NeFut Logo NeFut
Admin Login

[Core Tech] MIT Students Combat Cyberattacks, Reshaping Urban Security

Published at: 2026-07-13 22:00 Last updated: 2026-07-14 12:04
#AI #Cybersecurity #Urban Planning

In May 2019, the government of Baltimore, Maryland, fell into chaos due to a cyberattack, where cybercriminals locked the city out of many critical files and demanded ransom for decryption. The city refused to pay, leading to the incapacitation of services such as real estate transactions and bill payments, with recovery costs soaring into millions. The syllabus of course 11.074/11.274 (Cybersecurity Clinic) at MIT includes a case study of Baltimore as an example of increasingly common ransomware attacks on municipal governments. To counter such threats, Lecturer Jungwoo Chun and Ford Professor of Urban and Environmental Planning Lawrence Susskind launched the MIT Cybersecurity Clinic in 2019, offering the course nearly every semester since.

Much like a legal or medical clinic, the course serves as hands-on training for students and pro-bono service for at-risk communities. After completing instructional modules and passing a certification exam, students are assigned to client teams. By the semester's end, each team creates a report assessing the client's vulnerabilities to cyberattacks and recommending improvements. So far, the clinic has provided over 40 assessments, confidential and free of charge, mainly for New England municipalities and healthcare organizations. In 2025, the FBI's Internet Crime Complaint Center documented an average of 2,765 cyberattacks targeting Americans daily. Chun emphasizes the fallout from such attacks goes beyond finances: “There’s a terrifying, cascading effect on every dimension of our lives.”

Cyberattacks targeting communities served by MIT’s clinic have threatened water supplies, hindered 911 services, and exposed citizens’ personal data. Many small municipalities and hospitals, despite being gateways to essential infrastructure, lack trained cybersecurity staff. The demand for such experts far exceeds supply, and public sector budgets rarely match the high salaries offered by private companies. According to Comparitech, from 2018 to 2024, there have been 525 ransomware attacks on U.S. government entities, approximately one every five days, leading to an estimated $1.09 billion in downtime costs. Susskind states, “Underfunded public and non-profit bodies need to follow a self-help pathway,” emphasizing low-cost measures that can be implemented with coaching from a free-service clinic.

Some may be surprised to find a university cybersecurity program outside the computer science department. Chun, an applied social scientist, and Susskind, a scholar of conflict resolution, developed an approach called “defensive social engineering,” stressing that cybersecurity is not solely a technical challenge. Chun notes the rapid development of AI has created alarming new tools for criminals: “AI can now identify vulnerabilities and execute attacks, which is really scary.” Thus, the course dedicates significant time to the technical aspects of cybersecurity. Chun states, “But at the end of the day, the biggest attack vector is still through humans.”

The term “social engineering” refers to ways cybercrime victims are manipulated into compromising security. Susskind and Chun’s concept of defensive social engineering focuses on human psychology, asserting that cybersecurity must be part of everyone’s role. “It’s about people knowing what to do, making the right choices,” Chun explains.

The course also invites guest speakers from industry and other universities to broaden students’ knowledge. In the first four weeks, students prepare for field assignments by learning about the nature of cyberattacks on critical urban infrastructure and the assessment process. They engage in simulations of tricky client interactions, ensuring they build trust.

To date, over 120 students have completed the course. The online modules preparing students for certification are available to the public as a massive open online course on MITx called Cybersecurity for Critical Urban Infrastructure, attracting tens of thousands of learners. Susskind and Chun periodically check in with clients for at least two years after each engagement.

“We often hear the vulnerability assessment report serves as the organization’s blueprint for their short-term, mid-term, and long-term agenda to be more prepared for future attacks,” Chun adds. Many IT directors have used the MIT report to leverage additional budget or specific line items with city leadership.

Blogger's Review: The MIT Cybersecurity Clinic uniquely combines theory and practice, instilling both technical skills and social responsibility in students while providing invaluable support to communities facing cyber threats. This interdisciplinary collaboration not only enhances students' professional competencies but also offers practical solutions for bolstering the cybersecurity infrastructure of public agencies.

Original Source: https://news.mit.edu/2026/mit-cybersecurity-clinic-preventing-cyberattacks-0713

[h] Back to Home