At the core of this project is the premise that the goal of securing cyberspace must be grounded in an empirical portrait of actual cyber conflict behavior and security norms.

This research drew upon published vulnerability data and processed it through a set of scoring rules to identify cyber incidents with potential national security implications.

As far as Syracuse University Institute for Security Policy and Law can determine, CyberINS was the only dynamic cyber incidents tool to use open source data, to add research-driven analytical determinations to existing cyber incident reporting, and to make empirical assessments about cyber events in terms of their national significance.

Project Goals

The overarching research goal of CyberINS was to develop an open-source dataset for cyber incidents to aid interdisciplinary research efforts to describe and understand conflict and security behavior and norm dynamics in cyberspace, with a special emphasis on “incidents of national significance.” The purpose of this research advances social science cybersecurity inquiry empirically, theoretically, and methodologically and integrates engineering systems perspectives on securing cyberspace with promising empirical social science methods.

Research Objectives

The research had the following broad, interdependent objectives:

  1. Investigate the nature of cybersecurity from the vantage point of actual security incidents, breaches, intrusions, and targeted attacks.
  2. Inductively identify security and conflict variables garnered from actual cyber incident data.
  3. Use computational methods creatively to describe cybersecurity norms and conflict behavior, especially its patterns, volume, spectrum, and diversity of incident types and actors.
  4. Derive descriptive categories from this data to generate standardized critical concepts and definitions across different application settings.
  5. Identify the discrepancy between existing and emergent cyber norms and presumed cyber conflict behavior evident in the data and particularly in government and preparedness frameworks.
  6. Generate new frameworks and ideas for developing interdisciplinary educational programming that addresses cybersecurity research, diversity, and the needs of the US technical workforce.

Open-Source CyberINS Tool

Now deprecated, ISPL’s open source CyberINS web tool was an open-source aggregate dataset of cyber incidents, with special emphasis on “incidents of national significance,” to understand empirically cyber incidents, critical vulnerabilities, cybersecurity, and conflict behaviors and norms.


The US Department of Homeland Security (DHS) defines “Incidents of National Significance” as “high-impact events that require an extensive and well-coordinated multiagency response to save lives, minimize damage, and provide the basis for long-term community and economic recovery.” (See the DHS National Response Plan.)

To assess these incidents, the CyberINS tool used DHS’s US Computer Emergency Readiness Team (US-CERT) incident reports …

  1.  To generate an open-source databases for assessing cyber activity.
  2.  To identify severe cyber events determined by a research-based scorecard.

ISPL’s Cyber INS tool used weekly US-CERT vulnerability bulletins to identify cyber incidents in general, with a focus on “incidents of national significance.” US-CERT garners its vulnerability data from the Department of Commerce’s National Institute of Standards and Technology’s (NIST) National Vulnerability Database (NVD). NIST describes the NVD database of alerts by three levels of vulnerability, using the standard Common Vulnerability Scoring System (CVSS):

  • High severity vulnerability: scored at 7.0-10.0
  • Medium severity vulnerability: scored at 4.0-6.9
  • Low severity vulnerability: scored 0.0-3.9

To learn more about this project, its methods, and its results, please contact Director of Research Corri Zoli.