National Academies Press: OpenBook
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×

FORUM ON
Cyber
Resilience

WORKSHOP SERIES

Data Breach Aftermath and
Recovery for Individuals and Institutions

Proceedings of a Workshop

Anne Johnson and Lynette I. Millett, Rapporteurs

Image

THE NATIONAL ACADEMIES PRESS

Washington, D.C.

www.nap.edu

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×

Image

The National Academy of Sciences was established in 1863 by an Act of Congress, signed by President Lincoln, as a private, nongovernmental institution to advise the nation on issues related to science and technology. Members are elected by their peers for outstanding contributions to research. Dr. Marcia McNutt is president.

The National Academy of Engineering was established in 1964 under the charter of the National Academy of Sciences to bring the practices of engineering to advising the nation. Members are elected by their peers for extraordinary contributions to engineering. Dr. C. D. Mote, Jr., is president.

The National Academy of Medicine (formerly the Institute of Medicine) was established in 1970 under the charter of the National Academy of Sciences to advise the nation on medical and health issues. Members are elected by their peers for distinguished contributions to medicine and health. Dr. Victor J. Dzau is president.

The three Academies work together as the National Academies of Sciences, Engineering, and Medicine to provide independent, objective analysis and advice to the nation and conduct other activities to solve complex problems and inform public policy decisions. The Academies also encourage education and research, recognize outstanding contributions to knowledge, and increase public understanding in matters of science, engineering, and medicine.

Learn more about the National Academies of Sciences, Engineering, and Medicine at www.national-academies.org.

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×

PLANNING COMMITTEE FOR THE WORKSHOP ON DATA BREACH AFTERMATH AND RECOVERY FOR INDIVIDUALS AND INSTITUTIONS

FRED B. SCHNEIDER, NAE,1 Cornell University, Chair

FRED H. CATE, Indiana University

ERIC GROSSE, Google, Inc.

SUSAN LANDAU, Worcester Polytechnic Institute

DEIRDRE K. MULLIGAN, University of California, Berkeley

PETER SWIRE, Georgia Institute of Technology

Staff

LYNETTE I. MILLETT, Director, Forum on Cyber Resilience

EMILY GRUMBLING, Program Officer

SHENAE BRADLEY, Senior Program Assistant

FORUM ON CYBER RESILIENCE

FRED B. SCHNEIDER, NAE, Cornell University, Chair

ANITA ALLEN, University of Pennsylvania

ROBERT BLAKLEY, CitiGroup, Inc.

FRED H. CATE, Indiana University

DAVID D. CLARK, NAE, Massachusetts Institute of Technology

RICHARD J. DANZIG, Center for a New American Security

ERIC GROSSE, Google, Inc.

DAVID A. HOFFMAN, Intel Corporation

PAUL C. KOCHER, NAE, Cryptography Research, Inc.

TADAYOSHI KOHNO, University of Washington

BUTLER W. LAMPSON, NAS,2 NAE, Microsoft Corporation

SUSAN LANDAU, Worcester Polytechnic Institute

STEVEN B. LIPNER, Independent Consultant

DEIRDRE K. MULLIGAN, University of California, Berkeley

TONY W. SAGER, Center for Internet Security

WILLIAM H. SANDERS, University of Illinois, Urbana-Champaign

STEFAN SAVAGE, University of California, San Diego

PETER SWIRE, Georgia Institute of Technology

DAVID C. VLADECK, Georgetown University

MARY ELLEN ZURKO, Cisco Systems, Inc.

Ex Officio

DONNA F. DODSON, National Institute for Standards and Technology

WILLIAM B. MARTIN, National Security Agency

KEITH MARZULLO, Networking and Information Technology Research and Development Program

Staff

LYNETTE I. MILLETT, Director

EMILY GRUMBLING, Program Officer

KATIRIA ORTIZ, Research Associate

SHENAE BRADLEY, Administrative Assistant

For more information about the forum, see its website at http://www.cyber-forum.org, or e-mail the forum at cyberforum@nas.edu.

