Exploring a Potential Federal Insurance Response to Catastrophic Cyber Risk: Implementing Strategic Objective 3.6 of the U.S. National Cyber Strategy
Join UC Irvine’s Cybersecurity Policy & Research Institute and UCI Law, as well as senior officials from the White House Office of the National Cyber Director, Department of the Treasury, and the Cybersecurity & Infrastructure Security Agency for a deep dive into the possibilities of leveraging a potential United States Government financial backstop for the cyber-insurance ecosystem to improve cyber hygiene and our national and economic security.
This event is pending approval for 3.0 hours of Minimum Continuing Legal Education Credit by the State Bar of California. The University of California, Irvine School of Law is a State Bar-approved MCLE provider.
UCI Continuing Education Building – Yosemite Ballroom
510 East Peltason Drive Irvine, CA 92697
October 19, 2023 • 9 am to 4 pm
Reception to follow
No Fee to Attend
Keynote Address by The Honorable Jeh Johnson
Former US Secretary of Homeland Security & Department of Defense General Counsel
Registration & Welcome
Keynote by The Honorable Jeh Johnson (starts @ 09:30 am sharp)
11 am-12 pm
Panel 1: A Proposal for a Catastrophic Cyberattack Resilience Act
Featuring Bryan Cunningham, Executive Director, UC Irvine Cybersecurity Policy & Research Institute and Gregory Eskins, Cyber Product Leader, Marsh
Panel 2: US Government Panel with Senior Officials from the Office of the National Cyber Director, Department of the Treasury, and the Cybersecurity & Infrastructure Security Agency
Panel 3: The Insurance Industry’s Role in Cybersecurity Resiliency
Featuring Shauhin Talesh, Professor of Law, UC Irvine School of Law; Emily Agramonte, Executive Business Development, West, Coalition Inc.; Kerri Hamm, Executive Vice President, Business Development, Munich Re; Shabnam Jalakian, Sr. Vice President, First American Financial Corporation; Matt Prevost, Vice President, Cyber & Technology Product Manager, Chubb
This year, for the first time, a team of students from UCI’s Donald Bren School of Information and Computer Sciences (ICS) entered the MITRE Embedded Capture the Flag (eCTF) competition, going against 31 other teams. Led by Computer Science Professor Ian Harris, the students participated in the attack-and-defend exercise from January to April 2022, learning how to better design secure embedded systems and placing fourth overall.
“From my perspective, that is outstanding given the fact that this was our first time competing,” says Harris. “Now that we understand the process, I expect that we will do much better next year.”
National Cybersecurity Month 2018 has been, appropriately, an active time in cybersecurity law and regulation. Our state of California has passed a first-of-its-kind law to begin to regulate Internet of Things (IoT) devices – smart thermostats, implantable medical devices, etc. Watch this space for much more on this important development. California is often the first state out of the blocks with landmark innovations in cybersecurity and privacy regulation.
Often, but not always.
On November 2nd 2018, a groundbreaking new cybersecurity law will go into effect in Ohio of all places. Ohio’s new approach hopefully will serve as a bellwether for cybersecurity law and data breach liability legislation across the country.
Ohio Senate Bill 220, grants “safe harbor” to companies taking reasonable measures to implement a standards-based cybersecurity program. Not to be confused with the US-EU data transfer agreement of the same name that was struck down by Europe’s highest court, the Ohio “safe harbor” law provides significant protection from legal liability for companies that implement a reasonable written cybersecurity plan.
UCI’s Cybersecurity Policy & Research Institute (CPRI) recently partnered with the Atlantic Council and the Marine Corps University Foundation (MCUF) to provide a half-day cyber simulation event, approximating adership decision-making during a crisis with cyber actions. Event participants were notified of cyber activity related to an “escalating crisis” with a rival nation. They had to choose between a number of options to de-escalate the crisis, conduct a proportionate response or escalate the situation. They then had to recommend a coordinated response, ranging from “publicly call for third-party mediation” to “use exploit chains to erode rival military navigation.”
“Having participated in a number of actual national security crisis meetings,” said CPRI Executive Director Bryan Cunningham, welcoming everyone to the event, “I can tell you that the [scenario] is pretty accurate.” The former White House lawyer and adviser warned the participants prior to the exercise, “You will find that you have not anywhere near enough information and not anywhere near enough time, and that is how reality works in many crisis situations.”
Watch this Center for Digital Transformation panel on “Cybersecurity: Is There Such a Thing?”