What Cyber Defenders and Epidemiologists Have In Common
I know that we are all bombarded with COVID-19 information, and maybe even limited our exposure to the news, social media, podcasts, etc. I know I certainly have. Recently, I, along with so many, have been establishing new routines as working from home becomes a new reality. It is not lost on me that I still have my job while many others do not, and for this I am truly grateful.
One of these new routines is adding a few more outdoor walks with my dog, Mocha. She loves my new work schedule, and I am fairly sure she thinks I am home all day just to be with her. During our walks this week, I couldn’t help but notice the similarities of what cyber defenders do – defend Navy networks – to what we are experiencing as part of the COVID-19 pandemic. And I believe that cyber defenders and epidemiologists have more in common than one might think.
Although I don’t want to minimize or reduce each of these professions to simply fighting viruses, I do want to draw on the commonalities of the methods and approaches to which both respond to virus attacks. Obviously, the makeup of a computer viruses is very different from a coronavirus, but one characteristic remains the same: once infected, the virus spreads fast!
As my Commanding Officer often states, “Time is our most valuable metric” in cyber defense. Not only do we have the mission of actively defending Navy networks, he focuses on the “proactive” network defense when he speaks to our Sailors and civilians. Why? Because time is truly our most valuable metric. The more we do on the front end, the proactive threat intelligence and analyses alongside with the cybersecurity protections and preventative behaviors, the better we are in ensuring our Navy’s networks are defended.
However, we know that we cannot prevent all Navy networks or systems from getting infected; therefore, we too have mitigation processes and procedures in place once a system is infected. These efforts are imperative not only for the survival or operability of that system once the virus has been eradicated. We must also have the ability to access the information or data stored within those systems or networks.
The timeliness of our actions proactively and during mitigation will determine the outcome.
Similarly, time is exactly what epidemiologists and public health officials are focused on when explaining the protective health measures to prevent the spread of COVID-19. The flatten the curve concept is basically mitigation efforts, the protective health measures, to provide additional time or the delay of the spread of COVID-19 so not to overwhelm our health care system. If we are unable to slow down – or flatten the curve – the health scientists predict a catastrophic number of deaths will occur not just from the virus but also from the inability to address other health issues (acute or chronic) in which people need health care. Officials and scientists have and continue to say, “time is of the essence” and the time to act is NOW.
My intent is to provide some observations of the similarities between how cyber defenders might approach a computer virus compared to epidemiologists and the coronavirus. I apologize in advance to discuss some repetitive information you may have read about COVID-19, however, I only discuss them briefly to provide the analogy. In no way will I discuss each comprehensively (see references for additional information), my purpose is to demonstrate the commonalities of cyber defenders and epidemiologists have in fighting and mitigating virus attacks.
Symptoms: Let me begin with some basics. All viruses (computer and human) have some symptomatology. Symptoms of a computer virus include significant slow down, crashes, constant pop-ups, and/or hard drive malfunctions. For COVID-19 symptoms, these include fever, cough and shortness of breath to name a few.
Treatment: As for the prevention of a computer virus, we speak in terms of antivirus – software that stops viruses, spyware and other malware including blocking unsafe links and attachments. For infectious diseases, we call them vaccines, a “biological preparation that provides an active acquired immunity to an infectious disease”, which there is none for this particular novel coronavirus (COVID-19) currently.
The Who: We are hearing more and more stories about or from the “frontline” workers. These people are the healthcare workers like doctors, nurses, aides and the support workers in health centers. Additionally, “first responders” are also included: emergency medical technicians (EMT), paramedics, firefighters and police.
When it comes to cyber defense, the “frontline” includes what the U.S. Navy has termed “local defenders.” These are Sailors in the rates of information systems technician (IT) and cryptologic technician [networks] (CTN), who are actively defending the Navy’s networks both offensively and defensively.
Protection Measures (“Hygiene”): By now, we are all aware of the health protection measures to protect yourself from or spreading COVID-19. These measures include (not limited to): hand washing (at least 20 seconds), avoid touching face (specifically eyes, nose and mouth), clean/disinfect “high-touch” surfaces (use sanitizers with 60% alcohol), and a new concept introduced recently, “social distancing” (staying 6 ft/2 meters away from others during human interaction).
In cyber defense, we use the term “cybersecurity hygiene”, which are a set of practices for managing the most common and pervasive cybersecurity risks. Again, I won’t list all of these, but the most common we are familiar with include: create strong passwords, use multi-factor authentication (MFA), limit your cyber footprint, and share less on public sites and social media.
One approach in cybersecurity that better relates to the health analogy is reduce the attack surface. Although public health officials aren’t necessarily calling it this, it is essentially what many state officials are trying to do in mandating statewide shut downs. In cyber, reducing the attack surface means limiting attack vectors like your IT assets, to include those secure or vulnerable, known and unknown, wherever they are (e.g. cloud, third-party environments, subsidiaries, etc.), understanding fully the IT ecosystem and its network interconnectivity.
How might you do this exactly? One way our organization did this was to transfer the risk off our network (also known as our TRON initiative), by partnering with Authentic8 that provides a platform called “Silo”. In short, Silo is a cloud browser that creates a perfect isolation layer between users and the web, and keeps potential harmful web code from reaching the environment or end device that you want to protect from infection.
Silo sure sounds much like “social distancing” to me. Although there are other platforms that provide this service, the name of this platform and its capability is very relevant to my point (and probably the vendor’s intent).
As mentioned in the beginning, we may not always be able to avoid a virus infection. So, the mitigation procedures are very important as well as the timing in order to effectively slow the spread or completely eradicate the virus. I present the following steps – from the best practices of cybersecurity and CDC recommendations – and how they may relate to each other.
Step 1 – Download / install a virus scanner
- Get ACCESS to test kits and equipment through your medical provider
Step 2 – Disconnect PC from the internet
- LIMIT yourself from areas of potentially spreading the virus (e.g. work, gym, shopping)
Step 3 – Reboot computer in “Safe Mode”
- STAY. AT. HOME.
Step 4 – Delete any temporary files
- ELIMINATE large group gatherings (10 or more people)
Step 5 – Run virus scan
- TEST for COVID-19
Step 6 – Quarantine the virus (and delete it)
- QUARANTINE yourself, identify all those you’ve been in contact with and quarantine and test them as well.
Step 7 – Rescan computer to ensure virus has been deleted
- RETEST if you continue to be symptomatic after 14-day quarantine
Step 8 – Reboot computer no longer in ‘safe mode’
- If test results are NEGATIVE and are asymptomatic, person may resume regular routine after the 14-days of isolation or treatment
Step 9 – Change all computer and online passwords
- CONTINUE protective health measures like hand washing, cleaning and sanitizing house and work spaces to protect others
Step 10 – Update software, browser and operating system (install antivirus if not done in step 1)
- Get the VACCINE when available
Again, my purpose is layout the connections between the two analogies, not to direct actions above. I wanted to provide a different perspective, an observation between defending networks against computer viruses and mitigating the spread of COVID-19.
Time IS our most valuable metric. And it is only in time that we will see if our collective efforts accomplished what is necessary.