How to fight a virus: Lessons from cybersecurity

Guest Post by Yotam Gutman

Lt. Commander (Ret.) Israel Navy, Yotam Gutman, currently Marketing Director at SentinelOne, wrote down an interesting piece about how healthcare officials can take the lessons learned in three decades of fighting “cyber viruses” and apply these to fight the Coronavirus. To mitigate today’s plethora of rapidly evolving cyber threats, the cybersecurity industry has developed several methodologies. These (after adaptation) could be used to reduce the spread of malicious software and to mitigate its effects.

How to fight a virus: Lessons from cybersecurity

 

Yotam Gutman

There has been a great deal of conversation around the similarities between the spread of the Covid-19 virus and that of computer viruses. And indeed, as the first global pandemic to occur during the age of connectivity, this comparison is valid. But while most focus on how we can leverage the knowledge gained in the “real world” in identifying and stopping the spread of plagues in the virtual world, I would like to offer another perspective.

Perhaps we in cybersecurity can return the favor. Perhaps the medical world can take the lessons learned in three decades of fighting “cyber viruses” and implement these in their fight to mitigate the Coronavirus?

History

Originally, the type of computer software described as “a program that can infect other programs by modifying them to include a, possibly evolved, version of itself” was named “Virus” by Fred Cohen in his 1986 Ph.D. thesis. Another biological reference made its way into the computer lingo when the first worm was unleashed (although the phrase was used in an earlier sci-fi novel).

In the last couple of years, computer viruses, or more widely the panoply of malware as we think of cybersecurity today, have undergone rapid evolution that has made them much more difficult to identify and mitigate:

 

• More variants: 439,000 new malware variants were detected in 2019. That’s a 12.3% increase over the previous year.
• More capable: Modern malware threats are far more capable than the old viruses spreading through illegal copies of software distributed via floppy-disks. Today’s malware can steal passwords, exfiltrate sensitive data, encrypt and delete data, and much more.
• Harder to detect: Malware authors work hard to make their software difficult to detect. This includes hiding it in legitimate documents (aka “weaponizing” Word, PDF and Excel documents), utilizing detection-evasion mechanisms (like avoiding execution in sandboxed environments), and using legitimate software update mechanisms, all to make the work of the defenders harder.
• More aggressive: Some malware types are extremely aggressive; they scan for open RDP ports, brute-force their way onto a device, and then move laterally within the organization’s network, abusing password-protected servers and seeking sensitive data, all without the knowledge of the victim.
• Fast: contemporary malware is extremely fast and works at machine-speed to bypass protection mechanisms and achieve its goals—ransomware like “Wannacry” disabled entire organizations in minutes.

Adopting Cybersecurity Response To Fight Covid-19

To mitigate today’s plethora of rapidly evolving cyber threats, the cybersecurity industry has developed several methodologies. These (after adaptation) could be used to reduce the spread of malicious software and to mitigate its effects. I will refrain from discussing the obvious virus/Anti-virus analogy. Obviously, a vaccine for a computer “virus” would be the answer, but estimates suggest that such a vaccine would not be available in the next 12-18 months, and there’s a lot we can do until then:

• Zero trust policy- A methodology that defies the traditional security assumption that everything inside the perimeter (protected by the firewall) is trusted. The main principle of Zero Trus is “never trust, always verify”. This means that every user is asked to verify their credentials every time they wish to “enter” the organization and that every file and process are being constantly monitored – even if they have been “authorized” to run on the computer.
  In a similar manner, humans should consider that other humans are carriers, and only “trust” them after they have been tested negative (or at the minimum, have had their temperature taken).
• Detection beats prevention: following a similar line of thought, most organizations today operate under the “Assume a Breach” paradigm. Instead of striving to identify and mitigate 100% of threats 100% of the time, they assume that some threats would be able to infect them and concentrate their efforts on quickly finding these and stopping them before they could do more harm.Similarly, it is prudent to assume that humanity would not be able to vanquish this virus, and we will be playing “whack-a-mole” with it for the foreseeable time. Given that this is the case, it’s prudent to invest in rapid detection of the infection (quick detection kits, even home detection kits), ensure those that are sick are given quick treatment, and continue to monitor the entire population for outbreaks.
• Segmentation; an important principle that limits the “movement” within the organization, so that intruders cannot move freely and infect other parts of the organization.The real-life manifestation would be to identify infection “hot-spots”, lock these down and then tend to these infected rather than to lock-down entire countries.
• Risk modeling: it might be possible, perhaps, to provide 100% security, 100% of the time, but the cost to the organization would be detrimental; either the security costs would be through the roof, or the security restrictions imposed to maintain 100% security would cause the business to stand still. Instead, a CISO conducts risk assessments and prioritizes security spending to mitigate the most acute threats and secure the most valuable assets.Healthcare officials should do the same and ensure that the most sensitive segments of the population (elderly, sick) are being shielded from the disease and if need be, are provided with better care.
• Intelligence intake: fighting a stealthy enemy is hard because you don’t know what to expect. Security professionals, governments, and those in the security industry have been formally and informally sharing information about malware, cybercrime groups, and data leaks for a long time. This has proved to be immensely helpful in fighting and defeating cybercrime rings.Such collaboration should also be adopted by global scientific, medical communities, governments, and healthcare organizations. As this threat is new to humanity, we should all share information about detection and treatment mechanisms, and notify others when we think we’ve made breakthroughs in finding a cure or a vaccine.

