The Supply Chain Cybersecurity Lab at MIT CTL is an interdisciplinary research initiative focused on mitigating the impact of cyberattacks on physical operations. We study how technology-dependent supply chains—which include large software networks, AI agents, robotics, cloud platforms, and complex third-party ecosystems—expand the attack surface and redefine supply chain cybersecurity risks.
We work with industry to assess how cyberattacks affect manufacturing, warehousing, transportation, fulfillment, and other critical supply chain operations; identify the technology, data, and physical dependencies that create exposure; and develop prevention, mitigation, and recovery strategies.
By combining independent MIT research with insights from industry, the Supply Chain Cybersecurity Lab’s mission is to help organizations build supply chains that remain resilient even when technology fails.
Research areas
Supply chain cyber vulnerability mapping
We identify the technology, data, and physical dependencies that make supply chains vulnerable to cyberattacks. This includes critical systems such as ERP, WMS, TMS, cloud platforms, automation, robotics, and third-party technology providers.
Operational impact, response, and recovery
We study why some cyberattacks become major operational failures while others are contained more quickly. Our research examines the organizational, technical, and operational factors that influence disruption severity, decision-making, and time to recovery.
Systemic and concentration risk
Modern supply chains increasingly depend on a small number of shared technology, cloud, and service providers. We examine how these concentrated dependencies can create systemic risk across industries and identify strategies to reduce cascading operational consequences.
AI, automation, and emerging cyber risks
As supply chains adopt AI agents, interconnected automation, and autonomous systems like humanoids, they gain new capabilities, but they add new vulnerabilities as well. We investigate emerging attack vectors, security trade-offs, and practical guardrails for deploying future technologies safely in physical operations.