MIT CYBERSECURITY CLINIC
The new MIT Cybersecurity Clinic (11.274 and 11.074) will be offered in both the fall and spring semester at MIT.
The Cybersecurity Clinic will consist of four-modules : Cybersecurity for Critical Urban Infrastructure: Understanding the Problem; How the MIT Cybersecurity Clinic Makes Initial Contact with potential Client Agencies; Onsite Assessment of Cybersecurity Vulnerability by MIT Clinic Staff; and Prepare and Submit a Final Cybersecurity Vulnerability Assessment to a Client Agency. MIT students who want to take on field assignments with the Cybersecurity Clinic (for academic credit) must pass the certification examination offered at the end of the fourth module.
Students who have achieved certification, will work in teams supervised by advanced doctoral and post-doctoral students during the last nine weeks of the spring semester to collaborate with an assigned client agency to prepare a Cyberattack Vulnerability Assessment for a client agency.
Learn more about the Cybersecurity Clinic and how to partner with us here.
WHO WE ARE
We are a team of MIT faculty, students, and researchers helping public agencies defend against cyberattacks through an approach called Defensive Social Engineering (DSE), led by Dr. Jungwoo Chun and Prof. Larry Susskind. Cyber defenders can usually defeat or protect themselves from attacks using DSE and other technical tools. The MIT Cybersecurity Clinic works with municipal or hospital IT staff and cybersecurity specialists in public agencies—especially those managing critical urban infrastructure—to quickly assess their vulnerabilities to attack.
RESOURCES
Click here for a list of publications and resources
ABOUT THIS BLOG
click above to read more about this blog and watch the short animation below
-
Ransomware Attack on Minnesota Capital City
-
Governments Push for Windows 11 Migration as Windows 10 End Nears in October
-
CIRCIA Proposed Regulations Uncertain Ahead of October Final Rule Publication
-
USA Today: Cyberattacks on Critical Infrastructure Are Increasingly Common
-
CISA Proposed Cybersecurity Incident Reporting Requirements for Critical Infrastructure Companies Opened for Comment
-
Boston Globe: How to Thwart Hackers (Local Cybersecurity)
-
Quick guide to the 6 ways we can regulate AI (MIT Tech Review)
-
World agencies issue cybersecurity guidance for smart cities
-
The Electronic Frontier Foundation Opinion Piece on the U.N. Cybercrime Treaty
-
Cyberattacks on local governments 2020: findings from a key informant survey
-
Ransomware Attack on Minnesota Capital City
Ransomware Attack on Minnesota Capital City On July 25th, Minnesota’s capital, St. Paul, fell victim to a major cyber attack. City officials moved quickly to contain the breach, ultimately shutting down their networks on July…
-
Governments Push for Windows 11 Migration as Windows 10 End Nears in October
Windows 10 support is scheduled to end on October 14, 2025. Organizations have until that date to upgrade to Windows 11, or they will need to start paying for extended Windows 10 support. Even then,…
-
CIRCIA Proposed Regulations Uncertain Ahead of October Final Rule Publication
CIRCIA, the Cyber Incident Reporting for Critical Infrastructure Act, which was signed into law in March 2022, requires covered entities to report any major cybersecurity incident within 72 hours, and to report ransomware payments within…
-
USA Today: Cyberattacks on Critical Infrastructure Are Increasingly Common
Cyberattacks on critical infrastructure have become increasingly common, posing significant threats to essential services such as water supplies, energy grids, and transportation systems. These attacks can lead to severe disruptions, economic losses, and even endanger…
-
CISA Proposed Cybersecurity Incident Reporting Requirements for Critical Infrastructure Companies Opened for Comment
On April 4, 2024, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) officially published its Notice of Proposed Rulemaking (NPRM) detailing significant new cybersecurity reporting requirements. These proposed requirements, which were…
-
Boston Globe: How to Thwart Hackers (Local Cybersecurity)
Cities and towns don’t have the knowledge, staff, or money to fend off cyberattacks themselves. They need help – says the Boston Globe In late April, the City of Lowell’s computer system was hacked, disrupting…
-
Quick guide to the 6 ways we can regulate AI (MIT Tech Review)
Amidst advancements in generative AI tools, this MIT Technology Review article summarizes 6 potential avenues for countries to regulate AI, and their respective pros and cons. Entities that have proposed joint-regulations include the OECD, UN,…
-
World agencies issue cybersecurity guidance for smart cities
The Cybersecurity Best Practices for Smart Cities guide has been issued by the UK’s National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation…
-
The Electronic Frontier Foundation Opinion Piece on the U.N. Cybercrime Treaty
The Electronic Frontier Foundation Opinion Piece on the U.N. Cybercrime Treaty As the fifth session of the UN Cybercrime Convention commenced in Vienna at the beginning of April, the Electronic Frontier Foundation raised concerns with…
-
Cyberattacks on local governments 2020: findings from a key informant survey
This paper published in the Journal of Cyber Policy takes a close look at patterns of cyberattacks, types of attackers, the frequencies of incidents and breaches of local government IT systems, and purposes of attacks…