Author Archive

Mobilizing A Collective Cyber Defense

Mobilizing A Collective Cyber Defense

Aug 28 Cover Flyer
As the constant news of yet another enterprise data breach becomes the norm, the private sector and government agencies must increase collaboration to increase resiliency and defenses to these attacks. While large corporations increase their budgets for cybersecurity, there must also be a concerted effort to ensure small and medium-sized businesses, sometimes the weakest link in our collective cybersecurity defenses, have the adequate tools and resources they need. Join a discussion between government and private sector subject matter experts and attendees on how we can best leverage public-private partnerships to mobilize a collective cyber defense.

A Buckeye Bounce? New Ohio Approach Might Just Catch On

National Cybersecurity Month 2018 has been, appropriately, an active time in cybersecurity law and regulation. Our state of California has passed a first-of-its-kind law to begin to regulate Internet of Things (IoT) devices – smart thermostats, implantable medical devices, etc. Watch this space for much more on this important development. California is often the first state out of the blocks with landmark innovations in cybersecurity and privacy regulation.

Often, but not always.

On November 2nd 2018, a groundbreaking new cybersecurity law will go into effect in Ohio of all places. Ohio’s new approach hopefully will serve as a bellwether for cybersecurity law and data breach liability legislation across the country.

Ohio Senate Bill 220, grants “safe harbor” to companies taking reasonable measures to implement a standards-based cybersecurity program. Not to be confused with the US-EU data transfer agreement of the same name that was struck down by Europe’s highest court, the Ohio “safe harbor” law provides significant protection from legal liability for companies that implement a reasonable written cybersecurity plan.

(more…)

CPRI Cyber Crisis Simulation: Understanding the Rules and Risks of Cyber Conflicts

CPRI Cyber Crisis Simulation: Understanding the Rules and Risks of Cyber Conflicts

UCI’s Cybersecurity Policy & Research Institute (CPRI) recently partnered with the Atlantic Council and the Marine Corps University Foundation (MCUF) to provide a half-day cyber simulation event, approximating adership decision-making during a crisis with cyber actions. Event participants were notified of cyber activity related to an “escalating crisis” with a rival nation. They had to choose between a number of options to de-escalate the crisis, conduct a proportionate response or escalate the situation. They then had to recommend a coordinated response, ranging from “publicly call for third-party mediation” to “use exploit chains to erode rival military navigation.”

“Having participated in a number of actual national security crisis meetings,” said CPRI Executive Director Bryan Cunningham, welcoming everyone to the event, “I can tell you that the [scenario] is pretty accurate.” The former White House lawyer and adviser warned the participants prior to the exercise, “You will find that you have not anywhere near enough information and not anywhere near enough time, and that is how reality works in many crisis situations.”

(more…)