CybersecuritySafer cyberspace through experimental cybersecurity research

Published 18 December 2015

How do cybersecurity experts discover how properly to defend a system or build a network which is secure? As in other domains of science, this process involves hypothesis, experimentation, and analysis — or at least it should. In reality, cybersecurity research can happen in an ad hoc fashion, often in crisis mode in the wake of an attack. A group of researchers has imagined a different approach, one in which experts can test their theories and peers can review their work in realistic but contained environments — not unlike the laboratories found in other fields of science. The researchers issued a report calling for a new generation of experimental cybersecurity research.

Cybersecurity security model CS5L // Source: commons.wikimedia.org

How do cybersecurity experts discover how properly to defend a system or build a network which is secure?

As in other domains of science, this process involves hypothesis, experimentation, and analysis — or at least it should. In reality, cybersecurity research can happen in an ad hoc fashion, often in crisis mode in the wake of an attack. A group of researchers has imagined a different approach, one in which experts can test their theories and peers can review their work in realistic but contained environments — not unlike the laboratories found in other fields of science.

Our adversaries have an incredible environment for testing out attacks: the Internet, on which all our production systems operate,” said Terry Benzel, deputy director for the Internet and Networked Systems Division at the Information Sciences Institute (ISI) of the University of Southern California. “They can sit and analyze our vulnerabilities for as long as they want, probe and poke and run experiments until they find the right way in. Our researchers and leading technology developers don’t have anything like that.”

This “asymmetry,” as researchers call it, is part of the reason so many cyberattacks and breaches occur. It also served as motivation for the National Science Foundation (NSF) moving in 2013 to fund a multi-year effort to determine how to best advance the field of experimental cybersecurity.

The NSF reports that the effort, led by cybersecurity researchers from SRI International and ISI with decades of years of experience designing, building, and operating large cybersecurity testbeds, involved more than 150 experts, representing 75 organizations. They participated in three workshops in 2014.

The researchers released a report resulting from this activity, titled Cybersecurity Experimentation of the Future (CEF): Catalyzing a New Generation of Experimental Cybersecurity Research, in July 2015.

The Science of cybersecurity experimentation
Though one might expect the report to focus on the types of hardware, software and networking required for conducting cybersecurity experiments, the main takeaway is even more fundamental: the research community needs to develop a “science of cybersecurity experimentation.”

The report stressed that key elements of that discipline should include methods, approaches and techniques that researchers can use to create reproducible studies that the community can test, reuse and build upon.