___________________

1 NAE, National Academy of Engineering.

2 NAS, National Academy of Sciences.

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×

COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD

FARNAM JAHANIAN, Carnegie Mellon University, Chair

LUIZ ANDRE BARROSO, Google, Inc.

STEVEN M. BELLOVIN, NAE, Columbia University

ROBERT F. BRAMMER, Brammer Technology, LLC

EDWARD FRANK, Apple, Inc.

SEYMOUR E. GOODMAN, Georgia Institute of Technology

LAURA HAAS, NAE, IBM Corporation

MARK HOROWITZ, NAE, Stanford University

MICHAEL KEARNS, University of Pennsylvania

ROBERT KRAUT, Carnegie Mellon University

SUSAN LANDAU, Google, Inc.

PETER LEE, Microsoft Corporation

DAVID E. LIDDLE, US Venture Partners

FRED B. SCHNEIDER, NAE, Cornell University

ROBERT F. SPROULL, NAE, University of Massachusetts, Amherst

JOHN STANKOVIC, University of Virginia

JOHN A. SWAINSON, Dell, Inc.

ERNEST J. WILSON, University of Southern California

KATHERINE YELICK, University of California, Berkeley

Staff

JON EISENBERG, Director

LYNETTE I. MILLETT, Associate Director

VIRGINIA BACON TALATI, Program Officer

SHENAE BRADLEY, Administrative Assistant

JANEL DEAR, Senior Program Assistant

EMILY GRUMBLING, Program Officer

RENEE HAWKINS, Financial and Administrative Manager

CHRIS JONES, Program Officer

KATIRIA ORTIZ, Research Associate

For more information on CSTB, see its website at http://www.cstb.org, write to CSTB, National Academies of Sciences, Engineering, and Medicine, 500 Fifth Street, NW, Washington, DC 20001, call (202) 334-2605, or e-mail the CSTB at cstb@nas.edu.

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×

Preface

The Forum on Cyber Resilience—a roundtable of the National Academies of Sciences, Engineering, and Medicine established in 2015—facilitates and enhances the exchange of ideas among scientists, practitioners, and policy makers who are concerned with urgent and important issues related to the resilience of the nation’s computing and communications systems, including the Internet, other critical infrastructures, and commercial systems. Forum activities help to inform and engage a broad range of stakeholders around issues involving technology and policy related to cyber resilience, cybersecurity, privacy, and related emerging issues. A key role for the forum is to surface and explore topics that can help advance the national conversation.

During its first year of activities, to begin exploring cyber resilience issues in the regulatory and civilian agency context, the forum welcomed Federal Trade Commission (FTC) Commissioner Julie Brill to its August 2015 meeting. Commissioner Brill spoke about FTC activities and perspectives on security, privacy, and the Internet of Things. That led to lively discussion that was part of the impetus for the development of a workshop on data breach aftermath and recovery.

A planning group was appointed to organize a workshop for exploring themes related to the extent of the harms from large-scale data breaches, the efficacy of different remediation actions, and ways to better help recover from breaches. The Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions took place on January 12, 2016, in Washington, D.C., and featured invited speakers from government,

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×

the private sector, and academia. Participants examined existing technical and policy remediations, and they discussed possible new mechanisms for better protecting and helping consumers in the wake of a breach. Speakers were asked to focus on data breach aftermath and recovery and to discuss ways to remediate harms from breaches. But given the relationship between breach prevention and recovery from breaches, most speakers also addressed the whole gamut of challenges around data breach.

This workshop proceedings summarizes the presentations made by invited speakers and other remarks by workshop participants. In keeping with the workshop’s exploratory purpose, this proceedings does not contain findings or recommendations, nor, in keeping with the Academies’ guidelines for workshop proceedings, does it necessarily reflect consensus views of the workshop participants or planning committee. The planning group’s role was limited to planning the workshop, and this proceedings has been prepared by the workshop rapporteurs and forum staff as a factual summary of what occurred at the workshop. The document draws on prepared remarks of workshop speakers, comments made by workshop participants, and the ensuing discussions.

