IRVINE, Calif., July 11, 2017 -- New initiatives from the Cybersecurity Policy & Research Institute at the University of California, Irvine will help combat one of our greatest security challenges: vulnerabilities and attacks in cyberspace.
These efforts include research on cyberattack attribution and supply chain security, the development of law enforcement training, the launch of a cyber victims defense clinic, and a curriculum development effort for high school students. They reflect CPRI's critical mission to develop multidisciplinary solutions to cybersecurity challenges at the intersection of technology, law and policy.
"CPRI brings together the best and brightest cybersecurity experts from the private sector and UCI's world-class faculty to find technological, legal and policy solutions to cyber threats, while protecting and enhancing individual privacy and civil liberties," said Bryan Cunningham, CPRI's founding executive director.
Participating in CPRI are experts from academia, critical infrastructure businesses, law enforcement and other government agencies and the privacy and civil liberties community. The institute is supported and advised by its Executive Committee, which includes former Rockwell Chairman Don Beall and leaders from Qualcomm, Rockwell Collins, Verizon, Cylance, The Irvine Company, the Los Angeles Police Department, Gigamon, First American Financial Corp., IBM, the law firms of Alston & Bird and Newmeyer & Dillion, Avast, the Center for Democracy and Technology, the University of San Francisco, and the Anaheim Union High School District. In addition to the support of its Executive Committee, CPRI is supported by Monster Energy and the law firm of Rutan & Tucker.
Leading the institute is Cunningham, a cybersecurity and privacy lawyer and former Deputy Legal Adviser to the White House National Security Council. CPRI is under the guidance of the deans of the six UCI founding schools -- engineering, information & computer sciences, law, physical sciences, social sciences and social ecology -- as well as a Faculty Advisory Council.
CPRI's initiatives include:
- Cyber Attack Attribution Research Project: Under this project, CPRI will research the feasibility of a holistic approach to cyber-attack attribution with the goal of enhancing the ability of government and private sector actors to learn and prove the origin of such attacks, enabling better deterrence and justice for victims. CPRI's Legal Subcommittee has undertaken a related project with a review of potential standards-of-proof for attributing cyberattacks. This review will cover attribution proof issues under international law, in criminal prosecutions, in civil litigation and in other contexts. The project will determine the extent, if at all, to which current law is clear and will propose model laws and standards of proof for the various levels of attribution.
- Supply-Chain Security Research Project: A significant percentage of cyber breaches involve supply-chain compromise. Supply-chain-based risks include counterfeit, malware-embedded or otherwise compromised hardware and software, whether used directly by a purchaser or embedded in other devices. CPRI has identified software and other supply-chain security as a high priority research issue. In particular, the project will explore the use of blockchain -- a distributed virtual-ledger technology offering security, transparency, immutability and authenticity - to better secure software and other vital supply chains.
- Enhanced Cyber Threat Information Sharing: CPRI will work to improve sharing of private sector and government cyber threat information.
- Law Enforcement Training: CPRI is working with UCI's Division of Continuing Education and premier Southern California law enforcement agencies to support cybersecurity and digital evidence handling training for police officers and, potentially, other participants in the criminal justice system.
- Cyber Victims Defense Clinic: Generously supported by the law firm of Gibson Dunn & Crutcher and the Orange County cybersecurity firm Cylance, the new Cyber Victims Defense Clinic will launch in the fall of 2017. Led by Gibson Dunn cybersecurity partner Joshua Jessen, the clinic will provide pro bono legal and technical assistance to victims of cyberattacks. Such attacks often target the elderly and other underserved populations as well as small businesses with limited resources. The clinic also will help prepare the next generation of cybersecurity-savvy lawyers.
- Curriculum Development to Boost Future Cyber Experts: CPRI is working with the Anaheim Union High School District, Santa Ana Unified School District, Cypress College and other experts, to help develop cybersecurity curricula for high school students. This will create expertise and inspire students to pursue this job-rich field at community and four-year colleges.
For more information about CPRI, visit http://cpri.uci.edu.
About UC Irvine's Cybersecurity Policy & Research Institute
The UC Irvine Cybersecurity Policy & Research Institute is a comprehensive multidisciplinary effort, bringing together more than 80 participants from academia, a broad range of critical infrastructure businesses, law enforcement and other government agencies, and the privacy and civil liberties community in an effort to combat cyber threats. CPRI is generating strategies to address cybersecurity's technical, legal, policy and human challenges. The institute is supported by the Donald Bren School of Information & Computer Science, the Henry Samueli School of Engineering, the Schools of Law, Physical Sciences, Social Ecology and Social Sciences, and the Division of Continuing Education, as well as UCI's Chancellor and Provost.
Incorporating relevant perspectives and leveraging UCI and community expertise and resources, CPRI is focused on building consensus around cybersecurity solutions at the intersection of technology, law and policy. For more information, visit http://cpri.uci.edu.
Bryan Cunningham, founding CPRI executive director
As the founding executive director of UCI's multidisciplinary Cybersecurity Policy & Research Institute, Cunningham is focused on solution-oriented strategies that address technical, legal and policy challenges to combat cyber threats; protect individual privacy and civil liberties; maintain public safety, economic and national security; and empower Americans to take better control of their digital security.
Cunningham is a leading international expert on cybersecurity law and policy, a former White House lawyer and adviser and a media commentator on cybersecurity, technology and surveillance issues. He has appeared on ABC, Bloomberg, CBS, CNN, FOX and other networks.
Cunningham has extensive experience in senior U.S. government intelligence and law enforcement positions. He served as Deputy Legal Adviser to then-National Security Advisor Condoleezza Rice. He also served six years in the Clinton administration as a senior CIA officer and federal prosecutor. He drafted significant portions of the Homeland Security Act and related legislation, helping to shepherd them through Congress. He was a principal contributor to the first National Strategy to Secure Cyberspace, worked closely with the 9/11 Commission and provided legal advice to the President, National Security Advisor, the National Security Council, and other senior government officials on intelligence, terrorism, cyber security and other related matters.
Cunningham is a founding partner of the Washington, DC-Los Angeles firm Cunningham Levy Muse, and his law practice has included assisting Fortune 500 and multinational companies to comply with complex legal regulations under U.S. federal law, myriad state laws and the numerous privacy and security requirements in the European Union and other overseas jurisdictions.
He was founding vice-chair of the American Bar Association Cyber Security Privacy Task Force and was awarded the National Intelligence Medal of Achievement for his work on information issues. He has served on the National Academy of Sciences Committee on Biodefense Analysis, the Markle Foundation Task Force on National Security in the Information Age and the Bipartisan Policy Center's Cyber Security Task Force. He is also the principal author of legal and ethics chapters in several cybersecurity textbooks.