Cyberterrorism Daunting Challenge for TRIA

Photo by tommao wang on Unsplash
  • Attribution of motivation;
  • Determination of the occurrence and situs of “damage”; and
  • Determination of the nature and situs of “loss.”
  1. Accident vs. Attack — The Secretary first gathers information from the pipeline company, law enforcement, and intelligence agencies to determine whether the event is a cyberattack or an accident. If an accident, the inquiry stops.
  2. Financial vs. Political — The Secretary next gathers information from law enforcement, military, and intelligence agencies as to the motivation behind the cyberattack including an assessment of the credibility of any claims of responsibility. If the motivation is financial, the inquiry stops. If the motivation is political (i.e., directed at public policy or public opinion) further parsing is required. It appears certification cannot be based on an attempt to influence public policy of or public opinion regarding state or local governments, private companies, or non-governmental organizations. Rather, certification is limited to efforts to influence public policy or public opinion on matters of national or international relevance. It is entirely foreseeable that the motivation (even if known) is ambiguous (e.g., anarchists, hacktivists, or revenge-seekers) or mixed (e.g., ransomware producing income designed to evade sanctions).
  • Donald B. Aspinall, Chair and President of Three Belmont Insurance Company (Vice President of Global Risk Management for Comcast);
  • Charles Van H. Gavitt, Board Member and Treasurer of Three Belmont Insurance Company (Vice President of Financial Planning & Analysis for Comcast);
  • Andrew G. Fossett, Board Member and Secretary of Three Belmont Insurance Company (Senior Vice President & Chief Counsel for NBCUniversal); and
  • John P. Giraldo, Board Member of Three Belmont Insurance Company (Executive Vice President and Global Controller for NBCUniversal).
  • The generosity of the coverages the captive provides its parent against cyberterrorism;
  • The decision the captive would make whether a particular cyberattack is covered by the policy it had negotiated with its corporate parent;
  • The decision the captive would make about how much it owes its corporate parent under the terms of that policy; and
  • The decision the captive would make as to whether (and to what extent) that loss occurred in the United States or outside of the United States.

--

--

--

Founder and Managing Member of Centers for Better Insurance, LLC

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How 20 Million $OP Was Stolen from the Multisig Wallet (Not Yet) Owned by Wintermute

Making Web3 Safer with FYEO

V-ID’s file validation process explained

Securing Your Accounts With Two-Factor Authentication (2FA)

iOS 14 jailbreak with cicuta_virosa

The Top Security Strategies in Custom Software Development

{UPDATE} 美味消消乐 - 2017全民糖果三消游戏 Hack Free Resources Generator

GDPR — The Canary In a Privacy Mine. Is Your Company Ready?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jason Schupp

Jason Schupp

Founder and Managing Member of Centers for Better Insurance, LLC

More from Medium

Interactive Map Reveals Which Indigenous Lands You’re Living On

Fools Rush in Where Angels Fear to Tread

A MAN WHO K NEW ALL ABOUT FAKE NEWS — STUART HALL . . .

Where does Energy come from?