Conclusion

We can debate the similarities between biological and computer “Virus” (which, some believe, more resembles a Bacteria than a virus), but the analogy is, for the most part, correct. Viruses are dangerous to the victims, and they spread quickly through the population until a cure, or a vaccine is found. The spread of the Coronavirus pandemic and its impact on our lives is nothing like the world has seen before. It spread almost at machine speed and overwhelmed countries and healthcare organizations. We believe that utilizing the lessons learned by the cybersecurity industry in the past 3 decades could help to thwart the Coronavirus pandemic.

---

About Yotam Gutman and SentinelOne

Lt. Commander (Ret.) Israel Navy, Yotam Gutman, has filled several operational, technical, and business positions at defense, HLS, Intelligence, and cybersecurity companies, and provided consulting services for numerous others. Yotam joined SentinelOne 6 months ago to oversee local marketing activities in Israel and contribute to the global content marketing team. Yotam founded and managed the Cybersecurity Marketing Professionals Community, which includes over 300 marketing professionals from more than 170 cyber companies.

SentinelOne stormed into 2020 with reports of a $200 million round led by New York-based venture capital and private equity firm Insight Partners. This investment, coming just seven months after a previous $120 million series, gave SentinelOne a $1.1 billion valuation and a prominent spot on the global map of leading cybersecurity companies.

Gaza Options

The Institute for National Security Studies (INSS), created a professional research group for the purpose of suggesting policy that meets the State of Israel’s diplomatic and defense objectives while relieving the severe problem of the Gaza Strip. After mapping the range of alternatives and selecting the five main alternatives, INSS decided on criteria for comparing these alternatives based on Israel’s interests and especially on Israel’s security doctrine. Then INSS made expert analysis of each alternative clarifying the positive and negative consequences and then ranking alternatives.

 

The Gaza Strip has been in an ongoing crisis since the Israeli disengagement from Gaza in 2005, especially since Hamas took over the territory by force. The situation in Gaza is characterized by economic, social, and infrastructural distress—verging on a humanitarian crisis—and influenced by the political rivalry and struggle for leadership of the Palestinian camp between Hamas on one hand, and Fatah and the Palestinian Authority on the other. Hamas’s comprehensive and stable control of the territory, along with its proven ability to cause damage, has led to unofficial Israeli recognition of Hamas as the sole body responsible for the Gaza Strip.

Three rounds of fighting between Israel and Hamas (2009, 2012, and 2014) have caused wide-scale destruction of civilian infrastructure in Gaza, and socioeconomic collapse of Gaza has continued since then. Israel restricts the passage of goods and people in and out of the territory in order to prevent building rockets and missiles used to attack against Israel. Egypt has destroyed most part, over one thousand, of smuggling tunnels on Gaza border so that ISIS affiliate jihadist Sinai group could not use Gaza as their support area. In addition, Hamas has confiscated part of reconstruction materials and international donations and invested these resourses to build attack tunnels against Israel instead to build civilian houses, infrastructure and services for Gaza population. All this has caused increasing distress in Gaza. In addition, Hamas has initiated international boycott campaigns, such as BDS, controlled escalation against Israel to place the blame on Israel for Gaza’s distress.

