The Internet Health Model for Cybersecurity
The Internet puts people, systems, and networks in constant contact worldwide, and it needs a global, coordinated effort to protect digital systems from online threats—just like the public health community’s efforts to defend our bodies from illness.
That’s the argument of a new report released by a team of experts convened by EWI and sponsored by Microsoft Corporation. The report examines how the model of international public health can inform efforts to track and block malware and other malicious actors.
“For years, we have talked about computers being infected by viruses,” said EWI President John Mroz. “With this breakthrough report, we have the opportunity to treat the health of the entire Internet as a shared problem needing cooperative solutions.”
Cybersecurity problems like malware, botnets, and vulnerabilities need to be monitored and analyzed, the paper argues, just like the U.S. Centers for Disease Control and the World Health Organization monitor epidemic and study pathogens. Just as hand-washing and immunization can help prevent illness, education about threats to computer systems and measures to defend them have broad application.
“A public health model encompasses several interesting concepts that can be applied to internet security,” said Scott Charney, vice president of Trustworthy Computing at Microsoft. “As use and reliance on the Internet continues to grow, improving Internet health requires all ecosystem members to take a global, collaborative approach to protecting people from potential dangers online.”
Contributors to the report included experts from numerous countries, representing universities, telecommunications companies, government computer emergency teams, and think tanks, among other groups.
The public health model isn’t a perfect fit, the authors note. Computers have no naturally occurring immune system, for example, and human viruses don’t attack on purpose. Still, the study finds that the systemic perspective of public health provides useful suggestions for how to promote Internet health.
This study of Internet health is part of a broader program of EWI-sponsored groups who gather to build concrete recommendations to solve prominent cybersecurity problems. Among others, the groups have produced already-released recommendations to increase the reliability of undersea cables and forthcoming research on international priority communications—systems that allow emergency services to operate when communication networks are overloaded, such as during a natural or national security disaster.