Scaffolding of security

Often when we think of cyber, we feel vulnerable, afraid, and unsure.

We feel tossed in a never-ending storm: few days pass without mention of data breach, concerns over fake news or a press release about attribution. A sense of exhaustion, of helplessness and despondency is not unexpected.

But that is not helpful, to ourselves or our society. We need to find ways to seek safety in that storm, and manage the turmoil it causes. From experience I know that much of cybersecurity is about basic computer ‘hygiene’: are your systems patched? Are you using the latest version of software? Are you protecting your data? Who has admin rights? Do you really – and I mean really – understand how your organisation actually functions in the digital world? Simply demanding that people, even organisations, do this is not enough.

They need scaffolding to help understand what to do and when to do it, to help create habits, to offer quick remedial action when needed – self-help and enablement should be encouraged –and guidance and assistance when things go really bad. And that means we also need to look beyond the immediate issues, and think at a systems level. The good news is that we’ve done something similar before, and we may be able to learn lessons from that experience. It’s called the public health system. The analogy is not a perfect fit, of course, and the public health system is not perfect.

But we already refer to a class of malware as viruses. We talk about contagions and inoculations in cyber security. Malware outbreaks can follow the same behaviours as disease epidemics.

A health paradigm has the core design benefit of, at least in terms  of intent, focusing on the human, for the benefit of the human. So let’s consider some of the elements we’d be looking at as a starting point; we remain some way off from a solution. We are taught from early childhood about the need to brush our teeth, to wash our hands, to visit the dentist regularly for check-ups. There is usually some limited first aid at home; else there are doctors and hospitals for more drastic cases or longer term illness.We have several classes of professionals trained in different aspects of medicine – and there is a reasonably well-established and ever-growing body of knowledge.