a legal framework for cybersecurity
play

A Legal Framework for Cybersecurity Deirdre K. Mulligan Fred B. - PowerPoint PPT Presentation

Feb 28, 2024 •479 likes •764 views

A Legal Framework for Cybersecurity Deirdre K. Mulligan Fred B. Schneider School of Information Computer Science UC Berkeley Cornell University Outline of Talk Brief background Why shift in legal framework is appropriate

  1. A Legal Framework for Cybersecurity Deirdre K. Mulligan Fred B. Schneider School of Information Computer Science UC Berkeley Cornell University

  2. Outline of Talk • Brief background • Why shift in legal framework is appropriate – Advances in science entering market place – Insufficiency of current law • Why public health-inspired model is appropriate – Similarities of problem space – Similarity of goals • Features of new model – Example interventions • Political environment open to new solutions • Benefits of Public Law • Role of Computer Security community

  3. Background

  4. If you build it they will come… or maybe not… Security in the market place is “remarkably below what “known best Practices” could provide.” The existence of technology solutions on their own does not improve security or privacy.

  5. Advances in Science • Diversity • Type-safe programming languages • Virus checkers • Automatic updates • PKI • Virtualization • Automated diagnostics • firewalls

  6. Insufficiency of current law • Limits of deterrence – theory of crime • Rational actors? Situational? – Identification – Jurisdiction • Limits of security standards – substantive, procedural • Misalignment of resources – Prevention 1st priority b/c no full recover

  7. problem space • Problems of the commons • Constantly evolving threats – Perfection of artifact impossible • Information gaps – Vulnerabilities, threats, investments, losses • Openness, exchange, interaction – necessary for social, economic and political • Complex value trade-offs • Value of prevention – Need to motivate good guys – pits immediate, individual, tangible interests against collective, long-term, statistical probabilities of harm

  8. goals of public health • The mission of public health – “fulfilling society’s interest in assuring conditions in which people can be healthy” The Future of Public Health IOM, 1988 – “to generate organized community effort to address the public interest in health by applying scientific and technical knowledge to prevent disease and promote health” The Future of Public Health IOM, 1988

  9. Goals of cybersecurity • President Obama – “treated as…a strategic national asset.” – “ensure that these networks are secure, trustworthy and resilient.” – “deter, prevent, detect, and defend against attacks” – “recover quickly from any disruptions or damage.”

  10. CS perspective on security • Trust in Cyberspace (2007) : – revisit “the paradigm of ‘absolute security’” – use technology and sound practices to reduce vulnerabilities (introduced insecurity) – wrt inherent insecurity, move toward a model built on three axioms: • insecurity exists; insecurity cannot be destroyed; and, insecurity can be moved around” • A Clean-Slate Design for the Next-Generation Secure Internet (2005): – move away from a fixation on building secure systems – to a more nuanced understanding of the security design space that allows trade-offs among a range of dimensions including • prevention, detection and recovery, resilience and deterrence

  11. policy reorientation Parallel arguments to Public Health: – generate organized community effort • revisit dominant legal focus on the bad guy • address individual actions that create collective insecurity • move from atomized view of security to collective approach to managing insecurity – Apply scientific and technical knowledge to limit vulnerabilities, promote security, and manage insecurity • research on causes of insecurity • fruits of research that makes new forms of intervention possible – Build on insights from CS • build upon CS three axioms of inherent insecurity • relocating insecurity to improve its manageability reduce risk

  12. Prevention Public health strategies targeted regulations conditioning subsidies safe harbors public insurance

  13. Reducing vulnerabilities Producers • Development – Standards • Process, substantive, performance • Post-market – Monitoring – Notification – Issuing patches and patch management • defaults

  14. Reducing vulnerabilities Deployers – Security? • How defined? • Protects what? • At what cost to other(‘s) security?

  15. Insufficiency of prevention • Bug free software is an elusive goal – Vulnerabilities ≠0 – Interaction between components of networks generate new vulnerabilities • Motivated adversaries – Defense in depth – but reality of defend everywhere attack anywhere

  16. Reducing and mitigating vulnerabilities Users • Patch management and Herd Immunity • Intermediaries – Incentives for ISPs? • Liability • Resources – Education – Direct assistance – containment • Configuration management – Ease of updating

  17. inherent insecurity Raising cost of exploitation • Diversity – Natural and artificial – Where? – How?

