UCI Takes Fourth Place in First Appearance at Embedded Capture the Flag Competition
This year, for the first time, a team of students from UCI’s Donald Bren School of Information and Computer Sciences (ICS) entered the MITRE Embedded Capture the Flag (eCTF) competition, going against 31 other teams. Led by Computer Science Professor Ian Harris, the students participated in the attack-and-defend exercise from January to April 2022, learning how to better design secure embedded systems and placing fourth overall.
“From my perspective, that is outstanding given the fact that this was our first time competing,” says Harris. “Now that we understand the process, I expect that we will do much better next year.”
Mobilizing A Collective Cyber Defense
A Buckeye Bounce? New Ohio Approach Might Just Catch On
National Cybersecurity Month 2018 has been, appropriately, an active time in cybersecurity law and regulation. Our state of California has passed a first-of-its-kind law to begin to regulate Internet of Things (IoT) devices – smart thermostats, implantable medical devices, etc. Watch this space for much more on this important development. California is often the first state out of the blocks with landmark innovations in cybersecurity and privacy regulation.
Often, but not always.
On November 2nd 2018, a groundbreaking new cybersecurity law will go into effect in Ohio of all places. Ohio’s new approach hopefully will serve as a bellwether for cybersecurity law and data breach liability legislation across the country.
Ohio Senate Bill 220, grants “safe harbor” to companies taking reasonable measures to implement a standards-based cybersecurity program. Not to be confused with the US-EU data transfer agreement of the same name that was struck down by Europe’s highest court, the Ohio “safe harbor” law provides significant protection from legal liability for companies that implement a reasonable written cybersecurity plan.
CPRI Cyber Crisis Simulation: Understanding the Rules and Risks of Cyber Conflicts
UCI’s Cybersecurity Policy & Research Institute (CPRI) recently partnered with the Atlantic Council and the Marine Corps University Foundation (MCUF) to provide a half-day cyber simulation event, approximating adership decision-making during a crisis with cyber actions. Event participants were notified of cyber activity related to an “escalating crisis” with a rival nation. They had to choose between a number of options to de-escalate the crisis, conduct a proportionate response or escalate the situation. They then had to recommend a coordinated response, ranging from “publicly call for third-party mediation” to “use exploit chains to erode rival military navigation.”
“Having participated in a number of actual national security crisis meetings,” said CPRI Executive Director Bryan Cunningham, welcoming everyone to the event, “I can tell you that the [scenario] is pretty accurate.” The former White House lawyer and adviser warned the participants prior to the exercise, “You will find that you have not anywhere near enough information and not anywhere near enough time, and that is how reality works in many crisis situations.”
Video: Cybersecurity: Is There Such a Thing?
Watch this Center for Digital Transformation panel on “Cybersecurity: Is There Such a Thing?”
(more…)