Cogito Ergo Sum

Подробнее о видео

Cogito Ergo Sum – The Body as an Analogy E058 2025 022 24
February 24, 2025
I recently saw a thought-provoking piece that drew a parallel between some cybersecurity capabilities and tools, and the mechanisms evolution has given us to protect ourselves against threats. Firewalls were like the skin, providing a boundary, antivirus was like the immune system, and so forth.
All models are distortions, but some are useful distortions. If cybersecurity is ever to become an engineering discipline, we need to start laying down principles beyond vague analogies.
What makes us human? Descartes suggested that it’s about thinking, and that premise has been disproved for nearly 400 years (1637, “Discours de la méthode”). A broader discussion would look at characteristics of living vs. non-living things.
According to the NASA Astrobiology program life on earth has the following traits.
1) All life is highly ordered and structured. Not only do all living things that we know of have cells and cellular structures, but many living things also have larger-scale structure such as bilateral symmetry (in humans) or radial symmetry (in starfish).
2) All life reproduces itself.
3) All life grows and develops to reach maturity.
4) All life takes in and utilizes energy to carry out the functions of its cells, which results in growth and development.
5) All living things exhibit homeostasis, which is the ability to maintain a steady internal environment regardless of their external environment.
6) All living things respond to their environment by sensing external stimuli and changing their biochemistry and/or behavior.
7) Finally, all living things adapt to external pressures, and evolve because of them. Adapting is much like responding to a stimulus in the environment, but takes it to the next level. In evolutionary adaptation, one cuttlefish will have the ability to change colors more quickly and effectively than another (because of its genetic makeup), and it will inherently be more likely to survive than another one that doesn’t do it as well or as quickly. Over time, the population of cuttlefish descended from that one who changed colors more quickly and effectively is more highly adapted to its environment.
To simplify, living things have boundaries – it’s clear what is part of the thing and what isn’t. They sense and interact with their environment, they metabolize, and they reproduce.
Now for the exceptions. A particular individual may not reproduce, but that doesn’t mean the individual is not alive. Living things are made of cells, but that’s contingent, some other structure might work elsewhere in the universe. Life here uses carbon-based proteins and DNA but some alternative mechanisms might be possible elsewhere. Heredity is how living organisms adapt to their environment over generations. Computer programs do not metabolize, and like a virus do require mechanisms to hep them reproduce. They do not evolve nor do they adapt to their surroundings.
Cybersecurity also concerns itself with edges – firewalls and the perimeter. And homeostasis – maintaining stable operations despite external or internal challenges – Is desirable for IT and OT. The analogy also works mapping a layered defense – we have skin to keep the insides inside and protect our workings from harmful chemicals and infection. But we also have senses – we are aware of our surroundings and can take measures to protect ourselves in advance from potential attacks. And that’s one of the things that the model misses: the ability to gather information about the cyberworld and prepare against attacks, shore up vulnerabilities, minimize potential losses, and reduce our attack surface. The other thing the model misses is that there are no edges or boundaries in the cyber universe – everything is either connected or it is irrelevant. And relying on the absence of a connection – the durability of perimeters – is too often fatal.
Computer and computer programs are not like life. Using the body as an analogy will lead to deeper errors – relying on an inappropriate and poorly aligned analogy will blind us to gaps and leave us exposed to exploits. In cybersecurity, we need to know everything about our environment – inside and out.
In the move towards making cybersecurity less of a mysterious art and more of an engineering discipline, let’s be more thoughtful in our choices of patterns. It’s hard to think deeply, but at least we can think clearly.
References:
NASA What are the Characteristics of Life?
Cogito Ergo Sum - A Bit of Security for February 24, 2025
Can we use the body as an analogy for cybersecurity? Listen to this -
Let me know what you think in the comments below or at wjmalik@noc.social
#cybersecuritytips #securityengineering #securityanalogy #cybertrust #BitofSec