Professional Documents
Culture Documents
PDF Cybersecurity in Humanities and Social Sciences A Research Methods Approach Hugo Loiseau Ebook Full Chapter
PDF Cybersecurity in Humanities and Social Sciences A Research Methods Approach Hugo Loiseau Ebook Full Chapter
https://textbookfull.com/product/qualitative-research-methods-
for-the-social-sciences-ninth-edition-berg/
https://textbookfull.com/product/nation-building-education-and-
culture-in-india-and-canada-advances-in-indo-canadian-humanities-
and-social-sciences-research-k-gayithri-editor/
https://textbookfull.com/product/the-first-outstanding-50-years-
of-universita-politecnica-delle-marche-research-achievements-in-
social-sciences-and-humanities-sauro-longhi/
https://textbookfull.com/product/advanced-research-methods-for-
the-social-and-behavioral-sciences-john-e-edlund/
How to Get Grant Money in the Humanities and Social
Sciences 1st Edition Raphael Brewster Folsom
https://textbookfull.com/product/how-to-get-grant-money-in-the-
humanities-and-social-sciences-1st-edition-raphael-brewster-
folsom/
https://textbookfull.com/product/psychiatry-in-crisis-at-the-
crossroads-of-social-sciences-the-humanities-and-neuroscience-
vincenzo-di-nicola/
https://textbookfull.com/product/advancing-energy-policy-lessons-
on-the-integration-of-social-sciences-and-humanities-chris-
foulds/
https://textbookfull.com/product/cultural-sustainability-
perspectives-from-the-humanities-and-social-sciences-1st-edition-
torsten-meireis-editor/
https://textbookfull.com/product/research-design-and-methods-a-
process-approach-11th-edition-bordens/
Cybersecurity in Humanities and Social Sciences
Cybersecurity Set
coordinated by
Daniel Ventre
Volume 1
Cybersecurity in Humanities
and Social Sciences
Edited by
Hugo Loiseau
Daniel Ventre
Hartmut Aden
First published 2020 in Great Britain and the United States by ISTE Ltd and John Wiley & Sons, Inc.
Apart from any fair dealing for the purposes of research or private study, or criticism or review, as
permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced,
stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers,
or in the case of reprographic reproduction in accordance with the terms and licenses issued by the
CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the
undermentioned address:
www.iste.co.uk www.wiley.com
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Daniel VENTRE, Hugo LOISEAU and Hartmut ADEN
2.4. Taxonomy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.4.1. What is a taxonomy? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.4.2. Usefulness of taxonomy . . . . . . . . . . . . . . . . . . . . . . . . . . 49
2.4.3. Rules for the construction of taxonomies . . . . . . . . . . . . . . . . 49
2.4.4. Taxonomies of cybersecurity . . . . . . . . . . . . . . . . . . . . . . . 50
2.5. Ontologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
2.5.1. What is ontology? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
2.5.2. Usefulness of ontologies . . . . . . . . . . . . . . . . . . . . . . . . . . 53
2.5.3. Rules for construction of ontologies . . . . . . . . . . . . . . . . . . . 53
2.5.4. Cybersecurity ontologies . . . . . . . . . . . . . . . . . . . . . . . . . 54
2.6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
2.7. References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Introduction
For the past 10 years or so, the human and social sciences (HSS) have been
concerned with cybersecurity. Political [DEI 10, QUI 12, CAV 19], legal
[GRA 04], strategic and economic readings have been proposed. Journals
dedicated to the study of cybersecurity provide human and social science
disciplines with spaces for discussing research from multiple viewpoints.
These include the Journal of Cybersecurity (Oxford University Press)1, the
Journal of Cybersecurity Research (JCR)2, the International Journal of
Cybersecurity Intelligence and Cybercrime (IJCIC)3, the National Journal of
Cyber Security Law4 and the Journal of Intelligence and Cyber Security5, to
name a few. Most of these academic journals have only recently been
founded. Cybersecurity, in any case, is in the process of becoming a fully
fledged subject of research in the human and social sciences, if it has not
already become this. Notwithstanding this observation, research still appears
to be relatively scattered and heterogeneous, with each discipline within HSS
grasping the issues and posing research questions based on its own
approaches, using its own theoretical and methodological apparatus.
