my timesThe Korea Times
  1. Opinion
  2. Columns
  3. Columnists
  4. Jason Lim

Human immune system as cybersecurity

Listen
  • Published KST
  • Updated KST

By Jason Lim

Cyberattacks and response patterns have become painfully obvious in the last few years. There is some type of an advanced persistent threat (APT) lurking in a system, siphoning off important information that includes personally identifiable information (PII) or financial information such as credit card passwords. Or there is a new exploit that suddenly becomes visible with the potential to create catastrophic damage across countless systems around the world.

Following the revelation of a threat or breach, there is frenzied activity by system owners to manage the incident if they are breached or mitigate the risks with whatever tools they have on hand. Microsoft will publish new patches designed to close the vulnerability while the media (both mainstream and social) will blast out apocalyptic warnings to end users to patch their systems or else. Of course, by this time, most of the damage has been done; the extent of which can never be known for sure, or whether the intent of the original perpetrators has been satisfied.

Watching the latest hubbub over WannaCry, I recalled the first time my son got sick. It was around his 7th month when the immunity protection that he enjoyed from his mother’s milk ran out, and he was left to his own defenses. It was in the middle of July. But even the sweltering summer heat was no match for his temperature that seemed to climb and climb, leaving my wife and I nervously checking the thermometer for that magically scary number over which we would have to speed him to the emergency room.

The next time he got sick _ and he got sick often during the first two years _ it got progressively less serious because he was building up his own immunity. With each sickness, he was building up antibodies specific to different antigens that he was exposed to. In cyber speak, I guess he was updating his signature definitions to known threats.

But we know that the human immune system is far more complex and integrated than just creating antibodies for past diseases. The complexity and level of interaction between different types of white blood cells in neutrophils, macrophages, T cells and B cells is really quite amazing. Add to this the complement system that works hand in hand with the antibody-antigen reaction to actually destroy the hostile invading forces.

Two characteristics struck me about the human immune system. One is the layered nature of the defenses, with each layer or component specific to the different types of threats/functions yet working together to increase the overall strength of the defenses. It’s truly a holistic system in which the whole is greater than the sum of its parts. Two is that the holistic system is sequentially and exponentially activated in which a prior layer/component acts as a trigger for an expanding cascade of defensive activities designed to relentlessly attack the enemy across multiple dimensions until it’s overwhelmed.

What if we incorporated these characteristics into designing cybersecurity defenses?

Admittedly, defense in depth is a concept that’s already ingrained in designing cybersecurity systems, involving antivirus software, firewalls, anti-spyware programs, hierarchical passwords, intrusion detection, biometrics, and more. But what I am speaking about is more than depth. I mean interoperability. But not in a way in which each tool can work with other tools in the box without conflict; I mean geometric interoperability that’s designed to build on the specific functionality of each tool to create a secondary and tertiary tool that’s adaptable and stronger to the specific threats they face, much like the human immune system does. I mean tools that combine automatically and appropriately to create new tools that are stronger _ and keep on undulating and spasming new, adaptive tools in ever growing sequence until the enemy is overwhelmed and the job is done.

Imagine a target with a bullseye. Each concentric circle is a layer with a different color. In a typical target, all the circles have the same thickness. What I envision is a series of concentric circles that fluctuate individually as well as overall, combined thicknesses and shapes depending on where the arrow lands on the target, with colors freely mixing to create new concentric circle layers that will eventually swallow the arrow and break it down. At the end of the day, the target might not resemble a series of concentric circles anymore. It might look more like an amorphous blob until it springs back to its original shape, ready for the next arrow.

I am sure others who are much smarter have already articulated my ramblings. My point is that we already borrow terminology (i.e. virus, infection, etc.) from biology to describe key features of the cybersecurity arena. That’s probably because cybersecurity pioneers have already seen the similarity between the two systems. Why don’t we then go all the way and copy how the body defends itself and see if we can mimic that in cybersecurity more closely? After all, the human immune system has had more than 300,000 years of trial and error to be so successful today.

Jason Lim is a Washington, D.C.-based expert on innovation, leadership and organizational culture. He has been writing for The Korea Times since 2006. Reach him at jasonlim@msn.com, facebook. com/jasonlimkoreatimes or @jasonlim2012.