AI Cyber Lunch: "Black Hat, White Hat, Green Eyeshades: Improving Cybersecurity through Risk Pricing Models"

Name: AI Cyber Lunch: "Black Hat, White Hat, Green Eyeshades: Improving Cybersecurity through Risk Pricing Models"
Start: 2023-03-29T12:00:00-0400
End: 2023-03-29T13:00:00-0400

Open to the Public

Please join the Science, Technology, and Public Policy Program for an AI Cyber Lunch Seminar featuring Daniel Weitzner, 3Com Founders Senior Research Scientist at the MIT Computer Science and Artificial Intelligence Laboratory and Founding Director of the MIT Internet Policy Research Initiative. In a talk entitled "Black Hat, White Hat, Green Eyeshades: Improving Cybersecurity through Risk Pricing Models," Weitzner will discuss the benefits of (currently unattainable) cyber risk pricing metrics and a new approach for achieving them.

Q&A to follow. Buffet-style lunch will be served.

Registration: In-person attendance is limited to current Harvard ID holders. No RSVP is required. Room capacity is limited and seating will be on a first come, first served basis.

Members of the public are welcome to attend virtually via Zoom. Virtual attendees should register using the button below; upon registering, attendees will receive a confirmation email with a Zoom link.

Recording: Please be advised that this seminar will not be recorded.

Accessibility: Persons with disabilities who wish to request accommodations or who have questions about access, please contact Liz Hanlon (ehanlon@hks.harvard.edu) in advance of the session.

Date: Wed, Mar 29, 2023 Time: 12:00pm - 01:00pm Location: Room 434 A-B

Summary

Abstract

Despite the prevalence of cyber attacks, we still have a limited understanding of the relationship between security control failures and financial loss. A very few firms build their own cyber risk models internally but lack external data to ensure they are robust. The industry has done a good job sharing threat and vulnerability information but that provides little guidance to shape overall strategy either for individual firms or policymakers looking to manage risk at a societal level. MIT’s SCRAM (Secure Cyber Risk Aggregation and Measurement) is a new cyber risk measurement research platform that provides security benchmarking and return-on-security-investment data to CISOs, Chief Risk Officers and CFOs so that they can better protect their networks, direct security investments, and improve the state of global cybersecurity. SCRAM uses secure multiparty computation based on threshold homomorphic encryption to compute aggregate benchmarks and risk metrics, without ever requiring firms to disclose their sensitive data to anyone else. This new approach to cybersecurity will provide currently unattainable cyber risk pricing metrics to guide private investment decisions, make cyber insurance markets more efficient, and shape cybersecurity regulations.

Speaker

Daniel J. Weitzner is 3Com Founders Senior Research Scientist, MIT Computer Science and Artificial Intelligence Laboratory and Founding Director, MIT Internet Policy Research Initiative. His research interests include accountable systems, privacy, cybersecurity, and online freedom of expression. He was the United States Deputy Chief Technology Officer for Internet Policy in the White House under President Obama, founded the Center for Democracy and Technology, led the World Wide Web Consortium’s public policy activities, and was Deputy Policy Director of the Electronic Frontier Foundation. He was responsible for the Obama Administration’s Consumer Privacy Bill of Rights and the OECD Internet Policymaking Principles. Weitzner has been a leader in Internet public policy from its inception, making fundamental contributions to the successful fight for strong online free expression protection in the United States Supreme Court, opposing technologically unwise regulation of encryption technology, and for laws that protect the privacy of email and web browsing data against government surveillance. Weitzner has a JD from Buffalo Law School and a BA in Philosophy from Swarthmore College. He is a non-resident Senior Fellow at the German Marshall Fund, a recipient of the International Association of Privacy Professionals Leadership Award (2013), the Electronic Frontier Foundation Pioneer Award (2016), was named a Fellow of the National Academy of Public Administration (2019) and is a member of Council on Foreign Relations.