oecd expert consulation on improving the ... book oecd expert workshop...oecd expert consulation on...
TRANSCRIPT
OECD EXPERT CONSULATION ON
IMPROVING THE MEASUREMENT OF
DIGITAL SECURITY INCIDENTS AND RISK MANAGEMENT
12 - 13 May 2017
Swiss-Re Centre for Global Dialogue Gheistrasse 37 8803 Rüschlikon Switzerland
BIO - BOOK
Hans Allnut Partner DAC Beachcroft LLP United Kingdom
Hans leads the Cyber & Data Risk team at international law firm DAC Beachcroft. He
advises on cyber risk strategy, incident preparation, incident response and contentious data
protection issues.
In 2016, he was recommended for his "excellent data privacy skills" in The Legal 500;
recognised as a Litigation Rising Star; and, nominated as a Legal Innovator of the Year.
Hans has worked in the insurance industry for 15 years. He is a legal expert on cyber risk
and data breach insurance policies and has advised on policy wordings, aggregation,
systemic cyber risk and “silent” cyber exposures.
Hans chairs the International Underwriting Association’s Cyber Claims Committee and is an
Editorial Board Member of Cyber Security Practitioner.
Alexandre Barbosa
Head of the Regional Center for Studies on the Development of the Information Society (Cetic.br) under the auspices of UNESCO based in São Paulo, Brazil
Mr. Barbosa is responsible for managing nationwide stand-alone ICT survey projects for the
production of ICT-related statistics on the access to and use of ICTs in different segments of
society in Brazil, and for promoting capacity building programs in survey methodologies in
Latin America and Portuguese-speaking countries in Africa.
Mr. Barbosa is also the Chair of the Expert Group on ICT Households indicators (EGH) from
the International Telecommunications Union (ITU) and member of the International Advisory
Group of Experts on the Global Kids Online project leaded by UNICEF and LSE.
Mr Barbosa holds a PhD degree in Business Administration from Getulio Vargas Foundation (Brazil), a Master Degree in Business Administration from Bradford University (UK), a MSc Degree in Computer Science from Federal University of Minas Gerais (Brazil) and a BSc Degree in Electrical Engineering from Catholic University (Brazil). He has also conducted postdoctoral research at HEC Montreal (Canada) in the area of electronic government.
Joel Benge Risk Evangelist Emergent Network Defense United States
Joel Benge is an award-winning communicator with roots that span from the humanities to
cybersecurity. Early dalliances with education, theatrical arts, and the entertainment industry
(including Nickelodeon, video game development, and as one of the Internet’s first
podcatsers) gave way to hands-on industry experience in network security. Joel has been on
the technical staff at NASA Goddard Space Flight Center and spent many a long night “in
the trenches” of network and security operations centers.
An opportunity to combine his passion for storytelling and communications with his technical
skills led Joel to serve seven years with the U.S. Department of Homeland Security as the
principal manager for enterprise cybersecurity communications. There worked to develop
and communicate the Department’s internal cybersecurity strategy, including implementing
the Stop.Think.Connect.™ and National Cyber Security Awareness Month campaigns.
He is currently the “Risk Evangelist” for Emergent Network Defense, a global Digital Risk
Management solutions provider. He brings his divergent thinking to help Fortune 100
companies and international non-profits contextualize their enterprise data to “see around
the corner” and predict their next digital risk.
Laurent Bernat
Policy Analyst OECD France
Laurent Bernat is Policy Analyst at the OECD Secretariat, within the Division for Digital Economy Policy in the Directorate for Science, Technology and Industry. He has supported the work of the Working Party on Security and Privacy in the Digital Economy (SPDE) since he joined the OECD in 2003, working in many areas from national cybersecurity strategies, electronic authentication, and the protection of critical information infrastructures.
He is currently part of the OECD horizontal project on "Going Digital: Making the Digital Transformation Work for Growth and Well-Being" which gathers 14 OECD Committees in various policy areas. He has a Masters degree in political science and has graduated from the French Institut d’étude des relations internationales (ILERI).
