Hopefully 1st of April went by without you being enticed to click that link or hoaxed into falling for that prank. If you were able to catch and stop the joke before it progressed, then its likely that same level of mindfullness needs to be applied every time you get online...seriously!. Some call it game-theory, some say its psychology and others just find it a overwhelming science. Is their such a thing as the Science of Cyber Security ? Being the month of April foolery, a little scientific research was in order to get a better understanding on this subject. I spent some time researching this topic and for this blog entry I will present my findings.
The paper describes the progression of security as a commodity item now manifesting itself within technical departments. As the variables that requiring security focused attention have increased, the security element of built in features of vendor products have expanded to create their own cyber platforms. This has created a momentum of cyber products where each are designed to solve a specific issue of the traditional domain, like mobile device management solutions. Though as most practitioners know, it simply is a starting point and in order to fill the gaps during compromise, models like people, process and technology can help only if the correct metrics have been gathered and analysed to configure the security ecosystem. The science of cyber security is more than using the latest cipher techniques or algorithms that proactively search for threats, it is knowing confidently what variables are likely to affect your domain and what precautions should be in place knowing that technology adoption is fast changing and now with more synergy between chemical and biological based products the enterprise needs to be ready to strike back with a targeted response. Currently these response methods are best investigated with a scientific approach to gather data to better formulate solutions.
Progression of Security
Security products are now a commodity of most IT departments and the realisation of innovation is fuelling the understanding of cyber security as a science. As technology adapts, the application changes and a scientific approach is used to manage the new uncharted area. Cyber-security is an artificially constructed environment that is only weakly tied to the physical universe [1]. This abstraction can be understood through the science of mathematics, physics and Pedagogical reasoning as the need for consideration to the relationship between properties of the abstract model and the real system need to exist as measurable variables.
It is the very constraints of computer systems that require metric definition i.e. the metrics to understand its weakness. Through metrics it is possible to document variables which is why most cyber security platforms contains strong analytical components [2] as the metrics help qualify the security posture of an enterprise and its system. Within the enterprise, threat vectors are assigned weights and severity levels to help provide a statistical understanding of the environment with respect to people, process and technology. This level of metrics can assist in detection, anticipation and recovery of an attack inside and outside the network boundary.
Integrity of CIA can be measured through tools [3] that help qualify the results of audits and also look at system states, such as, abnormal executables, file manipulation or illegal profile and log amendment.
To continue to gather statistically sound data for scientific understanding through quantitative understanding, security heads also look at the health status of basic components using tools like Symantec Altiris [4] that look at operating system and application patch levels.
The analysis of all this security data, allows the security heads to understand to what extent the estate is protected against known signature attacks and ensures the relevant response mechanism are in place based on the frequency seen in metric analysis. The analysis will also provide the manager scope to understand how an organisations people, process and technology adapt to changing attack vectors like zero attacks. Additionally, now it is common for vendors to provide threat landscape debriefs like IBM X-Force Exchange [5] that can be used to understand threat vectors across an entire industry to help ascertain if that evolving threat landscape needs for your environment to make changes whilst vectors in the wild are gaining momentum like Poodle and HeartBleed [6] did.
These vendor products demonstrate that understanding the scientific enterprise for cyber security is more than reducing binary mathematics down to 1 and 0. Peter Gallison [7] researched the science in cybersecurity to a “Manichaean science” and how the basic definition of cyber security is imprecise as the unknown is often adversarial based. Further, this includes now content violation like internet hate crimes, brand damage on social sentiment sites or even website defacement due to differing political views.
As these products evolve they do so by evidence based research into cyber security to define requirements. Cyber Security Cartography Program [8] have been created to research sociotechnical understanding using visualisation technics to systematically synthesis outputs to create novel constructs of research paradigms. Its focus is to investigate asset compliance behaviours with regards to controls against risks to help security managers provide a robust security roadmap practically this would eventually augment into concepts like automata.
Momentum of Cyber adoption
As different theories gain popularity to provide answers of cyber issues, their use within the enterprise is refined further and eventually into vendor products to provide a licensable service, for example, model-checking validates assertions about specification. It uses empirical and statistical analysis for analysing well defined cyber threats like IPS signatures. Heuristic analysis helps identify new attack approaches including threat modelling of new variables and its outcomes by testing security on running systems, further products like FireEye [9] perform specific behavioural analysis computation and of security systems using semantics based program analysis by sandboxing the unknown threat vector within a contained environment to know when executed what significant impact it will have.