4 http://stmjournals.com/Journal-of-Cybersecurity-Law.html.
5 https://www.academicapress.com/journals.
Introduction xi
Joseph Fitsanakis is interested in the methods, tools and theories that the
researcher can mobilize and the specific obstacles that may be encountered
in studying the challenges of State-sponsored cyber-espionage. He provides
a survey of current research on the subject in the human and social sciences,
focusing on the strategic, tactical and operational dimensions of the
phenomenon. He identifies and discusses the relevant theoretical and
conceptual tools to conduct this research.
xiv Cybersecurity in Humanities and Social Sciences
References
[CAV 19] CAVELTY M.D., EGLOFF F.J., “The politics of cybersecurity: Balancing different
roles of the state”, St Antony’s International Review, vol. 15, no. 1, pp. 37–57, 2019.
[DEI 10] DEIBERT R.J., ROHOZINSKI R., “Risking security: Policies and paradoxes of cyberspace
security”, International Political Sociology, vol. 4, no. 1, pp. 15–32, March 2010.
[DOU 14] DOUZET F., “La géopolitique pour comprendre le cyberespace”, Hérodote, vol. 1,
nos 152–153, pp. 3–21, 2014.
[GRA 04] GRADY M.F., PARISI F., “The law and economics of cybersecurity: An introduction”,
George Mason University School of Law, Working Paper Series, Paper 12, 2004.
[JOH 95] JOHNSEN W.T., JOHNSON II D.V., KIEVIT J.O. et al., The Principles of War in the
21st Century: Strategic Considerations, Department of Defense, U.S. Army War College,
Carlisle Barracks, USA, August 1, 1995.
[MOR 14] MOROZOV E., Pour tout résoudre, cliquez ici : l’aberration du solutionnisme
technologique, Limoges, Fyp éditions, 2014.
[PAY 83] PAYTON J., ASBURY A.J., “Computer security”, British Medical Journal, vol. 287,
pp. 965–967, 1983.
1
The “Science” of Cybersecurity
in the Human and Social Sciences:
Issues and Reflections
The scientificity of cybersecurity studies is yet to be demonstrated in the humanities and social
sciences. Among the plethora of cybersecurity research, few studies are devoted to the
methodological and scientific problems of this emerging knowledge. Indeed, from an
epistemological point of view, cybersecurity studies require a methodological critique to improve
their scientificity and credibility in relation to computer science and engineering. In this chapter,
research methods, access to data and the contributions of the human and social sciences to
cybersecurity studies are assessed. The objective of this chapter is to lay the epistemological
foundations for an operationalizable definition of cybersecurity for the human and social
sciences.
1.1. Introduction
How can human and social sciences (HSS) studies in cybersecurity claim
to be scientific? Several answers to this question come to mind, and based on
these, it is necessary to clarify the debate through an epistemological approach
to the contribution of HSS to cybersecurity studies, particularly in terms of
methodology, all within the framework of the empirical–analytical paradigm
and post-positivism, both of which are currently dominant in science.
It could also be argued that HSS research results are very abstract and ideal
compared to the results of computer science and engineering that propose
concrete software or hardware “solutions” to cybersecurity issues. The
contribution of HSS to cybersecurity would therefore be marginal since it
would not be immediately applicable to urgent technical or technological
problems. What HSS produces in cybersecurity would mobilize too many
resources (social awareness, political will, legislative changes, mental
representations, etc.) to be qualified as useful. Overall, the contribution of HSS
to cybersecurity studies would contribute little to knowledge and its real-world
application. In other words, the explanatory and practical scope of the research
produced in cybersecurity by HSS would be weak.
