Cybersecurity for Critical Urban Infrastructure

When considering cyber defenses, security professionals and critical infrastructure operators immediately think about technical solutions such as intrusion detection systems or firewalls. However, hackers do not only use technical tools to break into critical infrastructure systems. Social engineering is a set of highly effective non-technical techniques that involve manipulating people and their data in order to penetrate a target system. Considering hackers use non-technical tools to break into systems, we propose that defenders should use non-technical tools to defend themselves. We are working with the state of Massachusetts to identify Minimum Cybersecurity Defenses and Procedures that cities and towns should adopt as well as obstacles to implementing these minimum defenses.

A group of MIT faculty, students, and researchers help public agencies defend themselves against cyber attacks by using an approach called Defensive Social Engineering (DSE). Cyber defenders can use DSE along with other technical tools to defeat or compromise attackers. The MIT Cybersecurity Clinic works with the IT staff and cybersecurity specialists in public agencies, along with managers of critical urban infrastructures, to help assess their vulnerabilities. Various training opportunities are offered, including a 4-week online training program open to anyone for free: MITx Cybersecurity for Critical Urban Infrastructure on edX, and a role-play simulation exercise.