skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Applying the Scientific Method of Cybersecurity Research

Abstract

The cyber environment has rapidly evolved from a curiosity to an essential component of the contemporary world. As the cyber environment has expanded and become more complex, so have the nature of adversaries and styles of attacks. Today, cyber incidents are an expected part of life. As a result, cybersecurity research emerged to address adversarial attacks interfering with or preventing normal cyber activities. Historical response to cybersecurity attacks is heavily skewed to tactical responses with an emphasis on rapid recovery. While threat mitigation is important and can be time critical, a knowledge gap exists with respect to developing the science of cybersecurity. Such a science will enable the development and testing of theories that lead to understanding the broad sweep of cyber threats and the ability to assess trade-offs in sustaining network missions while mitigating attacks. The Asymmetric Resilient Cybersecurity Initiative at Pacific Northwest National Laboratory is a multi-year, multi-million dollar investment to develop approaches for shifting the advantage to the defender and sustaining the operability of systems under attack. The initiative established a Science Council to focus attention on the research process for cybersecurity. The Council shares science practices, critiques research plans, and aids in documenting and reporting reproduciblemore » research results. The Council members represent ecology, economics, statistics, physics, computational chemistry, microbiology and genetics, and geochemistry. This paper reports the initial work of the Science Council to implement the scientific method in cybersecurity research. The second section describes the scientific method. The third section in this paper discusses scientific practices for cybersecurity research. Section four describes initial impacts of applying the science practices to cybersecurity research.« less

Authors:
; ; ; ; ; ; ; ; ; ; ;
Publication Date:
Research Org.:
Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1334889
Report Number(s):
PNNL-SA-117303
DOE Contract Number:  
AC05-76RL01830
Resource Type:
Conference
Resource Relation:
Conference: IEEE Symposium on Technologies for Homeland Security (HST 2016), May 10-11, 2016, Waltham, MA
Country of Publication:
United States
Language:
English

Citation Formats

Tardiff, Mark F., Bonheyo, George T., Cort, Katherine A., Edgar, Thomas W., Hess, Nancy J., Hutton, William J., Miller, Erin A., Nowak, Kathleen E., Oehmen, Christopher S., Purvine, Emilie AH, Schenter, Gregory K., and Whitney, Paul D. Applying the Scientific Method of Cybersecurity Research. United States: N. p., 2016. Web. doi:10.1109/THS.2016.7568886.
Tardiff, Mark F., Bonheyo, George T., Cort, Katherine A., Edgar, Thomas W., Hess, Nancy J., Hutton, William J., Miller, Erin A., Nowak, Kathleen E., Oehmen, Christopher S., Purvine, Emilie AH, Schenter, Gregory K., & Whitney, Paul D. Applying the Scientific Method of Cybersecurity Research. United States. doi:10.1109/THS.2016.7568886.
Tardiff, Mark F., Bonheyo, George T., Cort, Katherine A., Edgar, Thomas W., Hess, Nancy J., Hutton, William J., Miller, Erin A., Nowak, Kathleen E., Oehmen, Christopher S., Purvine, Emilie AH, Schenter, Gregory K., and Whitney, Paul D. Thu . "Applying the Scientific Method of Cybersecurity Research". United States. doi:10.1109/THS.2016.7568886.
@article{osti_1334889,
title = {Applying the Scientific Method of Cybersecurity Research},
author = {Tardiff, Mark F. and Bonheyo, George T. and Cort, Katherine A. and Edgar, Thomas W. and Hess, Nancy J. and Hutton, William J. and Miller, Erin A. and Nowak, Kathleen E. and Oehmen, Christopher S. and Purvine, Emilie AH and Schenter, Gregory K. and Whitney, Paul D.},
abstractNote = {The cyber environment has rapidly evolved from a curiosity to an essential component of the contemporary world. As the cyber environment has expanded and become more complex, so have the nature of adversaries and styles of attacks. Today, cyber incidents are an expected part of life. As a result, cybersecurity research emerged to address adversarial attacks interfering with or preventing normal cyber activities. Historical response to cybersecurity attacks is heavily skewed to tactical responses with an emphasis on rapid recovery. While threat mitigation is important and can be time critical, a knowledge gap exists with respect to developing the science of cybersecurity. Such a science will enable the development and testing of theories that lead to understanding the broad sweep of cyber threats and the ability to assess trade-offs in sustaining network missions while mitigating attacks. The Asymmetric Resilient Cybersecurity Initiative at Pacific Northwest National Laboratory is a multi-year, multi-million dollar investment to develop approaches for shifting the advantage to the defender and sustaining the operability of systems under attack. The initiative established a Science Council to focus attention on the research process for cybersecurity. The Council shares science practices, critiques research plans, and aids in documenting and reporting reproducible research results. The Council members represent ecology, economics, statistics, physics, computational chemistry, microbiology and genetics, and geochemistry. This paper reports the initial work of the Science Council to implement the scientific method in cybersecurity research. The second section describes the scientific method. The third section in this paper discusses scientific practices for cybersecurity research. Section four describes initial impacts of applying the science practices to cybersecurity research.},
doi = {10.1109/THS.2016.7568886},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Thu Sep 15 00:00:00 EDT 2016},
month = {Thu Sep 15 00:00:00 EDT 2016}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: