Toward a Culture of Cybersecurity Research Aaron Burstein TRUST & ACCURATE Research Fellow Samuelson Clinic & BCLT, Boalt Hall UC Berkeley.

Slides:

Advertisements

Similar presentations

NATO Civil Communications Planning Committee (ccpc)

Advertisements

Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

HIPAA Health Insurance Portability and Accountability Act.

Net Neutrality, What Else? Wim Nauwelaerts Partner Hunton & Williams.

Jingjing Gao Department of Computer Science and Engineering April 16 th,

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.

Right to Privacy: The Unwritten Right

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

1 ISPs and Federal Privacy Law: Everything You Need to Know About the Electronic Communications Privacy Act (ECPA) Mark Eckenwiler Computer Crime and Intellectual.

Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology

29 May 2006RNSA Workshop 1 Social Implication of National Security RNSA Workshop The risk of public data availability on critical infrastructure protection.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Privacy and Sensor Networks: Do Sensor Networks fit with Fair Information Practices Deirdre K. Mulligan Acting Clinical Professor of Law Director, Samuelson.

(Geneva, Switzerland, September 2014)

Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.

Nicholas Beckworth Annie Billings Steven Blair Nimmida Kulwattanasopon Thomas Wootten.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

Privacy and Ubiquitous Computing Deirdre K. Mulligan Acting Clinical Professor of Law Director Samuelson Law, Technology & Public Policy Clinic, Boalt.

2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference,

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.

Class 6 Internet Privacy Law Social Media Privacy.

Cyber Threats Scenarios and Defense Model Principles ASSOCHAM Cyber Security Conference April 2011 Presented by Dr. Nimrod Kozlovski, Chairman,

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Information Warfare Playgrounds to Battlegrounds.

Computer and Internet privacy (2) University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot Feb 2011 Feb 2011 ITSS 4201 Internet.

The NIGF CONFERENCE © 2013 ADDRESSING THE VULNERABILITY OF CRITICAL ICT INFRASTRUCTURE by Ernest Ndukwe, OFR Chairman Openmedia Communications Ltd 18 th.

NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.

Intellectual Property Rights and Internet Law, Social Media, and Privacy Chapter 8 & 9.

Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,

Active Security Ryan Hand, Michael Ton, Eric Keller.

Norton UniversityBusiness Concepts and Social Issues 1 PART TWO Business Concepts and Social Issues.

CONDUCTING CYBERSECURITY RESEARCH LEGALLY AND ETHICALLY By Aaron J. Burstein; Presented by David Muchene.

2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.

Protecting Privacy “Most people have figured out by now you can’t do anything on the Web without leaving a record” - Holman W. Jenkins, Jr

Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-01 S. Hartman M. Wasserman D. Zhang 1.

Overview of Network Neutrality Kyle D. Dixon Senior Fellow & Director, Federal Institute for Regulatory Law & Economics The Progress & Freedom Foundation.

Chapter 11.  Electronic commerce (e-commerce)  The sale of goods and services by computer over the Internet  Internet (Net)  A collection of millions.

LORIS Background Disaster management key concept relying on communication Government plans driven by ICT Focus on data transfer Balance between.

1 The Challenges of Globalization of Criminal Investigations Countries need to: Enact sufficient laws to criminalize computer abuses; Commit adequate personnel.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

7.7 DDoS Attack Timeline 1 st Attack Date : ’ :00 ~ ’ :00, ’ :00 ~ ’ :00 Target : (US) White House + 4 web sites (US)

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

The information contained in this document is confidential, for internal use only, and may not be distributed outside Ministry of Transport and Communications.

& SELECTED TOPICS: DIGITAL FORENSICS Xinwen Fu, UMass Lowell, USA Center for Cyber Forensics, UMass Lowell.

Information Warfare Playgrounds to Battlegrounds.

International Telecommunication Union ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004 Infrastructure Security: The impact on Telecommunications.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

WHAT IS CYBER SECURITY? Governments, military, corporations, financial institutions, hospitals and other businesses collect, process and store a great.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

By. Andrew Largent COSC-480. Upstream Intelligence (UI) is data about IP’s, domains and Autonomous System Numbers (ASN) acting or representing the presence.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

ANONYMIZING / WEB PRIVACY. TOOLS: STAYING ANONYMOUS ON THE INTERNET Proxy Server Tor.

LAW RIGHT TO PRIVACY NOTES 1. Def: Right protecting citizens from unreasonable interference by government 2. No right to privacy in the Constitution.

Networking 2002 USA-Patriot Act Tracy Mitrano Cornell University

Support for Harmonization of the ICT Policies in Sub-Sahara Africa,

Confidentiality October 14, 2005.

U.S. Department of Justice

Other Sources of Information

Cybersecurity Threats and Opportunities in Latin America

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

Network Security Mark Creighton GBA 576 6/4/2019.

Presentation transcript:

Toward a Culture of Cybersecurity Research Aaron Burstein TRUST & ACCURATE Research Fellow Samuelson Clinic & BCLT, Boalt Hall UC Berkeley

Overview Why cybersecurity matters Why cybersecurity is a hard problem, and why research is crucial How communications privacy law inhibits research A better balance between privacy and cybersecurity

Why Cybersecurity Matters Attacks target infrastructure –Internet is the “nervous system” –Transportation, energy, water, banking connected by Internet –Example: Massive cyber attack against Estonia, May 2007 Potential for devastation is growing –Pervasive networked devices (think home thermostats and building materials)

Why Cybersecurity Is Hard Attacks are cheap and easily disguised. Attacker ISP 1 ISP 2 ISP 3 Victim (e.g., military system or small country) A “distributed denial of service” attack It’s hard to distinguish innocuous from malicious traffic until it’s too late due to lack of coordination. Defense involves many open research questions.

Tension Between Privacy and Research Electronic Communications Privacy Act (ECPA) regulates acquisition, disclosure Scenario: UC Berkeley researcher seeks network logs (IP addresses only) from commercial ISPs. –ISP voluntary disclosures regulated by ECPA –Addressing info and contents (e.g., bodies) protected under ECPA –Stored record disclosure vs. “real-time” interceptions –Disclosures to a “governmental entity” (UC Berkeley) more restricted –Consent is unworkable –No research exceptions  ECPA almost certainly bars disclosure

We need a cybersecurity research exception to the ECPA.

Properties of a Research Exception Tailored –For research only –Excludes law enforcement access Comprehensive –Applies to communications contents and real-time interception Protective –Prohibits further disclosures (voluntary or compelled) Controlled –Institutional review is integral

Would a Research Exception Work? Legislative action would give legitimacy to uses of data that are already analyzed, collected Exception would allow efficient data- sharing institutions to develop Exception’s institutional framework could extend to diverse data types (not just communications, e.g. passwords)

Conclusion Coordinated threats are potentially devastating. Urgent need for more coordinated defenses ECPA reform needed to make this happen