Robert Bierstedt categorized science into six main principles: relativism, objectivity, parsimony, skepticism, ethical neutrality, and determinism.

Relativism is the idea that all things are related to each other in some way or another. Within the cybersecurity field, this can be clearly seen through the intersection of cybersecurity with various other disciplines. For example, with the rapid advancement of technology, we are seeing cybersecurity in many different fields including education, health care, the criminal justice system, politics, the food industry, businesses, communications, infrastructure, security, and personally used devices. Technology is all around us every day and related to nearly every task we accomplish in the modern world.

Objectivity is the concept that science is performed and explored without bias or a predetermined opinion. This is an incredibly important part of science because it allows for true exploration of a subject and takes into account all evidence to come to a clear understanding of a topic. This could apply to cybersecurity in multiple different scenarios. One such scenario is the freedom of speech and how that can be different (or should it be different?) in the online world vs. the “real” world. For example, how does cybersecurity relate to terrorism? What effects would allowing the promotion of hate speech have on terrorism? Should it be monitored and limited? Another example could be how cybersecurity affects the behaviors of sexual offenders and child molesters. Does it have an effect on their behavior? Should it be monitored and restricted? These are just two examples of how objectivity can be applied to cybersecurity.  

Parsimony in science states that the simplest idea is the best idea. If a theory or idea can be studied and explained by only one variable, that would be the optimal explanation for a concept. This is particularly difficult to apply to cybersecurity because cybersecurity often relates to human behavior. Human behavior generally isn’t due to one explanation or variable but a complex, interconnected web of thoughts and events that lead to an eventual outcome. However, scientists can still try to come to the simplest explanation possible to explain cybersecurity concepts and issues even if it doesn’t rely solely on a single variable.

Empiricism is the idea that scientists can only examine things that are observable by the senses. Science, therefore, is knowledge made up of a collection of observations and experiences. This leads to a more factual exploration of an idea (including topics of cybersecurity) instead of relying on predetermined ideas or “gut feelings.” For example, in cybersecurity, we wouldn’t just guess at a problem with a network or assume employee x is the cause of a malfunction. We would follow the facts to determine the root cause of an issue in order to address it and apply a solution.

The concept of ethical neutrality in science states that research should be performed under specific ethical standards. This allows for the application of both empiricism and objectivity because the researcher is not letting their own feelings stand in the way of the facts. There are many different applications of ethics when it comes to cybersecurity. How and should privacy be applied to the cyber world? How do companies use information gathered from a client when they use their business? Should technology and the cyber world be used to monitor private citizens? Is the availability of the internet a “right” and therefore be provided to everyone? Should technology be advanced for its own sake, even if it causes harm? How do companies balance the morality of providing a “good” service with profits? These are just a few ethical ideas and concepts related to cyber security.

Determinism is the idea that there is a cause-and-effect relationship between events that determines a specified outcome. There can be just a few prior events that cause an outcome (nomothetic model) or many intertwined events that occur over time (idiographic model). This idea can also be viewed through a cybersecurity lens. For example, what behaviors and events work together which cause someone to commit cybercrimes such as cyber fraud or hacking? What causes people to choose insecure passwords or opt out of multi-factor authentication when these are known to be some of the best ways to keep an individual’s information safe? Why do some people visit risky websites even when they know they are risky? These are just a few ways that determinism can be applied to cybersecurity issues.

All six of these scientific principles can clearly be applied to cybersecurity even if it may be in different methods than other social sciences or natural sciences. Not only can they be applied but they should be applied when examining issues and ideas around cybersecurity. They can help to come to a deeper and truer understanding of a question and are, therefore, very valuable when looking at cybersecurity topics.