On November 10, World Science Day for Peace and Development is observed globally. On the occasion of this special day, let’s shed some light on a controversial issue. Is Cybersecurity a science? Generally speaking, cybersecurity is considered to be a sub-discipline of computer science, leaning heavily on the areas of mathematical, physical and social science.
In November 2008, the NSA, IARPA and the NSF convened the “Workshop on the Science of Security” in Berkeley, California. The conversation aimed at the complexity of creating a fundamental science of cybersecurity that would embrace “a body of knowledge containing laws, axioms and provable theories relating to some aspect of system security” as the Global Science of Security Virtual Organization (SoS VO) points out.
However, there is an ongoing debate regarding whether cybersecurity can be classified as a traditional science, due to the fact that much of the research in this field involves developing theories and models that are not easily testable. Additionally, while there are some widely accepted principles in cybersecurity, experts often disagree on the most effective ways to implement them.
The Science of Cybersecurity was first introduced in a document published by the MITRE Corporation in November 2010. In line with this text, Cybersecurity borrows analogies from other science fields such as epidemiology, economics and clinical medicine. This document indicates several sub-fields of computer science that are related to cybersecurity such as Trust, Cryptography, Game theory, Model checking, Machine learning, Composition of components.
Some specific examples of how cybersecurity research is using scientific methods:
- Using statistical analysis to identify patterns in cyberattack data.
- Using mathematical models to simulate the behavior of cyberattackers.
- Using economic models to assess the costs and benefits of different security controls.
Cybersecurity is a multiplex and ever-changing field that involves various scientific disciplines. Although there are debates about whether it can be considered a science in the traditional sense, most cybersecurity experts agree that it is a scientific field. In today’s world, where cyber threats are rapidly evolving, it is crucial to stay updated with the latest scientific advancements in both theory and practice. By doing so, we can ensure sustainability and progress in cybersecurity.
We build trust in science, we stay aware, we create evidence-based solutions, we stay resilient.