Operations in the cyber domain - an Inventory of Swedish research

Authors:

  • Henrik Karlzén
  • Helena Granlund
  • Mikael Wedlin

Publish date: 2018-06-13

Report number: FOI-R--4594--SE

Pages: 175

Written in: Swedish

Keywords:

  • operation
  • cyber
  • domain
  • review
  • inventory security
  • research
  • keyword

Abstract

This report describes an inventory of the last five years of Swedish research on operations in the cyber domain. The field focuses on antagonistic threats to networked computers. The inventory was mainly conducted by analysing the 883 research papers identified by searching the Scopus database with some manual filtering. Of the organisations authoring the papers there were three research institutes, four companies and 22 universities. Half of the organisations have produced less than 25 papers, whereas the remaining produced 27-215 each. 108 of the papers were authored in cooperation between two to four of the organisations. In addition, over a third of the papers' principal author is of a foreign organisation. The research area was divided into 38 sub-areas. By comparison with previous inventories, certain sub-areas were identified as new or growing. This is primarily the case of the internet of things, wireless sensor networks, cyber-physical systems, resource-limited devices, the cloud, virtualisation, position integrity, culture, social networks, cyber bullying, artificial intelligence, anomaly detection, situation awareness and phishing. In addition to the papers, the organisations' own research descriptions were also studied, which partly painted a different picture. A special comparison between FOI's research and the other organisations' research was also conducted. The most distinct differences are that FOI, unlike most organisations, has a distinct military focus, and that FOI's papers primarily concern administrative protective measures and technical solutions such as intrusion detection and situation awareness, but not cryptography, biometrics, hardware aspects or forensics. Finally, it is suggested that developments be followed closely by repeating this type of inventory and that a similar inventory is conducted for international research.