MA Cybersecurity Forum Capstone

Wednesday, September 13, 2017

Governor Baker. Lieutenant Governor Polito. Secretary Ash. Secretary Peyzer. Secretary Acosta. It is a tremendous pleasure to welcome you all to this side of the river!

Thank you, Governor Baker, for the kind introduction. You have been an outstanding supporter, advisor and ally for science and technology, and for all of us working to strengthen our regional innovation ecosystem.

You have brought together an exceptional group today, including leaders from every sector of the cybersecurity community: Government. Universities. Cyber companies. And cyber customers. Looking out on this audience, the possibilities feel unlimited! So I am grateful for your vision in creating this forum, and for your leadership in highlighting our shared opportunities.


I am delighted to be asked, as MIT’s president, to speak at this forum, because cybersecurity has been an MIT strength for as long as the field has existed.

MIT people have been thinking about computers almost since there were computers. And we’ve been thinking about how to make them secure since well before the public understood there was a problem.

  • MIT’s Lincoln Laboratory has worked for years on computer systems and architectures to combat cyber-attacks, particularly as they apply to the US government.
  • Our computer science faculty were essential to building the foundations of modern computing – from time-sharing computers to data-encryption. The MIT group we call Cybersecurity @CSAIL continues to advance this technical work.
  •  MIT’s Sloan’s (IC)3 has played a key role in translating new knowledge about cybersecurity into strategies that apply in the business world, and giving technology leaders practical ways to prepare themselves to act.
  • And more recently, MIT’s Internet Policy Research Initiative has been working to ensure that government policy makers have technically-sound information when making decisions on big societal topics, from encryption policy, to protecting critical infrastructure and privacy.

Today, it’s clear that progress depends on coordinated efforts in technology, policy and management. So our faculty teams are focused on three overarching questions:

  1. First, is it possible to develop technology that fundamentally changes the game? (Clearly, we believe the answer is yes!)
  2. Second, what are the incentives that will help such technologies succeed in the market and transition to the mainstream?
  3. And third, while we are building that secure new future, how do we manage current systems in the meantime? How can we help businesses and governments protect themselves effectively, calculate risks and minimize international conflict?

The three questions are interconnected, of course:

  • New technologies will require new policies and incentives.
  • Emerging policies must adapt to future technology shifts.
  • And none of that matters if we cannot make the present a safe place to govern, and do business!


Before I continue, let me state the obvious: Although many people in this room are cybersecurity experts – I’m not one of them!

So I will limit my comments to a couple of non-technical initiatives from MIT that can help support the success of this community, in terms of building skills and building companies.

As Lieutenant Governor Polito described earlier, a crucial issue is talent. Almost any company these days would probably like to hire a cybersecurity expert! But because the field is so new, there are simply not enough to go around. By one estimate, the world will need 6 million more people with cybersecurity training by 2019.

Even companies with strong in-house teams can feel trapped in what MIT’s Howard Shrobe calls “cyber hell”: the hopeless race to fight off digital intruders – who always find a new way in.

To make matters worse, fields that face the most dangerous cyber threats tend to be highly technical: The oil, gas and nuclear industries. The electric grid. Finance. Communications. To understand and deal with risks in fields like these, your cyber team has to be “bilingual” in the specific industry, too.

All this means that we need to make it possible for lots of people with already-deep industry knowledge to become cyber-literate.

The obvious answer is professional education, and many institutions, including MIT, do excellent work in this area. But because so many people, in so many industries, need deep cyber training, I want to highlight a specific approach that I believe could make a difference.

You may know that MIT has been working – in partnership with Harvard and many other colleges and universities – to push the boundaries of digital learning. Five years ago, we launched “edX” – a free, global online learning platform, to give learners anywhere in the world access to first-rate online courses.

Our goal is to make higher education radically more accessible, in ways that will help people expand their opportunities and change their lives. To do that, however, we realized that we needed to do more than just provide individual courses.

So a year ago, edX launched the “MicroMasters.” The concept is to provide, online, a high-quality higher education credential that has immediate relevance in the workplace – and serves as currency in the job market – at a fraction of the cost of an on-campus degree program.

edX has launched more than 20 MicroMasters, including a five-course offering in cybersecurity from the Rochester Institute of Technology. Anyone who succeeds in these five courses can earn a MicroMasters credential – for $1,200. That credential is valuable in itself; it’s already recognized by IBM, for example. And anyone who earns a MicroMasters can apply to R.I.T.’s on-campus master’s program, with about one-third of their credits already completed – and paid for.

This must sound like an advertisement! But I mean to make a larger point, which is that to solve the cybersecurity talent problem, we need to create new ways to deliver practical, i
n-depth first-rate training, at scale.

#          #

I’ve talked about building skills. Now let me talk a bit about building companies.

To conquer current and future challenges in cybersecurity, we need to make sure that people with new solutions can find the support they need to get their ideas to market.

Some of that support flows naturally from the eco-system represented here – the spontaneous network. But I believe we can make a crucial difference by providing support that is more deliberate, and precisely calibrated to help them build thriving companies.

When I arrived at MIT in 1980, Kendall Square was not what we see today.  It was gritty, industrial and a little rough around the edges.  And at night, it was a ghost town. (Very few in this audience are old enough to remember that!)

The last two decades have delivered a transformation. Kendall Square has evolved into, famously, “the most innovative square mile on the planet.” And Cambridge and Greater Boston form one of the most vibrant and dynamic regions in the world.

But I am an engineer.  And even when the prototype is working beautifully – engineers like to optimize!   

At MIT, we have an appetite for solving hard problems that make a difference for society.

Yet I kept hearing from members of our community who, on the path from idea to impact –confronted overwhelming obstacles. 

They were working in fields like energy, manufacturing, robotics, biotech, medical devices – fields reliant on what we call “tough tech.” They had ideas for groundbreaking solutions to very important problems: A whole new approach to grid-scale energy storage.  A revolutionary strategy for treating Alzheimer’s.

But in these tough-tech fields, the time from proof-of-concept to commercialization often exceeds the typical five-year expectation of venture capital. And our tough-tech innovators were losing hope.

We looked at this challenge and our ecosystem, and we saw a clear path to make a difference.

So, last fall, a few blocks from our campus, MIT launched a separate entity called The Engine. For tough-tech start-ups working on serious societal problems, The Engine provides a distinctive package of resources:

  • “Patient capital”
  • Affordable local space
  • Access to highly specialized equipment
  • Streamlined legal and business services
  • And expertise, from prototype to scale-up.

What truly sets The Engine apart is the emphasis on impact: In assessing candidate companies, it prioritizes breakthrough-answers-to-big-problems over early-profit.

When it comes to the most important problems humanity needs to solve – climate change, clean energy, fresh water and food for the world, cancer, autism, Alzheimer’s, infectious disease, and certainly cybersecurity – there is no app for that. 

There is definitely no app that can protect our financial institutions, our energy grids, or our government infrastructure from the cyber threats of tomorrow!

So we hope that The Engine can also be home to a new generation of start-up success stories …that can help deliver the future cybersecurity solutions we all need.

#          #

Governor Baker, let me close by saying that all of us at MIT are delighted that you are leading this effort to maximize the region’s strength in cybersecurity.

And we are eager to work with you, and with the whole community represented here, to make all the difference we can – together.

Thank you!