On October 23rd, 2014, we updated our
By continuing to use LinkedIn’s SlideShare service, you agree to the revised terms, so please take a few minutes to review them.
Peter Muhlberger - SaTC Cyber CafePresentation Transcript
Social Behavioral and Economic Sciences (SBE) in Secure andTrustworthy Cyberspace (SaTC) Peter Muhlberger Program Director SBE / SaTC
Motivation• Government, industry, scientists, cybersecurity people worried about American vulnerabilities – Estimates of home user machines that are compromised: 15-50% – Estimated amount of corporate information hacked each day: petabytes – Anticipated vulnerability to cyberattack by state actors: e.g., (unsophisticated) Iran cyber attacks at multiple U.S. banks, including Capital One• Greater cybersecurity is a pressing national need.
Why SBE sciences?• Increasing recognition by government officials and computer scientists that cybersecurity is not merely a technical problem – Attackers: intentional agents • Look for and find vulnerabilities – Users: intentional and imperfect agents • Intentions & incentives / motivation: insider threat • Intentions & incentives: trying to get work done in competitive environments, often don’t make time for arcane issues • Numerous limitations in cognitive processes• Addressing cybersecurity issues necessarily involves addressing the human component of these issues• SBE sciences offer a rigorous, scientific approach to developing generalizations about human motivation, behavior, and cognition – Such an approach should be more effective than purely applied approaches: allows abstraction, generalization; allows understanding causal mechanisms; allows prediction – Admittedly, the capacity and accuracy of generalization and prediction in the social sciences is not like in physics, but few things are – Still, we can do better than hit or miss, purely applied approaches – Can tap enormous literatures and apply these in cybersecurity settings, perhaps with new twists
SBE Challenges• Computer scientists and govt officials not familiar• Particularly not familiar with non-economic approaches – NITRD: Networking and Information Technology Research and Development Subcommittee has defined 5 Cybersecurity R&D Themes • Only one of these is social science and calls for research in cybereconomic incentives• A broad swath of the social sciences could be brought to bear, including research in economic incentives and systems, cognition, motivation, organizations, political actors, social networks, criminology and much more. – Behavioral economics: Already aware of ‘non-economic’ approaches• A challenge to social scientists but also computer scientists: to know enough about each other’s work to see what might prove highly fruitful if strands of research were combined.• Another challenge: working together while meeting career goals.
Goals for Today• Build awareness of what is going on in the social sciences and computer sciences• Identify what might prove valuable to your research• Make connections that might eventually grow into collaborations