Cyber Incidents of National Significance

At the core of this research is the premise that the goal of securing cyberspace must be grounded in an empirical portrait of actual cyber conflict behavior and security norms. The CyberINS online database draws upon published vulnerability data and processes it through a set of scoring rules to identify cyber incidents with potential national security implications.

As far as INSCT can determine, CyberINS is the only dynamic cyber incidents tool that uses open source data, adds research-driven analytical determinations to existing cyber incident reporting, and makes empirical assessments about cyber events in terms of their national significance.

Project Goals

The overarching research goal of CyberINS is to develop an open-source dataset for cyber incidents to aid interdisciplinary research efforts to describe and understand conflict and security behavior and norm dynamics in cyberspace, with a special emphasis on “incidents of national significance.” The purpose of this research is to advance social science cybersecurity inquiry empirically, theoretically, and methodologically and to integrate engineering systems perspectives on securing cyberspace with promising empirical social science methods.

Research Objectives

The research has the following broad, interdependent objectives:

  1. Investigate the nature of cybersecurity from the vantage point of actual security incidents, breaches, intrusions, and targeted attacks.
  2. Inductively identify security and conflict variables garnered from actual cyber incident data.
  3. Use computational methods creatively to describe cybersecurity norms and conflict behavior, especially its patterns, volume, spectrum, and diversity of incident types and actors.
  4. Derive descriptive categories from this data to generate standardized critical concepts and definitions across different application settings.
  5. Identify the discrepancy between existing and emergent cyber norms and presumed cyber conflict behavior evident in the data and particularly in government and preparedness frameworks.
  6. Generate new frameworks and ideas for developing interdisciplinary educational programming that addresses cybersecurity research, diversity, and the needs of the US technical workforce.

Open-Source CyberINS Tool

Visit the CyberINS Web Application

INSCT’s CyberINS tool is an open-source aggregate dataset of cyber incidents, with special emphasis on “incidents of national significance,” to understand empirically cyber incidents, critical vulnerabilities, cybersecurity, and conflict behaviors and norms. CyberINS draws upon published vulnerability data from the private and public sectors and processes the data through a set of scoring rules to identify cyber incidents with potential national security implications.

As far as INSCT can determine, the open-source CyberINS tool is the only dynamic cyber incidents tool available that:

  1. Uses open source data.
  2. Adds research-driven analytical determinations to existing cyber incident reporting.
  3. Makes empirical assessments about cyber events in terms of their national significance

Definition: Cyber Incidents of National Significance

The US Department of Homeland Security (DHS) defines “Incidents of National Significance” as “high-impact events that require an extensive and well-coordinated multiagency response to save lives, minimize damage, and provide the basis for long-term community and economic recovery.” (See the DHS National Response Plan.)

The CyberINS tool uses DHS’s US Computer Emergency Readiness Team (US-CERT) incident reports …

  1.  To generate one of the few open-source databases for assessing cyber activity today.
  2.  To identify severe cyber events determined by our research-based scorecard.

INSCT’s Cyber INS tool uses weekly US-CERT vulnerability bulletins to identify cyber incidents in general, with a focus on “incidents of national significance.” US-CERT garners its vulnerability data from the Department of Commerce’s National Institute of Standards and Technology’s (NIST) National Vulnerability Database (NVD).  NIST describes the NVD database of alerts by three levels of vulnerability, using the standard Common Vulnerability Scoring System (CVSS):

  • High severity vulnerability: scored at 7.0-10.0
  • Medium severity vulnerability: scored at 4.0-6.9
  • Low severity vulnerability: scored 0.0-3.9
Contact Contact
Corri Zoli, Director of Research
cbzoli@syr.edu | 315.443.4523