• About Us
  • Disclaimer
  • Contact Us
  • Privacy Policy
Tuesday, July 14, 2026
mGrowTech
No Result
View All Result
  • Technology And Software
    • Account Based Marketing
    • Channel Marketing
    • Marketing Automation
      • Al, Analytics and Automation
      • Ad Management
  • Digital Marketing
    • Social Media Management
    • Google Marketing
  • Direct Marketing
    • Brand Management
    • Marketing Attribution and Consulting
  • Mobile Marketing
  • Event Management
  • PR Solutions
  • Technology And Software
    • Account Based Marketing
    • Channel Marketing
    • Marketing Automation
      • Al, Analytics and Automation
      • Ad Management
  • Digital Marketing
    • Social Media Management
    • Google Marketing
  • Direct Marketing
    • Brand Management
    • Marketing Attribution and Consulting
  • Mobile Marketing
  • Event Management
  • PR Solutions
No Result
View All Result
mGrowTech
No Result
View All Result
Home Al, Analytics and Automation

How MIT students are helping to prevent cyberattacks | MIT News

Josh by Josh
July 14, 2026
in Al, Analytics and Automation
0
How MIT students are helping to prevent cyberattacks | MIT News



In May 2019, the government of Baltimore, Maryland, fell into chaos. Cybercriminals had locked the city out of many of its critical files and demanded payment to decrypt them. The city refused to pay ransom. The attack incapacitated a swath of services, including real estate transactions and bill payment, and recovery costs soared into the millions.

The syllabus of class 11.074/11.274 (Cybersecurity Clinic), a course in the MIT Department of Urban Studies and Planning (DUSP), includes a case study on Baltimore’s situation as an example of increasingly common ransomware attacks on municipal governments and other public agencies. To counter such threats, Lecturer Jungwoo Chun and Ford Professor of Urban and Environmental Planning Lawrence Susskind launched the MIT Cybersecurity Clinic in 2019. They have offered the course nearly every semester since.

Much like a legal or medical clinic, the course doubles as hands-on training for students and a pro-bono service to at-risk communities. After completing instructional modules and passing a certification exam, students are assigned in teams to a client. By the end of the semester, each team creates a report assessing the client’s vulnerabilities to cyberattack and recommending steps to improve protection. So far, the clinic has provided more than 40 assessments, confidential and free of charge, primarily for New England municipalities and health-care organizations.

In 2025, the FBI’s Internet Crime Complaint Center documented an average of 2,765 cyberattacks targeting Americans every day. When these attacks strike cities and towns, the fallout goes beyond finances, says Chun: “There’s a terrifying, cascading effect on every dimension of our lives.” 

In recent years, cyberattacks targeting the kinds of client communities served by MIT’s clinic have imperiled water supplies, impeded 911 and police services, and exposed citizens’ personal data.

Despite being gateways to essential infrastructure, many small municipalities and hospitals lack in-house staff trained in cybersecurity. Demand for such experts far exceeds supply in today’s labor market, and public sector budgets rarely can match the high salaries private companies offer qualified candidates.

According to Comparitech, from 2018 to 2024, there have been 525 ransomware attacks on U.S. government entities, approximately one every five days, leading to an estimated $1.09 billion in downtime costs.  

“Underfunded public and not-for-profit bodies need to follow a self-help pathway,” Susskind says. “There are many low-cost moves that these organizations can implement with a little coaching from a free-service clinic.”

Defensive social engineering

Some might be surprised to find a university cybersecurity program housed outside the computer science department. Chun is an applied social scientist with expertise in public policy and planning, and Susskind is a leading scholar of conflict resolution and consensus building. They call the approach they’ve developed for the clinic “defensive social engineering” to emphasize that cybersecurity isn’t solely a technical challenge.

Chun acknowledges that the rapid development of artificial intelligence has created alarming new tools for criminals — “now AI can not only identify the vulnerability, but do the attack itself, which is really scary” — and an ever-evolving menu of software claims to guard against these attacks. Accordingly, the course spends considerable time on the technical aspects of cybersecurity. “But at the end of the day,” Chun says, “the biggest attack vector is still through humans.”

The term “social engineering” commonly refers to ways cybercrime victims are manipulated into compromising security (for example, by sending money to a scammer, downloading malicious code, or disclosing sensitive information). Susskind and Chun’s concept of defensive social engineering is similarly grounded in human psychology. The approach emphasizes that cybersecurity must be part of everyone’s job, technical or otherwise.

