Presentation is loading. Please wait.

Presentation is loading. Please wait.

Toward a Culture of Cybersecurity Research Aaron Burstein TRUST & ACCURATE Research Fellow Samuelson Clinic & BCLT, Boalt Hall UC Berkeley.

Published byNorah Edwards Modified over 9 years ago

Similar presentations

Presentation on theme: "Toward a Culture of Cybersecurity Research Aaron Burstein TRUST & ACCURATE Research Fellow Samuelson Clinic & BCLT, Boalt Hall UC Berkeley."— Presentation transcript:

1 Toward a Culture of Cybersecurity Research Aaron Burstein TRUST & ACCURATE Research Fellow Samuelson Clinic & BCLT, Boalt Hall UC Berkeley

2 Overview Why cybersecurity matters Why cybersecurity is a hard problem, and why research is crucial How communications privacy law inhibits research A better balance between privacy and cybersecurity

3 Why Cybersecurity Matters Attacks target infrastructure –Internet is the “nervous system” –Transportation, energy, water, banking connected by Internet –Example: Massive cyber attack against Estonia, May 2007 Potential for devastation is growing –Pervasive networked devices (think home thermostats and building materials)

4 Why Cybersecurity Is Hard Attacks are cheap and easily disguised. Attacker ISP 1 ISP 2 ISP 3 Victim (e.g., military system or small country) A “distributed denial of service” attack It’s hard to distinguish innocuous from malicious traffic until it’s too late due to lack of coordination. Defense involves many open research questions.

5 Tension Between Privacy and Research Electronic Communications Privacy Act (ECPA) regulates acquisition, disclosure Scenario: UC Berkeley researcher seeks network logs (IP addresses only) from commercial ISPs. –ISP voluntary disclosures regulated by ECPA –Addressing info and contents (e.g., e-mail bodies) protected under ECPA –Stored record disclosure vs. “real-time” interceptions –Disclosures to a “governmental entity” (UC Berkeley) more restricted –Consent is unworkable –No research exceptions  ECPA almost certainly bars disclosure

6 We need a cybersecurity research exception to the ECPA.

7 Properties of a Research Exception Tailored –For research only –Excludes law enforcement access Comprehensive –Applies to communications contents and real-time interception Protective –Prohibits further disclosures (voluntary or compelled) Controlled –Institutional review is integral

8 Would a Research Exception Work? Legislative action would give legitimacy to uses of data that are already analyzed, collected Exception would allow efficient data- sharing institutions to develop Exception’s institutional framework could extend to diverse data types (not just communications, e.g. passwords)

9 Conclusion Coordinated threats are potentially devastating. Urgent need for more coordinated defenses ECPA reform needed to make this happen

Download ppt "Toward a Culture of Cybersecurity Research Aaron Burstein TRUST & ACCURATE Research Fellow Samuelson Clinic & BCLT, Boalt Hall UC Berkeley."

Similar presentations

NATO Civil Communications Planning Committee (ccpc)

NATO Civil Communications Planning Committee (ccpc)
Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.

Paul Ohm Associate Professor, CU Law Initiative Director, Silicon Flatirons December 4, 2009.
Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
Net Neutrality, What Else? Wim Nauwelaerts Partner Hunton & Williams.

Net Neutrality, What Else? Wim Nauwelaerts Partner Hunton & Williams.
Jingjing Gao Department of Computer Science and Engineering April 16 th,2014 1.

Jingjing Gao Department of Computer Science and Engineering April 16 th,
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.

The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.
Right to Privacy: The Unwritten Right

Right to Privacy: The Unwritten Right
Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
1 ISPs and Federal Privacy Law: Everything You Need to Know About the Electronic Communications Privacy Act (ECPA) Mark Eckenwiler Computer Crime and Intellectual.

1 ISPs and Federal Privacy Law: Everything You Need to Know About the Electronic Communications Privacy Act (ECPA) Mark Eckenwiler Computer Crime and Intellectual.
Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology

Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology
29 May 2006RNSA Workshop 1 Social Implication of National Security RNSA Workshop The risk of public data availability on critical infrastructure protection.

29 May 2006RNSA Workshop 1 Social Implication of National Security RNSA Workshop The risk of public data availability on critical infrastructure protection.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Privacy and Sensor Networks: Do Sensor Networks fit with Fair Information Practices Deirdre K. Mulligan Acting Clinical Professor of Law Director, Samuelson.

Privacy and Sensor Networks: Do Sensor Networks fit with Fair Information Practices Deirdre K. Mulligan Acting Clinical Professor of Law Director, Samuelson.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Geneva, Switzerland, 15-16 September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.

Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.
Nicholas Beckworth Annie Billings Steven Blair Nimmida Kulwattanasopon Thomas Wootten.

Nicholas Beckworth Annie Billings Steven Blair Nimmida Kulwattanasopon Thomas Wootten.

Similar presentations

Ads by Google