“National Cybersecurity” Insights from the U.S. Solarium Commission and more with Cory Simpson

In this episode of CHATTINN CYBER, Marc Schein interviews Cory Simpson, Senior Director and Lead for the U.S. Cyberspace Solarium Commission, Homeland Security Professor at Clemson University & Managing Director at Ankura, with more than 15 years of experience as a U.S. Army officer, federal prosecutor, national security lawyer and strategist.

Cory reports the findings of the U.S. Cyberspace Solarium Commission, an independent, bipartisan, and multisector commission, in which he acted as Senior Director until July. The commission, named for the Solarium Project set up by President Eisenhower, was comprised of fourteen members, including two senators and four house representatives, six internationally recognized experts in cybersecurity, and the FBI director. Together, these members developed legislative proposals as recommendations for Congress. Including Layered Cyber Deterrence

The two goals of the commission were creating a grand strategy for cybersecurity and identifying the policies needed to achieve that strategy. From ensuring secure democratic elections to supply chain security, the commission covered both public and private cybersecurity challenges, including the current COVID-19 pandemic. Of the more than eighty recommendations for both the executive and legislative branches, 29 recommendations involving legislation are already poised to become law.

The Solarium Commission, AI Commission, and the Commission on National Service informed legislators that if we don’t have people to implement these strategies, they’re not going to work. Cybersecurity at a national security level is all of our responsibility, not just the government’s responsibility.

Additionally, Cory dives deep on specific recommendations, including creating a public/private relationship, perhaps scaling a model currently in place in the UK. Beyond the borders of the U.S., he explains digital trade zones should encompass all of the western democracies.

Cory wraps up with some insights into election security, we have security at odds with access. If you want a secure system you limit access which is the opposite of what we are doing when we want Americans to vote. In addition, Cory covers the challenge of an anonymous vote and the importance of a paper-based backbone to voting. Tune in to hear the advantages the U.S. democracy carries in its decentralized system!

 

 

 

From Hacktivists to Million-Dollar Ransoms, John Mullen Has Seen it All in Data Breaches – Hear His Legal Perspective on Cybersecurity

In this episode of CHATTINN CYBER, Marc interviews John Mullen, Managing Partner of Mullen Coughlin, the leading and largest privacy law firm solely dedicated to privacy and cybersecurity law in the U.S.  Focused on providing tailored data privacy and incident response services, John’s firm handles breach response, pre-breach planning and compliance, regulatory investigation and management, and privacy litigation defense under the umbrella of cyber insurance.

John’s friend Mark Greisiger of NetDiligence coined the term “Data Breach Coach” to describe what John and his firm do for companies in helping them during a data breach crisis under an insurance policy. In addition to the services John’s firm provides these companies, they also assist as part of a suite of services provided by insurance in the event of a data breach.

Estimating that the firm handles a third of all breaches in the country under the umbrella of insurance, John is uniquely qualified to share the details of the industry, as well as the evolution of cybersecurity hacks from the early days. It is a story of “hacktivists,” nation states, and rogue employees breaching security to the current-day situation in which bad players leverage ransomware to demand six figures at least – some up to millions of dollars –  from companies.

John expands on their post-breach response, including business interruption, as well as their pre-breach counseling and its limitations. In describing the future of data breaches, he explains that cybersecurity is a niche area that is growing in both law and insurance, both of which don’t have areas of growth outside of this industry. Listen to hear all of this, as well as what John has to say about his firm’s relationship with the FBI.

 

 

Distinct Field, Ubiquitous Influence: Cybersecurity and Insurance with Robert Chesler

Today, Marc sits down with prominent insurance lawyer Robert Chesler to discuss the unique yet expansive role that cybersecurity plays in the insurance sector. Drawing from his expansive industry and legal experience, Chesler shares his insight on the current relationship between cybersecruity and insurance claims and how the growing field of cyber-law can learn from the success of other law sectors. Chesler also pulls from current and recent cases to illustrate how insurance companies may evolve on their choices with regarding to filling employee claims.

A trailblazer of insurance coverage litigation for policy holders, Robert Chesler is a shareholder with Anderson Kill and a member of their Cyber Insurance Recovery group. Chesler has seen and participated in the birth of modern insurance law since the 1980’s and is now actively overseeing new areas of coverage such as cyber and privacy insurance. He has represented huge industry clients such as GE, Chrysler, and Unilever as well as many small businesses in pro-bono cases. A prolific author, Robert regularly publishes articles in widespread journals and websites that perk the ears of industry voices and which establish him as a thought leader in his own right. Rob holds his Bar Admissions in New Jersey and received his JD from Harvard Law School. He also holds a Ph.D. from Princeton University.