Abstract

A scientific perspective on cyber security (a “science of cyber security”) is growing as a sound and respected area of research. In this talk we discuss how an empirical perspective enhances our understanding of how to create efficiently secure cyber infrastructure. In particular we discuss four questions that reflect “delusions” that we at the CERT Program see as endemic in the practice of cyber security.

1. If code correctness is improving, why do exploits continue to rely on known avoidable programming mistakes?
2. If policies are effective, why do unimplemented or ineffective policies continue to be an enabling element of major incidents?
3. If monitoring provides useful situational awareness, why do so many significant intrusions remain undetected for weeks? months? years?
4. If proficient response capabilities exist, why are even sophisticated victims challenged to quickly and effectively investigate, mitigate and recover?

We discuss our recent work in synthetic data generation and other work at CERT that strives to take sound scientific approaches to understanding and solving the challenges of creating and operation efficiently secure cyber infrastructure.

Some of the publicly available cyber security information and tools from the CERT Program include:

Secure Coding, http://www.cert.org/secureRcoding

Resiliency, http://www.cert.org/resilience

Cyber Training, http://www.cert.org/work/training.html

Insider Threats, http://www.cert.org/insider_threat

Forensics, http://www.cert.org/forensics

Network Monitoring, http://tools.netsa.cert.org

Fuzz Testing, http://www.cert.org/download/bff

Additional information is available at www.cert.org and in the 2010 CERT Research Report, www.cert.org/research/2010researchRreport.pdf.