Will your bank be on your side if it gets hit with a cyberattack? – Doug Criscitello

Doug Criscitello, Executive Director of MIT’s Center for Finance and Policy

Doug Criscitello, Executive Director of MIT’s Center for Finance and Policy

From The Hill

In a recent column, I discussed cyber risks that could adversely affect bank and brokerage customers and explored the conditions necessary for development of actuarially sound insurance products at the retail level to protect individuals from the most catastrophic of cyberattacks to their accounts.

While new consumer-oriented insurance products are being offered to guard against cyberattacks, they don’t necessarily mitigate a consumer’s nightmare scenario. That scenario goes beyond having personally identifiable information stolen to having your bank’s digital records wiped out or otherwise corrupted by a malicious actor, eliminating any history of your account balances. So this is the question: would your bank or brokerage stand by you in the event of such an attack or is cyber risk insurance necessary?

Regardless of the availability of cyber risk insurance for individuals, the threat to consumers flows from vulnerabilities within and across financial institutions. To the extent an individual’s bank or other financial services provider has strong institutional defenses, risk to individuals falls dramatically.

Read More »

Preparing for the cyberattack that will knock out U.S. power grids – Stuart Madnick

MIT Sloan Professor Stuart Madnick

MIT Sloan Professor Stuart Madnick

From Harvard Business Review

Cyberattacks are unavoidable, but we’re not going to stop using computerized systems. Instead, we should be preparing for the inevitable, including a major cyberattack on power grids and other essential systems. This requires the ability to anticipate not only an unprecedented event but also the ripple effects that it could cause.

Here’s an example of second-order effects (though not caused by a cyberattack, they’re a good way to think through what could happen in an attack). In February 2017, an area of Wyoming was hit by a strong wind storm that knocked down many power lines. It took about a week to restore power, due to heavy snow and frozen ground. Initially, water and sewage treatment continued with backup generators. But the pumps that moved sewage from low-lying areas to the treatment plants on higher ground were not designed to have generators, since they could hold several days’ worth of waste. After three days with no power, they started backing up. The water then had to be cut off to prevent backed-up waste water from getting into homes. The area had never lost power for so long, so no one had anticipated such a scenario.

Now think about what would happen if a cyberattack brought down the power grid in New York, for example. New Yorkers could manage for a few hours, maybe a few days, but what would happen if the outage lasted a week or more? For an example of the kind of disruption such an attack could cause, consider the 2011 Japanese tsunami. It knocked out both the power lines and the backup generators at the same time. Either event could have been managed, but both occurring at the same time was a disaster. Without power, the cooling systems in three nuclear reactors failed, resulting in massive radiation exposure and concerns about the safety of food and water. The lesson: We need to prepare not only for an unexpected event but also for the possible secondary effects.

Read More »

Finding new actionable insights in old data research – Hazhir Rahmandad

MIT Sloan Professor Hazhir Rahmandad

From Information Management

There is a common problem often associated with managing data across scientific disciplines. As the stock of information rapidly grows through scientific discoveries, a major data management challenge emerges as data professionals try to tap prior research findings.

Current methods to aggregate quantitative findings (meta-analysis) have limitations. They assume that prior studies share similar designs and substantive factors. They rarely do.

Take for example studies estimating basal metabolic rate – the measure of human energy expenditure. Study results can have important implications for understanding human metabolism and developing obesity and malnutrition interventions.

Over 47 studies have estimated BMR. But these calculations are based on different body measures, such as fat mass, weight, age, and height – to name a few. How do we combine those studies into a single equation to get usable insights?

To address this issue, my colleagues and I designed a new method for aggregating prior work into a meta model, called “generalized model aggregation” (GMA). Building on advances in data analytics and computational power this method enables one to combine previous studies, even when they have heterogeneous designs and measures.

We used the BMR problem as an empirical case to apply GMA. Using only the models available from the literature, we estimated a new model that takes into account all the different body measures considered in prior studies for estimating GMA. Then, on a separate dataset, we compared our equation’s predictive power against older equations as well as state-of-the-art equations used by the World Health Organization and Institute of Medicine.

Our equation outperformed all other equations available, including the more recent ones.

Read More »

The outsourced mind – Renée Richardson Gosline

MIT Sloan Prof. Renée Richardson Gosline

From TEDx Talks

We can’t remember any numbers without our cell phones and have difficulty driving without Waze. We increasingly rely on technology to perform basic cognitive tasks, and this choice is becoming more automatic and less conscious. We assume technology improves our choices. But does it?

A series of experiments will be used to examine the topic, leaving the viewer with the question: when do I assume greater rationality from technology, and how does that affect my expectations about my own behavior?

This talk was given at a TEDx event using the TED conference format but independently organized by a local community. Learn more at https://www.ted.com/tedx.

Renée Richardson Gosline is a Senior Lecturer and Research Scientist at the MIT Sloan School of Management.

Security surprises arising from the Internet of Things (IoT) – Stuart Madnick

MIT Sloan Professor Stuart Madnick

MIT Sloan Professor Stuart Madnick

From Forbes

My brother can’t function in the morning until he has a cup of coffee. So I use his daily routine as an example.

Picture my brother stumbling down to the kitchen one morning only to find his internet-enabled coffee maker won’t work. There’s a message on his iPhone: “We have taken control of your coffee pot and unless you pay $5, you won’t have your coffee.” This actually hasn’t happened. At least, not yet.

I have been talking about the security threats to common household items connected to the internet – that is, the Internet of Things (IoT) – for several years now, and unfortunately, every other dire warning has come true so far. Upper management has to take greater notice of risks exposed both in the products they produce and the products that they use and take action to mitigate those risks. Recent events underscore this need.

Two years ago an internet-enabled refrigerator was commandeered and began sending pornographic spam while making ice cubes. Baby monitors have been turned into eavesdropping devices and there are concerns about the security of medical devices, such as computerized insulin pumps. In October, thousands of security cameras were hacked to create a massive Distributed Denial of Service (DDoS) against Dyn, a provider of critical Domain Name System (DNS) services to companies like Twitter, AirBnB, etc. Then there is the recent disclosure of CIA tools for hacking IoT devices, such as Samsung SmartTVs, to turn them into listening devices. These are only a few examples highlighting the threats.

Read More »