About this Blog

MIT CYBERSECURITY CLINIC

The new MIT Cybersecurity Clinic (11.274 and 11.074) will be offered in both the fall and spring semester at MIT.

The Cybersecurity Clinic will consist of four-modules : Cybersecurity for Critical Urban Infrastructure: Understanding the Problem; How the MIT Cybersecurity Clinic Makes Initial Contact with potential Client Agencies; Onsite Assessment of Cybersecurity Vulnerability by MIT Clinic Staff; and Prepare and Submit a Final Cybersecurity Vulnerability Assessment to a Client Agency. MIT students who want to take on field assignments with the Cybersecurity Clinic (for academic credit) must pass the certification examination offered at the end of the fourth module.

Students who have achieved certification, will work in teams supervised by advanced doctoral and post-doctoral students during the last nine weeks of the spring semester to collaborate with an assigned client agency to prepare a Cyberattack Vulnerability Assessment for a client agency.

WHO WE ARE

We are developing a new class of non-technical strategies against cyberattacks called Defensive Social Engineering. Cyber defenders can use Defensive Social Engineering along with technical tools to defeat or compromise attackers. One technique in the Defensive Social Engineering toolbox is Cyber Negotiation. This research is supported by MIT’s Internet Policy Research Initiative (IPRI).

RESOURCES

Click here for a list of publications and resources

click above to read more about this blog and watch the short animation below

Foreign Adversaries Hack Federal Court System for Second Time

December 1, 2025
CISA Moves CIRCIA Deadline to May 2026

November 17, 2025
AI’s Growing Impact on Cybersecurity

October 24, 2025
Ransomware Attack on Minnesota Capital City

September 19, 2025
Governments Push for Windows 11 Migration as Windows 10 End Nears in October

September 1, 2025
CIRCIA Proposed Regulations Uncertain Ahead of October Final Rule Publication

April 2, 2025
USA Today: Cyberattacks on Critical Infrastructure Are Increasingly Common

January 10, 2025
CISA Proposed Cybersecurity Incident Reporting Requirements for Critical Infrastructure Companies Opened for Comment

December 18, 2024
Boston Globe: How to Thwart Hackers (Local Cybersecurity)

June 5, 2023
Quick guide to the 6 ways we can regulate AI (MIT Tech Review)

May 30, 2023

When considering cyber defenses, security professionals and critical infrastructure operators immediately think about technical solutions such as intrusion detection systems or firewalls. However, hackers do not only use technical tools to break into critical infrastructure systems. Social engineering is a set of highly effective non-technical techniques that involve manipulating people and their data in order to penetrate a target system. Considering hackers use non-technical tools to break into systems, we propose that defenders should use non-technical tools to defend themselves. We are developing a new class of non-technical strategies against cyberattacks called Defensive Social Engineering. Cyber defenders can use Defensive Social Engineering along with technical tools to defeat or compromise attackers. One technique in the Defensive Social Engineering toolbox is Cyber Negotiation.

CONTRIBUTORS

Lawrence
Susskind

Greg
Falco

Alicia
Noriega

Emmett
McKinney

Adam
Hasz

Ben
Preis

Takeo
Kuwabara