Computer scientists need to collaborate with their counterparts in the natural and social sciences to advance cybersecurity research, according to a new report from the National Academies of Sciences, Engineering and Medicine.
Carnegie Mellon University's Baruch Fischhoff co-chaired the Committee on Future Research Goals and Directions for Foundational Science in Cybersecurity, along with Peter Weinberger from Google. Roy Maxion, research professor in the School of Computer Science, was also a committee member.
Online environments have become essential to both the public and private sectors, affecting everything from the power grid to the banking system. Asked to identify key research opportunities, the committee called for supporting an interdisciplinary security science, capable of broad application.
"The strategies and procedures to secure cyber technologies would be improved through a better understanding of the social, behavioral and decision sciences because people are an integral component — in designing technologies, operating them, allocating security resources — and in attacking them," said Fischhoff, the Howard Heinz University Professor in the Dietrich College of Humanities and Social Sciences' Institute for Politics and Strategy and the College of Engineering's Department of Engineering and Public Policy.
The committee made four broad recommendations: support a long-term, inclusive, multidisciplinary approach to security science; integrate the behavioral, organizational and decision sciences into the research effort; integrate engineering and operations for a lifecycle understanding of systems; and sustain long-term support for security science research, providing institutional and community opportunities to support these approaches.
As a step toward implementing these recommendations, the report strongly encourages adapting experimental methods and investigational approaches from the natural and social sciences to the special demands of cybersecurity research — as a complement to detailed system design.
Fischhoff took part in the 14-person committee made up of members from industry and academia.
The project was initiated by the federal government's Special Cyber Operations Research and Engineering (SCORE) Interagency Working Group and sponsored by the National Science Foundation.
"More of computer science research, particularly in cybersecurity, could benefit from developing a foundationally sustained science and by incorporating lessons learned in experimental design and analysis from other disciplines into a science of security," Maxion said.
The report also examined areas in more traditional cybersecurity topics, such as cryptography and systems engineering.
"We engage in critical issues of national security through CMU's work in politics and strategy, as well as engineering, public policy and computer science. Cybersecurity is headed toward a more multidisciplinary approach, ideally suited for the kind of collaboration we see at CMU," Fischhoff said.
A PDF of the report is available online from the National Academies Press.