Skip navigation Jump to main navigation

Advisory Regarding Coronavirus COVID-19

In order to deliver the best and safest program for our students, all programs will move to online learning for Summer 2020. We are excited to deliver dynamic and engaging courses and cocurricular activities online. Applications remain open, and we encourage students to apply. Learn More.
Close alert

Lessons for Cybersecurity Professionals From COVID-19

"Network Contagion" by Corey Hirsch 

Dr. Corey Hirsch, who teaches "Cybersecurity" in the Enterprise Risk Management and Technology Management programs, discusses lessons from the pandemic. 

Contagion, the rapid uncontrolled spread of invisible infectious agents from host to host, occurs in biological and electronic networks via parallel mechanisms. Similarities, and important differences, between biological pandemics and cyber outbreaks, can inform defenders of both kinds of networks.

During outbreaks, defenders choose strategy and tactics. Without advanced technology it may not be possible even directly to detect and recognize the presence of the malicious agent. This agent, whether coded in RNA, or C++, is turning our machinery to its own ends … including its own replication and dispersal, wreaking havoc on our network. We’ll need a ‘sequence’, or a ‘signature’ to define uniquely the enemy’s presence and give it a name.

Defenders encounter ethical dilemmas, ranging from how many dollars would it be worth to mitigate this outbreak slightly more fully, or slightly more quickly, to how much privacy should be sacrificed in the pursuit of reduced contagion? Will we adopt John Stuart Mill’s premise of seeking to maximize the aggregate good, or Kant’s of adherence to a core set of ethical principles? When choosing strategy and tactics, defenders need to apply beliefs on which services are ‘essential’, and which could be acceptably tactically interrupted.

1) Could experience gained responding to cyber outbreaks such as WannaCry and NotPetya inform public-health decision makers on:

Optimal policy on economic re-opening following Covid-19 lockdown; should it be governed locally, regionally, or nationally?

2) Could experience gained responding to Covid-19 guide cyber security professionals on:

Developing Enterprise Network Defense tactics analogous to containment and mitigation?

3) And where these domains overlap:

How can cyber security professionals craft strategy for defense of newly home-worker-based employee networks from Window’s SMB3.1.1 vulnerability?

 

Read the full article here.