With cybersecurity taking on even greater prominence, the Cybersecurity Policy & Research Institute at the University of California, Irvine will be undertaking several initiatives to analyze and help counter increasingly dangerous computer threats.
“The UCI Cybersecurity Policy & Research Institute will continue our research and scholarship efforts in 2021 to meet the many cybersecurity-related challenges facing Orange County, the United States, and the world,” said CPRI Executive Director Bryan Cunningham.
Every day seems to bring new threats, including the recently disclosed hacking of U.S. government departments and corporations, allegedly by Russian hackers working for the Kremlin to gather intelligence information.
CPRI is preparing an expanded cyber test range and conference facility in UCI’s new Interdisciplinary Science and Engineering Building,” Cunningham told the Business Journal on Jan. 5. That follows a virtual cyber response exercise late last year.
“UCI’s cyber test range will combine hardware, software, custom programming, and immersive audio-visual capabilities to enable: bleeding-edge cybersecurity research and scholarship; advanced teaching and training; and participatory cyberattack response exercises for business and the community,” according to Cunningham. He said much of the work is already under way.
CPRI is also planning collaboration between the Donald Bren School of Information and Computer Sciences and the Claire Trevor School of the Arts, according to the CPRI executive director Cunningham.
‘Wild West’
As he looks to the future, Cunningham sees a cybersecurity landscape fraught with challenges and dangers. Here are his observations, lightly trimmed for reasons of space:
• “For years, I have called cyberspace the ‘Wild West’ because of the lack of agreed or enforced norms of behavior in what is now clearly the most important battlefield between nations. For 2021, strap in for the wildest ride yet.”
• Many nations have taken the gloves off for this new decade. “We now know what we’ve long suspected—Russia has penetrated our national security, economic, and commercial infrastructure in deep, persistent, and troubling ways. No U.S. president has done anything remotely sufficient to stand up to Putin and other aggressive global cyber adversaries. Until they do, things are likely to get worse.”
• The difference between spying and war in cyberspace can be literally the click of a mouse. “I’ve been disturbed by how many otherwise well-informed commentators have said words to the effect that ‘it was just espionage’ and ‘everyone does it.’ What readers need to understand is that, in many cases, the difference between a spy tool (collecting sensitive information) and an implement of war (destroying vital information and critical infrastructure) is literally the click of a mouse. It may be months—if ever—before we know if the Russian malware has an attack capability and, if so, whether we can neutralize it.”
• “The risk of miscalculation—North Korea misjudges what the United States thinks is an act of war—will continue to leave us at grave risk of unintentional war. And I fear cyber war can turn into kinetic war much more easily than many commentators think.”
• “Something CPRI will be publishing on this spring: some cyber insurance carriers are now trying to exclude coverage for ‘acts of war,’ by which they are arguing can mean any cyberattack carried out by agents of a foreign government. If courts allow companies to deny coverage on this basis, it could decimate the entire cyber insurance ecosystem, leading companies to be insufficiently insured or not implementing sufficient cyber protective measures or both.”
Cunningham’s summary of what may be ahead: “The cyber outlook for 2021 and beyond, if nothing significant changes? In a word: Bleak.”
