The Humanity of CybersecurityReplicating the Human Body's Defenses to Safeguard IT
I'm struck by the humanity of cybersecurity.
No, I don't think that computers and IT networks are human, but the human condition can serve as a model on how to secure information systems, at least according to two experts I recently interviewed.
The Commission on Cybersecurity for the 44th Presidency, the panel that produced a blueprint for President Obama's cyberspace policy, has a working group exploring the World Health Organization's robust procedures to quarantine people with highly infectious diseases to see if human quarantines could be adapted to the cyberworld. Commission Co-Chair Harry Raduege, a retired Air Force general who once headed the Defense Information Systems Agency and now is chair of the Deloitte Center for Cyber Innovation, says:
"There could be some parallels with the World Health Organization where we would establish an international-type understanding to ensure quarantines of certain ill computer products and software capabilities until they are cleaned for proper use on the international information network of the Internet."
Would cyberquarantines be limited to software or could they be extended to hardware and networks? That's a question the working group has yet to answer. Raduege says any report the working group issues would only be the beginning to identity a solution, but could serve as a catalyst to establish an effective, cyberquarantine process.
In another interview, Phyllis Schneck says IT security technology is evolving so that it emulates the human body's strong immune system, which routinely battles infections. Says the chief technology officer/public sector at IT security provider McAfee:
"Just as your body defends against thousands of colds every year, you only maybe only get one. That's what these systems are designed to do: push off the enemy and push off malicious traffic, without it having to have a name, and certainly without it having to have a signature."
With their various components interacting, the evolving IT security tools have intelligence built in to recognize abnormal behavior within IT systems. Says Schneck:
"The trend is to have more systems to rely more heavily on intelligence. Signatures are not going to be the way of the future because we don't have time to put a name or a pattern on enemy behaviors and pass it out and block it. We really need to understand what that behavior is because they're faster than we are; they're stronger than we are. They don't have competitive boundaries, so it doesn't take them any time, reason, process or law to inflict bad things on us, and we have to respond in real time."
Raduege's and Schneck's prognostications remind me of an interview I conducted a five years ago with futurist Ray Kurzweil, who prophesized the use of microscopic robots injected into the human body to ward off illnesses by the 2020s:
"These nanobots will have computers and wireless communication devices. ... They'll be able to carry out intelligent functions inside our bodies and brains, keeping us healthy, bringing dramatic extension of human life expectancy and extending our mental horizons."
Imagine, in a decade or two, the same technology could be developed to fend off simultaneously real and virtual viruses.