4 Cybersecurity Lessons from the Pandemic

An epidemiologist-turned-CTO describes the parallels between the spread of a computer virus and the real-world coronavirus.

Dr. Mike Lloyd, CTO of RedSeal

April 16, 2020

5 Min Read

I switched from epidemiology to network security as my day job years ago, but today's pandemic reminds me of the similarities between the two fields. There are many lessons we can take from the real-world virus and apply them to security in the online world. 

It may not be obvious, but the spread of information on computer networks is like disease processes.  It starts at the most basic level — when you connect to the Internet, you launch what epidemiologists would call a "nearest neighbor spread" process but what network gurus call a routing protocol. One router learns that you're there, it tells its neighbors, and they tell their neighbors, in a wave that spreads out across the network — spreading your information like a disease.

It's no coincidence that some of the first major computer threats were called viruses — they spread in ways that look like biological agents, with similar strategies for infection and reproduction. If you've ever received infected email from a colleague, you were watching evolution in action: attackers figuring out that they can more effectively spread if they contact you from someone you know rather than from an unfamiliar address. 

So, what can the study of epidemics teach us about online security? I see four broad lessons:

Lesson 1: Understanding Lateral Movement
Diseases spread between humans as we connect with each other. That's why many of us are sheltering in place as I write this — to reduce the ability of today's infection to move laterally around the population. It's clear that human networks are global and interconnected. The disease started in one country and has spread laterally to even small, remote island communities.

In the online world, attackers find it easiest to breach low-value targets first, then spread outwards to better targets. Why? We can't protect all of our networks down to every endpoint. Therefore, an attacker begins by finding one compromised location. Although a network is large, it doesn't take many lateral moves to get from one place to any other place. Similarly, air travel is a great help for the spread of real-world bugs. In the online world of social networks, lateral movement is one of the best tools in an attacker's arsenal.

By remaining at home in our fight against the coronavirus, we're fighting back by blocking its lateral movement. Likewise, digital defenders need to break up patterns of lateral movement through segmentation that walls off data into distinct areas. This prevents infections from moving into new segments.

Lesson 2: Know Where Infections Are
In the fight against disease, it's increasingly clear that the difference between countries that have better or worse outcomes comes down to who can test the most. They can see where the disease really is and get ahead of it. Digital security is the same. We struggle to know where we have infections, and response teams are often scrambling to catch up with something that has already begun to spread. 

For real-world diseases, we use contact tracing. If you just learned one person is a carrier, immediately track down their contacts, test them, and quarantine as necessary. The digital version of the challenge is much harder because computers communicate across a network in many different and shifting directions, comparable to having every person on earth flying country to country every day.

In an online crisis, there is no simple answer to the question "how did this infection get here, and where is it going next?" To find that answer, security teams need to map out a network well ahead of an attack and understand all the access pathways and normal information flows for the organization. This isn't easy, but we're getting better at automation and algorithms to analyze questions like this that defy human thought.

Lesson 3: Slow It Down
The global effort to stay home and "flatten the curve" for disease spread is a great move to reduce the strain on our taxed medical systems. Similarly, just slowing down an online attack brings powerful benefits. We know you won't be able to stop every determined attacker or nation-state, but slowing them down buys time for your sensors to detect digital intruders so you can respond to block or quarantine them. You can also see this in traditional safes, which are rated based on how long they can resist a determined thief. 

Lesson 4: Hygiene Is Critically Important
The most important and repeated advice about the current COVID-19 outbreak is always the same: Wash your hands. This is our first and best line of defense. It's much the same online: Basic hygiene matters. In the digital realm, network hygiene includes knowing what is on your network, that your devices are securely configured, that your network is set up as intended, and that any change doesn't affect your security, none of which is easy to do consistently at large scale — even the simple things. Real-world networks are riddled with unintentional hygiene failure; even 90% compliance with basic hygiene standards isn't enough. It's far more important for security teams to perform the basic controls well, everywhere, every time. So, please, people — wash your hands!

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

About the Author(s)

Dr. Mike Lloyd

CTO of RedSeal

Dr. Mike Lloyd is CTO of cyber terrain mapping company RedSeal. Dr. Lloyd has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before joining RedSeal, Lloyd was the chief technology officer at RouteScience Technologies (acquired by Avaya), where he pioneered self-optimizing networks. Mike served as principal architect at Cisco on the technology used to overlay MPLS VPN services across service provider backbones. He joined Cisco through the acquisition of Netsys Technologies, where he was the senior network modeling engineer.

Mike holds a degree in mathematics from Trinity College, Dublin, Ireland, and a PhD in stochastic epidemic modeling from Heriot-Watt University, Edinburgh, Scotland.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights