SOCIAL CYBERDEFENSE OF
URBAN CRITICAL INFRASTRUCTURE

A blog discussing how to leverage social engineering to defend against technical cyberattacks

MIT CYBERSECURITY CLINIC

The new MIT Cybersecurity Clinic (11.274 and 11.074) will be offered in both the fall and spring semester at MIT. 

The Cybersecurity Clinic will consist of four-modules : Cybersecurity for Critical Urban Infrastructure: Understanding the Problem; How the MIT Cybersecurity Clinic Makes Initial Contact with potential Client Agencies; Onsite Assessment of Cybersecurity Vulnerability by MIT Clinic Staff; and Prepare and Submit a Final Cybersecurity Vulnerability Assessment to a Client Agency. MIT students who want to take on field assignments with the Cybersecurity Clinic (for academic credit) must pass the certification examination offered at the end of the fourth module. 

Students who have achieved certification, will work in teams supervised by advanced doctoral and post-doctoral students during the last nine weeks of the spring semester to collaborate with an assigned client agency to prepare a Cyberattack Vulnerability Assessment for a client agency.  

WHO WE ARE

We are developing a new class of non-technical strategies against cyberattacks called Defensive Social Engineering.  Cyber defenders can use Defensive Social Engineering along with technical tools to defeat or compromise attackers. One technique in the Defensive Social Engineering toolbox is Cyber Negotiation. This research is supported by MIT’s Internet Policy Research Initiative (IPRI).  

RESOURCES

Click here for a list of publications and resources

ABOUT THIS BLOG

click above to read more about this blog and watch the short animation below

more

CISA Proposed Cybersecurity Incident Reporting Requirements for Critical Infrastructure Companies Opened for Comment

December 18, 2024

On April 4, 2024, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) officially published its Notice of Proposed Rulemaking (NPRM) detailing significant new cybersecurity reporting requirements. These proposed requirements, which were open for public comment until June 3, 2024, aim to enhance national cybersecurity by ensuring timely reporting and response to cyber threats.

Key rules include:

  1. Cyber Incident Reporting:
    • Requires covered entities to report cyber incidents to CISA within 72 hours of identification.
    • Federal entities must share received incident reports with CISA within 24 hours.
  2. Ransomware Initiatives:
    • Entities must report ransom payments to CISA within 24 hours.
    • Establishes a Ransomware Vulnerability Warning Pilot Program and a Joint Ransomware Task Force.
  3. Voluntary Reporting Encouraged:
    • Organizations are urged to share cyber incident data with CISA during the rulemaking period to assist in trend analysis and national security efforts.

The rules define a “covered cyber incident” as one that leads to substantial loss of confidentiality, integrity, or availability of an information system or network, or disrupts business or industrial operations. These requirements apply to a broad range of critical infrastructure sectors, including energy, healthcare, and finance.

The proposed rules also outline the specific information that must be included in these reports, such as the nature and impact of the incident, the vulnerabilities exploited, and the actors involved. CISA intends to use this information to coordinate responses to cyber threats and share anonymized data with other critical infrastructure entities to bolster overall cybersecurity resilience.

The rules also provide CISA several mechanisms for enforcing regulations, including: (i) issuing a request for information (RFI); (ii) issuing a subpoena; (iii) referral to the Attorney General for a civil action.