  18. Inherent insecurity • Detection – Anomaly? – Reporting v. surveillance – testers – Trees and forest

  19. Inherent insecurity • Containment – Accountability • Time scale • binding

  20. Inherent insecurity • research

  21. Inherent insecuriry • Public education – Hygiene – Self-monitoring • Vital signs? • Check-ups? – Monitoring partners • Reporting breaches? Exposures? • Facilitate shielding

  22. Responsive to today’s problems • Reducing vulnerabilities – better development, deployment, after-market maintenance • Dealing with inherent insecurity – need to maintain herd immunity • incentivize, coerce actions that yield collective benefit • deal with “unacceptable” harm to individuals who act to advance collective interest • Conceptualizing value trade-offs, mitigating conflict – interventions to address insecurity present threats to individual interests – Models presented for mitigating tensions

  23. Political will • “From now on, our digital infrastructure - - the networks and computers we depend on every day -- will be treated as they should be: as a strategic national asset. Protecting this infrastructure will be a national security priority.” President Obama

  24. Change in Political Climate • PCCIP • CNCI • 60 Day review • Cybersecurity Act of 2009

  25. Complex Balancing • Value conflicts – Intrusions on core individual liberty and property interests • Communication • Social networking (transactional surveillance) • Privacy • Private property – Access to increasingly essential services • Phone, banking, government etc.

  26. Benefits of Public Law • Political System – Transparent – Participatory – Accountable – Contestable

  27. Moving forward Key time for researchers • Open research questions – Litany of interventions need more info to choose well • Research agenda – Silos v. interdisciplinary • Knowledge transfer not just tech transfer – Demise of OTA; fragmentation of funding – Lack of agency responsible for cybersecurity • ongoing gap in leadership • Lack of clear positive agenda on policy – Importance of participation

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What The Hack! Aldo Leiva Jorge Rey Agenda Introduction Cybersecurity Trends Legal

What The Hack! Aldo Leiva Jorge Rey Agenda Introduction Cybersecurity Trends Legal

What The Hack! Aldo Leiva Jorge Rey Agenda Introduction Cybersecurity Trends Legal Framework For Cybersecurity Compliance How Are Organizations Getting Hacked Oops, you clicked on the link. Now what? Best Practices and

1.09k views • 36 slides
NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview The University of Pittsburgh NIST Cybersecurity Framework Pitt NIST Cybersecurity Framework Program Wrap Up Questions The

472 views • 33 slides
Cybersecurity: Contractual guidelines and other recommendations to maximise the legal security

Cybersecurity: Contractual guidelines and other recommendations to maximise the legal security

Cybersecurity: Contractual guidelines and other recommendations to maximise the legal security of the space activities Avv. Francesco Amicucci Thales Alenia Space Italia S.p.A., Rome, Italy 1 Cybersecurity The state of being protected

589 views • 31 slides
Advising the C-Suite and Boards of Directors on Cybersecurity February 11, 2015 Agenda

Advising the C-Suite and Boards of Directors on Cybersecurity February 11, 2015 Agenda

Advising the C-Suite and Boards of Directors on Cybersecurity February 11, 2015 Agenda Introductions / Administrative Cybersecurity risk legal landscape Cyber threats Legal risks in the aftermath of a breach The role of the

207 views • 19 slides
possibilities 26 September 2017 Overview 1. Introduction Van Doorne 2. News & Risks 3.

possibilities 26 September 2017 Overview 1. Introduction Van Doorne 2. News & Risks 3.