Moreover, in the cyber field in general, while Saleh and Hachour praise the
merits of a multidisciplinary opening towards cyber-issues in HSS [SAL 12],
Bourdeloie invites the community of HSS researchers to a vast
epistemological effort for the positioning and constructive criticism of cyber-
issues [BOU 14]. There is therefore a need for epistemological reflection on
the place of HSS in cybersecurity studies. Once this need is recognized,
contemporary epistemology teaches us that the social and human sciences
alternate between two references for scientificity, an external one in the natural
sciences and an internal one for HSS [BER 12]. Cybersecurity studies are an
exemplary example of the tension between these two references, which is
revealed in the methodological preferences of researchers. For some, the
causality of cyber phenomena can be demonstrated and explained, which is an
external reference for scientificity where the possibility of issuing general laws
is attainable (positivist approach). Whereas for others, social actors and their
behavior are more relevant scientifically, which is an internal reference for
scientificity within the HSS, and they must be understood in all their
subjectivities (constructivist approach and the related heterogeneity). The
debate is not closed and can be seen in cybersecurity studies.
This chapter will address this issue in three parts. The first will address
the central question of the methodology used in the HSS to analyze the
cybersecurity object. The second part will cover the thorny issue of the data
available to the HSS for analyzing cybersecurity. The third part will present
a proposed definition of cybersecurity that can be operationalized for and by
the HSS in order to clarify the nature of the subject matter dealt with by the
HSS. The real purpose of this chapter, beyond epistemological debates, is to
reflect on the ideal framework within which cybersecurity studies in the HSS
could reach the highest levels of scientificity, according to the rules of the art.
4 Cybersecurity in Humanities and Social Sciences
1.2. A method?
Without entering too much into this epistemological debate, and beyond
the discussion on the very notion of criteria, the issues in HSS concerning
the criteria of scientific validity can be summarized in the relevance of
transposing criteria from the natural sciences to the social sciences (external
reference) and especially how to adjust them to make them consistent with
the specific nature of HSS (internal reference) [KEM 12]. For Proulx,
generativity, i.e. the
allows the debate to be decided. The generativity of research does not imply
evaluating the value of research only on the basis of fixed, pre-existing and
independent criteria. Instead, generativity proposes assessing the value of
research based on its fertility, in terms of new ideas, new methods or new
data or results generated [PRO 15 pp. 25–27]. In our view, cybersecurity
studies, especially for the HSS, would deserve to be evaluated according to
this generativity criterion, since it is from the diversity of methods, theories
and knowledge relevant to cybersecurity that we can draw conclusions.
In our view, this is exactly the case for cybersecurity studies, which
benefit from combining their research efforts in a multidisciplinary manner
using a variety of research methods.
Figure 1.1 sets out the scientific process that filters observations,
transforms them, in fact, operationalizes them into variables and links them
into hypotheses that can form the basis of theories, which sometimes produce
scientific laws. Cybersecurity studies are, in our opinion, where the dotted line
is located, i.e. in the passage from variables to hypotheses. Of course, the
teleological nature of such a graph must be qualified, as it is only used here to
illustrate what is being said, knowing full well that this process is marked by
major jolts and setbacks. Finally, this graph illustrates the magnitude of labor
ahead for the HSS, in terms of explanatory work to reach a level of external
scientificity equivalent to that of the natural and computer sciences.
The “Science” of Cybersecurity in the Human and Social Sciences 7
In this subsequent step2 , the concepts and variables studied are linked
together in cause-and-effect relationships, in order to discover the
explanatory factors and consequences of cybersecurity. Hypothetico-
deductive methods put the different hypotheses in competition with reality
2 In this chapter, for lack of space, we will not deal with the abduction phase, which is
between the heuristic phase and the confirmatory phase.
8 Cybersecurity in Humanities and Social Sciences
In the opposite quadrant (top right) are the quantitative and hypothetico-
deductive methods used to identify trends and causalities between two
cybersecurity phenomena or between other phenomena and cybersecurity. In
the HSS, these methods mainly use correlational research strategies, discourse
or content analysis and experimental or quasi-experimental research.
