Today, the EastWest Institute released a report titled The Internet Health Model for Cybersecurity. I was fortunate to participate in the development of this report, which argues for carrying lessons from the public health sphere over to Internet security:
Today, there is no global, coordinated approach to protecting people and systems from malware and related threats on the Internet. We must begin to create a more secure and defensible foundation for cyberspace now in order to protect the two billion current users and the next billion users expected online by 2015. We believe the solution lies in a coordinated international effort among governments and industry players across the IT ecosystem to protect the shared environment of the Internet from bad actors.
The model of the public health field provides a good starting point for developing a coordinated global effort to better protect users online. For example, the health of individuals and communities in society is improved through the collective actions of individuals themselves and frontline healthcare providers with the support, coordination, and guidance of organizations such as the World Health Organization (WHO) and the United States Centers for Disease Control and Prevention (CDC). While we do not suggest that the public health model provides a complete blueprint for securing the Internet, we believe that it can serve as inspiration for how to better protect cyberspace.
The paper goes on to identify some of the relevant characteristics of the public health system, limitations to applying the model to Internet health, a set of core principles for an Internet health system, and several themes for further exploration and development.
The full report, which is a worthwhile read, may be found here.