“It’s about people knowing what to do, people making the right choices,” says Chun. “It’s helping them use the resources and budget they have now on things that can be long-lasting, rather than just spending on the latest antivirus software.”

“Students with computer science backgrounds are surprised by the importance we attach to helping clients build organizational capacity,” says Susskind. “Students need to understand the leadership dynamics in their client communities. The IT director can’t just do what she or he wants. They depend on the local government for their budget. They need approval to hire new staff.”

On the other hand, Susskind says, students from planning or social science backgrounds often study smart city innovations without learning much about the technologies needed to manage the associated risks. And there are aspects of AI and advanced system design — along with cyber law and other topics critical to cybersecurity — that engineering students may not learn in their other courses. The Cybersecurity Clinic aims to round out the knowledge of students from every discipline. The course aims to broaden those students’ knowledge, too, by inviting at least half a dozen guest speakers each semester from industry, other universities and MIT academic departments, industry, and/or relevant public agencies.

This past spring, for example, the lineup of lecturers included Dan Ricci, the founder of Industrial Data Works, on the modeling of risk in energy systems within budget-constrained environments; Gus Serino, president of I&C Secure Inc., on operational-technology cybersecurity for industrial control systems; and representatives from the MassCyberCenter and the Cybersecurity Infrastructure Security Agency providing overviews of their respective state- and federal-level organizations’ programs and initiatives.

“There are highly specialized things to learn, especially about the ways AI is changing cybersecurity, that we need help teaching,” Susskind says. “The rate at which the field of cybersecurity is changing means that most academics will have a very hard time keeping up.”

A roadmap for improvement

Clinic students spend the first four weeks of the semester preparing for field assignments. A series of online modules, supplemented by class discussion, outline the scope and nature of cyberattacks against critical urban infrastructure; review the 23 risk areas most relevant to their type of clients; and provide guidance for each step of the assessment process. This includes simulations of tricky client interactions. What if clients don’t take students seriously, or fail to provide the necessary information? What if they argue to receive a more positive assessment than the facts warrant?

“I’ve never ever had a class that prepared us for such realistic scenarios before,” says Diego Contreras, a rising senior majoring in computer science and engineering who completed the course this spring.

The modules culminate in an exam students must pass on their first try to receive a field assignment. For the remainder of the semester, they’ll receive continued support via weekly class meetings and get faculty input on their drafted reports, but the onus is on students to coordinate their team’s activities and build client trust.

“You represent MIT, and that is quite the responsibility,” Contreras says. “This course has given me people skills I wouldn’t have developed in any other context.”

“The most delicate aspect of the project was balancing our assessment findings,” says Zev Moore ’26, who took the class last fall as a senior studying mathematical economics and finance. “Our approach was to provide important feedback while simultaneously validating the positive security measures our client already had in place, which ensured our report felt like a collaborative roadmap for improvement.”

Certain key recommendations show up in the majority of reports. For example, clients are advised to inventory all hardware and software tied into their network and track who has access; patch software and back up data regularly; require multi-factor authentication and frequent password updates; train employees not to open attachments from unknown parties; prepare an attack response plan that clarifies lines of authority and includes the organization’s stance on paying ransoms; and only use vendors with good cybersecurity hygiene.

“None of these items is costly,” Susskind says. “Together, they will probably avoid 80 percent or more of the possible cost and danger of cyberattacks.”

Spreading the model

To date, more than 120 students have completed the full course at MIT. The online modules that prepare students for certification are freely available to the public as a massive open online course on MITx called Cybersecurity for Critical Urban Infrastructure, which has attracted tens of thousands of learners. The modules are also used by universities with their own cybersecurity clinics — a growing cohort, thanks in part to a consortium (with 61 member institutions and counting) co-founded by MIT in 2021 with the University of California at Berkeley, Indiana University, and the University of Alabama.

Most student teams wrap up client work after finalizing their recommendations; a few have volunteered to stay on after semester’s end to advise on implementation. In either case, Susskind and Chun check in periodically with clients for at least two years following each engagement.

“We often hear of the vulnerability assessment report serving as the organization’s blueprint for their short-term, mid-term, and long-term agenda to be more prepared for future attacks,” says Chun. “We primarily work with IT directors or chief technology officers, and many of them have been telling us post-engagement that they shared the MIT report with the city or town leadership and were able to convince them they needed extra budget or a specific line item. They were using the student report as leverage to say, ‘it’s not just me saying it. We have a credible team who dedicated their time and these are the findings.’

“It’s really a humbling experience,” Chun adds, “when some of our past clients reach out to us again after some time to say: ‘Now we have different people, we just purchased new equipment. Can we do this all over again?’”