Steve Bishop
Head of Insurance and Asset Management ORX United Kingdom
Steve is a risk management professional with over 15 years’ experience gained in the financial services industry.
During his career, he has developed and implemented operational risk management and measurement frameworks at major insurance firms, banks and asset managers, as well as effecting risk management change within organisations and successfully managing varied and complex stakeholder relationships.
At ORX, Steve has responsibility for the insurance operational risk data exchange service, insurance focussed operational risk research and membership growth.
Maya Bundt
Head of Cyber and Digital Security Swiss Re Switzerland
Maya Bundt is the Head Cyber and Digital Strategy at Swiss Re Reinsurance. In this role she
is responsible to further develop and implement the Reinsurance cyber risk strategy, and to
drive digital innovation and initiatives. Maya joined Reinsurance from Group Strategy, where
she was Chief of Staff to the Group's Chief Strategy Officer. Before she joined the Group
Strategy team, Maya held a position in the Information Technology Division of Swiss Re.
Maya joined Swiss Re from the Boston Consulting Group where she spent 3 years as a
strategy consultant serving a variety of industries.
She holds a PhD in Environmental Science from the ETH Zurich.
Maya is elected member of the World Economic Forum Future Council for the Digital
Economy and Society. She supports several international initiatives around the digital
economy and cyber risks and has published several articles on the topic.
Anne Carblanc
Head of Digital Economy Policy OECD France
Ms. Anne Carblanc is Head of the OECD Digital Economy Policy Division (DEP) in the
Directorate for Science, Technology and Innovation. Her division works on evidence-based
policy frameworks to make the digital transformation work for inclusive growth and well-
being.
Ms Carblanc joined the OECD in 1997, working on privacy, consumer protection and digital
security issues. From 2009 to early 2012, she assisted the STI Director as Special
Counsellor, and was responsible for strategic planning, organisation and co-ordination as
well as global relations. Prior to joining the OECD, she spent five years as Secretary
General, Director of Services in the French Commission Nationale de l’informatique et des
libertés (CNIL). She also served ten years in the French judicial system as "juge
d'instruction" and Head of criminal legislation in the Ministry of Justice.
Anne Carblanc, a French national, holds a Bachelor’s degree in modern languages and
literature, a Master's degree in Civil Law from University Paris 1, and graduated in 1983 from
the "École nationale de la magistrature".
Philippe Cotelle
Head of Defense and Space Insurance Risk Management Airbus France
Philippe Cotelle has been the Head of Insurance and Risk Management of Airbus Defence &
Space since 2014, gathering all Airbus activities in Space, Defence and Military Transport
Aviation belonging to the former Divisions Astrium, Cassidian and Airbus Military.
Philippe Cotelle is leading the SPICE project (Scenario Planning to Identify Cyber Exposure)
within Airbus developing a new approach for Business impact analysis related to a cyber
event. Philippe coordinates a research program with the French Institute of Research and
Technology on cyber risk management and collaborates with FERMA (Federation of
European Risk Management Associations), French Administration and OECD on this topic.
Philippe Cotelle graduated as an Engineer from Ecole Nationale Superieure de
l'Aeronautique et de l'Espace and Executive MBA from Essec & Mannheim 2007.
Benjamin Dean
OECD Consultant Based in the United States
Benjamin C. Dean works at the intersection of technology, economics and public policy. He presently contributes to an initiative to develop business digital risk management metrics with the OECD’s Working Party on Security and Privacy in the Digital Economy. Mr. Dean recently contributed a paper to inform the European Parliament on the economic implications of EU-US cooperation in cybersecurity and cybercrime. He also assists re-insurance clients with the development of models to assess the probability and impact of a variety of digital security incidents. Previously he was a fellow for cybersecurity at Columbia University and a policy analyst at the Organisation for Economic Co-operation and Development’s Center for Entrepreneurship, Small and Medium Enterprises and Local Development.
