SOCIAL CYBERDEFENSE OF
URBAN CRITICAL INFRASTRUCTURE

A blog discussing how to leverage social engineering to defend against technical cyberattacks

MIT CYBERSECURITY CLINIC

The new MIT Cybersecurity Clinic (11.274 and 11.074) will be offered in both the fall and spring semester at MIT. 

The Cybersecurity Clinic will consist of four-modules : Cybersecurity for Critical Urban Infrastructure: Understanding the Problem; How the MIT Cybersecurity Clinic Makes Initial Contact with potential Client Agencies; Onsite Assessment of Cybersecurity Vulnerability by MIT Clinic Staff; and Prepare and Submit a Final Cybersecurity Vulnerability Assessment to a Client Agency. MIT students who want to take on field assignments with the Cybersecurity Clinic (for academic credit) must pass the certification examination offered at the end of the fourth module. 

Students who have achieved certification, will work in teams supervised by advanced doctoral and post-doctoral students during the last nine weeks of the spring semester to collaborate with an assigned client agency to prepare a Cyberattack Vulnerability Assessment for a client agency.  

WHO WE ARE

We are developing a new class of non-technical strategies against cyberattacks called Defensive Social Engineering.  Cyber defenders can use Defensive Social Engineering along with technical tools to defeat or compromise attackers. One technique in the Defensive Social Engineering toolbox is Cyber Negotiation. This research is supported by MIT’s Internet Policy Research Initiative (IPRI).  

RESOURCES

Click here for a list of publications and resources

ABOUT THIS BLOG

click above to read more about this blog and watch the short animation below

more

AI’s Growing Impact on Cybersecurity

October 24, 2025

AI is rapidly transforming CyberOps, creating numerous opportunities for automation and enhancement. A Boston Consulting Group survey revealed that 50% of organizations are already redesigning workflows with the technology, and 77% expect AI agents to become key to enterprise operations within the next five years.

Experts describe AI as a “force multiplier” for cybersecurity teams: speeding up analysis, managing repetitive tasks, and increasing productivity for both junior and senior staff. However, this shift also indicates a move toward smaller, expert-led teams overseeing AI systems. Entry-level roles may vanish, replaced by positions that require stronger technical and analytical skills.

Despite the increasing power of automation, leaders stress the importance of keeping humans involved. As Jeffrey Brown, former CISO of Connecticut, states, “AI will enhance operations, but human intuition is irreplaceable.” Professionals will need to develop skills in AI governance, prompt engineering, and data science.

Yet, while AI adoption accelerates, many organizations fall behind in securing these systems. Accenture’s State of Cybersecurity Resilience (2025) reports that:

  • 83% lack a secure cloud foundation
  • 77% have not adopted Data & AI security practices
  • Only 22% have policies for generative AI use
  • Just 25% fully employ encryption and access controls

To address these risks, Gartner’s CISO’s Guide to AI Cyber Stewardship (2025) recommends that leaders adopt an AI Trust, Risk, Security, and Management (TRiSM) framework for responsible deployment.

Read the full article here: https://www.csoonline.com/article/4042494/how-ai-is-reshaping-cybersecurity-operations.html