MIT Internet Policy Research Initiative

Cybersecurity and Cyber Risk

IPRI’s cybersecurity work focuses on the intersection of security and policy. We build cyber risk models and metrics to help guide security investment and policymaking, and our team builds the technical platforms to gather and model that data securely and privately.Our multidisciplinary security research covers the encryption debate, accountability, securing core economic and social infrastructure, measuring cyber risk, and cryptography.

Cyber Risk

Cyber risk models and metrics
IPRI’s cyber risk research builds risk models and security benchmarks for economic sectors using the SCRAM secure computation platform developed at MIT.



MIT/ Federal Reserve Annual Conference
MIT IPRI, The Federal Reserve Board of Governors, and the Federal Reserve Bank of Richmond hold an annual conference on efforts to measure and track cyber risk across the financial system.


Cryptographic Computing

MIT’s world-leading cryptographers, risk specialists, and cybersecurity experts worked together to build the SCRAM secure computation platform to securely and privately collect security posture and incident data without requiring organizations to disclose their own inputs. working together with industry leaders to securely and privately measure and model cyber risk.

Differential Privacy
What is the right notion of privacy for protecting “small data,” when the number of data points is too small to benefit from typical aggregate computing techniques? IPRI investigates mechanisms for private data releases, in the settings of Differential Privacy, Predicate Singling Out, and other frameworks. We also aim to further our understandings of the tradeoffs between these frameworks as applied to different settings including “small data,” and apply them to our other cybersecurity studies.

Election systems security

IPRI researchers perform technical research on voting technologies to ensure the integrity of these critical systems. Fair elections are the foundation of democracy, and any compromise of the electoral process can undermine the legitimacy of the government and the trust of citizens in the system. Recent IPRI research has focused on mobile voting from Voatz and OmniBallot

Network security

IPRI research in the Advanced Network Architecture Group focuses on Internet routing security best practices and the economics around their adoption. For network operators, security measures can be operationally complex and expensive to implement, provide little competitive advantage, and protect only against origin hijacks, leaving unresolved the more general threat of path hijacks. We study how the industry can make practical, measurable progress against the threat of route hijacks in the short term by leveraging institutionalized cooperation rooted in transparency and accountability.

Critical Infrastructure

The digital systems that control critical infrastructure are easily penetrated and architecturally weak, and we have known it for a long time. Infrastructure security has been hesitant and chiefly rhetorical, while system operators have tended to focus on short-term fixes and tactical improvements. IPRI research examine the challenge of securing critical infrastructure and make policy recommendations. The work began in 2016 with a focus on four critical economic sectors, all of which are overwhelmingly or entirely in private hands: electricity, finance, communications, and oil-and-natural-gas (ONG). The critical infrastructure team published its report here.

People (Cybersecurity)

Please select a post grid

Cybersecurity (Alumni)