A follow on from sandboxing for unknown programs, machine learning is being developed [10] to identify open source indicators program using publically available sources from social media sites to stock market sites to forecast eventualities. This for example could look at the virus Code-Red that when analysed with machine code reflecting epidemiological-style modelling helped concluded [7] that responding to an attack before it materialises gives stronger success mitigation factor, the science of looking at other vendor equipment in your environment would help you to commit to actionable items, the variables involved are showing in Figure 1 below.
Figure1: Cyber Security Dynamic Foundation
Obfuscation and Cryptography is another area security engineers would need to apply reasoning. The product Cipher-Cloud [11] has created strong encryption or tokenisation to serve the exact purpose of Type and Set theory [12]. The need for code obfuscation and type theory provides important insights into the construction of code to promote the level of data protection required. This adapted into the science of cybersecurity would need to include richer specifications, hybrid environments and ability to accommodate adversaries. Peter Neumann [13] summarized the situation well when he opined about implementing cybersecurity, “If you think cryptography is the answer to your problem, then you don’t know what your problem is.”
This perception of cyber security is a valid if your security operations centres only focuses on infrastructure iterations. By considering external threat across the entire estate solutions like ArcSight [14] put Trace theory into practice. It can take an event-trigger and associate a state to it that represents characteristic of the overall trace state. The sets of traces build till the trace properties are mature and eventually creates a correlation between the values of the two variables across all traces.
Figure 2 below demonstrates how within the general topic of security, the science of economics, human factors, technology and business requirements can manifest as the science of cyber security within a security operations centre.
Figure 2: Cyber Security Framework
The ability to correlate events whilst responding to external threats can cause a security manager to consider non-commercial activities like state sponsored DDoS attacks. The science of Game theory can help in mitigation efforts to know how to apply the allocation of resources to protect the attack surface or often used to analysed the prisoners dilemma for insider or disgruntled employee interactions as demonstrated by [15], figure 3 further shows this as Security Game theory:
Figure 3: Security Game Theory
Thus during cybersecurity attack becomes a situation as the motivations are unknown, they adapt in persistence levels and can occur over a long stretch of time like slow Ddos attacks. The science of hacktivism is now commercialised into a commodity, such as attacks-as-a-service to provide multi-stage attacks to target organisations merely as a distraction to perform other related attacks, alongside player or attacker motivations can create many possibilities and as such, generalisation can help reduce the attacks into a manageable scale protecting your network. Figure 4 shows how games and abstract coding can be used to create predictive cyber responses. Can be used with reference monitor maths i.e. to develop [16] firewalls with a mathematical approach that satisfies the cyber universe and its requirements i.e next generation firewalls.
Figure 4: Games and abstractions.
Cyber emergence alongside other sciences
The science of economics is extremely crucial to cyber security. The social aspect of supply and demand combined with the notion that the purpose of production and consumption predicates that economic models can be used to sell products and services in times of siege. For example, the news increasingly demonstrates that company sites have had customer data stolen, and the ability to predict these pedagogical threats can fuel the economic needs of cyber security.
The medical professional uses experiences, science and chemicals along with biological knowledge to know how medicines are expected to react and heal the body, there are significant tests that occur to investigate different outcomes till an acceptable one is found. Thus, the same science of detecting pathogens for the immune system to contain infections is similar to that of algorithm analysis for technology threats. For example, when a threshold is met, the body knows how to respond i.e. inflammation can occur before returning back to normal. Advances like cyborg creation the need for different applications of cyber security is still being researched, this includes the business enterprise needs for self-cleaning systems are likely to be the next step to ensure when the cyberattack occurs the measurable infection effects are reduced.
The science of depreciation plays an important role when considering the life cycle of a computer asset. If a computer is not part of an active ecosystem then its weakness will likely grow, as its hardware might not get updated whilst other platform components do, or if left un patched overtime the vulnerability increases and the machine can be infected, thus the economics of cyber security products and in the case of vendor technologies is very important.
Cyber Security & Computer Science
To find answers to cyber questions, often the problem is defined from first principles; the approach by computer science is very different as it typically understands only how to achieve a certain task. Cyber security allows the levels of abstraction to understand how to transcend technology attacks but still be able to demonstrate them within a computer science understanding.
The computer science approach of formal method research programs enables confidence that the system will perform confidently. A formal approach to a new threat vector or cyber product development ensures rigours reasoning including programming logics and model design verification. Microsoft employs this approach to validate device drivers and Intel uses the same approach to validate chip designs [17].
