Is performing cyber operations a science, an art or both?

Cyber operations (digital processes, procedures, and attitudes) we adopt, implement and practice in our digital ecosystem require knowledge, competencies, and soft skills from a variety of disciplines. Conducting trustworthy cyber operations means that we have ensured their cybersecurity which is a multi-dimensional discipline where various scientific domains interrelate and use.

The interconnection and interdisciplinarity of the following sciences are urged to enhance the cyber-operations: Mathematics is the basis of cryptography which is needed to ensure the confidentiality, integrity and authenticity of digital data, information and communications. Cryptocurrency and block chains are also based on cryptographic protocols; Engineering is needed in the development and integration of all cyber secure operations in the digital products (software, hardware, systems, services, and processes); Information and Communication Technologies (ICT) are evolving daily giving new possibilities to the cyber operations. Artificial Intelligence (AI), blockchains, cloud, satellite, and quantum technologies are among the technologies used in the cyber operations and deep knowledge is required; Data analysis is a relatively new discipline necessary for the secure and private management of big data. Big data has become the fuel of innovative digital services and AI; Programming in the design and development of software but also in the analysis and auditing of code; Business in the analysis of user requirements of the cyber operations in order to be user friendly. Sector-specific expertise (e.g., health, government, transport) is needed to build useful, practical, and effective operations. Effective management of cybersecurity threats is also very important; Economics in deciding the most cost-effective security and privacy measures and mitigation actions that an organization needs to implement to secure its cyber operations (internal, supply chain processes) and its digital products; Laws, Regulations and Ethics expertise is needed in order to ensure that the cyber operations are compliant with the EU legislation (e.g., GDPR, NIS, Cybersecurity Act); Policies and Standards in order to develop cyber operations that are compliant with international standards and EU policies; Education in order to effectively raise awareness, provide hands-on training, cybersecurity capabilities and best practices to the users of cyber operations; Psychology and Behavioural Sciences to analyse the legal users (potential customers) in order to develop personalized operations or to analyse the illegal users (e.g., attackers) to forecast or prevent an attack or forecast a cyber-criminal act.

Cyber operations ought to be human-centric in order to optimize the relationship between people and cutting-edge technologies while simultaneously serve the needs of the communities. More specifically, the coordination of multi-disciplinary research and technical teams is mandatory and building upon concepts of psychology, ethnography, sociology, behavioural sciences, computer science, deep learning, and natural language processing, is essential to develop all necessary processes and tools for human-centric architectures for cyber operations. To conclude, conducting trustworthy cyber operations is a meta-science that uses all sciences and requires skills that would lead to the art of protection, detection, and intervention in cyber threats.