IPRI MIT Funding Awards

2017-05-19 - 6 minutes read

MIT’s interdisciplinary Internet Policy Research Initiative (IPRI) awarded $1.5 million to researchers across campus working Internet policy and cybersecurity-related research projects. In distributing the awards, IPRI gave preference to projects that span across academic departments – reflecting the interdisciplinary approaches necessary to address these complex issues.

Information on each of the projects is provided below.

#1: Tools and methods for understanding systemic
cybersecurity risk

PI: Andrew Lo (Sloan) & Vinod Vaikuntanathan (CSAIL)

Description: Despite the increased awareness of cybersecurity risk, firms are reluctant to share the data necessary to understand and measure the prevalence of such risks, their magnitude, and the economic impact, leaving them unable to address these risks effectively. In this project, we aim to develop a secure multiparty computation platform that will give firms the ability to pool encrypted data while preserving confidentiality, and allow us to map the linkages across firms and compute summary statistics. By providing the markets with better information, firms will be equipped to make better decisions and manage cybersecurity risks more effectively and efficiently.

#2: Cybersecurity Impacts on International Trade

PIs: Simon Johnson (Sloan) & Stuart Madnick (Sloan)

Description: Governments have reportedly arranged to incorporate various forms of spyware and malware in Internet-connected products. In response, some countries have denied entry or imposed restrictions on imported products with such potential risks.  But this raises many policy issues, including (1) what is a questionable country (and is it OK if an “ally” spies on us?), (2) what products are of most concern, (3) assuming such restrictions quickly become worldwide policies with retaliations, what might be the long-term impact on international trade and the global economy as Internet-connected products proliferate, and (4) what voluntary standards could be put in place to lower the risk of trade wars?  These issues need to be rigorously studied in advance of policy makers making quick decisions – in some crisis condition – without understanding the impacts and consequences.

#3: How Public Should the Public Data Be? Creating a Framework for Indian Smart Cities

PIs: Chintan Vaishnav (Sloan) & Karen Sollins (CSAIL)

Description: This research explores privacy and security policy options for cities to open their data, in order to maximize the opportunity for improved services through citizen engagement while mitigating the risk to vulnerable populations. This is a collaborative effort between MIT and eGovernments Foundation, an NGO bringing digital governance to India’s 325 cities.

#4: Using AI Planning Techniques to Analyze Urban Critical Infrastructure Vulnerabilities

PIs: Howard Shrobe (CSAIL)

Description: Our urban infrastructure is becoming “smarter” and increasingly dependent on highly specialized computers called industrial control systems (ICS). Unfortunately, ICS are easily hackable and difficult to secure from cyberattacks. We propose to use advanced AI planning techniques to evaluate the cyber risks to critical urban infrastructure, focusing on water networks and transportation systems. Our research will result in the automatic identification of adversarial strategies (attack graphs) aimed at compromising these critical urban infrastructure systems. We will complement the automated generator with a system for the automatic generation of plausible countermeasures that could be incorporated into local policy measures to protect our emergent smart cities.

#5: Cyber Negotiation Playbook for Critical
Infrastructure Security

PI: Lawrence Susskind (DUSP)

Description: Cybersecurity is often portrayed as a ‘cat and mouse’ game testing the relative technical prowess of the attacker and the defender. However, it can equally be considered a battle of social wits. Negotiation in the cyber realm presents a significantly different dynamic from person-to-person negotiations typical of the boardroom, since there is no chance to read the face of the other side. You may have limited opportunity to negotiate in real time and, you probably will have no ability to ascertain the culture or values of the hacker. With critical infrastructure being under constant attack by hackers – both state sponsored and hobbyists, operators and managers must be prepared to negotiate with cyber terrorists. Our research involves work with managers of critical urban infrastructure to simulate attacks and help them develop a cyber negotiation playbook.

MIT News Item (19 May 2017): New funding enables work on Internet policy and cybersecurity for key infrastructure