The Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity, (IC)3, is headquartered in the MIT Sloan School of Management.
In collaboration with other parts of MIT, (IC)3 is addressing the important need to improve the cybersecurity of critical infrastructure through an interdisciplinary research approach focused on the strategic, managerial, and operational issues related to cybersecurity.
(IC)3 brings together thought leaders from industry and government with MIT faculty, researchers and students, conducting research in multiple relevant areas.
(IC)3 conducts a variety of, meetings, workshops, conferences, and educational activities, and produces research reports which can be used by its members to improve critical infrastructurecybersecurity.
Download an (IC)3 Propsectus Now:
Sample Research Projects
Develop metrics which organizations can use to Quantify and Qualify their Cyber Security capabilities, and the organizations ability to withstand cyber attacks and carry out their missions.
Develop metrics for determining the ROI of Cybersecurity expenditures.
Determining the Barriers to, and Incentives for, adoption of Cybersecurity initiatives such as: the Cybersecurity Framework, ISA-62443, NERC-CIP, and emerging international Cybersecurity frameworks.
Developing strategies to increase adoption by the C-Suite, in each Critical Infrastructure sector.
Models linking Cyber-Risk to: delivering goods and services, & financial & reputational costs.
Atomic Models & Network Architectures for interconnected Control Systems’ survivability, and Supply Chain resiliency.
Determining the Barriers to, and strategies for creating a Cybersecurity Culture.
Applying “accident” and safety research to “cyber security” failures.
Analyze complex cybercrime ecosystem.
Improve CERTs (Computer Emergency Response Teams).
Improving Vulnerability Discovery and Detection
Patch distribution and management is complex in general and even more so for critical infrastructure situations.
System Dynamics models and simulations applied to complex critical infrastructure cyber systems (eg: smart grid, refinery, emergency services, telecom, financial systems, etc.) to determine the “tipping points” that would render such a system unstable.
Simulation of system performance and resilience under different conditions.
Holistic Risk Analysis Models to address: Multi-vendor environments, multi-purpose use of equipment/systems, multi-national & multi-cultural considerations, cross-sector validity and usability, multi-level system dependencies and vulnerabilities, people, process and accident/safety considerations.