MIT Cybersecurity Clinic
The Clinic is supported with a grant
from Public Interest Technology University Network which consists of 17
colleges and universities all around the United States, which are funded by the
Ford Foundation. In addition to this, there will also be the MIT Computer
Science and Artificial Intelligence Lab, known as CSAIL, and the Science Impact
Collaborative at MIT and the Internet Policy Research Initiative at MIT.
The object of the Clinic
The Clinic makes sure that the Public
agencies pay keen attention to protect themselves from such cyber attacks.
There will also be a meeting coming up with a series of partner organizations,
like the National League of Cities, the Conference of Mayors, International
City Manager's Association, the National Conference of State Legislators, which
would help the Organizations to understand the role of the clinic.
JOB in the Clinic
MIT is building a course, a semester-long course called the Cybersecurity Clinic. The first four weeks of the
course, the students in the clinic will be taking these training modules. Once
they pass the test at the end of the four modules and are certified as
vulnerability assessors, they will be part of teams assigned to work with
different public agencies.
Working with the Public Agency
When a public agency contacts MIT, they
will ask them for some basic information. MIT will use their basic information
to formulate a contract. The contract will guarantee them that MIT will protect
their security, confidentiality, and the contract will guarantee the
clinic that MIT will have access to the people and information that they need.
Once the contract is done, then MIT will ask for their client-agency to answer
a series of questions. The questionnaire is key to, obviously, the checklist.
And they would share with MIT, basic documents, basic information that will
allow us to get a handle on the extent to which they are already addressing--
some, most, all-- of the points in the checklist.
The goal of the MIT Clinic
once they have the results of the questionnaire will be to formulate the material they need to double-check when they go on site. So the questionnaire will lead to the design of a site visit. They'll be talking to a lot of people, both inside and outside the agency in the city where they are locating MIT’s team. And based on all the results of the on-site visit, MIT will draft a preliminary version of their vulnerability assessment, Share it with the client, then produce a final version of the assessment. While most of the data MIT will be collecting on-site is aimed at double-checking what they heard in the surveys and what they found on their own in terms of preparing for site visits, also the same data will be part of a national database that The clinic is building at MIT.
Each city has a story to tell and the
only goal of MIT is to listen carefully, compare it with the checklist, and try
to give them suggestions in order to enhance their cybersecurity. The National
Security has to strip out identifying information so that MIT can maintain
confidentiality. MIT wants to develop a
deeper understanding of the dynamics of cybersecurity for urban infrastructure.
The mission of the Clinic
The Mission of the clinic is to train
a set of people who will provide help to cities and towns that needs assistance.
And such a set of people will be provided with the tools for vulnerability assessment
for each client agency and such information will be provided in the National Database.
THE CLINIC AND CLIENT INSIGHTS COMMUNICATION PROTOCOLS
When Clinic staff get in touch with a
client-agency, they take special steps to protect agency information. This is
true when they are transmitting, receiving, and storing data. Clinic staff will
communicate using email hosted by MIT.
All inquiries to the clinic staff
should be directed to the Clinic's contact email address, not personal emails.
No documents will be sent as email attachments. Rather they will be
uploaded/downloaded using an MIT-backed cloud folder (i.e. Dropbox), owned by
the Clinic.
Requests for documents must be sent by
the Clinic staff via the Clinic email. All data associated with clients will be
stored in the cloud folder backed by MIT (i.e. Dropbox). Alternatively, The clinic may decide to transfer stored data to an external drive stored under
lock and key, with access limited to essential Clinic staff.
CROSS BENEFITS FROM WORKING
WITH THE CLINIC
Interactions with the MIT
Cybersecurity Clinic offers a number of benefits for public agencies in addition
to cybersecurity advice. These include help clarifying lines of authority for
the entire organization (not just IT-related), providing an opportunity to
reassess emergency action plans (not just for cyberattacks), replacing outdated
software (also related to reducing costs in the long run), and most
importantly, taking risk management seriously now, rather than after an event.
0 Comments