Cyber Insurance and Corporate Governance: Facing New Threats

With the ever-increasing scale of interconnected information systems, concerns about cyber security dangers and threats increase daily. NYU Tandon School of Engineering (formerly known as NYU Polytechnic School of Engineering) Cyber Security Lecture Series provides an arena for high-level discussion among world-class scholars and practitioners. Sponsored by the Alfred P. Sloan Foundation, lectures and panel discussions are designed to raise the visibility of risks and issues, including personal privacy. Internationally renowned experts join together to stimulate collaborative thinking, especially among New York's regional businesses, government agencies, nonprofits, academic institutions, media, and the public. Practical and timely, the series also focuses on possible strategies that address the impact of growing risks.

Lecture 1: Cyberspace Allies: How Public / Private Partnerships Can Fight Back

Once we became deeply dependent on the Internet, business, government, and our critical infrastructure fell vulnerable to serious security risks. Early on, we recognized that strategic weaknesses can be exploited by foreign agents, resulting in catastrophic failure of our power grid. Transportation systems, and other vital civic arteries. Today, new threats have emerged from criminals who exploit private computers, steal intellectual property, and engage in espionage. Noted expert Marcus H. Sachs, supported by a distinguished panel of fellow cyber experts, examine these Internet threat groups, separating media hype from what is really happening. Sachs and his colleagues call for a power partnership between public and private sectors to protect and secure cyberspace security.

Lecture 2: DEFENDING CYBERSPACE: Are We Ready?

In NYU Polytechnic School of Engineering’s second, eagerly anticipated Sloan Cyber Security Lecture, the National Security Agency’s Information Assurance Director discusses current cyber security threats, vulnerabilities and trends. Debora A. Plunkett outlines critical steps that must be taken to ensure our nation is ready to meet future cyber security challenges. While exploring key technology trends affecting our security posture, IA Director Plunkett highlights the importance of building a robust cyber workforce. Continuing the theme covered by the first lecture in the series, Ms. Plunkett underscores the essential importance of strong industry, government, and academic partnerships, and highlights the tactical benefits of information sharing. The lecture concludes with a call to introduce standard processes and practices, across industry and government, to combat the growing cyber threat.

Lecture 3: RECLAIM YOUR NAME: Privacy in the World of Big Data

In NYU Polytechnic School of Engineering’s third, eagerly anticipated Sloan Cyber Security Lecture, Federal Trade Commissioner Julie Brill explores the expanding collection and use of Big Data in the marketplace, recognizing the challenges it presents for consumers and businesses--as well as for agencies like the Federal Trade Commission, responsible for safeguarding both. Commissioner Brill embraces the enormous benefits offered by Big Data analytics, but also believes it presents fundamental challenges to traditional notions of individual privacy. She encourages the highly decentralized community of Big Data purveyors to adopt practices that follow laws that already govern the way data can be used and calls for industry to engage in robust de-identification of consumer data. She concludes by taking us through her comprehensive initiative, "Reclaim Your Name," to give consumers knowledge and tools to reassert control over their personal data.

Lecture 4: Reducing the Nation's Cyber Risk: White House Insights on the President's Critical Infrastructure Framework

President Obama's Cyber Security Executive Order 13636 calls for an intensive effort to adopt a common national Framework aimed at reducing the cyber risk to our country's critical infrastructure. This event, featuring the White House Director of Critical Infrastructure Cybersecurity, Samara Moore, together with a panel of senior Administration officials, explores the wide-ranging impact the President's new policy will have on US industry. The White House Director will address the implications of the new Cybersecurity Framework on nearly all industries. Speakers provide insight on the proposed Framework on such critical infrastructure sectors as energy, finance, healthcare, communications, transportation, water, chemicals, IT, defense, manufacturing, and nuclear, among others. If you are responsible for cyber infrastructure, or if you are a supplier of goods or services to any organization in the DHS Critical Infrastructure you will be impacted. Be among the first to learn how the President's action will affect your company.

Lecture 5: Surviving on a Diet of Poisoned Fruit: Reducing the Risks of America’s Cyber Dependencies

In his Distinguished Lecture, Richard Danzig proposes strategies for coping with a security paradox presented by cyber systems: As digital systems grant us unprecedented powers, they also make us less secure. While their immense communication capabilities enable wide scale collaboration and networking, they open doors to unprecedented intrusion. Concentrations of data and manipulative power vastly improve efficiency and scale, but these attributes increase the amount that can be stolen or subverted by successful attack. While we are now empowered to retrieve and manipulate data on our own, this beneficial “democratization” removes a chain of human approvals that served as safeguards. In sum, cyber systems nourish us, but at the same time, they weaken and poison us. Wise strategies, aimed at safeguarding the nation's data storehouse of vital information, must embrace a mix of technical responses, economic and business judgments, and policy choices. Focusing on Federal government vulnerabilities--but noting implications for all users--Dr. Danzig argues that we are not doing nearly as well as we could and recommends several paths to improvement.