Cybersecurity and legal possibilities 26 September 2017 Overview 1. Introduction Van Doorne 2. News & Risks 3. Organizations 4. Legal framework 1. Framework 2. New legislation 3. GDPR 4. Liability 5. IT/IP contracting 6. Cyber

526 views • 27 slides
INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and

INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and

Section 1 Dr. Bruce Burton California Cybersecurity INTRODUCTION Institute 12/10/2018 1 OBJECTIVES Current cybersecurity statistics and implications Learn from past attacks Understand the NIST Cybersecurity Framework (CSF) &

368 views • 33 slides
Marco Ferrazzani ESA Legal Counsel & Head of the Legal Services ESA UNCLASSIFIED - For

Marco Ferrazzani ESA Legal Counsel & Head of the Legal Services ESA UNCLASSIFIED - For

ESA Legal Framework and Competences Marco Ferrazzani ESA Legal Counsel & Head of the Legal Services ESA UNCLASSIFIED - For Official Use European Union in Space: Law and Technology Universit degli Studi di Genova ESA Legal Framework and

719 views • 32 slides
National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security

National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security

Federal Information Systems Security Educators March 19, 2014 National Cybersecurity Workforce Framework Benjamin Scribner Department of Homeland Security (DHS) National Cybersecurity Education & Awareness Branch (CE&A) T HE CYBER THREAT

315 views • 13 slides
Public Procurement of Goods Legal & Procedural Framework Legal & procedural framework

Public Procurement of Goods Legal & Procedural Framework Legal & procedural framework

Public Procurement of Goods Legal & Procedural Framework Legal & procedural framework Constitution of India Indian Contract Act Sale of Goods Act Indian Arbitration & Conciliation Act Procurement Rules contained

822 views • 59 slides
U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides
Legal and Policy Issues with Maritime Cybersecurity Paula S. deWitte, J.D., Ph.D., P.E.

Legal and Policy Issues with Maritime Cybersecurity Paula S. deWitte, J.D., Ph.D., P.E.

Legal and Policy Issues with Maritime Cybersecurity Paula S. deWitte, J.D., Ph.D., P.E. Paula.dewitte@tamu.edu Associate Professor of Practice Computer Science & Engineering ENGR 461 October 10, 2017 1 Agenda Maritime assets as

583 views • 20 slides
Cybersecurity What you need to know Agenda Introduction Kevin Bobroske What is

Cybersecurity What you need to know Agenda Introduction Kevin Bobroske What is

Cybersecurity What you need to know Agenda Introduction Kevin Bobroske What is cybersecurity? Why should I care? What can I do about it? High level cyber framework overview Summary + QA Fun stuff BIO Kevin

546 views • 32 slides
Officer-Legal Office University of Nairobi Introduction Corruption risk areas Policy

Officer-Legal Office University of Nairobi Introduction Corruption risk areas Policy

By Fredrick Collins Omondi, Senior Legal Officer-Legal Office University of Nairobi Introduction Corruption risk areas Policy framework Legal Framework Challenges in implementation of the policy and legal framework There

912 views • 18 slides
COLOMBIAN RED CROSS Telematics LEGAL FRAMEWORK Act 49 of 1948 Through which is created the

COLOMBIAN RED CROSS Telematics LEGAL FRAMEWORK Act 49 of 1948 Through which is created the

COLOMBIAN RED CROSS Telematics LEGAL FRAMEWORK Act 49 of 1948 Through which is created the National Relief of the Colombian Red Cross in case of Public Calamity. LEGAL FRAMEWORK Through resolution No. 003555 December 30, 1999 the MINTIC

287 views • 24 slides
National Cybersecurity a multi-stakeholder approach Wednesday, 11 th April 2018 By: Vincent

National Cybersecurity a multi-stakeholder approach Wednesday, 11 th April 2018 By: Vincent

ISACA-KENYA ANNUAL CONFERENCE 2018 National Cybersecurity a multi-stakeholder approach Wednesday, 11 th April 2018 By: Vincent Ngundi HEAD OF NATIONAL KE-CIRT/CC & CYBERSECURITY CONTENT National Cybersecurity Policy Framework 1)

364 views • 21 slides
Rural Land Policies: Legal Framework and Implications on Rural Transformation and Sustainable

Rural Land Policies: Legal Framework and Implications on Rural Transformation and Sustainable

