Changes to MIT’s cybersecurity policy on the horizon
On April 2, Executive Vice President and Treasurer Israel Ruiz emailed the Academic Council to announce a few changes to emergency protocol and network security at MIT. The changes are in response to recent attacks on MIT’s information network and are part of an effort to better protect the MIT community.
According to the transcript of Ruiz’s email published by the MIT News Office, the following measures have been taken to strengthen the emergency protocol: updates have been made to MIT’s emergency-preparedness training program, and will be passed on to emergency coordinators in each department, laboratory, and center by the staff of the Security and Emergency Management Office. The Office of the Dean for Student Life will also be working with residence hall housemasters to enhance preparedness for living groups. For emergency communication protocol, revisions have been made to expedite the notification process and to expand the alert system to include all members and all devices.
To improve MIT’s cybersecurity, IS&T is taking measures recommended by CSAIL professor M. Frans Kaashoek to make our network more resilient. Those engaged in research, teaching, and learning activities will be able to voluntarily opt out of the new security policy, but community members are encouraged to use MIT VPN rather than opting out. As reported by the MIT News Office, the policy changes include strengthening network traffic policies by blocking traffic from non-MIT IP addresses, limiting access to MIT administrative applications to MIT IP addresses and implementing stronger password quality and expiration policies. Individuals who need to access legally protected information are advised to take additional security precautions.
Ruiz concluded his email by expressing his commitment to “safeguarding our community, protecting our campus and securing our systems.” IS&T staff is “working with information technology leadership and partners across campus” to implement these changes.