Continuous Measured Improvement: A New Approach to Meeting the Municipal Cybersecurity Challenge
DownloadThesis PDF (2.393Mb)
Advisor
Susskind, Lawrence E.
Weitzner, Daniel J.
Terms of use
Metadata
Show full item recordAbstract
This thesis examines the cybersecurity challenges facing municipal governments and proposes a new policy approach. Through a review of existing public-sector cybersecurity concerns and an interview-based case study of Massachusetts municipalities in partnership with the Massachusetts Cybersecurity Center, this thesis identifies the main problem as a lack of a proper incentive structure for municipalities to prioritize cybersecurity improvements. I propose a new approach to state / local government efforts to improve cybersecurity. I establish the goal of continuous, measured improvement in cybersecurity posture for municipalities, and propose a state-sponsored, eligibility-restricted insurance mechanism for municipalities to systematically lower their cyber risk to meet that goal. In exchange for commitments to implementing regularly-updated cybersecurity best practices, municipalities would receive high-quality, affordable insurance against catastrophic cyber-related losses, and a commitment from the state to aggregate loss and resource-use data to provide best-in-class cybersecurity infrastructure help. I lay out a roadmap for the implementation of such a Massachusetts Cyber Disaster Insurance Program (MCDIP) along with proposals for data-driven refinement of state cybersecurity resource offerings through the use of the new MIT SCRAM platform. This public-sector cybersecurity goal and implementation strategy has implications far beyond Massachusetts and the potential to change the course of cybersecurity policymaking.
Date issued
2022-02Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer SciencePublisher
Massachusetts Institute of Technology