Defensive Social Engineering offers an early response to cyber attacks

MIT CYBERSECURITY CLINIC

The new MIT Cybersecurity Clinic (11.274 and 11.074) will be offered in both the fall and spring semester at MIT.

The Cybersecurity Clinic will consist of four-modules : Cybersecurity for Critical Urban Infrastructure: Understanding the Problem; How the MIT Cybersecurity Clinic Makes Initial Contact with potential Client Agencies; Onsite Assessment of Cybersecurity Vulnerability by MIT Clinic Staff; and Prepare and Submit a Final Cybersecurity Vulnerability Assessment to a Client Agency. MIT students who want to take on field assignments with the Cybersecurity Clinic (for academic credit) must pass the certification examination offered at the end of the fourth module.

Students who have achieved certification, will work in teams supervised by advanced doctoral and post-doctoral students during the last nine weeks of the spring semester to collaborate with an assigned client agency to prepare a Cyberattack Vulnerability Assessment for a client agency.

WHO WE ARE

We are developing a new class of non-technical strategies against cyberattacks called Defensive Social Engineering. Cyber defenders can use Defensive Social Engineering along with technical tools to defeat or compromise attackers. One technique in the Defensive Social Engineering toolbox is Cyber Negotiation. This research is supported by MIT’s Internet Policy Research Initiative (IPRI).

RESOURCES

Click here for a list of publications and resources

ABOUT THIS BLOG

click above to read more about this blog and watch the short animation below

CIRCIA Proposed Regulations Uncertain Ahead of October Final Rule Publication

April 2, 2025
USA Today: Cyberattacks on Critical Infrastructure Are Increasingly Common

January 10, 2025
CISA Proposed Cybersecurity Incident Reporting Requirements for Critical Infrastructure Companies Opened for Comment

December 18, 2024
Boston Globe: How to Thwart Hackers (Local Cybersecurity)

June 5, 2023
Quick guide to the 6 ways we can regulate AI (MIT Tech Review)

May 30, 2023
World agencies issue cybersecurity guidance for smart cities

April 27, 2023
The Electronic Frontier Foundation Opinion Piece on the U.N. Cybercrime Treaty

April 18, 2023
Cyberattacks on local governments 2020: findings from a key informant survey

February 21, 2023
strategic approach to identify, stop and punish cyberattackers (Third Way Cyber Enforcement Initiative)

December 12, 2022
Cyberattack Causes Trains to Stop in Denmark

November 7, 2022

November 1, 2017

Based on interviews with several Chief Information Security Officers (CISO) and Chief Information Officers (CIO) responsible for major urban infrastructure such as electric grids and transportation networks, we have concluded that cyber incidents are handled in much the same way as other system outages. System outages generally call into play a previously agreed upon “event response plan” this typically involves bringing backup systems online while the main system is repaired and the public is alerted, especially to interim changes in service. While this might make sense AFTER a cyberattack against urban infrastructure has occurred, it does not address what infrastructure managers should be doing before an attack occurs to reduce the damage.

Cyberattacks are generally complex and go through multiple stages. Lockheed Martin has created what it calls the Cyber Kill Chain. This categorizes a range of events that typically occur prior to an attack. In our view, urban infrastructure managers and operators ought to be taking steps to defend against and prepare for each step in the Kill Chain. At present, many are only focused on the final step ("the attacker goal”). Cybersecurity technologies can defend against some of the things that happen during the final stages of the kill chain, but most have not adequately addressed the early stages of cyberattack.

We believe that Defensive Social Engineering (DSE) can provide tools to combat the things that occur during the early stages of an attack where technological solutions are less effective. This is especially true in the case of urban cyber terrorism where attacks tend to be be well thought out attackers spend considerable upfront time preparing. DSE tools can also be used at later stages of an attack to amplify and reinforce the value of technological solutions.

As we develop the DSE toolbox, we will discuss such tools as: cyber negotiation, honeypots and decoy systems, obfuscation techniques, misinformation campaigns, employee education and awareness efforts, devaluing assets upon compromise and proactive defensive signaling. Some of these tools such as employee education and awareness, and honeypots are not new. However, our research is aimed at building a Playbook that explains how to select among defensive social tools in various situations, and how to formulate a broader defensive social engineering strategy to protect urban infrastructure from cyberterrorists.