Mr. Dean completed a MA International Affairs at Columbia University’s School of International and Public Affairs. He is also a graduate of the University of Sydney with a BA Economics and Social Sciences (Hons.)
Martin Eling
Director Institute of Insurance Economics Switzerland
Martin Eling is professor of insurance management and director of the Institute of Insurance
Economics at the University of St. Gallen (Switzerland). He studied business administration
at University of Münster (Germany), where he also received his doctoral degree in 2005.
From 2005 to 2009, he worked as postdoc at the Institute of Insurance Economics of the
University of St. Gallen. In 2008 he has been Visiting Professor at the University of
Wisconsin-Madison (USA) and in 2010 and 2011 Visiting Lecturer at the University of Torino
and University of Urbino (Italy). From 2009 to 2011 he has been Director of the Institute of
Insurance and Professor in Insurance at the University of Ulm (Germany).
Dr. Eling has published in numerous international journals, including the Journal of Risk and
Insurance, the Journal of Banking & Finance, the European Journal of Operational
Research, and Insurance: Mathematics and Economics. He received several research prices
from leading international organizations such as the American Risk and Insurance
Association, the Casualty Actuarial Society and the National Association of Insurance
Commissioners. His main research fields are new insurance markets (e.g. cyber insurance,
microinsurance), new approaches in asset management (e.g. alternative investments),
regulation, risk management and performance measurement.
Kevvie Fowler
National Leader of Cyber Response KPMG United States
Kevvie Fowler is National Leader of Cyber Response and partner in Advisory Services at KPMG in Canada where he helps clients prevent, detect and recover from security incidents. Kevvie proactively helps clients identify, assess and manage cyber risks to protect sensitive data and prepare to effectively respond to a breach. Kevvie also helps clients reactively investigate and discount the occurrence of, or confirm and precisely scope, breaches in a manner that minimizes impact to their organization.
He is a recognized security and forensics expert, author of Data Breach Preparation and Response and SQL Server Forensic Analysis and coauthor to several cyber security and forensic books. He is also a SANS lethal forensicator and sits on the SANS Advisory Board, where he guides the direction of emerging security and forensics research.
Robert W. (Bob) Gordon
Executive Director Canadian Cyber Threat Exchange (CCTX) Canada
Bob is the Executive Director, Canadian Cyber Threat Exchange (CCTX) where he has
organisational responsibility to deliver cyber threat information services and lead all cyber
intelligence engagements and research activities. Most recently, Bob was a Director, Global
Cyber Security at CGI. Prior to this, he enjoyed a long and successful career in the Federal
Government, which included being the architect of Canada’s Cyber Security Strategy.
Bob has had a unique career in Canada’s security, intelligence and law enforcement
organizations: Public Safety Canada, Communications Security Establishment, Canadian
Security Intelligence Service, and the Royal Canadian Mounted Police. He has had senior
executive responsibility for science and technology, IM/IT, and internal security programs
(personnel, physical, and information technology). He has also provided operational
leadership in investigating and analyzing the full range of threats to the security of Canada,
which included leading the CSIS Counter Terrorism program.
Marc Henauer
Head of MELANI Program Swiss Federal Intelligence Switzerland
Marc Henauer is the Head of the MELANI Operation and Information Centre. This unit is part
of the Federal Intelligence Service within the Swiss Ministry of Defence, Civil Protection and
Sports. The MELANI OIC Unit is responsible for the analytical and operative parts of the
Swiss Analysis and Reporting Unit for Information Assurance (MELANI). MELANI is
mandated with supporting the Swiss Critical Infrastructures within their Information
Assurance Process.
Mr. Henauer was the strategic analyst for economic and cyber criminality within the Service
of Analysis and Prevention, before heading MELAN and part of the Cybercrime Coordination
Unit (CYCO). He studied at the University of Zurich economic science and Media and
Communication Management at the University of St. Gallen. Mister Henauer got his Master
of Arts in Security Studies from the Georgetown University in Washington DC.
