I heard an interesting piece of Radio 4 recently paralleling cybersecurity and the control of infectious diseases, which I thought I’d share.

When you think about it, a computer virus is very like an actual virus: a self-replicating bit of code living essentially a parasitic lifestyle, which only ‘comes to life’ once in a host, has the ability to mutate its way around prevention measures – and is a bit of a pest! So, computers are the susceptible population, the www is a complex network of connections between them, computer viruses are infectious agents, cybersecurity specialists are disease epidemiologists, and computer users are the general population in urgent need of education to protect their local system and act responsibility in protecting the wider network.

The recent ransomware attack that affected the NHS so dramatically is a good example where a virtual infectious disease made an impact on a system designed to protect against actual infectious disease. We talk a lot about learning from other industries that have improved safety etc (like the food and airline industries); I’ve not heard anybody talk about learning from the cybersecurity industry. I can feel an interesting conference talk coming on…