 

Strategic Alternatives

In order to address the challenge that the Gaza Strip poses for Israel’s security, the Institute for National Security Studies (INSS) published [26/04/2020] its memoranda Israel’s Policy Toward the Gaza Strip: Strategic Alternatives . Five main alternatives were examined—most of which have been raised in the public and military discourse—under the lens of how they serve and advance Israel’s interests.

The five alternatives are as follows:

 

1. Managing the conflict 

2. Extended ceasefire between Israel and Hamas 

3. Completely disconnecting the Gaza Strip from Israel and from the West Bank

4. Military operation to overthrow Hamas’s military wing 

5. Creating conditions for intra-Palestinian reconciliation 

 

The Stages of Comparing the Alternatives

The first stage (above) involved mapping the various alternatives and selecting the four main alternatives that are within the control of the Israeli government and one alternative that is not within Israel’s control, yet which Israel can influence and has some degree of feasibility, justifying its examination.

In the second stage, uniform criteria were defined for comparing between the alternatives based on the interests of the State of Israel. The criteria reflected Israel’s national security doctrine: maintaining the character of the state (Jewish and democratic); achieving military stability and calm over time; avoiding escalation into a large-scale war; shaping internationally recognized borders; and maintaining Israel’s levers of influence, aside from military might.

In the third stage, criteria were sorted into three levels according to their contribution to advancing Israel’s interests and based on their importance according to the national security doctrine.

In the fourth stage, each alternative was analyzed. The analysis was conducted by an expert in the field, and it focused on clarifying the positive and negative consequences of each alternative.

In the fifth stage, the alternatives were ranked based on the analysis, and each criterion was given a score from 1 to 5. This tested their sensitivity; that is, whether there is a gap between the results of the qualitative analysis, which was done in the research group, and the quantitative results received by each researcher individually.

In the sixth stage, the scores provided for each alternative were weighted, and the alternatives were ranked.

 

Strengths and Weaknesses of the Alternatives

1. Managing the conflict in accordance with the logic of adjustment and deterrence. Implementing this alternative means strengthening and maintaining deterrence as a tool for exerting ongoing pressure on Hamas in order to weaken it and achieve calm.

2. Extended ceasefire between Israel and Hamas (“ tahadiya ”) according to the logic of an arrangement. Choosing this alternative means recognizing Hamas as the sole body responsible for Gaza.

 

3. Completely disconnecting the Gaza Strip from Israel and from the West Bank according to the logic of disengagement. Choosing this alternative means closing crossings between Gaza and Israel and enabling Gaza a sea outlet and access to the Sinai Peninsula.

4. Military operation to overthrow Hamas’s military wing according to the logic of military victory. Choosing this alternative requires follow-up steps with the aim of influencing and stabilizing the Gaza Strip. This alternative can also be a platform for advancing another alternative, such as maintaining Hamas’s rule but in a very weakened state, or creating the conditions for returning the PA to Gaza and making it the responsible body there, or establishing an international trusteeship in Gaza (an option whose likelihood is very slim).

5. Creating conditions for intra-Palestinian reconciliation and supporting steps in this direction according to the logic of an arrangement; in this alternative, the PA is the only body that represents the Palestinian camp.

 

Connectivity between the Alternatives

According INSS analysis it is evident that none of the alternatives is stable over time. In the diagram below, the connectivity between the alternatives creates a circular dynamic: Implementing an alternative in the short term leads to a different alternative in the medium term and even a return to managing the conflict in the long term. Breaking out of this circularity is only possible in a situation in which the PA returns to ruling and managing the Gaza Strip, thus creating a single functioning leadership for the two Palestinian territories—this is the preferred way to restore security to the Israeli communities near Gaza and to maintain Israel’s regional interests.

According to the diagram above, disconnection appears to be the least stable of the alternatives, as it inevitably leads to implementing another alternative. The alternatives of an arrangement and of a military operation are more dominant, as they both have the potential to substantively change the security situation. An arrangement could reduce the chances of intra-Palestinian reconciliation, a military operation would create the necessary conditions that could lead to the return of the PA to managing Gaza. A military operation could also lead to an arrangement, but this would not necessarily be better for Israel than an arrangement without a military operation. The inability to control the final results and the heavy toll of a military operation—in terms of human lives, costs, and Israel’s international standing—increase the risks inherent in this alternative.

