How do the principles of science relate to cybersecurity?
Science is a loaded term. It can mean a lot of different things depending on the context in which it’s used. Fundamentally, science describes the accumulation and pursuit of knowledge. More precisely, it describes the pursuit of this knowledge by means of a specific process that we refer to as the scientific method. The scientific method requires that scientific knowledge be logical, confirmable, reproduceable and scrutinizable. These requirements give scientific findings their credibility as we can be assured that established ideas have been observed, challenged, and sufficiently withstood scrutiny. This process begins with scientists forming hypotheses and constructing ways of testing these ideas. They observe the results which must be reproduced to attain scientific legitimacy. Ideally, when this occurs, other experts in the field will review and challenge those results. Building on ideas already established through this process, researchers can produce further related knowledge. As these ideas emerge and become established, they form what is called a “theory”. A scientific theory is a collection of related knowledge that forms within a single area of research.
Cybersecurity is a multidisciplinary field that interacts with various forms of science. Computer science is most central to the field as cybersecurity professionals are employed to protect computers and the networks they occupy. This requires an understanding of specific areas of computer science and the cybersecurity specific concepts that apply to them. All of this emerges from the practice of science. Computers were built and proliferated via the scientific method. As were the efforts to connect them. As are the efforts to protect them.
Additionally, cybersecurity is interconnected with social sciences. Criminology is a field of study that deals with crime, human psychology, and behavioral psychology. These fields are all scientifically studied and have scientific subfields within them. Certain types of cybersecurity professionals deal with these concepts and the scientific foundation they’re built upon. They must both understanding the relevant body of established knowledge, and then build on it by applying it to cybersecurity using the same principles of science.