MIT launches three-pronged effort to thwart cyber attacks

MIT is attacking cybersecurity from three angles: technical, regulatory and managerial through programs and in partnerships.

MIT is attacking cybersecurity from three angles: technical, regulatory and managerial through three programs and in partnership with major corporations.

The initiatives include participants from across several MIT schools as well as from outside the university with a goal of making it harder for attackers to succeed in efforts to break into networks, disrupt them, and steal and destroy data.

The technical challenge will be met by the school's Computer Science and Artificial Intelligence Laboratory (CSAIL) in cooperation with a group of industry partners -- BAE Systems, BBVA, Boeing and Raytheon -- that will meet periodically to be briefed about ongoing research. The goal is to address the technical challenges of cybersecurity with a big-picture view rather than a piece here and a piece there. CSAIL's principal research scientist Howard Shrobe calls the latter a patch-and-pray strategy that fails to fight attacks systematically.

Already CSAIL has research projects to shore up technical weaknesses. One would lead to enabling computers to compute on encrypted data without decrypting it. Another has developed a Web-authoring language that guarantees applications cannot fall victim to cross-site scripting attacks. A third is developing a processor architecture immune to whole classes of attacks, says Shrobe.

The second program is the MIT Cyber Security Policy Initiative to establish quantitative metrics and qualitative models to help decision makers set cyber security policies. The program will try to provide policy makers with solid research on which to base informed opinions, says Danny Weitzner, a principal research scientist at CSAIL.

The program will rely on input from CSAIL, MIT's Sloan School of Management and experts from MIT political science, economics and other departments. The program is funded by $15 million from the Hewlett Foundation, which said in announcing it that its goal is to generate ideas about how to improve the trustworthiness of computer systems and balance security needs with privacy. The foundation funded similar programs at Stanford University and the University of California, Berkeley.

The third program is the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity (IC)3 that draws on research groups at Sloan. The groups will look at the managerial, operational and strategic aspects of cybersecurity for critical assets such as financial institutions, energy suppliers and health care.

The effort will try to formulate, "How to keep critical infrastructure safe from potentially life-threatening attacks," says SP Kothari, deputy dean of Sloan and a professor of accounting and finance.

IC3 plans to extend earlier studies on management of industrial accidents and safety to cover cyber events and cyber-safety. It will also apply ways it developed to improve and coordinate community emergency readiness teams (CERT) to improve information sharing within countries, internationally and across sectors of critical infrastructure. The group is also trying to identify choke points -- the best places in networks to interrupt cyber attacks.

Prospective members of the group have said they hope it develops models and metrics for better protecting networks and preventing cyber incidents. These tools would include risk analysis, calculating return on investment, improving processes and simulating cybersecurity resilience, as well as increasing corporate buy-in for cyber security efforts.

The project is funded by membership fees ranging from $45,000 to $450,000 per year.

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecurityboeingsecurityBAE SystemsBBVAintelraytheon

More about MITStanford University

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts