Three groundbreaking initiatives on cybersecurity recently were announced at MIT to help guard against the increasingly sophisticated attacks threatening our digital infrastructures.
“Our goal is to develop a holistic foundation for eliminating vulnerabilities and making our systems more secure for the future,” says Daniela Rus, director of MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) and Andrew and Erna Viterbi Professor of Electrical Engineering and Computer Science. “Our researchers are tackling multiple areas from cryptography to system architecture, from systems and hardware design to policy. We’re now working with industry to create tools capable of eliminating the vulnerabilities plaguing the digital landscape. And we’ll also have substantive discussions with government officials about what to do to improve technology policy.”
The three initiatives span several MIT schools: Cybersecurity@CSAIL addresses software, hardware, and cryptography; the MIT Cybersecurity and Internet Policy Research Initiative will develop policy with input from many disciplines at MIT, including computer science and political science; and the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity, based at MIT Sloan School of Management, examines managerial, operational, and strategic issues.
MIT’s contributions to computer security go back to the 1960s. Project MAC, the antecedent of CSAIL, devised a system for shared computing that required users to create passwords to protect their content, thereby creating the world’s first computer password. But Rus explains that many of today’s cybersecurity issues result from older, poorly designed systems, which were initially constrained by limited computing power. “In fact,” she says, “many of these systems viewed security as an afterthought, if they thought of security at all. This haphazard approach, known in the industry as ‘patch and pray,’ leaves organizations scrambling to react after a data breach, and by then it’s too late.”
Now, Rus and the CSAIL team, led by Dr. Howard Shrobe, are working toward a model of “security by default,” designing and implementing security measures that systematically prevent attacks and make systems more resilient, even capable of repairing themselves when breaches occur. “Many in the cybersecurity field think that these problems are inherent because computer systems are so complex, “says Shrobe. “Our view is most vulner- abilities are due to a small number of architectural weaknesses. We have to re-architect our systems to make them safer.”
Rus adds: “Cybercrime may seem inevitable today, but with the right people, resources, and approach, we can change that.”