ecosystem. This article examines this risk through a hypothetical catastrophic cyberattack, interviews with sixty participants across the cyber insurance ecosystem, and recent scholarly work. We find that the risk of a catastrophic cyberattack to the solvency of the global insurance ecosystem is real and that cyber insurers have not, as yet, fulfilled their promise to meaningfully improve our collective cyber hygiene. We examine several key reasons for these findings, including both a lack of data and of stability in the cyber insurance market, problems of attribution in cyberspace, and increasing uncertainty about the enforcement of war exclusions in cyber insurance coverage disputes. We offer a prioritized and interconnected set of proposals to shore up the cyber insurance ecosystem and incentivize needed improvements to our overall cyber hygiene.

(more…)

ICS Students Train for Embedded Capture the Flag Competition

A team of students from UCI’s Donald Bren School of Information and Computer Sciences (ICS) spent the fall quarter preparing for battle. Computer Science Professor Ian Harris has been training the students, who will participate from January to April 2022 in the MITRE Embedded Capture the Flag (eCTF) competition. The team will spend the first two months designing and implementing a secure system, and they will spend the final month analyzing and attacking the other teams’ designs.

(more…)

Does Spencer Elden, the ‘Nevermind’ baby suing Nirvana for alleged child pornography, have a case? Legal experts weigh in

Nirvana’s ‘Nevermind’ album, 1991. (Photo: DGC/Geffen)

Lyndsey Parker·Editor in Chief, Yahoo Music
August 25, 2021

Nirvana fans could be forgiven for thinking they were reading The Onion this week when the news broke that Spencer Elden, who as an infant was photographed naked in a swimming pool for Nirvana’s iconic Nevermind album cover, is suing the band, claiming that the famous image constitutes child pornography.

Read the full story on Yahoo Music.

Computer Tips From UCI’s Cybersecurity Institute

201020_ISEB_7166_sz-2-v2
UCI’s new Interdisciplinary Science and Engineering Building, one of the campus sites where the university’s CPRI cybersecurity institute has space and facilities Photo credit: Steve Zylius

By Kevin Costelloe
August 23, 2021

Working from home has become the norm for many firms over the past year and a half; it’s also provided a wealth of opportunities for hackers and other criminals to carry out ransomware, corporate espionage, and other forms of havoc on employees and employers who aren’t on top of their virtual security game.

Read the full story in Orange County Business Journal

TikTok insiders say social media company is tightly controlled by Chinese parent ByteDance

ByteDance Ltd.’s TikTok app is displayed in the App Store on a smartphone in an arranged photograph taken in Arlington, Virginia, on Monday, Aug. 3, 2020.
Andrew Harrer | Bloomberg | Getty Images

PUBLISHED FRI, JUN 25 20214:31 PM EDT | UPDATED FRI, JUN 25 20218:09 PM EDT
by Salvador Rodriguez

One cybersecurity expert said it could expose users to information requests by the Chinese government. “If the legal authorities in China or their parent company demands the data, users have already given them the legal right to turn it over,” said Bryan Cunningham, executive director of the Cybersecurity Policy & Research Institute at the University of California, Irvine.

Read the full story at CNBC

Fighting Insider Abuse After Van Buren

By Bryan CunninghamJohn GrantChris Jay Hoofnagle 
Friday, June 11, 2021, 12:53 PM

US Supreme Court, Washington DC (dog97209, https://flic.kr/p/A3YAfj; CC BY 2.0, https://creativecommons.org/licenses/by/2.0/)

The U.S. Supreme Court’s decision in Van Buren v. United States on June 3 was a significant victory for civil liberties groups, researchers, the defense bar and others troubled by the broad reading of the Computer Fraud and Abuse Act (CFAA) urged by the government. Writing for the majority, Justice Amy Coney Barrett correctly, in our view, struck down the “broad” view of the CFAA in a 6-3 vote. The majority rejected the government’s expansive interpretation of the statute that would have empowered private companies, simply by the way they drafted employee policies or terms of service, to criminalize “a breathtaking amount of commonplace computer activity.” The Van Buren decision established that, going forward, to violate the CFAA, a user must access data from part of a device or network to which the user is not permitted access. This is a far steeper bar than the government’s preferred reading of the CFAA, which would have criminalized “misuse” of data—to which the user had authorized access—under policies dictated by the data owner.

(more…)
Page 1of 5: 1 2 3 ... 5