Prevention lies somewhere between avoidance and protection, and preventative methods can belong to either. For example, what is stopping outsiders from entering your country or state or town in order to limit the spread of the novel coronavirus? Some might say that is avoidance. Others might consider it preventing the spread. And yet others might assert that it protects those inside the barrier from exposure. In essence, the categorization is far less important than the action. But it is a convenient way separating out the various approaches and possibly including methods that might otherwise have been ignored.
Furthermore, having entrants meet a series of requirements, such as proof of negative tests for the virus, checking of temperature, and quarantining those testing positive or having been in contact with someone who has tested positive, are all mitigating methods meant to detect and prevent potential infections.
Also, in the case of the pandemic, prevention might be air-filtration systems and the use of masks, although masks might be considered to be both preventative (not infecting others) and protective (not getting infected). Hand-washing with soap may be both preventative (it prevents you from transporting virus from hands to face) and protective (the soap protects by killing the virus). However, for simplicity’s sake, we’ll accept that prevention involves wearing masks and other protective gear and washing hands, sanitizing surfaces, etc. It also includes negative pressure rooms in hospitals that prevent virus-carrying air from being emitted without being thoroughly “scrubbed.”
In cyberspace, blocking unwanted access to, and malware from, networks and systems may be accomplished by means of network, host and application firewalls, intrusion detection and prevention systems, identity and access management systems, and the like. Some of these systems operate using predetermined profiles, others learn from ongoing patterns what is acceptable and what is not, and yet others incorporate a measure of intelligence that can detect anomalous behavior even if it has not been encountered previously. Suspicious activity can also be quarantined, or diverted into a honeypot, for further forensic examination.
Though it might be considered a stretch, zero-trust security, in which devices are designated as untrustworthy until and unless proven otherwise, could be thought of as equivalent to a negative-pressure hospital room, insofar as users and devices are checked for malware and for authenticity and authority before admission. The part that is missing in cybersecurity is the scrubbing of outgoing transmissions to ensure that they are not infecting others. This is something that would benefit all the “good guys.” However, it requires a coordinated domestic and international effort and there have to be incentives for organizations to look out for others and take responsibility for “the commons.” I discuss issues related to the “tragedy of the commons” in my February 26, 2013 BlogInfoSec column: “Mandiant Discovers the Tragedy of the Commons.”
Deterrence is another preventative approach. For the coronavirus, deterrence may result from the threat of enforcement resulting in monetary fines, suspension of licenses, quarantining in place, and more. The possibility of contracting the COVID-19 disease itself is a deterrent for some, though not all. It should be noted that, in order to be effective, we need global cooperation rather than each country fending for itself.
Deterrence in cyberspace is not that clear cut. Some cyberattackers are caught and punished. But many are not and, even when they are identified, they could be unreachable by authorities attempting extradition from uncooperative countries. Global partnerships are a prerequisite for effective deterrence. Also, hitting back at the attacker is seldom feasible because of spoofing, where attackers masquerade as some else. As a result, deterrence is not a prominent tool in the cybersecurity professional’s toolbox.
We may be familiar with the wise saying “An ounce of prevention is worth a pound of cure,” attributed to Benjamin Franklin. It is excellent advice and is particularly applicable to both pandemics and cyberspace. Let us not forget it under the pressures of the moment.