Lecture 6: Cyber Insurance and Corporate Governance: Facing New Threats

While fears of “Cyber Pearl Harbors” dominate headlines, many of the most costly cyber attacks are better characterized as acts of theft, jeopardizing some of the most valuable assets US companies possess. With intrusions targeting vulnerable intellectual property and the personal information of millions, US corporations have struggled to build adequate corporate governance frameworks to manage risk in the face of cyber breaches. While insurance generally plays a critical role in corporate risk management, serious obstacles stand in the way of creating a robust cyber insurance market.

Today, company executives confront many difficult questions: Should corporations collaborate closely with government to investigate cyber incidents? How should companies navigate inconsistent demands of proliferating cyber security regulators and civil litigants? How can we manage the rapidly expanding liability landscape successfully?

In this sixth Sloan Cyber Security Lecture, Peter Hancock, President and CEO of AIG, together with a panel of cybersecurity experts, explore how we might improve our ability to protect against the mounting losses from breaches. Is there a role for the insurance market in helping companies create a sophisticated cybersecurity risk management framework? What are the most intractable obstacles in the development of robust cyber insurance options? And how might the insurance industry collaborate with other risk management options to form a comprehensive approach to cyber threats?

Lecture 7:The Coming Age of the Internet of Things

Soon many billions of heretofore disconnected devices will be outfitted with Internet access and equipped with software. These appliances will be able to accept control from authorized parties and to emit information that can be used for management and analysis. The introduction of these devices poses a wide range of questions that must ultimately be answered—

How do I configure large numbers of new devices into my network?
How do I avoid configuring someone else's devices accidentally into my network and vice versa?
How does a device know it is talking to an authorized agent?
How can I grant temporary access to devices to guests, law enforcement, fire departments, third parties?
How do I revoke access to third parties?
How can I keep transactions involving these devices private?
How do I allow guest's devices to become part of my network temporarily?
How does the Internet of Things affect my daily life? My business? My social relationships?
My health? My privacy? My security?
What new businesses might arise as a consequence of a proliferation of Internet-enabled devices?
What if there are bugs in these devices? How can updates be performed securely? By only authorized parties?

In his distinguished Cyber Security NYU Engineering/Sloan Foundation Lecture, Internet pioneer Vinton G. Cerf does not claim to answer all of these questions, but says it’s important to ask them and to seek answers.

Speaker and Presenter Information

Marcus H. Sachs, is Vice President of Government Affairs, National Security Policy, Verizon Communications, where he assists federal, state, and local officials with national security emergency preparedness and cyber policy coordination in the communications sector. At Verizon, he assists business units with integrating national security emergency preparedness policy into network operations, support for critical infrastructure, and protection of Verizon’s global corporate assets. External to Verizon Sachs serves as Vice Chair of the Communications Sector Coordinating Council and supports several other public/private advisory working groups and task forces. In 2007, he was named a member of the CSIS Commission on Cyber Security for the 44th Presidency, and from 2003 to 2010, he was Director of the SANS Internet Storm Center. Earlier, he had a 20-year military career as an officer in the US States Army, followed by two years of federal civilian service at the White House and the US Department of Homeland Security. In 1998, he was selected by the Secretary of Defense to be an initial member of the Joint Task Force for Computer Network Defense, a military unit organized to conduct cyberspace operations in reaction to growing foreign threats targeting sensitive military networks. After retiring from the military, he was appointed by the President to serve concurrently on the staff of the National Security Council as the Director for Communication Infrastructure Protection in the White House Office of Cyberspace Security and on the staff of the President’s Critical Infrastructure Protection Board. Sachs joined the National Cyber Security Division of the US Department of Homeland Security in June 2003, where he implemented the National Strategy to Secure Cyberspace, including the launch of US-CERT. Sachs holds a Master’s of Science in Computer Science with a concentration in Information Security from James Madison University, a Master’s of Science in Science and Technology Commercialization from the University of Texas at Austin, and a Bachelor of Civil Engineering from Georgia Institute of Technology. He is also a graduate of the Army’s Command and General Staff College, Army Engineer School, Army Computer Science School, and Army’s Airborne and Air Assault schools. He is currently pursuing a Ph.D. in Public Policy at George Mason University and is a senior faculty member of SANS Technology Institute.