Computer science traditionally used HA configurations to provide fault tolerant services. Outside the network work environment, for Cyber Security, the Byzantine fault-tolerance model [18] can be used to provide continued service whilst faulty components are fixed thus during a cyber-attack the byzantine fault-tolerant could resist attacks albeit providing a degraded service thus if adopted during the design phase of cyber security products then vendors will likely fuel innovation for example the google protocol SPDY has further fuelled innovation variations like ( Internet of Things HTTP ) IOT-HTTP [19]. It is the scientific understanding that the original requirements for HTTP are very different to how the internet is using the protocol today. As such, the weakness that manifest itself through cyber issues are accepted as constraints of the fundamental protocol. HTTP2 formally known as SPDY is a scientific adaption of external variables forcing the original platform to remain responsive to its application and environment.
The science of cybersecurity involves understanding of unknown behaviours and as such would employ experimental computer science techniques as a supportive science only. Engineering a secure system is different to building prototypes as it allows the validation of cyber security concepts as emergent behaviours. Computer Science provides the engineer with tools and methods to create a product whose requirements have already been scoped, financed and committed to. The Science of Cyber Security looks at providing committable solutions to new threats often unknown and with significant costs associated to provide offensive and defensive methods cyber requirements of a business requires significant understanding.
New infrastructure technologies like Solar technology or Wind technology that provides a commodity from natural resources also now requires a cyber understanding [20]. Whilst the concepts are not new, its application into computer science through the advancement of technology creates constraints. As the application is only as successful as the limitation of technology and its human use, this demonstrates that the science of cyber security is grand in nature as variables from difference sciences can be applied to understand requirements. Solar platforms combined with quantum technology [21] is adopting fast progression. It demonstrates that if the principals of security are still being advanced then the application of metaphysical interactions is a science itself and through the medium of technology, the scientific approach of cyber security is a stable one.
Conclusion
Whilst computer science created products that commoditised security within IT, its application of emergent technologies and its use in different innovations led the science of cyber security to formalise. Traditional computer science products were designed to be used within silo one domain and with concepts like BYOD the perimeter of technology core interaction is often hybrid as such, efforts for security are based on variables outside the control of enterprise products. The science of cyber security now involves choosing the best architecture, cartography (technical controls to manage risk policy) providing consideration to game theory and abstraction, productive security (security choices to help productivity). Cyber platforms are still maturing and the use of technology is fast changing, thus experimentation supported by laboratories will need test beds where controlled experiments can be run.
Like this paper, cyber security means many things to many people, based on experiences and environment. The byzantine approach enables progression with collective substance. The authors global experience of cyber security can be very different to the perceptions of a local engineers experience, thus the abstraction of perception with granular pragmatics is itself the science of cyber security. Knowing the technology estate build and its core components is simply to create the baseline for the domain, with new platforms emerging, the science of how multi domain technologies remain secure with unknown threat vectors find a scientific approach an appealing one as it allows standardisation to create a unique cyber approach specific to your environment.
Note: All reference available on request.
Progression of Security
Security products are now a commodity of most IT departments and the realisation of innovation is fuelling the understanding of cyber security as a science. As technology adapts, the application changes and a scientific approach is used to manage the new uncharted area. Cyber-security is an artificially constructed environment that is only weakly tied to the physical universe [1]. This abstraction can be understood through the science of mathematics, physics and Pedagogical reasoning as the need for consideration to the relationship between properties of the abstract model and the real system need to exist as measurable variables.
It is the very constraints of computer systems that require metric definition i.e. the metrics to understand its weakness. Through metrics it is possible to document variables which is why most cyber security platforms contains strong analytical components [2] as the metrics help qualify the security posture of an enterprise and its system. Within the enterprise, threat vectors are assigned weights and severity levels to help provide a statistical understanding of the environment with respect to people, process and technology. This level of metrics can assist in detection, anticipation and recovery of an attack inside and outside the network boundary.
Integrity of CIA can be measured through tools [3] that help qualify the results of audits and also look at system states, such as, abnormal executables, file manipulation or illegal profile and log amendment.
To continue to gather statistically sound data for scientific understanding through quantitative understanding, security heads also look at the health status of basic components using tools like Symantec Altiris [4] that look at operating system and application patch levels.
The analysis of all this security data, allows the security heads to understand to what extent the estate is protected against known signature attacks and ensures the relevant response mechanism are in place based on the frequency seen in metric analysis. The analysis will also provide the manager scope to understand how an organisations people, process and technology adapt to changing attack vectors like zero attacks. Additionally, now it is common for vendors to provide threat landscape debriefs like IBM X-Force Exchange [5] that can be used to understand threat vectors across an entire industry to help ascertain if that evolving threat landscape needs for your environment to make changes whilst vectors in the wild are gaining momentum like Poodle and HeartBleed [6] did.
