INSCT’s online CyberINS web application tool incorporates an open-source aggregate dataset of cyber incidents—with special emphasis on “incidents of national significance”—to understand empirically cyber incidents, critical vulnerabilities, cybersecurity, and conflict behaviors and norms.
CyberINS draws upon published vulnerability data from the private and public sectors and processes the data through a set of scoring rules to identify cyber incidents with potential national security implications.
As far as INSCT can determine, CyberINS is the only dynamic cyber incidents tool available that:
- Uses open source data.
- Adds research-driven analytical determinations to existing cyber incident reporting.
- Makes empirical assessments about cyber events in terms of their national significance.
CyberINS Project Goals
The research goal of the CyberINS Project is to develop an open-source dataset of cyber incidents to aid interdisciplinary research efforts in order to describe and understand conflict and security behavior and norm dynamics in cyberspace, with a special emphasis on “incidents of national significance.”
This research advances social science cybersecurity inquiry empirically, theoretically, and methodologically. Through this research, empirical social science methods are integrated with engineering systems perspectives on securing cyberspace.
The proposed research has the following broad, interdependent objectives:
- Investigate the nature of cybersecurity from the vantage point of actual security incidents, breaches, intrusions, and targeted attacks.
- Inductively identify security and conflict variables garnered from actual cyber incident data.
- Use computational methods creatively to describe cybersecurity norms and conflict behavior, especially its patterns, volume, spectrum, and diversity of incident types and actors.
- Derive descriptive categories from this data to generate standardized critical concepts and definitions across different application settings.
- Identify the discrepancy between existing and emergent cyber norms and presumed cyber conflict behavior evident in the data and particularly in government and preparedness frameworks.
- Generate new frameworks and ideas for developing interdisciplinary educational programming that addresses cybersecurity research, diversity, and the needs of the US technical workforce.
Definition: Cyber Incidents of National Significance
The US Department of Homeland Security (DHS) defines “Incidents of National Significance” as “high-impact events that require an extensive and well-coordinated multiagency response to save lives, minimize damage, and provide the basis for long-term community and economic recovery.” (See the DHS National Response Plan.)
The CyberINS tool uses DHS’s US Computer Emergency Readiness Team (US-CERT) incident reports
- To generate one of the few open-source databases for assessing cyber activity today.
- To identify severe cyber events determined by our research-based scorecard.
CyberINS uses weekly US-CERT vulnerability bulletins to identify cyber incidents in general. US-CERT garners its vulnerability data from the US Department of Commerce’s National Institute of Standards and Technology’s(NIST) National Vulnerability Database (NVD). NIST describes the NVD database of alerts by three levels of vulnerability, using the standard Common Vulnerability Scoring System (CVSS):
- High severity vulnerability: scored at 7.0-10.0
- Medium severity vulnerability: scored at 4.0-6.9
- Low severity vulnerability: scored 0.0-3.9