Author Archive

Exploring a Potential Federal Insurance Response to Catastrophic Cyber Risk: Implementing Strategic Objective 3.6 of the U.S. National Cyber Strategy

Join UC Irvine’s Cybersecurity Policy & Research Institute and UCI Law, as well as senior officials from the White House Office of the National Cyber Director, Department of the Treasury, and the Cybersecurity & Infrastructure Security Agency for a deep dive into the possibilities of leveraging a potential United States Government financial backstop for the cyber-insurance ecosystem to improve cyber hygiene and our national and economic security.


 
Location
University of California, Irvine
 
When
October 19, 2023 • 9 am to 4 pm
Cocktail reception to follow

 

No Fee to Attend

 



Keynote Address by The Honorable Jeh Johnson

Former US Secretary of Homeland Security & Department of Defense General Counsel
NOTE: Secretary Johnson Keynote Begins at 9:30 am Sharp)

The Honorable Jeh Johnson

 

UCI Takes Fourth Place in First Appearance at Embedded Capture the Flag Competition

This year, for the first time, a team of students from UCI’s Donald Bren School of Information and Computer Sciences (ICS) entered the MITRE Embedded Capture the Flag (eCTF) competition, going against 31 other teams. Led by Computer Science Professor Ian Harris, the students participated in the attack-and-defend exercise from January to April 2022, learning how to better design secure embedded systems and placing fourth overall.

“From my perspective, that is outstanding given the fact that this was our first time competing,” says Harris. “Now that we understand the process, I expect that we will do much better next year.”

(more…)
Mobilizing A Collective Cyber Defense

Mobilizing A Collective Cyber Defense

Aug 28 Cover Flyer
As the constant news of yet another enterprise data breach becomes the norm, the private sector and government agencies must increase collaboration to increase resiliency and defenses to these attacks. While large corporations increase their budgets for cybersecurity, there must also be a concerted effort to ensure small and medium-sized businesses, sometimes the weakest link in our collective cybersecurity defenses, have the adequate tools and resources they need. Join a discussion between government and private sector subject matter experts and attendees on how we can best leverage public-private partnerships to mobilize a collective cyber defense.

A Buckeye Bounce? New Ohio Approach Might Just Catch On

National Cybersecurity Month 2018 has been, appropriately, an active time in cybersecurity law and regulation. Our state of California has passed a first-of-its-kind law to begin to regulate Internet of Things (IoT) devices – smart thermostats, implantable medical devices, etc. Watch this space for much more on this important development. California is often the first state out of the blocks with landmark innovations in cybersecurity and privacy regulation.

Often, but not always.

On November 2nd 2018, a groundbreaking new cybersecurity law will go into effect in Ohio of all places. Ohio’s new approach hopefully will serve as a bellwether for cybersecurity law and data breach liability legislation across the country.

Ohio Senate Bill 220, grants “safe harbor” to companies taking reasonable measures to implement a standards-based cybersecurity program. Not to be confused with the US-EU data transfer agreement of the same name that was struck down by Europe’s highest court, the Ohio “safe harbor” law provides significant protection from legal liability for companies that implement a reasonable written cybersecurity plan.

(more…)

CPRI Cyber Crisis Simulation: Understanding the Rules and Risks of Cyber Conflicts

CPRI Cyber Crisis Simulation: Understanding the Rules and Risks of Cyber Conflicts

UCI’s Cybersecurity Policy & Research Institute (CPRI) recently partnered with the Atlantic Council and the Marine Corps University Foundation (MCUF) to provide a half-day cyber simulation event, approximating adership decision-making during a crisis with cyber actions. Event participants were notified of cyber activity related to an “escalating crisis” with a rival nation. They had to choose between a number of options to de-escalate the crisis, conduct a proportionate response or escalate the situation. They then had to recommend a coordinated response, ranging from “publicly call for third-party mediation” to “use exploit chains to erode rival military navigation.”

“Having participated in a number of actual national security crisis meetings,” said CPRI Executive Director Bryan Cunningham, welcoming everyone to the event, “I can tell you that the [scenario] is pretty accurate.” The former White House lawyer and adviser warned the participants prior to the exercise, “You will find that you have not anywhere near enough information and not anywhere near enough time, and that is how reality works in many crisis situations.”

(more…)