Debora A. Plunkett is Director of the Information Assurance Directorate (IAD) at the National Security Agency, leading the country’s efforts to protect and defend national security systems. Currently at the center of national cyber security, cryptography and information systems security, Ms. Plunkett previously held other NSA leadership positions in signals intelligence and information assurance. At the White House of both the Clinton and Bush Administrations, she served as a Director in National Security Council, helping shape critical infrastructure protection and cyber security policy and programs. Ms. Plunkett earned her Bachelor of Science degree at Towson University and her MBA at Johns Hopkins. A graduate of the National War College, where she was awarded a Master of Science in National Security Strategy, she has also completed the Intelligence Fellows Program. Ms. Plunkett has received numerous awards and honors, including the rank of Meritorious Executive in the Senior Cryptologic Executive Service awarded by President George W. Bush.

Federal Trade Commissioner Julie Brill works on issues of critical importance to consumers, including protecting consumer privacy, encouraging appropriate advertising substantiation, guarding consumers from fraud and maintaining competition in high-tech and healthcare industries. An advocate for protecting consumer privacy, especially in online and mobile technologies, she supports ways to provide consumers with better information and control over collection and use of personal online information, recognizing the need to introduce practical solutions rooted in consumer protection while maintaining competition. Commissioner Brill also focuses on the need to improve consumer protection in financial services, advocating improved regulations and enforcement in credit reporting, debt collection and fraud.

Before becoming Commissioner, Ms. Brill was the Senior Deputy Attorney General and Chief of Consumer Protection and Antitrust for the North Carolina Department of Justice. She has also been a Lecturer-in-Law at Columbia University's School of Law. For more than 20 years, she was Assistant Attorney General for Consumer Protection and Antitrust for the State of Vermont. She also served as a Vice-Chair of the Consumer Protection Committee of the Antitrust Section of the American Bar Association and Chair of the National Association of Attorneys General Privacy Working Group. Commissioner Brill is the recipient of the National Association of Attorneys General Marvin Award, Privacy International's Brandeis Award for her work on state and federal privacy, and the National Association of Attorneys General's Privacy Award. Prior to her career in law enforcement, Commissioner Brill was an associate at Paul, Weiss, Rifkind, Wharton & Garrison and clerked for Vermont Federal District Court Judge Franklin S. Billings, Jr. She graduated magna cum laude from Princeton University and from New York University School of Law, where she received a Root-Tilden Scholarship for her commitment to public service.

As part of the White House National Security Staff, Samara Moore, Director for Cybersecurity Critical Infrastructure Protection, coordinates activities across the Federal Government, partnering with the private sector in efforts to strengthen cybersecurity for our nation's critical infrastructure sectors. Prior to joining the National Security Staff, Moore was Senior Information Technology and Cybersecurity Advisor in the Department of Energy, focusing on energy sector cyber security and managing public-private partnerships. At the DOE, she played a key role in IT and cybersecurity governance, where she led the formation of the Electricity Sector Cybersecurity Capability Maturity Model, now followed domestically and internationally. Before joining the DOE, Moore was Director of the Office of Management and Data Systems in the Occupational Safety and Health Administration as well as Deloitte Enterprise Risk Services. Earlier, as a consultant, systems engineer, and IT manager, she performed security assessments, managed security operations and security planning for government agencies and private industry. Moore earned her Bachelor's from Virginia Tech in Accounting and Information Systems and her Master's in Engineering Management Systems Engineering from the George Washington University where she is currently an adjunct professor.