Source_link

READ ALSO

Building a VideoAgent-Style Multi-Agent System: Intent Parsing, Graph Planning, and Tool Routing for Video Editing Tasks

Types, Techniques & Best Practices

Related Posts

Building a VideoAgent-Style Multi-Agent System: Intent Parsing, Graph Planning, and Tool Routing for Video Editing Tasks
Al, Analytics and Automation

Building a VideoAgent-Style Multi-Agent System: Intent Parsing, Graph Planning, and Tool Routing for Video Editing Tasks

July 13, 2026
Types, Techniques & Best Practices
Al, Analytics and Automation

Types, Techniques & Best Practices

July 13, 2026
New method aims to keep kids safe from illegal AI-generated content | MIT News
Al, Analytics and Automation

New method aims to keep kids safe from illegal AI-generated content | MIT News

July 13, 2026
Meet NeuroVFM: A New Neuroimaging Foundation Model Trained With Vol-JEPA on Uncurated Clinical MRI and CT Volumes
Al, Analytics and Automation

Meet NeuroVFM: A New Neuroimaging Foundation Model Trained With Vol-JEPA on Uncurated Clinical MRI and CT Volumes

July 13, 2026
A Coding Guide to NVIDIA’s Tile-Based GPU Programming: From cuTile and Triton Kernels to Flash Attention
Al, Analytics and Automation

A Coding Guide to NVIDIA’s Tile-Based GPU Programming: From cuTile and Triton Kernels to Flash Attention

July 12, 2026
Mira Murati’s Thinking Machines Lab Makes The Technical Case For Human-Centered AI Built On Customizable Model Weights
Al, Analytics and Automation

Mira Murati’s Thinking Machines Lab Makes The Technical Case For Human-Centered AI Built On Customizable Model Weights

July 12, 2026
Next Post
ACRouter picks the smartest AI model per task, beating Opus-only setups by 2.6x on cost

ACRouter picks the smartest AI model per task, beating Opus-only setups by 2.6x on cost

POPULAR NEWS

Trump ends trade talks with Canada over a digital services tax

Trump ends trade talks with Canada over a digital services tax

June 28, 2025
15 Trending Songs on TikTok in 2025 (+ How to Use Them)

15 Trending Songs on TikTok in 2025 (+ How to Use Them)

June 18, 2025
Communication Effectiveness Skills For Business Leaders

Communication Effectiveness Skills For Business Leaders

June 10, 2025
App Development Cost in Singapore: Pricing Breakdown & Insights

App Development Cost in Singapore: Pricing Breakdown & Insights

June 22, 2025
Comparing the Top 7 Large Language Models LLMs/Systems for Coding in 2025

Comparing the Top 7 Large Language Models LLMs/Systems for Coding in 2025

November 4, 2025

EDITOR'S PICK

Software-Defined Vehicles: The Future of Automotive

Software-Defined Vehicles: The Future of Automotive

August 1, 2025
Google says ‘the open web is in rapid decline’

Google says ‘the open web is in rapid decline’

September 9, 2025
ChatGPT parental controls don’t mean kids need AI companions

ChatGPT parental controls don’t mean kids need AI companions

October 5, 2025
Russian authorities block paywall removal site Archive.today

Russian authorities block paywall removal site Archive.today

March 23, 2026

About

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

Follow us

Categories

  • Account Based Marketing
  • Ad Management
  • Al, Analytics and Automation
  • Brand Management
  • Channel Marketing
  • Digital Marketing
  • Direct Marketing
  • Event Management
  • Google Marketing
  • Marketing Attribution and Consulting
  • Marketing Automation
  • Mobile Marketing
  • PR Solutions
  • Social Media Management
  • Technology And Software
  • Uncategorized

Recent Posts

  • The Scoop: Record labels press streaming platforms to identify AI-generated songs
  • ACRouter picks the smartest AI model per task, beating Opus-only setups by 2.6x on cost
  • How MIT students are helping to prevent cyberattacks | MIT News
  • Netflix Forgot The First Rule Of Brand Growth: Adore The Core
  • About Us
  • Disclaimer
  • Contact Us
  • Privacy Policy
No Result
View All Result
  • Technology And Software
    • Account Based Marketing
    • Channel Marketing
    • Marketing Automation
      • Al, Analytics and Automation
      • Ad Management
  • Digital Marketing
    • Social Media Management
    • Google Marketing
  • Direct Marketing
    • Brand Management
    • Marketing Attribution and Consulting
  • Mobile Marketing
  • Event Management
  • PR Solutions