Yurie Ito
Founder and Executive Director The CyberGreen Institute United States
Yurie Ito is a Founder and Executive Director of The CyberGreen Institute, a global non-
profit organization focused on improving the cyber ecosystem’s health by providing reliable
metrics, measurement, and mitigation best practices to national CERTs, network operators,
and policy makers. She is also a Director of Global Coordination Division for the Japan
Computer Emergency Response Team Coordination Center (JPCERT/CC). She has
previously served 12 years as Technical Director and Global Coordination Director for the
organization, and also served at ICANN as a Director of Global Security Programs from
2009-2011. She has been leading a number of international collaborative efforts, including
as Chair of the Asia Pacific Computer Emergency Response Team (APCERT), an active
member of the Forum of Incident Response and Security Teams (FIRST), and as Board
Member of FIRST for 6 years from 2004-2010.
She is a non-resident Senior Fellow at the Atlantic Council, associated with the Cyber
Statecraft Initiative. Her Master's thesis at the Fletcher School of Law and Diplomacy, Tufts
University, was on Managing Global Cyber Health and Security through Risk Reduction.
Nick Kitching
Head Risk Management EMEA for Reinsurance CRO Forum United Kingdom
Nick Kitching is Chief Risk Officer of Swiss Re Europe S.A., Swiss Re's Luxembourg based
carrier for reinsurance operations in Europe.
Nick joined Swiss Re in July 2013 as head of EMEA Regulatory Risk Management leading a
team coordinating Swiss Re's engagement on regulatory risks and developments in EMEA.
Before joining Swiss Re, Nick worked at Aviva as head of Regulatory Policy Oversight and at
the UK Financial Services Authority as a member of the General Counsel Division and
Prudential Policy Division.
In his roles at Swiss Re and Aviva, Nick has been actively engaged in a number of industry
bodies, particularly the CRO Forum. For the CRO Forum, He led a number of CRO Forum
initiatives on recovery and resolution and diversification benefits. Since December 2013,
Nick has chaired the coordination of the CRO Forum's cyber risk working group. This group
has been responsible for two papers on cyber resilience and cyber risk published in June
2016 and December 2014.
Nick started his career in law and is a qualified UK solicitor.
Éireann Leverett
Senior Risk Researcher Cambridge Centre for Risk Studies United Kingdom
Éireann Leverett is a regular speaker at computer security conferences such as FIRST, BlackHat, Defcon, Brucon, Hack.lu, RSA, and CCC; and also a regular speaker at insurance
and risk conferences such as Society of Information Risk Analysts, Onshore Energy Conference, International Association of Engineering Insurers, International Risk Governance Council, and the Reinsurance Association of America. He has been featured by the BBC, The Washington Post, The Chicago Tribune, The Register, The Christian Science Monitor, Popular Mechanics, and Wired magazine.
Mr Leverett continually studies computer science, cryptography, networks, information theory, economics, and magic history. He is also fascinated by zero knowledge proofs, firmware and malware reverse engineering, and complicated network effects such as Braess' and Jevon's Paradoxes. He has worked in quality assurance on software that runs the electric grid, penetration testing, and academia. He likes long binwalks by the hexdumps with his friends.
He also serves in an advisory role to ENISA: on the industrial control systems and smart grid security experts group.
He was part of a multidisciplinary team that built the first cyber risk models for insurance with Cambridge University Centre for Risk Studies and RMS.
Aaron Martin
Oxford Martin Associate University of Oxford United Kingdom
Aaron Martin is an Oxford Martin Associate at the University of Oxford's Global Cyber
Security Capacity Centre and a Vice President of Global Technology at JPMorgan Chase in
NYC. He is also a member of the NY Cyber Task Force convened by Columbia University’s
School of International and Public Affairs. He was previously an analyst at the OECD, where
he concentrated on cybersecurity policy and security metrics. He has a PhD in Information
Systems & Innovation from the London School of Economics. Further information about
Aaron’s experience, research and expertise can be found at http://sixfouronea.net.
