Home | Alumni Magazine

Cybersecurity@MIT: A Three-Legged Stool

Cybersecurity at MIT

Anticipating the constantly increasing threats posed by cybersecurity, in March 2015, MIT officially announced the Cybersecurity@MIT Initiative. It consists of three interrelated multidisciplinary cybersecurity research efforts: Cybersecurity@CSAIL, focused on improved hardware and software; the Internet Policy Research Initiative (IPRI), focused on policy; and the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity, (IC)³, focused on the managerial, organizational, and strategic aspects of cybersecurity.

At the kickoff event, MIT President L. Rafael Reif emphasized both the new initiatives’ partnerships with industry and the interdependence of the research programs. “New technologies will require new policies and incentives,” he said. “Emerging policies must adapt to future technologies. And none of that matters if they cannot make the present a safe place to do business.”

The IPRI works directly with policymakers and technologists to help solve problems. Led by former U.S. Deputy Chief Technology Officer for Internet Policy in the White House Daniel Weitzner, as well as faculty researchers from engineering, social science, and management labs at MIT, the center recently published a set of presidential-level policy recommendations based on a two-year analysis of critical energy, finance, and communications systems in the United States. A past report on encryption policy, “Keys Under Doormats,” was a key input to the FBI/Apple encryption debate, and led to the report’s authors testifying before the U.S. Congress four times. Many of the IPRI projects have co-principal investigators from two or even three different departments including MIT Sloan, reflecting the interdisciplinary aspect of cybersecurity policy.

The Computer Science and Artificial Intelligence Laboratory (CSAIL), the largest lab on campus, was created by the merger of two predecessor labs that date back to the 1950s—one was the Laboratory for Computer Science (LCS), where the first user IDs and passwords were introduced, and where Madnick received his PhD. CSAIL has long been at the forefront of internet and security issues, from developing large parts of the internet architecture to creating data encryption systems. It is home to the World Wide Web Consortium (W3C), directed by Tim Berners-Lee, inventor of the web.

While it often takes years to move from research to commercially available products, CSAIL has already helped some promising startups in the cybersecurity field get off the ground. In 2016, for example, the startup PatternEx launched its first service offerings, based largely on CSAIL research that combined human input with artificial intelligence to predict cyberattacks about three times more accurately than previously existing products. PatternEx co-founder Kalyan Veeramachaneni launched it as a research scientist at CSAIL with Una-May O’Reilly’s research group AnyScale Learning For All (ALFA); the company’s chief data scientist, Ignacio Arnaldo, is a former ALFA and CSAIL post-doc.

Besides the differences in research focus, each of the three programs has its own unique operational model. Cybersecurity@CSAIL is currently sponsored by seven leading firms from distinct industries, including aerospace, energy, and financial services. “The research is really informed by problems that industry is facing—and then it makes its way back out of the laboratory to address the problems,” says Lori Glover, managing director, CSAIL Alliances, and executive director, Cybersecurity@CSAIL.

(IC)³ includes 23 member firms across sectors, with multiple representatives from each industry. In general, companies choose a specific “stool” to affiliate with, but find a number of opportunities to cross-pollinate as CSAIL sponsors may attend (IC)³ meetings, and (IC)³ partners may attend CSAIL meetings. This overlapping cooperation also occurs in many other ways. The two centers have jointly organized events, such as a panel on cyberinsurance and a detailed presentation of the Ukrainian power grid attack.