While there are arguments over the origins of COVID-19, most emerging diseases result from the interaction of humans with animals. Computer malware is created by humans, as is the technological substrate on which it exists. Both are spread by people: COVID-19 through exhalation or touch; computer malware via networks.
Both pandemics pose a larger challenge: how to manage threats without undermining democratic institutions, and while maintaining wellbeing.
True, there are no confirmed cases of malware killing people directly, though the possibility is often raised. There’s valid concern that malware could affect critical systems – utilities or, for example, medical software, data or equipment – with potentially fatal consequences.
While the nature of software contributes to cyber vulnerabilities, profligate attitudes by governments and organisations towards data, a disregard for basic rights of individuals both online and as the subject of systems, and geopolitical and market competition aggravate the problem.
None of those is readily solvable – indeed, some benefit key players – though efforts are being made, including through better practice (for example, security and privacy by design), innovation, information sharing, and initiatives at the geopolitical level (such as attribution, prosecution and norm-building).
Consequently, the worsening state of our technological systems is a slow burn, intrinsic to our uptake of digital systems. Typically, organisations and individuals are left to resolve their own problems, feeding a burgeoning cyber industry.
The COVID-19 pandemic has a different dynamic: it’s a clear and present danger to the fabric of nations. So nations have enforced lockdowns and mask-wearing. They have funded technological fixes to trace people. They have constrained international travel. And they have expedited approvals for vaccines.
We can think of fast vaccinations as much the same as patching systems: an immediate, absolutely necessary, short-term fix.
Lockdowns and travel restrictions are simply the reinvention of castles and moats. In a practical sense they work by denying access to specific places –akin in the cyber world to denying users access to certain systems or data. They may work for a short period, but users – and bad actors – will always find ways around such constraints, especially when they or the organisation cannot function without access.
And while monitoring user behaviour inside a computer system may be good security management inside an organisation, the wholesale tracking of people is antithetical to a democracy.
The cyber world abandoned the castle-and-moat approach years ago: isolation and firewalls alone do not work, because of the need for data exchange, usability and interconnectedness in the modern world, and the ease of circumvention.
Cyber-conscious organisations have adopted multifaceted strategies that include defence-in-depth, modular architectures, zero-trust environments, identity management, cultural change and, yes, regular patching regimes.
Those actions will not eliminate cyber vulnerabilities and bad actors from our world. Rather, they risk-manage threats and vulnerabilities, and seek to build resilience in organisational systems that, over time, will almost certainly fail.
The same is going to apply to the COVID-19 pandemic. None of the actions we’re taking – lockdowns, masks, isolation, even vaccinations – is going to eliminate the virus. None of them addresses the underlying dynamics driving pandemics: the relentless encroachment of human civilisation on the natural world, the continued high levels of social interaction, the indiscriminate use of antibiotics, and the uneven access to healthcare.
Governments so far have focused on short-term mitigation – understandable and necessary. But castles and moats are not sustainable security measures; nor are they mainstays of democracy.
Both cyber and health pandemics pose a larger challenge: how to adapt to managing ongoing threats without undermining democratic systems and institutions, and while maintaining both social and economic wellbeing.