Richard Danzig, who served as Secretary of the Navy in the Clinton Administration, is a member of the Defense Policy Board, the President’s Intelligence Advisory Board, and Homeland Security Secretary’s Advisory Council. During Senator Obama's 2008 Presidential campaign, Danzig was one of his principal national security senior advisors. Earlier, in the Office of Assistant Secretary of Defense, he served first as Deputy Assistant Secretary and then as Principal Deputy Assistant Secretary of Defense for Manpower, Reserve Affairs and Logistics. For his work in national defense, he received the Defense Distinguished Public Service Award--the highest Department of Defense civilian award--three times. Danzig is Vice Chair of the Board of The RAND Corporation, a member of the Aspen Strategy Group and a senior advisor at the Center for New American Security, Center for Naval Analyses, and Center for Strategic and International Studies. Danzig is also a Trustee of Reed College, a Director of the Center for a New American Security and a Director of Saffron Hill Ventures. Danzig was previously a director of the National Semiconductor Corporation and Human Genome Sciences Corporation, Chairman of the Board of the Center for a New American Security and Chairman of the Board of the Center for Strategic and Budgetary Assessments. In academic life, he was an Assistant and then Associate Professor of Law at Stanford, taught contract law at Georgetown, was a Prize Fellow of the Harvard Society of Fellows and a Rockefeller Foundation Fellow. He has been a partner in the law firm of Latham and Watkins and Litigation Director and then Vice Chair of the International Human Rights Group, for which service he was awarded the organization's Tony Friedrich Memorial Award. With Peter Szanton, Danzig is the author of National Service: What Would It Mean? (Lexington, 1986). His recent publications include, “Driving in the Dark: Ten Propositions About Prediction” and co-author of “Aum Shinrikyo: Insights into How Terrorists Develop Biological and Chemical Weapons,” both published by the Center for a New American Security. He received his BA from Reed College, his JD from Yale and his Bachelor of Philosophy and Doctor of Philosophy from Oxford, where he was a Rhodes Scholar. Upon his graduation from Yale, Danzig served as a law clerk to U.S. Supreme Court Justice Byron White.

Peter D. Hancock was named President and Chief Executive Officer of AIG in September 2014, when he was also elected to the AIG Board of Directors. Previously, Hancock served as CEO of AIG’s property casualty division. He first joined AIG as Executive Vice President, Finance, Risk, and Investment. Hancock has spent his entire career in financial services, including 20 years at J.P. Morgan, where he established the Global Derivatives Group and ran the Global Fixed Income business and Global Credit portfolio and served as the firm’s Chief Financial Officer and Chief Risk Officer. He co-founded and served as President of Integrated Finance Limited, an advisory firm specializing in strategic risk management, asset management, and innovative pension solutions. He joined AIG from KeyCorp, where he was Vice Chairman, responsible for Key National Banking. Hancock is a member of the International Advisory Board of BritishAmerican Business. In 2014, he received that organization’s Corporate Citizenship Award. A William Pitt Fellow of Pembroke College, Cambridge, Hancock was raised in Hong Kong and later attended Oxford University, where he earned his BA in politics, philosophy, and economics.

Vinton G. Cerf is Vice President and Chief Internet Evangelist for Google. He contributes to global policy development and continued spread of the Internet. Widely known as one of the "Fathers of the Internet," Cerf is the co-designer of the TCP/IP protocols and the architecture of the Internet. He has served in executive positions at MCI, Corporation for National Research Initiatives and the Defense Advanced Research Projects Agency. He served as Chairman of the Board of the Internet Corporation for Assigned Names and Numbers (ICANN) and has been a Visiting Scientist at the Jet Propulsion Laboratory. Cerf was Founding President of the Internet Society (ISOC) and is a Fellow of the IEEE, ACM, and American Association for the Advancement of Science, American Academy of Arts and Sciences, International Engineering Consortium, Computer History Museum, British Computer Society, Worshipful Company of Information Technologists and a member of the National Academy of Engineering. He is Past President of the Association for Computing Machinery and currently serves as Chairman of the American Registry for Internet Numbers (ARIN), and recently completed his term as Chairman of the Visiting Committee on Advanced Technology for the US National Institute of Standards and Technology. President Obama appointed him to the National Science Board in 2012. Cerf is a recipient of numerous awards and commendations in connection with his work on the Internet, including the US Presidential Medal of Freedom, US National Medal of Technology, Queen Elizabeth Prize for Engineering, Prince of Asturias Award, Tunisian National Medal of Science, Japan Prize, Charles Stark Draper Award, the ACM Turing Award and 21 honorary degrees, including an honorary doctorate at Polytechnic University (now NYU Tandon School of Engineering). In December 1994, People magazine named Cerf as one of that year's "25 Most Intriguing People."

Relevant Government Agencies

Air Force, Army, Navy & Marine Corps, Intelligence Agencies, DOD & Military, Office of the President (includes OMB), Dept of Agriculture, Dept of Commerce, Dept of Education, Dept of Energy, Dept of Health & Human Services, Dept of Homeland Security, Dept of Housing & Urban Development, Dept of the Interior, Dept of Justice, Dept of Labor, Dept of State, Dept of Transportation, Dept of Treasury, Dept of Veterans Affairs, EPA, GSA, USPS, SSA, NASA, Other Federal Agencies, Legislative Agencies (GAO, GPO, LOC, etc.), Judicial Branch Agencies, State Government, County Government, City Government, Municipal Government, CIA, FEMA, Office of Personnel Management, Coast Guard, National Institutes of Health, FAA, Census Bureau, USAID, National Guard Association, EEOC