CYsyphus: Cybersecurity Policy Recommendation Tool

A decision-support tool

CYsyphus

"CYsyphus" (pronounced SIGH-si-fis) is a decision-support tool, that provides users with an easy-to-search online database on existing cyber reports and recommendations. CYsyphus facilitates the discovery of past wisdom to avoid repetition and enable leapfrogging to new insights and recommendations in support of policymakers, congressional staffers, journalists, and students. The project uses NLP-driven classification and categorization algorithms to corroborate and expand the existing collection of approx. 1,200 recommendations from 130 reports. With CYsyphus, researchers and policy staffers will increase the speed at which policy is created, improve the quality of those decisions, and allow researchers to assess policy effectiveness.

THE PROBLEM

Ignoring Past Cyber Recommendations or decades, the Federal government, private sector, universities, and think tanks have issued thousands of recommendations to improve cybersecurity. Despite their abundance, these reports are often overlooked and forgotten. Like Sisyphus - the Greek mythological figure who was sentenced to roll a boulder up a hill and eternally doomed to never succeed - new task forces are created, which often overlook or ignore prior work and propose similar recommendations.

THE SOLUTION - STORING AND FINDING PAST CYBER RECOMMENDATIONS

The cybersecurity community must develop longer memories. This requires a comprehensive collection, review, and organization of existing recommendations into a new decision-support system. This will make the lessons of the past more searchable for faster, more effective cyber policy decision-making. The primary product of CYsyphus is an interactive, publicly accessible decision support tool that allows front-end users to search and filter for existing cyber policy recommendations. As a secondary product, CYsyphus will allow researchers access to the full database as well as the collected metrics derived from the collective use of the decision support tool (e.g., keyword frequency, time development, policy gaps, filter options). This back-end analysis leverages the understanding of policy research and formulation and lays the groundwork for an intellectual framework to guide metrics for measuring policy success. With the long-term vision to capture and code every cybersecurity recommendation made in the English language, the decision-support tool aims to reduce, by an order of magnitude, the amount of time it takes to ideate and create policy-relevant recommendations.

BENEFICIARIES

Executive branch decision-makers and their staff can create new cybersecurity policies, as researchers and analysts can pull relevant recommendations and draft policy memos to help guide new policies.
Legislators and their staff can easily reference past recommendations, gauge progress or source ideas for new legislation to position members on emerging issues.
Cyber Security Researchers gain access to a rich history of public policy on a critical issue underpinning national security, as well as the digital economy and society.
Industry may access information about recommendations pertaining to supply chain, third-party risk, and other systemic issues for setting internal policies and cyber security standards.
Others, including journalists, students, and presidential campaigns.

METHODS AND ANALYTICAL APPROACH

CYsyphus started as a small-scale and informal project at Columbia University. For years, students collected and coded recommendations from dozens of reports into a searchable database. The current dataset of approx. 1,200 recommendations from 130 reports contain the recommendations, a categorization, and available meta-data from the reports. The project seeks to employ a unique categorization system of existing data (re-classification) as well as the identification of new recommendations from manual searches reports.

PUBLICATIONS

Submission to the 2021 Poster Submission of the Cybersecurity Center at the Columbia University Data Science Institute

PROJECT PARTNERS AND SPONSORS

The CYsyphus project is funded in part by The Data Science Institute at Columbia University, The William and Flora Hewlett Foundation, and Microsoft. The team thanks all our sponsors for their continued support and partnership.

TEAM MEMBERS

Jason Healey, Co-Principal Investigator; Senior Research Scholar at Columbia SIPA

Savannah Thais, Co-Principal Investigator; Research Scientist at Columbia University's Data Science Institute

Jennifer Lake, Project Manager; Doctoral Student at The University of Texas at Austin

Angela Woodall, Researcher, Columbia Journalism School

Shubham Kaushal, NLP Researcher, SEAS 2023

Yunjie Qian, NLP Researcher, SEAS 2023

Past Team Members:

Nitansha Bansal, SIPA 2023

Sarthak Bhargav, SEAS 2022

Sunjana Ramana Chintala, SEAS 2022

Danielle Murad Waiss, SIPA 2020 & QMSS 2021

Akhilesh Balakrishnan Variar, SIPA 2021

Louis Jarvers, SIPA MPA 2021

Virpratap Vikram Singh, SIPA 2020

Augusta Gronquist, SIPA 2020

Divyam Nandrajog, SIPA 2019

Daniel Boccio, SIPA 2018

Nicole Softness, SIPA 2018