Jérôme Notin
General Manager ACYMA France
After an experience of more than twenty years in the private sector where Jérôme participated in the creation and the development of start-ups in the world of computer security, Jérôme joined the French National Cyber Security Agency in 2016.
His role was to design and build the structure of the Public-Private Partnership (GIP ACYMA) which is created today. Since its birth in March 2017, Jérôme is the general manager of the GIP ACYMA
Elettra Ronchi
Senior Policy Analyst OECD France
Elettra Ronchi, PhD, MPP, is Senior Policy Analyst in the Science, Technology and Innovation Directorate at the Organisation for Economic Co-operation and Development (OECD) in Paris where since 2015 she is Head of Unit, coordinating work on data governance and security risk management in the digital economy. Elettra Ronchi has more than 20 years of experience as policy analyst, evaluating the
instruments available to governments to improve the public benefits from investments in
health, science and technology. Since 2006 she has led work on e-health, including the
development of international measures and approaches to benchmarking progress in this
sector. From 2013 to 2015 Elettra has coordinated G7 OECD work on dementia, Big Data
and open science and more recently, the development of an OECD Council
Recommendation on Health Data Governance.
Elettra Ronchi started her policy career in 1993 as consultant for the United Nations
Development Programme. Before joining the international civil service she held academic research and teaching positions in the US and France. She received her PhD from the Rockefeller University/Cornell Medical School (US), and MPP from the University of York (UK).
Matthew Shabat
Cybersecurity Strategist and Performance Manager Department of Homeland Security United States
Since starting at the Department of Homeland Security in 2008, Matt has served in several cybersecurity policy and strategy roles. Subsequently, he became the Director of Performance Management within the DHS Office of Cybersecurity and Communications where he contributes to strategic planning and oversees associated program performance. Active projects include analyzing the costs of a cyber incident and leadership of an ongoing cyber insurance and risk management data repository dialogue. In Spring 2017, he was selected as a finalist for the (ISC)2 U.S. Government Information Security Leadership Award for process or policy improvement related to his work on the Cyber Incident Data and Analysis Repository. Matt graduated from The George Washington University’s Elliott School of International Affairs with a M.A. in Security Policy Studies. Prior to returning to graduate school, he practiced corporate, mergers and acquisitions, and securities law with Mayer Brown LLP in Chicago. Matt earned his J.D. from the University of Pennsylvania Law School and he received his B.A. from Stanford University.
Blair Stewart
Assistant Privacy Commissioner Office of the Privacy Commissioner New Zealand
Mr Blair Stewart is Assistant Commissioner with the Office of the Privacy Commissioner, New Zealand, with principal responsibilities in relation to international policy and for regulation (codes of practice). Blair is New Zealand’s delegate to the APEC Electronic Commerce Steering Group Data Privacy Subgroup (ECSG DPS) and the OECD Working Party on Security and Privacy in the Digital Economy (SPDE). Blair contributes to the work of a number of networks of privacy and data protection authorities. He was involved in the establishment of the APEC Cross-border Privacy Enforcement Arrangement (CPEA) and the Global Privacy Enforcement Network (GPEN) and was on their governance bodies for several years. Since 2014 Blair has served as the Secretariat for the International Conference of Data Protection and Privacy Commissioners. Blair regularly participates in the Asia Pacific Privacy Authorities (APPA) Forum. Blair is currently convenor of the ICDPPC Data Protection Metrics Working Group and the APPA Comparative Privacy Statistics Working Group.
Mika Susi
Chief Policy Advisor at the Executive Office Confederation of Finnish Industries Finland
Mr. Susi has over 15 years of experience on security and risk management both from public
and private sectors. Mr. Susi has a masters degree in political science and has studied
leadership and management and has also a diploma in law enforcement studies. He has
worked with wide range of security issues including counter terrorism and industrial and
personnel security.
