MIT CYBERSECURITY CLINIC
The new MIT Cybersecurity Clinic (11.274 and 11.074) will be offered in both the fall and spring semester at MIT.
The Cybersecurity Clinic will consist of four-modules : Cybersecurity for Critical Urban Infrastructure: Understanding the Problem; How the MIT Cybersecurity Clinic Makes Initial Contact with potential Client Agencies; Onsite Assessment of Cybersecurity Vulnerability by MIT Clinic Staff; and Prepare and Submit a Final Cybersecurity Vulnerability Assessment to a Client Agency. MIT students who want to take on field assignments with the Cybersecurity Clinic (for academic credit) must pass the certification examination offered at the end of the fourth module.
Students who have achieved certification, will work in teams supervised by advanced doctoral and post-doctoral students during the last nine weeks of the spring semester to collaborate with an assigned client agency to prepare a Cyberattack Vulnerability Assessment for a client agency.
Learn more about the Cybersecurity Clinic and how to partner with us here.
WHO WE ARE
We are a team of MIT faculty, students, and researchers helping public agencies defend against cyberattacks through an approach called Defensive Social Engineering (DSE), led by Dr. Jungwoo Chun and Prof. Larry Susskind. Cyber defenders can usually defeat or protect themselves from attacks using DSE and other technical tools. The MIT Cybersecurity Clinic works with municipal or hospital IT staff and cybersecurity specialists in public agencies—especially those managing critical urban infrastructure—to quickly assess their vulnerabilities to attack.
RESOURCES
Click here for a list of publications and resources
ABOUT THIS BLOG
click above to read more about this blog and watch the short animation below
-
Ransomware Attack on Minnesota Capital City
-
Governments Push for Windows 11 Migration as Windows 10 End Nears in October
-
CIRCIA Proposed Regulations Uncertain Ahead of October Final Rule Publication
-
USA Today: Cyberattacks on Critical Infrastructure Are Increasingly Common
-
CISA Proposed Cybersecurity Incident Reporting Requirements for Critical Infrastructure Companies Opened for Comment
-
Boston Globe: How to Thwart Hackers (Local Cybersecurity)
-
Quick guide to the 6 ways we can regulate AI (MIT Tech Review)
-
World agencies issue cybersecurity guidance for smart cities
-
The Electronic Frontier Foundation Opinion Piece on the U.N. Cybercrime Treaty
-
Cyberattacks on local governments 2020: findings from a key informant survey
-
Cyber insurance is evolving and here to stay, say underwriters
Cyber insurance faces a challenging market, one where capacity has lessened and insurers are tightening up the "gray areas" of coverage. Underwriters aren't restricting coverage so much as "diversifying" based on risk exposure and claim…
-
Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom
Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest…
-
Cybersecurity risks are growing for state and local governments, report finds
In April, hackers leaked thousands of emails from the administration of Chicago Mayor Lori Lightfoot in response to the police shooting of 13-year-old Adam Toledo. In early May, the city of Tulsa suffered a ransomware attack that left…
-
Ex-employee tampered with Kansas water plant, feds say, a sign of online vulnerability
Wyatt Travnichek was the person responsible for monitoring the water quality in eight central countries in Kansas. In January 2019, he resigned for unknown reasons. Two years later, Travnichek is charged with “illegally tampering with…
-
Hackers demand up to $40 million in ransom from Broward schools
Ransomware attacks have been occurring more frequently over the past few years, and one sector that has been extremely impacted is education. Universities and places of higher education store personal data of tens of thousands…
-
New York regulator warns of ‘systemic and aggressive’ data theft campaign
On the heels of releasing a cyber risk insurance framework, the New York Department of Financial Services (NYDFS) issued an alert about a “systemic and aggressive” campaign to steal data from public-facing websites. Hackers appear…
-
Cyber insurance faces ‘turning point’ on industrial systems attacks
The risk of physical damage or injury due to cyberattacks on industrial control systems is becoming. “increasingly likely,” and poses a real threat to the cyber insurance world, according to a new study from Lloyd’s…
-
Are Cyber-insurers Responsible for Increased Cybercrime?
Auto insurers that pay back stolen car loans are never considered the ones responsible for increased levels of car theft. Similarly, home insurers do not bear the brunt of contributing to rises in burglary. The…
-
FYI: Cyber-Insurance Conference February 24th and 25th
Advisen’s Cyber Risk Insights Conference San Francisco @ Home Virtual Series, a conference on issues of Cyber Risk and Cyber Insurance, will be occuring virtually February 24th and February 25th. More information on the conference…
-
What Can Hospitals Do To Protect Themselves from Cyber Attack?
While everyone’s eyes we on the possibility of cyberattacks against government systems during the US presidential election, hospitals in America were, in fact, actually being attacked. The FBI reported on October 27th that more than…