10 Cybersecurity in Humanities and Social Sciences
The issue at stake is that every effect has a cause4, and cybersecurity and
its study cannot escape this truth. This constraint therefore diminishes the
possibility of achieving a complete and valid knowledge of cyberspace and
cybersecurity for both natural sciences and the HSS. In the face of this
impasse, qualitative and comprehensive research finds all its relevance.
apply and refine all of these methods to achieve a high level of general
knowledge, within the limits of what is possible, with the aim of providing
scientifically informed recommendations and thus promote the well-being of
humankind, which is the ultimate goal of all science. One challenge remains,
however, that of the validity of the data.
1.3. Data?
The second issue is the privacy of data for cybersecurity studies. These
data are of a private nature (personal data, strategic company information,
national security data, etc.). They come from individuals, from the private
and public sectors, and the vast majority of them are subject to the seal of
confidentiality. Finally, very often, these data are analyzed by private
cybersecurity companies in a contractual framework where the disclosure of
information, which is very often sensitive, is greatly restricted. The quest for
profit, not knowledge, is the main driver of this market, which encourages
the appearance of conflicts of interest. Taken together, these problems delay
or impede improvements in cybersecurity, cyber resilience or post-incident
de-escalation because the victim of the cyber-attack or cyber operation
cannot know exactly what really happened, in the way that researchers do.
survey entitled: “Canadian Cyber Security and Cyber Crime Survey” [STA 18]
covering the year 2017.
The results generated by this question are misleading. First, asking this
question assumes that the respondent is aware of the intentionality of the
The “Science” of Cybersecurity in the Human and Social Sciences 13
cyber-attacker. However, HSS has long been aware of all the methodological
pitfalls inherent in the intentionality of social actors and the difficulty of
interpretation, due to the contextualization of social action and the
construction of meaning for the actor.
Finally, this question considers that the respondent has a complete and
comprehensive view of all cybersecurity incidents in their company,
disregarding the compartmentalization of company information and
activities for security purposes. In sum, the question generates information
and results that can be analyzed, in particular, because of the sample size,
but the validity of these data is weak from a scientific point of view. Of
course, this single question does not form the empirical basis of the entire
study. Nevertheless, a very large number of such questions are found in HSS
cybersecurity investigations. The problem is that this type of data or results
is more about opinion than fact. It is therefore rather risky to build a
scientifically valid analysis on such a low-quality empirical basis, regardless
of the number of questions in the questionnaire.
The question then becomes how to improve the quality and quantity of
authentic data available to researchers. The first path of the solution returns, in
part, to the previous section of this chapter. Indeed, as illustrated in Figure 1.3,
the use of different research methods and the publication of their results will
generate back-and-forth movements between conceptualization and the field.
This back and forth between theory and reality will allow more accurate
identification and counting of these cybersecurity phenomena. As a result,
the empirical base will be broadened, deepened and improved.
The use of this method seems promising for the study of cybersecurity in
HSS, particularly in terms of the generation of evidence that can be used
scientifically or politically, and therefore has high added value [MAU 19].
However, in order to do so, research needs a structure that can ensure its
scientific production and scientific reproduction. This third way of solution
is seen through the development of an academic discipline. According to
Lévy and Lussault, a discipline is an:
The “Science” of Cybersecurity in the Human and Social Sciences 15
In the light of this definition, it is possible to see that, for the moment, the
discipline of cybersecurity in HSS is merging into something less precise,
such as Digital Humanities or Internet Studies. To our knowledge, there is
currently no multidisciplinary humanities or social science academic
discipline dedicated solely to the study of cybersecurity. There is no doctoral
program from these two fields that ensures the replication of a faculty or
research community dedicated to creating cybersecurity research programs.
There is also no systematic production of research or publication of research
results that would form a substantial body of scientific publications by the
HSS, for the HSS and other sciences, from a basic research perspective, as
well as for the practice communities concerned with cybersecurity, from an
applied research perspective. These three findings, therefore, have a major
impact on the generation of available and valid data published in serious
scientific journals or disseminated in meta-databases that are accessible to
HSS practitioners (such as the ICPSR database5, for example).
5 See: https://www.icpsr.umich.edu/icpsrweb/.
Another random document with
no related content on Scribd:
back
back
back
back
back
back
back
back
back
back
back
back
back
back
back
back
back
back