Mr. Susi works as chief policy adviser at the Confederation of Finnish industries and is also
the chairman of the board of corporate security. Currently he is focusing on developing
Finnish corporate security framework model and its implementing in versatile organizations
including SME´s and public organizations.
He is a member of several advisory bodies of security related projects and is also known as
lecturer in cybersecurity and corporate espionage related issues.
Dan Tofan
Cybersecurity Expert ENISA Greece
Dr. Dan Tofan is a cyber-security expert, with more than 10 years of experience, gathered in
EU level institutions or working groups, national governmental agencies as well as in the
academic and private sectors. He holds a PhD in computer science as well as a number of
international certifications in the areas of cyber security and project management. Since May
2015, he joined ENISA as an expert, being responsible for all mandatory incident reporting
activities developed by the Agency in areas like telecom, trust service providers and NIS
directive.
Dr Shaun Wang
Director, Insurance Risk and Finance Research Nanyang technological University Singapore
Professor Shaun Wang is Director of the Insurance Risk and Finance Research Centre,
Nanyang Technological University in Singapore. He is currently leading the Cyber Risk
Management Project (CyRiM), which is a university-government-industry partnership with
the Monetary Authority of Singapore, Cyber Security Agency of Singapore, and several
global insurance companies.
Professor Wang has rich academic and industry experience. He held the position of Deputy
Secretary General & Head of Research of The Geneva Association from 2013-2015. He was
Thomas P. Bowles Chair Professor at Georgia State University (2004-2013), Research
Director at SCOR (1997-2004), and Assistant professor at the University of Waterloo (1994-
1997).
Professor Wang has published numerous papers in top actuarial and insurance journals and
received several international awards. He is the inventor of the "Wang Transform", a widely-
cited formula for pricing risks. He served as Editor of the ASTIN Bulletin. He led several
international symposiums on risk and capital. He delivered a Capitol Hill briefing in
Washington D.C. on “The Financial Crisis and Lessons for Insurers” in 2009. He has a Ph.D.
from University of Waterloo and B.Sc. from Peking University. He is Fellow of the Casualty
Actuarial Society and Chartered Enterprise Risk Analyst.
Matthias Weber
Group Chief Underwriting Officer Swiss Re Switzerland
Matthias Weber started his career at Swiss Re in Zurich in 1992 as an expert for natural perils. He moved to the Swiss Re Americas Division in 1998 and in 2000 became Regional Executive for the Western Region of the United States located in San Francisco. From 2001, he was responsible for property underwriting in the US Direct Business Unit, and in 2005 was named Head of the Americas Property Hub in Armonk. From 2008, Matthias Weber served as Division Head of Property & Specialty. Matthias Weber was appointed Group Chief Underwriting Officer and member of the Group Executive Committee in April 2012. Matthias Weber, born 1961, is a Swiss and American citizen.
Leigh Wolfrom
Policy Analyst – Insurance expert OECD France
Leigh Wolfrom is a policy analyst in the OECD’s Directorate for Financial and Enterprise Affairs, focused on undertaking research and policy analysis on the financial management of disaster risks. In this role, he has provided analysis and reports to the OECD Insurance and Private Pensions on a variety of disaster risk financing issues, including reports on the financial management of flood risk, financial instruments for managing disaster risks related to climate change and the establishment of OECD guidance on the development of disaster risks financing strategies. Most recently, he has been developing a report on the cyber insurance market which examines the types of coverage available as well as the challenges to the further development of the market. Prior to joining the OECD, Mr. Wolfrom worked in the Financial Sector Policy Branch at the Canadian Department of Finance and at Global Affairs Canada on international financing issues.
Mr. Wolfrom has an M.A. in International Affairs from Norman Paterson School of International Affairs (Carleton University) and a B.A. in Economics from the University of British Columbia.