Cybersecurity: A Social Engineering Approach at MIT

Cybersecurity for Critical Urban Infrastructure has had over 7000 students worldwide

Over 400 students have passed the certification exam

Taught by Lawrence Susskind, a 2020 recipient of the MIT Digital Teaching Award

At the MIT Cybersecurity Clinic, we work with cities and towns, particularly in New England, to help them reduce their vulnerability to cyberattacks. Our approach is to work directly with public agencies or elected officials to assess their vulnerabilities and suggest low-cost improvements they can make.  We believe that having an assessment of the status-quo is the first step in figuring out a plan of action that will prevent unwanted incidents. Teams from the Clinic typically work with public agency clients for two months to gather and analyze relevant information.

There is no cost for these services.

If you think we might be of help, please do not hesitate to contact Professor Larry Susskind (susskind@mit.edu) for further information.

We are a group of MIT faculty, students, and researchers helping public agencies defend themselves against cyber attacks by using an approach called Defensive Social Engineering (DSE). Cyber defenders can use DSE along with other technical tools to defeat or compromise attackers. The MIT Cybersecurity Clinic works with the IT staff and cybersecurity specialists in public agencies, along with managers of critical urban infrastructures, to help assess their vulnerabilities. We also offer various training opportunities, including a 4-week online training program open to anyone for free: MITx Cybersecurity for Critical Urban Infrastructure on edX, and a role-play simulation exercise: Save Fairport. MIT, Harvard, and Wellesley students interested in registering for the Cybersecurity Clinic (for credit or otherwise), please visit 11.274/11.074 for more information.

The Online Course

The class Cybersecurity for Critical Urban Infrastructure is available to anyone who is interested, around the world. It is self-paced, and structured in four 2-hour educational modules offered on edX by MIT, that culminate in an optional certification exam that can be used to verify your completion of the material. Read more about the course here.

The Clinic

The Cybersecurity Clinic (11.274/11.074) is available to any registered MIT, Harvard, or Wellesley student. The first four weeks consist of the aforementioned four modules + certification exam, and the rest of the semester involves working with a team of classmates to perform a Cyberattack Vulnerability Assessment on a real client. Read more about the clinic here.

The Consortium

MIT is also a founding member of the Cybersecurity Consortium among universities that is rapidly expanding throughout the nation and the globe. The Consortium is now an international network of universities dedicated to advancing cybersecurity education for the public good by growing the number of cybersecurity clinics that train students and help public sector clients build capacity in cybersecurity. Read more about the Consortium here.

This 2-hour interactive experience allows city officials and community members alike to learn what it takes to combat cyberattacks. The scenario:

“Last week the City of Fairport suffered a debilitating ransomware attack, which focused on the city’s water systems. Lack of a structured response and other systemic issues led to the discovery of significant safety hazards. The Mayor, who is running for re-election, needs to act quickly and decisively to demonstrate that she is addressing the security and safety threats. The Mayor has convened a group of city, state, and federal leadership to design a policy strategy and budget.”

Working in a team of eight, the members of this group must come to a decision about how to address and solve this problem. With individual agendas, a limited budget, and the constant pressure of the time winding down, reaching consensus won’t be easy; but, it is sure to build the understanding and skills of the participants.