Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Handling Pandemic-Scale Cyber Threats: Lessons from COVID-19

Adam Shostack, Josiah Dykstra

TL;DR

The paper reframes cyber risk to pandemic-scale events, arguing that unpreparedness could yield systemic disruption to critical infrastructure. It defines pandemic-scale cyber events, distinguishes them from conventional incidents, and employs threat modeling to sketch a national framework for preparation and response in the United States. Central contributions include six pandemic-derived lessons (data infrastructure, informal networks, clear roles, effective communication, adaptable playbooks, and syndemics-aware planning) and a call for a national PSE playbook led by the Office of the National Cyber Director, supported by exercises and cross-sector collaboration. The work highlights practical implications for government, industry, and academia to reduce economic damage and societal disruption through proactive governance, data sharing, and resilient incident response. Overall, the paper lays groundwork for a structured, collaborative, and data-informed approach to cyber crisis readiness that scales beyond conventional incident response.

Abstract

The devastating health, societal, and economic impacts of the COVID-19 pandemic illuminate potential dangers of unpreparedness for catastrophic pandemic-scale cyber events. While the nature of these threats differs, the responses to COVID-19 illustrate valuable lessons that can guide preparation and response to cyber events. Drawing on the critical role of collaboration and pre-defined roles in pandemic response, we emphasize the need for developing similar doctrine and skill sets for cyber threats. We provide a framework for action by presenting the characteristics of a pandemic-scale cyber event and differentiating it from smaller-scale incidents the world has previously experienced. The framework is focused on the United States. We analyze six critical lessons from COVID-19, outlining key considerations for successful preparedness, acknowledging the limitations of the pandemic metaphor, and offering actionable steps for developing a robust cyber defense playbook. By learning from COVID-19, government agencies, private sector, cybersecurity professionals, academic researchers, and policy makers can build proactive strategies that safeguard critical infrastructure, minimize economic damage, and ensure societal resilience in the face of future cyber events.

Handling Pandemic-Scale Cyber Threats: Lessons from COVID-19

TL;DR

The paper reframes cyber risk to pandemic-scale events, arguing that unpreparedness could yield systemic disruption to critical infrastructure. It defines pandemic-scale cyber events, distinguishes them from conventional incidents, and employs threat modeling to sketch a national framework for preparation and response in the United States. Central contributions include six pandemic-derived lessons (data infrastructure, informal networks, clear roles, effective communication, adaptable playbooks, and syndemics-aware planning) and a call for a national PSE playbook led by the Office of the National Cyber Director, supported by exercises and cross-sector collaboration. The work highlights practical implications for government, industry, and academia to reduce economic damage and societal disruption through proactive governance, data sharing, and resilient incident response. Overall, the paper lays groundwork for a structured, collaborative, and data-informed approach to cyber crisis readiness that scales beyond conventional incident response.

Abstract

The devastating health, societal, and economic impacts of the COVID-19 pandemic illuminate potential dangers of unpreparedness for catastrophic pandemic-scale cyber events. While the nature of these threats differs, the responses to COVID-19 illustrate valuable lessons that can guide preparation and response to cyber events. Drawing on the critical role of collaboration and pre-defined roles in pandemic response, we emphasize the need for developing similar doctrine and skill sets for cyber threats. We provide a framework for action by presenting the characteristics of a pandemic-scale cyber event and differentiating it from smaller-scale incidents the world has previously experienced. The framework is focused on the United States. We analyze six critical lessons from COVID-19, outlining key considerations for successful preparedness, acknowledging the limitations of the pandemic metaphor, and offering actionable steps for developing a robust cyber defense playbook. By learning from COVID-19, government agencies, private sector, cybersecurity professionals, academic researchers, and policy makers can build proactive strategies that safeguard critical infrastructure, minimize economic damage, and ensure societal resilience in the face of future cyber events.
Paper Structure (21 sections)

This paper contains 21 sections.

Table of Contents

  1. Introduction
  2. Pandemic-Scale Cyber Events
  3. Characteristics of a pandemic-scale event
  4. Limits of the pandemic metaphor
  5. Lessons for Cyber from the COVID-19 Pandemic
  6. Lesson 1: Trustworthy statistics are a foundational requirement
  7. Lesson 2: Informal networks are incredibly powerful
  8. Lesson 3: Unclear roles and responsibilities inhibit progress
  9. Lesson 4: Communication must be clear and effective
  10. Lesson 5: Existing plans may be insufficient to guide action
  11. Lesson 6: Syndemic issues will likely inhibit response
  12. Additional Confounding Cybersecurity Issues
  13. Vital statistics and data infrastructure are missing
  14. Roles and responsibilities are overlapping and complex
  15. There are no plans for a pandemic-scale cyber event
  16. ...and 6 more sections