The IFTF Blog
The Internet Immune System
Recent news around the Stuxnet computer virus and Kapersky Lab's discovery of the Flame spyware have heightened public conversations Internet security.
What if the Internet were able to patch itself against threats and vulnerabilities?
A 2010 article by Sagarin et al. lays out a strategy for using features of biological immune systems in the context of human global security against terrorism and other conflicts. Immune systems respond to viruses, bacteria, and other parasites through decentralized, adaptive and cooperative practices that span many areas of the body. There are almost as many different immune responses as there are species–perhaps even as many as there are organisms. And while the genetic and physiological diversity of immune systems is vast, there are some analogous strategies that work as well for organizations and communities as they do for molecules and cells.
The Internet was built on the belief that the Internet is an extension of life, perhaps even another organic form onto itself. If we were going to apply that metaphor, we might as well ask what other features of life itself are valid for a more resilient Internet. According to Sagarin et al., there are at least three. Decentralized security, meaningful signaling, and cooperative symbiosis point to behaviors and practices that could describe a more distributed, responsive, and integrated Internet, one that is modeled on the ways in which immune systems respond to parasites and injury.
Decentralized security means that Internet patching devolves to the end user and becomes a feature of the network, not something that happens only at a node or peripheral in the network. Decentralization means that different aggregated structures form to carry out responses to threats. In doing so, security becomes an emergent trait, arising from the coordinated and attenuated efforts of many individuals, services providers, and machines who undertake decentralized reporting, debugging, and maintenance to achieve different levels of online vaccination.
However, decentralization comes at a cost. It's difficult to coordinate and even more difficult to communicate across different geographies and time zones. The threshold between a responsive internet and an adaptive one is the availability of real-time intelligence about the state of the Internet as a whole, its vulnerabilities, and its strengths. Open broadcast of real-time intelligence supports multi-stakeholder coordination for dynamic virus recognition and quarantine.
But in order to act, meaningful signaling is the critical infrastructure for adaptation. Meaningful signals must be relevant, and this requires informational and emotional qualities that tell you where and how different vulnerabilities are present. Meaningful signaling creates visibility and transparency for end users, networks, and service providers to develop responses of their own volition, including active support for virus recognition and quarantine.
Provenance and traceability assist in organizing the trust needed to make signals meaningful. As meta information, data provenance (its origin and method of collection) and traceability (its chain of use and translation) signal intent because the history of interaction is embedded alongside, and this helps establish a sense of a signal's honesty and trustworthiness.
Another way of creating meaningful signals is to enable ratcheted and incremental shifts from early, generalized responses to highly-specific, adaptive responses when, for example, Internet-based information pathogens become more threatening. An Internet that is attenuated to different levels of risk and is able to produce an appropriate and timely response to risky behavior is a more adaptive Internet.
The third feature of immune systems is cooperative symbiosis with other connected and embedded systems. Cooperative symbiosis means there is a loose coupling between different technologies and scales to broadly enable transfers of information and responsiveness to limit injury and/or intrusion by other means. It also means aligning standards and goals in ways that create layers of trust within the Internet and across air gaps to smart grids, sensor and actuator networks, and other forms of institutional and physical infrastructure that use the Internet as a resource. Some of those layers of trust come in the form of machine languages that communicate, recognize, and respond to emerging threats. Other layers are built through the social trust that humans confer to a cyberinfrastructure that supports their needs, desires, and endeavors.
Applying insights from natural systems to technology and infrastructure is more than just biomimicry. It involves blending those insights with the peculiarities of human social systems, technological entrenchment, and organizing communication strategies to reflect core values to bring about adaptive change. For each of these three, synergistic features, there are a variety of ways to implement them in practice, and those mothods are as varied as there are local Internet values and geographies. There are also many more examples from immune response systems in plants and animals that provide ready models for building new approaches. And so in many ways, we are only at the beginning of building a new adaptive Internet experience for people and beyond.