Welcome and Opening Remarks: Daniela Rus, Professor, Head of MIT's Computer Science and Artificial Intelligence Lab (CSAIL)

The session will open with a fireside chat with Tom Barkin, President of the Federal Reserve Bank of Richmond and Andrew W. Lo, Charles E. and Susan T. Harris Professor at the MIT Sloan School of Management. Daniel Weitzner, 3Com Founders Senior Research Scientist chair at MIT’s Computer Science & Artificial Intelligence Laboratory, will moderate.

Andrew Lo will then provide additional remarks on the topic of cyber risk and the financial system.

9:30-10:00AM

Keynote: Kemba Eneas Walden, US White House, Office of the National Cyber Director

10:00-10:30AM

Keynote: Andrew W. Lo, MIT Sloan - Cybersecurity and the Financial System

10:30-11:00AM

11:00AM-12:30PM

Panel discussions on cybersecurity, operational resilience and financial stability

Cyber resilience is a key component of firms’ overall operational resilience. A lack of cyber resilience at individual or groups of firms makes the financial system as a whole more vulnerable to cyber events and bouts of financial instability. This panel will discuss how firms protect their most critical operations and core business lines with their own cyber resilience in mind, as well as the financial system’s cyber resilience, considering their firms’ critical role in the financial system. It also will explore how measures of cyber risk and resilience fit within larger measures of overall operational resilience.


Moderator: Art Lindo, Deputy Director, Supervision & Regulation, Board of Governors
* Nicole Muryn Clement, Senior Vice President, Global Information Security, Bank of America
* Mahi Dontamsetti, Global Head of Non-Financial Risk & Chief Technology Risk Officer, State Street
* Ajoy Kumar, Chief Information Security Officer, DTCC

1:30-3:00PM

Panel discussion on evaluating cyber incidents

Measuring cyber risk requires data about security incidents related to the security posture, control failures, and resulting financial impacts of the incident. The goal of this session is to explore how firms classify and evaluate individual cyber incidents within their organizations and how these data are used to quantify and communicate risk.

Moderator: Josephine Wolff, Associate Professor of Cybersecurity Policy, The Fletcher School, Tufts University
* Sean Downey, Head of Cybersecurity Operations & Analytics, Fidelity Investments
* Martin Eling, Professor, Director of the Institute of Insurance Economics, University of St. Gallen
* Matt McCabe, General Counsel and Risk Officer, Kivu Consulting
* David Stone, Google

3:00-3:30PM

3:30-4:45PM

Panel discussion on risk metrics and predictive statistics

The quantification and analysis of cyber risk is a developing field and has not yet matured to the point where it can be consistently measured and managed against corporate risk appetites. This panel will discuss current state-of-the-art methodologies used in evaluating cyber risk, as well as existing gaps and future directions. Moderator: Tammy Hornsby-Fink, Chief Information Security Officer, Federal Reserve System * Steve Bishop, Research & information Director, ORX * Martin Kreuzer, Senior Risk Manager Cyber Risks, Munich Re * Ni Kenney, Senior Business Director, Capital One

4:45-5:00PM

Day one closing comments and adjourn

Welcome and Opening Remarks

Panel discussion on threat analysis and scenario development

This panel will focus on discussing existing approaches to understanding the major factors and players behind cyber risk threats, as well as the techniques uses, and the process of analyzing these threat and materialized events. The panelists will also discuss scenario developments approaches and existing gaps in this domain.

Moderator: Patricia Mosser, Director, MPA Program in Economic Policy Management; Senior Research Scholar, Columbia University's School of International and Public Affairs
* Nedim Baruh, Head of Operational Risk Measurement and Analytics, J.P. Morgan Chase
* Jack Jones, Chairman, The FAIR Institute
* Karmen Yu, Assistant Vice President, National Incident Response Team, Federal Reserve National IT

Keynote: Jim Routh, former CISO of MassMutual and Aetna

Panel discussion on next steps

Specialists utilize existing tools and frameworks (such as NIST and FAIR) to manage firms’ cyber risks.
However, firms often lack a way to measure, aggregate and translate granular elements into
business-level cyber risk metrics and information that can be (1) effectively communicated to business
line risk managers; (2) provided to boards, governance bodies and stakeholders; and (3) compared to
other financial service sector firms. This panel will seek to identify key gaps that could be addressed
jointly by industry and academia.
* Moderator: Taylor Reynolds, Research Director, MIT Internet Policy Research Initiative
* Steve Bishop, Research and Information Director, ORX
* Martin Eling, Professor, Director of the Institute of Insurance Economics, University of St. Gallen
* Aly Farooqui, Chief Risk Officer, IBM Cloud for Financial Services
* Jeffrey Gerlach, Vice President, Federal Reserve Bank of Richmond
* Jim Routh, former CISO of MassMutual and Aetna
* Nagarjuna Venna, MIT Sloan, Co-founder of Bitsight