In order to reap the benefits of the arrangement alternative, Israel must help the PA avoid negative consequences. To this end, Israel must strengthen the PA and its standing in the West Bank and, at the same time, not sabotage intra-Palestinian reconciliation efforts. Israel—in coordination with the international community—can strengthen the PA by providing it with a leading role in reconstructing Gaza, while the PA government could handle the reconstruction budgets.

INSS concludes that the preferred option for Israel is for the PA to rule in the Gaza Strip; but without the necessary conditions, Hamas’s rule is the best of the worst from Israel’s perspective, since it also strengthens the coordination between Israel and Egypt.

.

 

My View: The Sinai Option is best for Israel, Egypt and Gazans

”The core principle of the Sinai option is: Land AND money for peace.” (Ari Rusila)

The Sinai option is not a new option to solve Egypt-Gaza-Israel conflict. According Middle East Monitor (MEMO) report [01 September 2014 ] Egyptian President Abdel-Fattah el-Sissi offered Palestinian Authority 620 square miles of land adjacent to Gaza in exchange for relinquishing claims to 1967 borders for the purpose of establishing a Palestinian state. PA President Abbas reportedly rejected proposal. Speaking in a meeting of Fatah leaders in Ramallah, Abbas said: “The plan, which was proposed in 1956, included annexing 1,600 square kilometres from the Sinai Peninsula to the Gaza Strip in order to receive Palestinian refugees.” He continued: “The plan is being proposed again, but we refused it.” One idea with offer was to resettle “Palestinian refugees” in the Sinai. Under the initiative, this state will be demilitarized, Army Radio reported . Experts summarise that Sisi’s generous offer stemmed from Egypt’s difficulty in then controlling terrorist groups based in the Sinai Peninsula. According to the reports, the territory in Sinai would become a demilitarised Palestinian state – dubbed “Greater Gaza” – to which returning Palestinian refugees would be assigned.

According Middle East Eye (MEE) the scheme became the centrepiece of the 2004 Herzliya conference, an annual meeting of Israel’s political, academic and security elites to exchange and develop policy ideas. It was then enthusiastically adopted by Uzi Arad, the conference’s founder and long-time adviser to Benjamin Netanyahu, the current prime minister. He proposed a three-way exchange, in which the Palestinians would get part of Sinai for their state, while in return Israel would receive most of the West Bank, and Egypt would be given a land passage across the Negev to connect it to Jordan. (This and more plans in Herzliya Papers )

According the Arab newspaper Asharq Al-Awsat the Egyptian source said a similar proposal was put to President Mohamed Morsi when he came to power in 2012. A delegation of Muslim Brotherhood leaders travelled to Washington, where White House officials proposed that “Egypt cede a third of the Sinai to Gaza in a two-stage process spanning four to five years”. US officials, the report stated, promised to “establish and fully support a Palestinian state” in the Sinai, including the establishment of seaports and an airport.  (More in Sinai Option again ) 

From my point of view the Sinai option is both feasible and viable especially if the economic part of ”Deal of the Century” (DoC aka Trump peace plan) will be implemented. It was billed as “a vision to empower the Palestinian people to build a prosperous and vibrant Palestinian society.” The plan calls for a $50 billion mix of grants, loans and private investments over ten years to develop a future Palestinian state’s infrastructure, telecommunications, tourism and health care industries.(more in Palestine: Peace & Prosperity Plan )

If Gazans can – with international support – improve their infrastructure, decrease unemployment by economic development and work permits to Israel and Egypt and live in peaceful conditions they have less reasons to support radical jihadist movements and violence as then Gazans could endanger their the well-being they have achieved.

As in my opinion the Sinai option is the best alternative for Israel, Egypt and Gazans there is still question about West Bank.  It is very possible that PA is not in short term involved to this arrangement.  However only in few years the benefits from this option can be seen as improving living conditions among Gazans and at least there is some positive perspective, way ahead and maybe realistic hope.  Sinai option could be an example that violence and utopies are not the solution but negotiations, compromise and deal might be. If Hamas will get rid off its military wing and can decrease the influence of PIJ and other terrorist groups it can create good change for cooperation with Fatah.  This cooperation can lead to common state – be it federal,  confederal etc – and even to modern democracy.