These vendor products demonstrate that understanding the scientific enterprise for cyber security is more than reducing binary mathematics down to 1 and 0. Peter Gallison [7] researched the science in cybersecurity to a “Manichaean science” and how the basic definition of cyber security is imprecise as the unknown is often adversarial based. Further, this includes now content violation like internet hate crimes, brand damage on social sentiment sites or even website defacement due to differing political views.
As these products evolve they do so by evidence based research into cyber security to define requirements. Cyber Security Cartography Program [8] have been created to research sociotechnical understanding using visualisation technics to systematically synthesis outputs to create novel constructs of research paradigms. Its focus is to investigate asset compliance behaviours with regards to controls against risks to help security managers provide a robust security roadmap practically this would eventually augment into concepts like automata.
Momentum of Cyber adoption
As different theories gain popularity to provide answers of cyber issues, their use within the enterprise is refined further and eventually into vendor products to provide a licensable service, for example, model-checking validates assertions about specification. It uses empirical and statistical analysis for analysing well defined cyber threats like IPS signatures. Heuristic analysis helps identify new attack approaches including threat modelling of new variables and its outcomes by testing security on running systems, further products like FireEye [9] perform specific behavioural analysis computation and of security systems using semantics based program analysis by sandboxing the unknown threat vector within a contained environment to know when executed what significant impact it will have.
A follow on from sandboxing for unknown programs, machine learning is being developed [10] to identify open source indicators program using publically available sources from social media sites to stock market sites to forecast eventualities. This for example could look at the virus Code-Red that when analysed with machine code reflecting epidemiological-style modelling helped concluded [7] that responding to an attack before it materialises gives stronger success mitigation factor, the science of looking at other vendor equipment in your environment would help you to commit to actionable items, the variables involved are showing in Figure 1 below.
Figure1: Cyber Security Dynamic Foundation
Obfuscation and Cryptography is another area security engineers would need to apply reasoning. The product Cipher-Cloud [11] has created strong encryption or tokenisation to serve the exact purpose of Type and Set theory [12]. The need for code obfuscation and type theory provides important insights into the construction of code to promote the level of data protection required. This adapted into the science of cybersecurity would need to include richer specifications, hybrid environments and ability to accommodate adversaries. Peter Neumann [13] summarized the situation well when he opined about implementing cybersecurity, “If you think cryptography is the answer to your problem, then you don’t know what your problem is.”
This perception of cyber security is a valid if your security operations centres only focuses on infrastructure iterations. By considering external threat across the entire estate solutions like ArcSight [14] put Trace theory into practice. It can take an event-trigger and associate a state to it that represents characteristic of the overall trace state. The sets of traces build till the trace properties are mature and eventually creates a correlation between the values of the two variables across all traces.
Figure 2 below demonstrates how within the general topic of security, the science of economics, human factors, technology and business requirements can manifest as the science of cyber security within a security operations centre.
Figure 2: Cyber Security Framework
The ability to correlate events whilst responding to external threats can cause a security manager to consider non-commercial activities like state sponsored DDoS attacks. The science of Game theory can help in mitigation efforts to know how to apply the allocation of resources to protect the attack surface or often used to analysed the prisoners dilemma for insider or disgruntled employee interactions as demonstrated by [15], figure 3 further shows this as Security Game theory:
Figure 3: Security Game Theory
Thus during cybersecurity attack becomes a situation as the motivations are unknown, they adapt in persistence levels and can occur over a long stretch of time like slow Ddos attacks. The science of hacktivism is now commercialised into a commodity, such as attacks-as-a-service to provide multi-stage attacks to target organisations merely as a distraction to perform other related attacks, alongside player or attacker motivations can create many possibilities and as such, generalisation can help reduce the attacks into a manageable scale protecting your network. Figure 4 shows how games and abstract coding can be used to create predictive cyber responses. Can be used with reference monitor maths i.e. to develop [16] firewalls with a mathematical approach that satisfies the cyber universe and its requirements i.e next generation firewalls.
Figure 4: Games and abstractions.
Cyber emergence alongside other sciences
The science of economics is extremely crucial to cyber security. The social aspect of supply and demand combined with the notion that the purpose of production and consumption predicates that economic models can be used to sell products and services in times of siege. For example, the news increasingly demonstrates that company sites have had customer data stolen, and the ability to predict these pedagogical threats can fuel the economic needs of cyber security.
