Cybersecurity Lessons from the Pandemic: Getting Lucky

Antonio Regalado’s February 5, 2021 article in the MIT Technology Review, “The next act for messenger RNA could be bigger than covid vaccines,” which is available at The next act for messenger RNA could be bigger than covid vaccines | MIT Technology Review, is a riveting account of how the mRNA vaccine has been developed over the past two decades and arrived in an implementable form just in time for the COVID-19 pandemic. Several chance encounters, which led to progress at times when the effort seemed to have stalled, were key to that progress. As the article stated: “… we got lucky” with both “perfect timing” and high efficacy.

I have discussed climate change with several people who believe that scientists will come up with a “magic bullet” that will reverse all damage done and return us to a greatly more inhabitable planet. An ecoengineering approach, called “dimming the sun,” is to inject a layer of reflective particles into the upper atmosphere to reflect back the sun’s rays, thereby preventing further global warming. But who knows whether such a method can be controlled enough not to send us into another Ice Age? Elizabeth Kolbert has just published a book “Under a White Sky” which describes the pros and cons of various climate-correcting technologies. Meanwhile, a couple of billionaires (Musk and Bezos) are hedging their bets and progressing space travel so that, if a solution is not found, there may be alternatives. Mars, anyone?

Regarding cybersecurity, we are confronted with similar issues. The situation has become so much worse that, barring Draconian measures, it is difficult to see how we might return to earlier times when cyberattacks were not considered to be a major threat.

Nicole Perlroth wrote a piece to this point in The New York Times of February 7, 2021, with the title “How the U.S. lost to hackers,” available at How the US Lost to Hackers – The New York Times ( Perlroth describes the loss of U.S. predominance in cyberspace defense mainly because of hubris. Attack technology was chosen over defense technology by a ten-to-one ratio, leaving the country open to cyberattacks, some of which were stolen from the U.S. and made available to adversaries.

Perlroth’s suggested solutions for individuals, governments and businesses are the traditional ones, but she did not provide any estimates of time, effort and funding required to implement her suggestions. While we have no such estimate—primarily due to no one having scoped out the project—it could easily run into the trillions, if not tens of trillions, of dollars. And this huge effort would have to be justified on the basis of an apocalypse that few accept. Furthermore, we could end up with less functionality and convenience and lower profitability than before. How would that work? Here … give all this up based on some risk that you won’t be able to use these great systems for some unknown period of time, if ever.

Then, what are we left with? Luck? Maybe so. We need to pray for a comparable cybersecurity breakthrough to the one that gave us mRNA vaccines. Perhaps AI (artificial intelligence) and ML (machine learning) will come to the rescue as cybersecurity’s magic bullets. At least that is what many InfoSec professionals appear to be counting on. Meanwhile, as with the pandemic, we must practice security hygiene, which should reduce some of the damage in the near term, just as do public health practices that are recommended by epidemiologists. However, that does not offer a long-term solution for cybersecurity. For that, we are left with pinning our hopes on a technological magic bullet, which may or may not be achieved. We need to be lucky here, too.

*** This is a Security Bloggers Network syndicated blog from authored by C. Warren Axelrod. Read the original post at: