On December 16, the National Science Foundation’s website and social media feeds prominently featured a major cybersecurity study and recommendations co-led by ISI’s Terry Benzel and colleagues at SRI International.
Called Cybersecurity Experimentation of the Future (CEF), the NSF-sponsored effort involved 150 researchers from 75 organizations. Benzel leads the DETER Project, a prominent, multi-institutional research and testbed initiative serving cybersecurity experts worldwide. The CEF’s primary takeaway: The research community needs to develop a “science of cybersecurity experimentation” around methods, approaches and techniques that support rigorous, reproducible studies. As in any other form of science, the ability to test, reuse and build on previous research – including peer review and repeatability – is crucial. The report concludes that scientific method, common standards and ways to work across differing disciplines and domains are far more important than which hardware, software or networking capabilities researchers choose to deploy. Recommendations include making cybersecurity experimental environments work together in a plug-and-play fashion, and making infrastructure more intuitive so experts can spend time doing critical science, not laboring to use its tools. As the NSF article makes clear, amplifying scientific investigation is essential to counter the asymmetry between attackers – who currently have huge advantages – and their targets. The full CEF report was published in July this year.
Published on December 21st, 2015
Last updated on July 14th, 2021