What is Cyber Liability Ubiquitous Warfare Espionage Media Operational Data Security and Privacy Tech 1
Data Security and Privacy Data Breach Response Costs Privacy Regulatory Action Civil Litigation INSURABLE 2
Cyber Insurance Marketplace Tailored insurance Solutions based on your exposures No coverage/policy uniformity in the marketplace Capacity $350M - $400M 3
Media Liability Arising out of the utterance and dissemination of content in any medium Various Personal Injury Torts Defamation (Libel Slander) Invasion of Privacy All Intellectual Property Infringement except Patent INSURABLE 4
Technology Errors and Omissions Liability to third parties from an act, error or omission in the performance of or failure to perform your Tech Services, or Liability to third parties from your Tech Product s failure to perform or serve the purpose intended Contractual versus Negligence Why is this key? INSURABLE 5
Intellectual Property Infringement How? storing 3 rd party Corporate Confidential Information Tech or Professional Services Tech Products Services performed for others Content and Domain Names Examples of: Copyright Title, Slogan, Logo, Trademark, Trade Name Trade Dress, Service Mark or Service Name Patent EXCLUDED Patent Infringement Trade Secret (unless exposed via a breach) MOSTLY INSURABLE 6
Operational Risk (Non-War Related) Network outage from non-physical trigger and non-tangible loss Includes dependent business interruption to cloud providers or other vendors Loss of Revenue Extra Expense INSURABLE 7
Cyber Espionage Who? State Sponsored or Organized Crime What? First Party Loss of Intellectual Property UNINSURABLE 8
Cyber Sabotage Stuxnet Flame PARTIALLY INSURABLE 9
Executive Order from Obama 10
Cyber Insurance Marketplace & Cyber Security Impact White House Cyber Insurance Meeting Discussion Topics: Cyber Security Privacy Civil Liberties and Policy National Security Government Approach Cyber Security Incentives Cyber security Insurance Grants Process Preference Liability Limitation Streamline Regulations Public Recognition Rate Recovery for Price Regulated Industries Cyber Security Research At the White House on August 26, 2013 National Institute of Standards and Technology (NIST) Framework 11
The Threat Profile 2012: 47,000 reported security incidents ICS Cert Monitor April-June 2013 12
Where do threats come from? State-sponsored attack Extremists (Terrorism or Hacktivist) Criminal gangs Disgruntled ex-employees Employees/Vendors Cyber espionage attack 13
Also Non-damage Interruptions Over a period of the last 5 or so years, a computer worm named Stuxnet has targeted Iranian infrastructure, specifically believed to be aimed at the nuclear program. Although it was discovered in June 2010 it is believed it may have existed in a form from 2007 and it is still being used to attack industrial processes with attacks reported as recently as December 2012. It is believed that Stuxnet was jointly developed by the United States and Israel to target Siemens equipment which was procured secretly by the Iranians. It has since had several reincarnations as Duqu and Flame. In October 2012, a US power company put a plant off line for three weeks after a technician of a third party contractor used an infected USB computer drive on the network. In September 2012, Telvent, a company whose software and services are used to remotely administer and monitor large sections of the energy industry suffered a sophisticated cyber-attack which was believed to be the work of a Chinese hacking group. In November 2011, a US water utility company in Springfield, Illinois had a pump destroyed by a team of hackers, believed to be from Russia, who infiltrated their network and used their access to operate machinery. It is also believed that access was gained after a SCADA software vendor had customer usernames and passwords stolen. There were also minor glitches observed in the remote access to the system in the months prior to the attack as well as the utility running phpmyadmin, a web-based database administration tool which would be too insecure for use at such a facility. In June 2009, a night security guard at a Dallas hospital used his position to gain physical access to the HVAC (heating, ventilation and cooling) system where he was then able to manipulate the system. His intrusion was only discovered by a security researcher who discovered screenshots from the control systems. In August 2005, DaimlerChrysler had to put 13 plants offline due to an internet worm called Zotob. This worm affected a number of companies with DaimlerChrysler having to shut down production for an hour while Windows systems were patched to secure a hole that had only recently been addressed by Microsoft. In August 2003, CSX Corp had its computer system infected by the Sobig virus which was transferred via email. Usually control systems would not be affected however because there was inadequate protection the entire CSX system was affected meaning the delay and cancellation of many trains. In January 2003, an Ohio nuclear power plant operated by First Energy had a safety monitoring system taken offline for five hours. Known as the Slammer worm, the worm entered the unsecured network of a contractor whose network was bridged with the plants corporate network which bypassed the plants firewall. Beginning in January 2000 and lasting over 3 months, Maroochy water services were repeatedly hacked a former consultant who was refused a full time job with the local council. He made at least 46 attempts to take control of the sewage system and its various pumps expelling millions of litres of raw sewage into local parks and rivers causing over $1m of damage. 14
Supervisory Control & Data Acquisition Energy Packages 15
Pipeline Systems 16
SCADA Automating Processes 17
One Broker s Response 18
What is CL380? CL380 19
Insured Events Accidental Damage or Destruction Administrative or Operational Mistakes Computer Crime and Computer Attacks Denial of Service/Distributed Denial of Service Malicious Code Unauthorised Access Unauthorised Use 20
Indemnity What does SCADA product cover Business Interruption caused by an insured peril Business Interruption as a result of property damage caused by an insured peril Digital Asset Damage Cyber Liability What does SCADA product NOT cover Physical damage replacement costs in isolation Technology Service Errors & Omissions Seepage and Pollution or TPL 21
Our Mission To be the worldwide value and service leader in insurance brokerage, employee benefits, and risk management Our Goal To be the best place to do business and to work www.lockton.com 2013 Lockton, Inc. All rights reserved. Images 2013 Thinkstock. All rights reserved. Lockton Companies LLP. Authorised and regulated by the Financial Conduxt Authority. A Lloyd s Broker. 22