science represents three things: a philosophy, a body of knowledge, and a process to discover knowledge. (Location 393)
What science is not is engineering. Engineering turns the knowledge gained through science into usable applications and solutions to address challenges or problems. (Location 398)
In the case of cyber security, the goal of scientific exploration is to gain the knowledge to make it possible to quantify security and predict what tools and practices will enable us to thwart or stymie cyber attackers. (Location 409)
Test beds are necessary in order to advance our knowledge. (Location 443)
Applied research leverages concepts and techniques from the other forms of research to study and assess our ability to apply knowledge to solving or addressing a societal problem. Applied research is a core topic in cyber security research because the overall objective of securing a system is applied. (Location 454)
In the absence of experiments to challenge our assumptions, the apparent progress we’re making is an illusion. (Location 479)
Some research methods generate stronger evidence than others, (Location 494)
The paradox is that our ability to assess where we are in the continuum is often thwarted by strongly held beliefs. It is exactly for this reason that the scientific method is essential for advancing our knowledge of the world around us. (Location 553)
In the 1962 book “The Structure of Scientific Revolutions” physicist and philosopher Thomas Kuhn coined the phrase paradigm shift to attempt to explain the societal influence on science. (Location 575)
The desire by policy makers is to base their decisions on certainty. A scientist can only represent the data and their interpretations. (Location 639)
An important subtlety of the second law is that the velocity of the planet must change over the course of the orbit for the equal intervals to have equal areas. The planet accelerates as it gets closer to the Sun and decelerates as it moves farther away from the Sun. (Location 723)
Science is fundamental to assembling evidence in support of discovery. What science can’t do is provide absolute answers. (Location 933)
Chapter 2
The technological perspective is that cyber space encapsulates data or information and the technology that is necessary to transmit it. (Location 1024)
Cyber security controls are the tools and techniques by which levels of security attributes can be applied to a system. A significant amount of applied research has focused on building security controls. (Location 1199)
All security controls must reflect a policy. A control without a policy is meaningless and policy without a control is useless. (Location 1202)
cyber space is constantly in flux as new technologies, hardware, and software are developed. (Location 1412)
Cyber security science is not for answering the question of “what are the physics of cyber space,” but instead “what physics of cyber space would be necessary to achieve the behavior/response we want and how do we create that cyber space.” (Location 1419)
The metaphysical nature of cyber space is also different than physical space as we still lack the mathematical constructs to define it. Geometry is a math of defining physical space where blocks of matter and mass can be mathematically described. We lack this ability to define cyber space. Length, distance, and other measures have no bearing in cyber space. In addition, concepts such as force in physical space also has no known corollary in cyber space. What all of this means is that there has not been any discovered first principles of cyber space. (Location 1479)