According to the FBI, there are only two types of companies: those that have been hacked, and those that will be. To address the important need to improve cybersecurity of critical infrastructure, MIT Sloan School of Management launched the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity, also known as (IC)3, on March 12. Using an interdisciplinary research approach, (IC)3 focuses on the strategic, managerial, and operational issues related to cybersecurity, and invites businesses to join the consortium.
“The cybersecurity of our critical infrastructure is a serious national security challenge. This new consortium will help MIT Sloan to make a deep and lasting impact in this area through interdisciplinary research and industry partnerships,” says MIT Sloan Dean David Schmittlein.
MIT Sloan Prof. Stuart Madnick, the academic director of (IC)3, comments, “MIT has played a long and historic role in addressing pressing challenges to the nation and the world, through initiatives from Radar to the Apollo Program. Now, we face a global crisis with the cybersecurity of our critical infrastructure that requires collaboration across a range of disciplines to find solutions. (IC)3 is uniquely positioned to lead the charge.”
He adds, “An important contribution of our consortium will be to produce metrics and models that organizations can use to measure all facets of cybersecurity and to make the best possible decisions on where to spend their money to give themselves the most effective protection.”
(IC)3, which is pronounced “IC-cube”, includes diverse and interdisciplinary faculty, with professors from MIT Sloan, and departments of Political Science, Aeronautics, Civil Engineering, and Computer Science. The initiative also works in collaboration with industry partners across the entire infrastructure value chain. Initial partners include companies, such as: ExxonMobil in the discovery and processing of energy, Schneider Electric in the development of systems to control the energy, automation, and manufacturing, Limelight Networks which provides cloud infrastructure for many Fortune 100 companies, and NextNine which provides cybersecurity software for hardening industrial control systems. Additional major critical infrastructure companies are in the process of joining (IC)3.
In addition, certain projects will be conducted in collaboration with international academic partners, initially Masdar Institute (Abu Dhabi) and Singapore University for Technology and Design.
“The MIT Sloan (IC)3 program offers an exciting new approach to protecting our critical infrastructure against an ever increasing threat landscape, improving our ability to meet national security priorities, securing our customers’ operations, and protecting the citizens they ultimately serve. We proudly support this key initiative with MIT,” says George Wrenn, CSO and vice president of cybersecurity at Schneider Electric.
Initial research project areas at (IC)3 include:
- developing metrics and models for organizations for cyber-risk analysis, better protection, and return on investment calculations;
- applying lessons learned from “accident” prevention research to prevent cybersecurity failures;
- simulation and modeling of cybersecurity resilience;
- developing incentives for more effective information sharing; and
- measuring and increasing corporate (cultural) adoption and top-management commitment to cybersecurity efforts.
(IC)3 is one of three new interrelated and collaborative programs at MIT covering the full breadth of cybersecurity issues. Recently, a $15-million grant from the William and Flora Hewlett Foundation helped launch the MIT Cybersecurity Policy Initiative (CPI). CPI is administered by MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL). The launch of CPI and (IC)3 also coincides with the launch of Cybersecurity@CSAIL, which is focused on technical aspects, such as programming languages, software verification, and computer architecture.
Source: MIT Sloan School of Management