The first chapter summarizes the introduction to the workshop and reproduces background material provided to all participants. The second chapter summarizes each of the speaker’s presentations. The third chapter is organized into thematic areas, describes the content of the final discussion, and also integrates cross-cutting points made during presentations and earlier discussions, highlighting some of the broader themes that emerged throughout the workshop. The workshop agenda and participants list is provided in Appendix A. Short biosketches of the planning committee and speakers appear in Appendixes B and C, respectively.

We hope that the workshop and this proceedings will help to encourage the exchange of ideas and fresh thinking about the policy, legal, and technical ways in which our nation and its institutions respond to data breaches.

My sincere thanks go to the planning committee and staff who planned and organized the workshop as well as to the invited speakers for their thoughtful remarks and enthusiastic participation in the discussions that ensued. Writing support was provided by Anne Frances Johnson and Kathleen Pierce, Creative Science Writing. We also extend our appreciation to the National Science Foundation, the National Security Agency, and the Special Cyber Operations Research and Engineering Working Group for their support and encouragement of forum activities.

Fred B. Schneider, Chair

Forum on Cyber Resilience

Page viii Cite
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×

ACKNOWLEDGMENT OF REVIEWERS

This workshop proceedings has been reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise, in accordance with procedures approved by the Report Review Committee. The purpose of this independent review is to provide candid and critical comments that will assist the institution in making its published proceedings as sound as possible and to ensure that it meets institutional standards for objectivity, evidence, and responsiveness to the project’s charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process. We wish to thank the following individuals for their review of this proceedings:

Steven Bellovin, Columbia University,
Joel Reidenberg, Fordham University,
David Vladeck, Georgetown University, and
Mary Ellen Zurko, Cisco Systems.

Although the reviewers listed above have provided many constructive comments and suggestions, they were not asked to endorse the views presented at the workshop, nor did they see the final draft of the proceedings before its release. The review of this report was overseen by Samuel Fuller, Analog Devices, Inc., who was responsible for making certain that an independent examination of this proceedings was carried out in accordance with institutional procedures and that all review comments were carefully considered. Responsibility for the final content of this proceedings rests entirely with the authors and the institution.

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×

THE NATIONAL ACADEMIES PRESS 500 Fifth Street, NW Washington, DC 20001

This project was supported by the National Science Foundation under award number CNS-14194917. Any opinions, findings, conclusions, or recommendations expressed in this publication do not necessarily reflect the views of any organization or agency that provided support for this project.

Digital Object Identifier: 10.17226/23559

Copies of this report are available from:

The National Academies Press

500 Fifth Street, NW, Keck 360

Washington, DC 20001

(800) 624-6242

(202) 334-3313

http://www.nap.edu

Copyright 2016 by the National Academy of Sciences. All rights reserved.

Printed in the United States of America

Suggested citation: National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.

Reports document the evidence-based consensus of an authoring committee of experts. Reports typically include findings, conclusions, and recommendations based on information gathered by the committee and committee deliberations. Reports are peer reviewed and are approved by the National Academies of Sciences, Engineering, and Medicine.

Proceedings chronicle the presentations and discussions at a workshop, symposium, or other convening event. The statements and opinions contained in proceedings are those of the participants and are not necessarily endorsed by other participants, the planning committee, or the National Academies of Sciences, Engineering, and Medicine.

For information about other products and activities of the Academies, please visit nationalacademies.org/whatwedo.

Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×
Page R1
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×
Page R2
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×
Page R3
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×
Page R4
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×
Page R5
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×
Page R6
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×
Page R7
Page viii Cite
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×
Page R8
Suggested Citation:"Front Matter." National Academies of Sciences, Engineering, and Medicine. 2016. Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: 10.17226/23559.
×
Page R9
Next: Workshop Introduction »
Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop Get This Book
×
Buy Ebook | $34.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they discussed possible new mechanisms for better protecting and helping consumers in the wake of a breach. Speakers were asked to focus on data breach aftermath and recovery and to discuss ways to remediate harms from breaches. This publication summarizes the presentations and discussions from the workshop.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!