Biden cyber strategy a ‘game changer’ and ‘revolutionary,’ industry pros say
March 3, 2023
Stephen Weigand
March 3, 2023
Many industry professionals viewed the Biden administration’s cybersecurity strategy to secure the nation’s technology as a positive step, with some calling the policy “revolutionary” and a “game changer” as it shifts the security burden from end-users to manufacturers. However, they also warned of the investment that will be needed to carry it out.
(more…)The Lawfare Podcast: Chris Inglis
February 21, 2023
By Jen Patja Howell
Tuesday, February 21, 2023, 5:01 AM
Chris Inglis has had an illustrious career in the defense of this country, serving as an Air Force general, deputy director of the National Security Agency, and most recently as the first National Cyber Director in the White House. Chris stepped down from his position last week, and he sat down for his first interview as a private citizen with David Kris, Lawfare contributor and former assistant attorney general for the National Security Division, and Bryan Cunningham, Lawfare contributor and executive director of the University of California, Irvine’s Cybersecurity Policy & Research Institute. They talked about a wide range of cyber topics, including the newly minted National Cyber Strategy, protection of critical infrastructure, cyber insurance, competition in the international front, and more.
(more…)The Lawfare Podcast: Bryan Cunningham on a Federally Funded Backstop for the Cyber Insurance Ecosystem
January 11, 2023
By Jen Patja Howell
Wednesday, January 11, 2023, 5:01 AM
Various press reports have indicated that the Biden administration intends to release its cyber strategy in the coming weeks. The cyber strategy will likely cover a range of issues. One potential topic could involve the creation of a federal response or “backstop” to the financial exposure risks that insurers and reinsurers face from future catastrophic cyber incidents affecting those that they insure.
(more…)
Twitter liberals nervous about Elon Musk in direct messages
November 28, 2022
By Jon Levine – New York Post
November 26, 2022
“If you continue to use Twitter direct messages for personal or sensitive communications, understand that Elon Musk or, for that matter, any other Twitter insider with sufficient authority can read them. This is because such messages are not end-to-end encrypted, unlike a number of other easy-to-use applications,” said Bryan Cunningham of the UC Irvine Cybersecurity and Policy Institute.
Read the entire story at New York Post
UCI and BlackBerry win National Science Foundation convergence accelerator grant
October 12, 2022
October 12, 2022
The National Science Foundation has awarded $750,000 to a multidisciplinary team from the University of California, Irvine’s Cybersecurity Policy & Research Institute (CPRI), its Donald Bren School of Information and Computer Sciences and BlackBerry to address the challenges around secure communications on public 5G networks.
The funds are being allocated under the NSF convergence accelerator program, which supports projects that tackle national problems.
“In safety- and security-critical applications, whether involving disaster response, international humanitarian assistance, connected vehicles, critical infrastructure like the power grid, or defense-related operations, lives and vital interests depend on the ability to communicate reliably and securely across public 5G networks,” said Bryan Cunningham, CPRI executive director. “More broadly, economic, trade, and individual needs can be enabled and expanded by the ability to securely communicate across such public networks.”
(more…)
A Legal View of New NIST Quantum-Resistant Algorithms
September 16, 2022
September 16, 2022
by Bryan Cunningham
The new NIST candidate algorithms do not address this threat at all. The current standard for stored-data encryption is widely accepted to be a version of the so-called Advanced Encryption Standard (AES), developed by NIST in the late 1990s and used by much of the U.S. Government.
Read more at www.cpomagazine.com
Securing the IoT Ecosystem for Medical Devices
September 8, 2022
Industry experts discuss ways to increase security in medical devices, followed by a fully-catered networking reception.
Watch the Event Video >UCI Takes Fourth Place in First Appearance at Embedded Capture the Flag Competition
June 30, 2022
This year, for the first time, a team of students from UCI’s Donald Bren School of Information and Computer Sciences (ICS) entered the MITRE Embedded Capture the Flag (eCTF) competition, going against 31 other teams. Led by Computer Science Professor Ian Harris, the students participated in the attack-and-defend exercise from January to April 2022, learning how to better design secure embedded systems and placing fourth overall.
“From my perspective, that is outstanding given the fact that this was our first time competing,” says Harris. “Now that we understand the process, I expect that we will do much better next year.”
UCI Researchers Draft Legislation to Incentivize Better Cybersecurity
March 11, 2022
March 9, 2022
by Shani Murray
This vision of critical energy infrastructure crippled from a series of cyberattacks might read like a Hollywood screenplay, but it’s actually pulled from the Connecticut Insurance Law Journal. This scenario sets the stage for the article, “Uncle Sam RE: Improving Cyber Hygiene and Increasing Confidence in the Cyber Insurance Ecosystem via Government Backstopping,” written by Bryan Cunningham, executive director of UCI’s Cybersecurity Policy and Research Institute (CPRI), and Shauhin Talesh, a UCI law professor and director of UCI’s Law and Graduate Studies Program.
Uncle Sam Re: Improving Cyber Hygiene and Increasing Confidence in the Cyber Insurance Ecosystem via Government Backstopping
January 7, 2022
H. Bryan Cunningham and Shauhin A. Talesh
Published in the Connecticut Insurance Law Journal.
The year 2020 was a wake-up call, for the world and specifically for the cyber insurance ecosystem. The COVID-19 global pandemic reminded insurers, observers, and policymakers that actual or newly plausible attacks—including catastrophic cyberattacks—could pose existential threats to the cyber insurance ecosystem. This article examines this risk through a hypothetical catastrophic cyberattack, interviews with sixty participants across the cyber insurance ecosystem, and recent scholarly work. We find that the risk of a catastrophic cyberattack to the solvency of the global insurance ecosystem is real and that cyber insurers have not, as yet, fulfilled their promise to meaningfully improve our collective cyber hygiene. We examine several key reasons for these findings, including both a lack of data and of stability in the cyber insurance market, problems of attribution in cyberspace, and increasing uncertainty about the enforcement of war exclusions in cyber insurance coverage disputes. We offer a prioritized and interconnected set of proposals to shore up the cyber insurance ecosystem and incentivize needed improvements to our overall cyber hygiene.
(more…)