ISTM #32: Why Covid-19 is Like Malware

Malware

At first, I didn’t pay much attention to Covid-19. I had just started a new communications project for a new corporate client, and I had my hands full. My assignment was to develop an employee communications program for a supply chain company that would help prevent the company and its partners from hacking and malware.

But I soon learned that biological infections, such as Covid-19 and digital infections such as phishing and ransomware have a great deal in common. The experts in both categories use not only the same terms, but the same strategies and the damages caused by either are likewise similar.

FauciOn a video chat one day, my client walked me through how natural curiosity by well-intentioned employees often led to entire computer networks being infected. After the conversation, I tuned in to watch Dr. Anthony Fauci explain how people’s desire to be social was infecting entire geopolitical sectors.

I realized that my client and Dr. Fauci were using both identical language and strategies. Two topics that had seemed so different and disassociated had started to overlap in my thinking. Not only were my client and Dr. Fauci using similar language, but they were also both advocating identical strategies.

I realized that both also faced an issue of communicating matters of great complexity to people demanding simple solutions.

Three Identical Challenges

As a tech writer, I work to simplify very complex matters without dumbing them down. As you probably already know, the issue of cybersecurity is not only complex, but the mechanics and jargon of it can get tedious. Trying to compare and contrast it with the coronavirus issue in a way that is clear and useful can be challenging.

But, let me try. To begin with there are three challenges to both which are quite clear:

1. Mutations. Both pathogens and malware spread in similar ways. In both cases there is a curveball: Just when you think you have stopped them from spreading, malware code and pathogens mutate. What worked in containing them yesterday, may no longer be effective today.

2. People. Experts in both biological and digital sectors already know how to deal with any infectious agent. But what prevents containment of either kind of infection is the wildcard of human behavior. When the experts advise social separation, for example, we see people partying on beaches with reckless abandon. When people are alerted to download a new security patch, they have a few more things they just have to do. Just because solutions are obvious doesn’t mean people won’t continue to spread infection with bone-headed behavior.

3. Existential Problem. We all like clear and permanent solutions and neither biological nor digital infections work that way. Every time a solution is developed, a new attack penetrates. In both biological and digital sectors, we are fighting wars with no apparent end.

I would love to tell you that there are tech fixes to these issues, but there often aren’t. The issues we face in our communities and in our digital networks go way back. Let’s take a brief look backward a few hundred centuries to see how it all started.

Biological History

FarmerAbout 12,000 years ago, our ancestors stopped hunting and gathering and started farming and settling into villages. This put us in close proximity to domesticated animals like chickens, pigs, sheep and goats all of which carried contagious diseases. At some point, a single microbe traveled by air, moisture, touch or insects from a domesticated animal to the first human recipient.

The rest is infamy.

That first germ laid dormant for a while before it started self-replicating. Our first victim went about his or her regularly scheduled life, hugging loved ones, visiting markets, gathering for religious rituals and so on. As they did, the germs infected more and more people, who in turn, infected still more and more people.

Pathogens have been spreading that way ever since. Human populations grew in numbers and proximity, the rate of spread became more rapid. As technology enabled global exploration, malicious microbes hitchhiked along wherever they went.

Historians recall the 14th through 17th Centuries as the Renaissance, but epidemiologists regard it more as the Golden Age of Plague. In that age, huge urban populations gathered into cities that mainly still exist. While art, architecture and natural science flourished, so did unsanitary conditions. Sewers were open trenches that ran along streets and sidewalks; rats were ubiquitous and sterile medical procedures, involved surgical tools being wiped off with aprons.

In the early 1400s, the first wave of the Bubonic Plague, or Black Death swept across the developed world. It was contained five years later, but only after 40 percent of Europe’s population was eliminated. The Plague would return several times over the next 300 years.

There is little positive to say about such a catastrophic event, but it is when the first practices to stop the spread of plagues were developed: people learned to protect themselves by covering their mouths and noses with scarves. Cities established quarantines to prevent infection carriers from entering.

The very rich, of course, took more elaborate precautions: They moved out of cities and built castles or country estates capable of housing their families and hundreds of their closest associates.

Smallpox 2It took more than 300 years before someone figured out antibodies. In 1796, Edward Jenner, an American doctor battling smallpox, noticed that milkmaids who previously had caught cowpox—a similar, but less fatal disease—never caught smallpox. So, he inoculated some volunteers with a diluted form of cowpox.

It worked and the world had its first vaccine. But smallpox was not fully eradicated until 1976, demonstrating that it takes a long time for vaccines to be developed, tested and distributed and a disease to be exterminated. Today, there is a new barrier to vaccination that goes back to human behavior: Some people refuse to be vaccinated or for their children to be vaccinated.