Rural Land Policies: Legal Framework and Implications on Rural Transformation and Sustainable Growth Getnet Alemu, Addis Ababa University 19 May 2011 ERD Consultation, Maastricht 1 Legal Framework One of the institutional factors that

202 views • 9 slides
Spent fuel containers: too well shielded ! The European Commissions science and knowledge

Spent fuel containers: too well shielded ! The European Commissions science and knowledge

Spent fuel containers: too well shielded ! The European Commissions science and knowledge service Joint Research Centre Isabella Maschio Nuclear Security unit - Ispra (Italy) Spent nuclear fuel World EU States with 70 14 (21) nuclear

747 views • 13 slides
Citizenship for Adopted Children and Stateless Individuals BY JASMINE WONG & ERIC TOH 17

Citizenship for Adopted Children and Stateless Individuals BY JASMINE WONG & ERIC TOH 17

Citizenship for Adopted Children and Stateless Individuals BY JASMINE WONG & ERIC TOH 17 APRIL 2020 Citizenship for Adopted Children and Stateless Individuals BY JASMINE WONG & ERIC TOH 17 APRIL 2020 About Us Welcome to

841 views • 72 slides
Logic and Knowledge Representation K n o w l e d g e r e p r e s e n t a t i

Logic and Knowledge Representation K n o w l e d g e r e p r e s e n t a t i

Logic and Knowledge Representation K n o w l e d g e r e p r e s e n t a t i o n , O n t o l o g i e s , S e m a n t i c We b 2 5 M a y 2 0 1 8 g s i l e n o @e n s t . f r G i

1.72k views • 102 slides
memoria del puerto USB. I - Memoria Flash USB Materiale requisito : Windows XP o superiore

memoria del puerto USB. I - Memoria Flash USB Materiale requisito : Windows XP o superiore

F - Mmoire Flash USB Matriel requis : Windows XP ou suprieur - Mac OS X ou suprieur Une prise USB disponible sur lordinateur. - Concernant linstallation : Aucune installation de pilote nest requise. Branchez la mmoire au

1.79k views • 161 slides
Board of Governors Meeting via Teleconference/Webinar September 15, 2020 1:00 PM 4:45 PM 1

Board of Governors Meeting via Teleconference/Webinar September 15, 2020 1:00 PM 4:45 PM 1

Board of Governors Meeting via Teleconference/Webinar September 15, 2020 1:00 PM 4:45 PM 1 Welcome and Introductions Christine Goertz, DC, PhD Chairperson, Board of Governors 2 Agenda 1:00 PM Call to Order and Welcome 1:00-1:45

965 views • 63 slides
PRECIP: Towards Practical and Retrofittable Confidential Information Protection XiaoFeng Wang

PRECIP: Towards Practical and Retrofittable Confidential Information Protection XiaoFeng Wang

PRECIP: Towards Practical and Retrofittable Confidential Information Protection XiaoFeng Wang (IUB), Zhuowei Li (IUB), Ninghui Li (Purdue) and Jong Youl Choi (IUB) How to protect your information from spyware? However However Prevent it

525 views • 25 slides
Military Safeguards: An Outlier Case Orpet Peixoto ABACC - Brazilian Argentine Agency for

Military Safeguards: An Outlier Case Orpet Peixoto ABACC - Brazilian Argentine Agency for

IV Semana de Engenharia Nuclear 11 e 15 de Agosto de 2014 Engenharia Nuclear da Escola Politcnica da UFRJ Military Safeguards: An Outlier Case Orpet Peixoto ABACC - Brazilian Argentine Agency for Accounting and Control of Nuclear Material

695 views • 42 slides
Class 2: Model-Free Prediction Sutton and Barto, Chapters 5 and 6 David Silver 295, class 2 1

Class 2: Model-Free Prediction Sutton and Barto, Chapters 5 and 6 David Silver 295, class 2 1

Class 2: Model-Free Prediction Sutton and Barto, Chapters 5 and 6 David Silver 295, class 2 1 Lecture 1: Introduction to Reinforcement Learning Course Outline, Silver Course Outline Part I: Elementary Reinforcement Learning 1 Introduction

1.12k views • 77 slides

More recommend