Technical measures are necessary, but not sufficient, to create and maintain effective cybersecurity. Development, education, understanding, and enforcement of appropriate cybersecurity laws and policies are a vital part of a solid cybersecurity ecosystem. This is why new laws and policies are constantly being developed, debated and implemented. Creating effective – and implementable – cybersecurity laws and policies is, however, a delicate balancing act. Too weak or vague and they will not be effective; too strict or complex and they likely will not be followed. Finding this balance, while also mandating the right mix of technological, procedural, personnel, and administrative measures is challenging, particularly with so many disparate interest lobbying on all sides. Unbiased and pragmatic solutions to each new emerging set of threats are vital and the expertise and resources of a major research university, coupled with a multidisciplinary approach such as CPRI’s, are required to provide fair and workable solutions.

CPRI Executive Director Bryan Cunningham, who has spent much of the last two decades developing cybersecurity law and policy, believes that “as cybersecurity threats and defensive technologies constantly evolve, at CPRI, we recognize that people will always be both the biggest threat to good cybersecurity, and the most important part of the solution to that threat. At UCI, we are able to add to the cutting-edge work of our world-class computer scientists and engineers some of the experienced and most innovative legal and policy minds anywhere to find, and advocate for, novel cybersecurity solutions.”

This approach is exemplified by the three separate but interrelated technical, legal and policy research projects recently launched by CPRI as a result of a generous gift by the Herman P. & Sophia Taubman Foundation

Below, meet UCI’s cybersecurity law and policy researchers, and a selection of research completed and underway, at UCI today.