For vaccinations to eradicate a killer infection, everyone needs to be injected. The same can be said about digital infections. That history is a lot briefer but very similar.

Digital Virus History

In the 1940s, John von Neumann got the idea that software could self-replicate. His colleague, Dr. Veith Risak speculated that self-replicating digital code would behave just like biological viruses. In 1971, Bob Thomas, a software engineer, proved it with Creeper, the first computer virus. Later, Ray Tomlinson, an associate, developed Reaper to kill Creeper, and thus he invented the first antivirus software.

This was all academic: The digital virus and antidote were controlled experiments, developed without malicious intent. But like the escaped dinosaurs in Jurassic Park demonstrated, life has a way—even when it is just digital.

xmas Tree The inevitable happened in December 1987, when a German student emailed digital holiday cards called Christmas Tree to his friends at IBM. It became one of those gifts that kept on giving.

Every time a recipient opened Christmas Tree, the software sent itself to that recipient’s contacts, which in turn passed it to their contacts, until 400,000 computers were infected. Big Blue had to shut down all systems to stop the spread. That worked for a couple of years, but in 1990 the Ghost of Christmas Tree Past came back to haunt. Once again, IBM had to shut its systems down.

Similar Attacks & Defenses

I often write about robots, chatbots and autonomous vehicles, and invariably someone tells me how creepy they are. But it seems to me more cringeworthy that digital and biological viruses behave almost identically. Unlike robots and drones, computer malware and biological pathogens cause terrible and costly harm.

They are similar in two ways.

Delayed attacks. As I mentioned, biological germs incubate for days. In the case of Covid-19, it can be as long as two weeks. Digital malware does the same thing, very often it is much slower—laying dormant for months, before springing to life and bringing networks down.

Contact Tracing. The delays allow both infections to spread. To contain and eventually defeat the attacks, both biological and digital professionals use a practice called Contact Tracing. For Covid-19, professionals need to track everyone encountered at that beach party, airplane ride or political rally. While malware moved more slowly in the previous case, this time it spreads faster by orders of magnitude, infecting tens of thousands of computers in fractions of seconds.

Costs

The pandemic’s human and financial costs are staggering. At its current rate of spread and death, I see few—if any—scenarios that will not claim over a million lives.

Financially, experts predict the cost to just the US alone will reach $8 trillion.

Likewise, malware’s cost in dollars is huge. Cybersecurity Ventures, a leading cybersecurity research organization, predicts that in 2021 the global cost of malware will top $6 trillion, an amount nearly four times Russia’s GNP.

I could find no estimates for the damage to the economies of either the world or of the US, but many have unfavorably compared the state of the current global economy with that at the start of the Great Depression of the 1930s.

Biological Heuristics

There is, of course, a sense of great urgency to develop, manufacture, distribute and inoculate everyone against Covid-19. There are dubious promises of a massively manufactured vaccination that could be fast-tracked. While I usually like to view such matters with a skeptical eye, in this case, I share optimism about a relatively new process called Heuristics, which uses Artificial Intelligence to study patterns, behaviors and essentially, make good guesses. When Dr. Fauci, says he hopes for a vaccine in 2021, he’s talking heuristics.

No credible scientist or public health official will guarantee perfect outcomes this way, but it is universally recognized as our best bet.

Digital Heuristics

Once again, there is a digital doppelganger in the form of Digital Heuristics that consistently outperform other existing software approaches. It studies how malware affects a computer system’s behavior and prevents inevitable mutations from breaking through enterprise cyber-defenses.

Virtually all cybersecurity experts use heuristics to combat malware attacks.

It Seems to Me

As sure as day follow the night, this coronavirus will ultimately pass. Our future normal will more closely resemble past forms of normal far more than the weird normal we are all experiencing today.

But as far as anyone I know can see into the future there will be new and different forms of biological and digital attacks. Not only can today be helped by decision-makers understanding the similarities between the two but learning the lessons that are screaming at us today.

Perhaps the next time a pandemic assaults the world, governing and business bodies will act fast to stop the spread and trace contacts. It is even easier to diminish the cost and damages of malware. When you see a teaser headline that entices you to click—just don’t do it. When you get a notification to update a program, make sure it is coming from who it is supposed to come from. If it is—stop what you are doing and download the new version.

I hope to see you all when we can look back on these awful times and smile at the loved ones who are around us.

+++++

Leave a Reply

Your email address will not be published. Required fields are marked *