The medical professional uses experiences, science and chemicals along with biological knowledge to know how medicines are expected to react and heal the body, there are significant tests that occur to investigate different outcomes till an acceptable one is found. Thus, the same science of detecting pathogens for the immune system to contain infections is similar to that of algorithm analysis for technology threats. For example, when a threshold is met, the body knows how to respond i.e. inflammation can occur before returning back to normal. Advances like cyborg creation the need for different applications of cyber security is still being researched, this includes the business enterprise needs for self-cleaning systems are likely to be the next step to ensure when the cyberattack occurs the measurable infection effects are reduced.
The science of depreciation plays an important role when considering the life cycle of a computer asset. If a computer is not part of an active ecosystem then its weakness will likely grow, as its hardware might not get updated whilst other platform components do, or if left un patched overtime the vulnerability increases and the machine can be infected, thus the economics of cyber security products and in the case of vendor technologies is very important.
Cyber Security & Computer Science
To find answers to cyber questions, often the problem is defined from first principles; the approach by computer science is very different as it typically understands only how to achieve a certain task. Cyber security allows the levels of abstraction to understand how to transcend technology attacks but still be able to demonstrate them within a computer science understanding.
The computer science approach of formal method research programs enables confidence that the system will perform confidently. A formal approach to a new threat vector or cyber product development ensures rigours reasoning including programming logics and model design verification. Microsoft employs this approach to validate device drivers and Intel uses the same approach to validate chip designs [17].
Computer science traditionally used HA configurations to provide fault tolerant services. Outside the network work environment, for Cyber Security, the Byzantine fault-tolerance model [18] can be used to provide continued service whilst faulty components are fixed thus during a cyber-attack the byzantine fault-tolerant could resist attacks albeit providing a degraded service thus if adopted during the design phase of cyber security products then vendors will likely fuel innovation for example the google protocol SPDY has further fuelled innovation variations like ( Internet of Things HTTP ) IOT-HTTP [19]. It is the scientific understanding that the original requirements for HTTP are very different to how the internet is using the protocol today. As such, the weakness that manifest itself through cyber issues are accepted as constraints of the fundamental protocol. HTTP2 formally known as SPDY is a scientific adaption of external variables forcing the original platform to remain responsive to its application and environment.
The science of cybersecurity involves understanding of unknown behaviours and as such would employ experimental computer science techniques as a supportive science only. Engineering a secure system is different to building prototypes as it allows the validation of cyber security concepts as emergent behaviours. Computer Science provides the engineer with tools and methods to create a product whose requirements have already been scoped, financed and committed to. The Science of Cyber Security looks at providing committable solutions to new threats often unknown and with significant costs associated to provide offensive and defensive methods cyber requirements of a business requires significant understanding.
New infrastructure technologies like Solar technology or Wind technology that provides a commodity from natural resources also now requires a cyber understanding [20]. Whilst the concepts are not new, its application into computer science through the advancement of technology creates constraints. As the application is only as successful as the limitation of technology and its human use, this demonstrates that the science of cyber security is grand in nature as variables from difference sciences can be applied to understand requirements. Solar platforms combined with quantum technology [21] is adopting fast progression. It demonstrates that if the principals of security are still being advanced then the application of metaphysical interactions is a science itself and through the medium of technology, the scientific approach of cyber security is a stable one.
Conclusion
Whilst computer science created products that commoditised security within IT, its application of emergent technologies and its use in different innovations led the science of cyber security to formalise. Traditional computer science products were designed to be used within silo one domain and with concepts like BYOD the perimeter of technology core interaction is often hybrid as such, efforts for security are based on variables outside the control of enterprise products. The science of cyber security now involves choosing the best architecture, cartography (technical controls to manage risk policy) providing consideration to game theory and abstraction, productive security (security choices to help productivity). Cyber platforms are still maturing and the use of technology is fast changing, thus experimentation supported by laboratories will need test beds where controlled experiments can be run.
Like this paper, cyber security means many things to many people, based on experiences and environment. The byzantine approach enables progression with collective substance. The authors global experience of cyber security can be very different to the perceptions of a local engineers experience, thus the abstraction of perception with granular pragmatics is itself the science of cyber security. Knowing the technology estate build and its core components is simply to create the baseline for the domain, with new platforms emerging, the science of how multi domain technologies remain secure with unknown threat vectors find a scientific approach an appealing one as it allows standardisation to create a unique cyber approach specific to your environment.
Note: All reference available on request.
-
Former Community Member
-
Cancel
-
Vote Up
0
Vote Down
-
-
Sign in to comment
-
More
-
Cancel
Comment-
Former Community Member
-
Cancel
-
Vote Up
0
Vote Down
-
-
Sign in to comment
-
More
-
Cancel
Children