MIT has received $15 million in funding from the William and Flora Hewlett Foundation to establish an initiative aimed at laying the foundations for a smart, sustainable cybersecurity policy to deal with the growing cyber threats faced by governments, businesses, and individuals.
The MIT Cybersecurity Policy Initiative (CPI) is one of three new academic initiatives to receive a total of $45 million in support through the Hewlett Foundation’s Cyber Initiative. Simultaneous funding to MIT, Stanford University, and the University of California at Berkeley is intended to jump-start a new field of cyber policy research. The idea is to generate a robust “marketplace of ideas” about how best to enhance the trustworthiness of computer systems while respecting individual privacy and free expression rights, encouraging innovation, and supporting the broader public interest.
With the new awards, the Hewlett Foundation has now allocated $65 million over the next five years to strengthening cybersecurity, the largest-ever private commitment to this nascent field. “Choices we are making today about Internet governance and security have profound implications for the future. To make those choices well, it is imperative that they be made with a sense of what lies ahead and, still more important, of where we want to go,” says Larry Kramer, president of the Hewlett Foundation. “We view these grants as providing seed capital to begin generating thoughtful options.”
“I’ve had the pleasure of working closely with Larry Kramer throughout this process. His dedication and the Hewlett Foundation’s remarkable generosity provide an opportunity for MIT to make a meaningful and lasting impact on cybersecurity policy,” MIT President L. Rafael Reif says. “I am honored by the trust that the Foundation has placed in MIT and excited about the possibilities that lie ahead.”
Each of the three universities will take complementary approaches to addressing this challenge. MIT’s CPI will focus on establishing quantitative metrics and qualitative models to help inform policymakers. Stanford’s Cyber-X Initiative will focus on the core themes of trustworthiness and governance of networks. And UC Berkeley’s Center for Internet Security and Policy will be organized around assessing the possible range of future paths cybersecurity might take.
Interdisciplinary approach
The Institute-wide CPI will bring together scholars from three key disciplinary pillars: engineering, social science, and management. Engineering is vital to understanding the architectural dynamics of the digital systems in which risk occurs. Social science can help explain institutional behavior and frame policy solutions, while management scholars offer insight on practical approaches to institutionalize best practices in operations.
MIT has a strong record of applying interdisciplinary approaches to large-scale problems from energy to cancer. For example, the MIT Energy Initiative has brought together faculty from across campus — including the social sciences — to conduct energy studies designed to inform future energy options and research. These studies include technology policy reports focused on nuclear power, coal, natural gas, and the smart electric grid.
“We’re very good at understanding the system dynamics on the one hand, then translating that understanding into concrete insights and recommendations for policymakers. And we’ll bring that expertise to the understanding of connected digital systems and cybersecurity. That’s our unique contribution to this challenge,” says Daniel Weitzner, the principal investigator for the CPI and a principal research scientist in MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL).
Developing a more formal understanding of the security behavior of large-scale systems is a crucial foundation for sound public policy. As an analogy, Weitzner says, imagine trying to shape environmental policy without any way of measuring carbon levels in the atmosphere and no science to assess the cost or effectiveness of carbon mitigation tools. “This is the state of cybersecurity policy today: growing urgency, but no metrics and little science,” he says.
CSAIL is home to much of the technology that is at the core of cybersecurity, such as the RSA cryptography algorithm that protects most online financial transactions, and the development of web standards via the MIT-based World Wide Web Consortium. “That gives us the ability to have our hands on the evolution of these technologies to learn about how to make them more trustworthy,” says Weitzner, who was the United States deputy chief technology officer for Internet policy in the White House from 2011 to 2012, while on leave from his longtime position at MIT.
First steps
In pioneering a new field of study, CPI’s first challenge is to identify key research questions, select appropriate methodologies to guide the work, and establish patterns of cross-disciplinary collaboration. Research challenges include:
- How policymakers should address security risks to personal health information;
- How financial institutions can reduce risk by sharing threat intelligence;
- Developing cybersecurity policy frameworks for autonomous vehicles like drones and self-driving cars; and
- How to achieve regional and even global agreements on both privacy and security norms in online environments.
To address these issues, CPI will not only bring to bear different disciplines from across MIT — from computer science to management to political science — but also engage with stakeholders outside the Institute, including government, industry, and civil society organizations. “We want to understand their challenges and work with them on formulating solutions,” Weitzner said.
In addition to research, a contribution of the CPI in the long run will be to create a pipeline of students to serve as the next generation of leaders working at this intersection of technology and public policy.
The mission of the William and Flora Hewlett Foundation is to “help people build measurably better lives.” The Foundation concentrates its resources on activities in education, the environment, global development and population, performing arts, and philanthropy, as well as grants to support disadvantaged communities in the San Francisco Bay Area.
The Foundation was established by the late William Hewlett with his wife, Flora Lamson Hewlett, and their eldest son, Walter B. Hewlett. William Hewlett, who earned an SM degree in electrical engineering from MIT in 1936, was co-founder, with David Packard, of the Hewlett-Packard Company, a multinational information technology company.