New $15m MIT initiative on cybersecurity policy headed by CSAIL's Weitzner

The MIT Cybersecurity Policy Initiative (CPI) will focus on establishing quantitative metrics and qualitative models to help inform policymakers.
The MIT Cybersecurity Policy Initiative (CPI) will focus on establishing quantitative metrics and qualitative models to help inform policymakers.
Bookmark and Share

MIT has received $15 million in funding from the William and Flora Hewlett Foundation to establish an initiative aimed at laying the foundations for a smart, sustainable cybersecurity policy to deal with the growing cyber threats faced by governments, businesses, and individuals.

The MIT Cybersecurity Policy Initiative (CPI) is one of three new academic initiatives to receive a total of $45 million in support through the Hewlett Foundation’s Cyber Initiative. Led by CSAIL principal research scientist Daniel Weitzner, it will focus on establishing quantitative metrics and qualitative models to help inform policymakers.

Simultaneous funding to MIT, Stanford University, and the University of California at Berkeley is intended to jump-start a new field of cyber policy research. The idea is to generate a robust “marketplace of ideas” about how best to enhance the trustworthiness of computer systems while respecting individual privacy and free expression rights, encouraging innovation, and supporting the broader public interest.

“We’re very good at understanding the system dynamics on the one hand, then translating that understanding into concrete insights and recommendations for policymakers. And we’ll bring that expertise to the understanding of connected digital systems and cybersecurity. That’s our unique contribution to this challenge,” says Weitzner, who was the United States deputy chief technology officer for Internet policy in the White House from 2011 to 2012, while on leave from his longtime position at MIT.

Developing a more formal understanding of the security behavior of large-scale systems is a crucial foundation for sound public policy. As an analogy, Weitzner says, imagine trying to shape environmental policy without any way of measuring carbon levels in the atmosphere and no science to assess the cost or effectiveness of carbon mitigation tools. “This is the state of cybersecurity policy today: growing urgency, but no metrics and little science,” he says.

CSAIL is home to much of the technology that is at the core of cybersecurity, such as the RSA cryptography algorithm that protects most online financial transactions, and the development of web standards via the MIT-based World Wide Web Consortium. “That gives us the ability to have our hands on the evolution of these technologies to learn about how to make them more trustworthy,” he says.