ABOUT US
SCRAM was built by a cross-disciplinary team at MIT to run secure and private computations.
In 2015 and 2016, MIT held a series of sector-specific workshops focused on protecting critical infrastructure led by Joel Brenner (report). The workshops included presentations by CISOs from four distinct economic sectors (electricity, oil and gas, finance, and communications) who discussed the challenges they faced securing and defending their networks. A common theme began to emerge across all four sector-specific meetings. The CISOs stated that deploying security controls was akin to “investing in the dark,” because they lacked the necessary illumination into the defensive postures and related losses of other firms that would only be available if firms shared information. Despite this, the CISOs of these firms were also reluctant to share information because of the sensitive nature of their own data.
It was clear that addressing the problem would require a multidisciplinary team to design a solution. We brought together specialists in financial risk, cryptography, and computer security from across MIT to design and build a new platform using cutting-edge cryptographic techniques that could be used to securely and privately calculate aggregated metrics on cyber defenses and loss data, without requiring firms to disclose their own data. This new SCRAM platform provides clarity and visibility on how firms as a whole defend themselves, as well as improves the understanding of the relationship between control failures and financial losses.
It was clear that addressing the problem would require a multidisciplinary team to design a solution. We brought together specialists in financial risk, cryptography, and computer security from across MIT to design and build a new platform using cutting-edge cryptographic techniques that could be used to securely and privately calculate aggregated metrics on cyber defenses and loss data, without requiring firms to disclose their own data. This new SCRAM platform provides clarity and visibility on how firms as a whole defend themselves, as well as improves the understanding of the relationship between control failures and financial losses.
Cyber Risk Team

Daniel Weitzner
Founding Director, MIT Internet Policy Research Initiative (IPRI)

Andrew Lo
Charles E. and Susan T. Harris Professor of Finance, and the Director of the Laboratory for Financial Engineering

Vinod Vaikuntanathan
Steven and Renee Finn Career Development Assistant Professor of Computer Science

Taylor Reynolds
Technology Policy Director - Internet Policy Research Initiative

Leo de Castro
Ph.D. Student - Theory of Computation

Jeff Schiller
Dev Ops and Software Engineer

Rebecca Spiewak
Masters Student - TPP

Eric Pence
Masters Student - MEng