Shostack + Friends Blog

 

Valuing CyberSecurity Research Datasets

A paper at the Workshop on the Economics of Information Security titled “Valuing CyberSecurity Research Datasets” focuses on the value of the IMPACT data sharing platform at DHS, and how the availability of data shapes research. screenshot of article mentioned in this post

There was a really interesting paper at the Workshop on the Economics of Information Security. The paper is "Valuing CyberSecurity Research Datasets."

The paper focuses on the value of the IMPACT data sharing platform at DHS, and how the availability of data shapes the research that's done.

On its way to that valuation, a very useful contribution of the paper is the analysis of types of research data which exist, and the purposes for which it can be used:

Note that there has been considerable attention paid to information sharing among operators through organizations such as ISACs. In contrast, we examine data provisioning done primarily for research purposes. Cybersecurity data resides on a use spectrum – some research data is relevant for operations and vice versa. Yet, as difficult as it can be to make the case for data sharing among operators, its even harder for researchers. Data sharing for research is generally not deemed as important as for operations. Outcomes are not immediately quantifiable. Bridging the gap between operators and researchers, rather than between operators alone, is further wrought with coordination and value challenges. Finally, research data is often a public good, which means it will likely be undervalued by the parties involved.

The paper enumerates benefits of research, including advancing scientific understanding, enabling infrastructure, creating parity in access to ground truth(s) for academics, technology developers, and others who don't directly gather data. It also enumerates a set of barriers to research, including legal and ethical risk, costs, value uncertainty, and incentives.

These issues were highly resonant for me, because our near miss work certainly encounters these issues of value uncertainty and cost as we consider how to move beyond the operational data sharing that ISACs enable.

I'm very glad to see the challenges crystalized in this way, and we haven't even reached the main goal of the paper, which is to assess how much value we get from sharing data.

While talking about this paper Robert Lemos has a story at Dark Reading, and Ross Anderson liveblogged the WEIS conference.