As a 2021 Network Challenge grantee, Lawrence Susskind, Ford Professor of Urban and Environmental Planning at the Massachusetts Institute of Technology, is partnering with Ann Cleaveland, Executive Director of the Center for Long-Term Cybersecurity at the University of California, Berkeley, as well as the University of Alabama, Indiana University, the Global Cyber Alliance, R Street Institute, and others to launch a National Consortium of Cybersecurity Clinics.
This network of university-based cybersecurity clinicians, trainers, and advocates is committed to sharing best practices, expanding the reach and visibility of cybersecurity clinics, and lowering the barriers for other institutions of higher education to successfully establish their own clinics.
Building the National Cybersecurity Consortium
The MIT Cybersecurity Clinic is a continuation of a past grant. A key project goal for 2022 is to grow the consortia membership and assist existing clinics to strengthen and connect. The vision of the consortium is a world in which university-based cybersecurity clinics are replicated in every U.S. state, serve every region, provide specialized technical assistance to many kinds of underserved clients, and train the next generation of diverse cybersecurity professionals.
“The expansion of public interest technology in America brings with it the threat of cyberattack. There is no way to avoid it. The issue is how to help all public agencies and organizations understand their vulnerabilities to cyberattack and to learn the social engineering moves they can easily take to protect themselves. The creation of the consortium will help reach these organizations that want help across the nation.”
Project team
Project Elements
- A public online hub, launching Q1 2022.
- Monthly meetings for clinical educators and others interested in public interest cybersecurity.
- Peer networking for clinic faculty, staff, and students.
- White paper on the emergence of cybersecurity clinics.
- A community of practice and online clearinghouse to share teaching resources, curricula, video-based case studies, and other instructional materials.
Background
Established in 2020, the MIT Cybersecurity Clinic has enabled students to prepare cybersecurity vulnerability assessments for city agencies in New England.
Clinic Features
- Take a semester-long course where students complete four weeks of online instructional modules. (More than 15,000 people from around the world have completed the edX modules.)
- Complete an accreditation exam certifying their ability to work as cybersecurity risk assessment professionals. (Some 2,500 people have paid $100 to take the certification exam.)
- Work as teams to provide assessments for cities, towns, and hospitals. At the end of the semester, the students’ cybersecurity vulnerability assessments are shared with their respective client communities.
What other types of product or work could a university cybersecurity clinic provide to help improve your city's cybersecurity?
“I think if time allows, working with the city to implement some of the recommendations would be helpful. Budgets are limited and free (or low-cost) assistance in an area that can quickly become costly is very helpful."
Carly Premo Melo, Director of Technology Services for the city of Framingham, Massachusetts
UC Berkeley’s Citizen Clinic
Citizen Clinic is a trailblazing public interest digital security clinic within the Center for Long-Term Cybersecurity (CLTC) at the University of California, Berkeley. The clinic employs a “train the trainers” model similar to that used in law and medicine to prepare and deploy student teams to help nonprofits, journalists, human rights defenders, and social justice activists defend against digital threats.
Since 2018, the clinic has trained over 100 students drawn from 11 academic specialties at UC Berkeley and has served 14 nonprofit clients on four continents. Clients have ranged from women’s reproductive rights organizations to LGBTQ and international Indigenous rights groups. Over half of Citizen Clinic alumni are women.
The students have helped defend against cyberattacks, targeted surveillance, online harassment, and the spread of disinformation.
"Clients of the Citizen Clinic have seen great value and meaningful impact on their organizations. Practical and appropriate security solutions allow these organizations to leverage tools that keep their work secure while in transit and at rest. Many of our clients come into the clinic with few or no solutions in place, which raises their risk level and widens their attack surface. I am proud to convey that our clients leave the clinic with usable and effective security solutions. No client will leave our clinic without having gained value from our support."
Daniel Wallace, Master of Information and Cybersecurity Student
- Use formal processes, such as confidentiality agreements, to provide a baseline assurance to clients.
- Prepare clients for any “bad news” that the assessment findings might reveal.
- Ensure that the faculty play a key role in establishing a relationship with the client before student-led interviews take place.