Social Behavioral and Economic Sciences (SBE) in Secure and Trustworthy Cyberspace (SaTC)

Peter MuhlbergerProgram Director

SBE / SaTC

Motivation

• Government, industry, scientists, cybersecurity people worried about American vulnerabilities– Estimates of home user machines that are

compromised: 15-50%– Estimated amount of corporate information hacked

each day: petabytes– Anticipated vulnerability to cyberattack by state

actors: e.g., (unsophisticated) Iran cyber attacks at multiple U.S. banks, including Capital One

• Greater cybersecurity is a pressing national need.

Why SBE sciences?• Increasing recognition by government officials and computer scientists that cybersecurity is

not merely a technical problem– Attackers: intentional agents

• Look for and find vulnerabilities

– Users: intentional and imperfect agents• Intentions & incentives / motivation: insider threat• Intentions & incentives: trying to get work done in competitive environments, often don’t make time for arcane

issues• Numerous limitations in cognitive processes

• Addressing cybersecurity issues necessarily involves addressing the human component of these issues

• SBE sciences offer a rigorous, scientific approach to developing generalizations about human motivation, behavior, and cognition– Such an approach should be more effective than purely applied approaches: allows abstraction,

generalization; allows understanding causal mechanisms; allows prediction– Admittedly, the capacity and accuracy of generalization and prediction in the social sciences is not like

in physics, but few things are– Still, we can do better than hit or miss, purely applied approaches– Can tap enormous literatures and apply these in cybersecurity settings, perhaps with new twists

SBE Challenges• Computer scientists and govt officials not familiar• Particularly not familiar with non-economic approaches

– NITRD: Networking and Information Technology Research and Development Subcommittee has defined 5 Cybersecurity R&D Themes• Only one of these is social science and calls for research in cybereconomic incentives

• A broad swath of the social sciences could be brought to bear, including research in economic incentives and systems, cognition, motivation, organizations, political actors, social networks, criminology and much more.– Behavioral economics: Already aware of ‘non-economic’ approaches

• A challenge to social scientists but also computer scientists: to know enough about each other’s work to see what might prove highly fruitful if strands of research were combined.

• Another challenge: working together while meeting career goals.

Goals for Today

• Build awareness of what is going on in the social sciences and computer sciences

• Identify what might prove valuable to your research

• Make connections that might eventually grow into collaborations