Handling Pandemic-Scale Cyber Threats: Lessons from COVID-19
Emerging research on Cyber Public Health
The importance of learning is a key theme of my work. Learning never ends, no matter how far we progress in our careers.
In the spirit of learning, I'm happy to share the publication of a new research paper, Handling Pandemic-Scale Cyber Threats: Lessons from COVID-19 Threat Modeling.
If you've been following my work for some time, you may not be surprised by the analysis of public health and threat modeling. But for those who are new, Cyber Public Health is important because it gives us longitudinal data sets that allow us to understand what problems matter, and how the problems that matter are shifting. Are “the cybers” really fast moving, or are the problems the same year over year? Credential theft phishing seems to have become endemic, but our efforts to address it took a big step forward with passkeys. Or did they? If we had longitudinal data, we’d be better positioned to answer that question.
And the problem of “what we can learn from a pandemic” seems related. We hope “the pandemic” was a once in a century event (the millions of deaths prevent me from writing “once in a lifetime"). An important lesson is that despite many warnings, we did not prepare well. So this paper takes a clear-eyed look and encourages us all to think about what a pandemic-scale cyber event could be and how we might get ready for one.
Check out the full paper at the ACM digital library!