The Massachusetts Institute of Technology has received a $15 million grant from the William and Flora Hewlett Foundation to research cybersecurity and help pave the way for a comprehensive cybersecurity policy.

The Hewlett Foundation donated $45 million in total to MIT, Stanford and the University of California at Berkeley as part of its Cyber Initiative. The organization is a private foundation based in the San Francisco Bay area, with goals ranging from pledging to reduce global poverty to improving reproductive health to solving environmental problems. The Cyber Initiative was established in April. According to the website, the foundation was concerned with the current hodge-podge approach to cybersecurity:

Government is, by and large, focused on building offensive and defensive cyber weapons, while corporations erect ever-higher walls to guard against theft and government surveillance. Neither is investing enough in research that looks beyond their immediate problems and interests. This splintered approach to cybersecurity results in uncoordinated—even unimaginative—responses that are narrowly focused and inadequate for the task at hand.

To solve this perceived problem, the organization donated millions to the three aforementioned schools, each of which will establish a program with a slightly different research focus: Stanford will research governance networks and trustworthiness in cyberspace; UC Berkeley will be focusing on the future paths cybersecurity may take; and MIT will be establishing metrics and models to help policymakers create more comprehensive cybersecurity strategies.

The new MIT program will be called the Cybersecurity Policy Initiative, and will bring together engineers, social scientists and management experts to try and establish a baseline for cybersecurity policy.

Daniel Weitzner, a research scientist in MIT’s Computer Science and Artificial Intelligence Laboratory, will be the principle investigator for the CPI. In a release, Weitzner likened the current state of cybersecurity policy to:

… trying to shape environmental policy without any way of measuring carbon levels in the atmosphere and no science to assess the cost or effectiveness of carbon mitigation tools.

“This is the state of cybersecurity policy today,” Weitzner said in a statement. “Growing urgency, but no metrics and little science.”

To fix this deficiency in data, the CPI will conduct research in previously unexplored or barely-explored areas, such as security risks to health information, methods for financial institutions to reduce risk, policies relating to autonomous vehicles and ways to achieve regional and global agreements on privacy and security norms.

“We’re very good at understanding the system dynamics on the one hand, then translating that understanding into concrete insights and recommendations for policymakers,” Weitzner said. “And we’ll bring that expertise to the understanding of connected digital systems and cybersecurity. That’s our unique contribution to this challenge.”

Photo of MIT’s Stata Center via Flickr User Beau Considine (CC BY-SA 2.0)

You can read more stories on Boston startups, technology and innovation at https://www.bizjournals.com/boston/inno