Last month I attended a session entitled, “How researchers and journalists work together and why it sometimes falls apart” at The National Institute for Computer-Assisted Reporting (NICAR) Conference in New Orleans. Since Farsight and the greater security community share research with the press, I wanted to learn how these two groups could work more closely together.
Misaligned Expectations
The panel, moderated by Reuters journalist Maurice Tamman, included Nancy Rabalais, Professor and Shell Endowed Chair in Oceanography and Wetland Studies, Department of Oceanography & Coastal Sciences, Louisiana State University; Edward Shihadeh, Professor of Sociology, Louisiana State University and Michael Polito, Assistant Professor, Department of Oceanography and Coastal Sciences, Louisiana State University.
During the session, the researchers shared that they often want to tell a more detailed story than reporters. For example, a researcher may want to tell a detailed story about climate change, while the reporter simplifies the story by just focusing on the risk of climate change to penguins. Penguins is the flagship story that is used to get people interested in the broader topic.
Sharon Friedman, professor and director of the Science and Environmental Writing Program in the Department of Journalism and Communication at Lehigh University, who co-edited the book Scientists and Journalists: Reporting Science As News agrees that there is sometimes a disconnect. “Reporters want news quickly and strong findings; scientists are more cautious and research sometimes takes a long time to reach a conclusion. Scientists like details; journalists don’t want to get bogged down in details. They [reporters and researchers] don’t speak the same ‘language’.”
To illustrate this point, the session panelists shared below how expectations between researchers and journalists for an interview are sometimes misaligned:
Journalist Scientist Explain what a "Dead Zone" is Expect some preliminary knowledge Can you be more specific? Science has a lot of uncertainty I need this by 4 PM Can you call me back? Recording without asking Grounds for termination of conversation No clue where to start Be prepared with a list of questions Do you think Dr. X was correct? Prefer not to comment on others' work Say it more simply for the public That was the simple version
Putting new research into context is also important. Explains Professor Friedman, “Too many times we see stories about a single study that comes up with an interesting finding and that study is covered by journalists. The problem is that there may be other studies that refute this finding. That’s why we get in headlines, ‘Coffee is good for you’ and two weeks later, ‘Drinking coffee can lead to health problems.’ Another problem is the sample size in a study and whether that study was done on lab animals or involved humans. Often these details, which are important for understanding the study, are omitted from the news coverage.”
Security Researchers and Reporters Often Share Similar Challenges
Fahmida Rashid, the managing editor for the cybersecurity news site, Decipher, also attended the NICAR session, and agrees that context is critical for any story around security research. “The context discussion in the session was one part that I was nodding along. It is really easy to overhype research because context is missing. Just because a vulnerability exists in software doesn’t mean it is the end of ever using that software,” she said. “For example, a remote code execution is scary, but, if it can be triggered only after something requires physical access, that’s different. And we don’t always hear that. Journalists have to be willing to ask what a plausible attack scenario, from start to finish, looks like, and researchers have to be willing to think through all the pieces of what can or cannot be likely.”
In addition to providing context, security researchers can better help journalists understand the broader implications of their findings. “I think security researchers have gotten a lot better at communicating with the press overall, but there are some cases where researchers are so deep in the weeds of their work that they aren’t as easily able to understand what would be newsworthy in their findings,” said Kelly Jackson Higgins, Executive Editor for Dark Reading.
Levi Gundert, the Senior Vice President of Recorded Future, a Farsight partner and a global leader in security intelligence, agrees that security researchers and reporters may also approach the same story with different expectations. “I typically see journalists looking for an interesting, relevant, and/or timely event/theme/trend to reach as broad an audience as possible. Scientists and security researchers often get bogged down in the details, which they find most interesting, but it’s difficult for them to up-level the narrative and takeaways for a wider audience.”
He went on to explain, “For example, security researchers may use passive DNS to identify new COVID-19 related malicious domains. Researchers care about ‘verdicting’ those domains as ‘bad’. They care about the methodology and the number of results, and whether it represents an increasing trend. A reporter won’t even have time to look at the data, they just want the takeaway(s). They want the ‘so what?’ Why should people care?”
Ultimately, the security researchers need to keep in mind that reporters want to focus on the human impact of the research. Gundert added, “The human element is that these domains are being used to steal victim’s credentials to steal victim’s money, and they are the start of attacks that result in hospital shutdowns (due to ransomware). The human impact could be enormous during a time of enormous national stress. This is the story reporters want to tell.”
Best Practices
“Best practices for researchers and reporters working together involves making sure they both understand each other’s needs and limitations. Reporters want news quickly and strong findings; scientists are more cautious and research sometimes takes a long time to reach a conclusion,” said Professor Friedman. “Scientists need to translate their findings into lay language and journalists need to be sure they understand what the scientists are saying. There are many more issues involved; these are just a few. However, there are great examples of where scientists and journalists have worked very well with each other with a little effort on both their parts.”
For the security community, Jackson Higgins adds,”The key really is for each party to have a common understanding of the goal: if a company pitches new research, they should be able to give the key bullet point/s in what’s new or useful to the public that hasn’t been reported before. And industry journalists like those of us at Dark Reading like to talk tech & high-level issues with researchers, so the researchers should be able to also come up from the weeds to highlight what the research means to the everyday enterprise, etc.”
Security researchers could also benefit by providing a complete, easy-to-understand section on the methodology used for the research. “The security industry is beginning to focus on data and there’s always a lot of numbers being thrown around. If it’s not clear what the sample size is, or the method of measurement, then it becomes harder to understand the research correctly. I typically read the methodology sections thoroughly, but I am not sure many others do,” explains Rashid.
“It is disconcerting to be given high-level findings (percentages) and not be able to understand why it is different from a similar report. I understand not commenting on other people’s work, but it is super difficult to look at past research when the way the data is collected is often buried,” said Rashid. She adds, “It’s not always clear whether the numbers are descriptive or inferred. The NICAR panel recommended making friends with someone who understands statistics, and I heartily endorse that approach.”
The research that we do in the security community is critical to advance the detection and response to cyberthreats today and in the future. Gaining a deeper understanding and appreciation for each other’s work and objectives will help us better communicate our research and increase the opportunity for a more positive impact on enterprises, consumers and the Internet community at large.
Karen Burke is the Director of Corporate Communications for Farsight Security®, Inc.
