When was the analogy between biological and computer viruses made?
Jean-Yves Marion: The use of the word “computer virus” comes from Leonard Adleman, a computer science professor and molecular biologist renowned for his work on DNA computing (computation using DNA sequences). He was one of the developers of the RSA encryption algorithm. In 1983, one of his PhD students, Fred Cohen, developed a new type of informatic threat. He designed a program granting him the access rights and data of unknowing users who downloaded it. As such, Adleman named this type of program “a virus”. The analogy between computers and biology was popular at the time, people spoke of artificial intelligence, neural networks, etc.
Can we also apply this analogy to the means of fighting viruses?
There are possible comparisons. The concept of lockdown, for example, is particularly applicable to networks. A firewall and frontend servers – a demilitarised zone (DMZ) – isolate the rest of the network to protect it as much as possible. It’s almost like putting on masks so we don’t get infected!
However, if biology and computer science show similarities in the reasoning or analysis of a situation, this is not the case when it comes to defence. From a biological point of view, the human immune system is a fantastic machine. It knows how to defend itself against viruses, bacteria, aggressions, etc. It even knows how to “update” itself by taking into consideration previous attacks. Our digital systems are light years away from this ingenuity and efficiency.
We would greatly benefit from a better understanding of our immune system to see if some elements could be transposed in antivirus software. The mechanisms of living beings are far more complex and sophisticated. A cyberattack is only designed by one or several humans. It is therefore possible for other individuals to understand and counteract this attack. Admittedly, cyberattacks claim victims, but we can defend ourselves. Whereas in the case of the Covid-19 pandemic… it is much harder!
Does this mean that we could protect ourselves against a cyberpandemic?
Several answers. First, a worldwide cyberpandemic has been announced for ages: “everything will stop, there will be no more cars, energy, etc.” But it remains to be seen! We are far from the chaos portrayed in disaster movies. At the same time, the number of cyberattacks increases and make victims every day. When a company is attacked by a ransomware, it leads to important human and economic consequences. Finally, we have already been subject to several attacks resulting in important permanent damage. For example, WannaCry or NotPetya were responsible for billions of financial losses around the world.
Additionally, viruses evolve, mutate and conceal themselves better and better. Some even include many variations. Let us take for example the banking Trojan called Emotet. It appeared in 2014 and since then, its form, signature or behaviour have changed over time. It is currently one of the most widespread viruses. We submitted a particular sample of Emotet to 63 antiviruses on Google’s VirusTotal website. Only 7 of them detected this malware…
Not to mention the billions of connected objects in our homes and our cities which can be attacked, diverted from their intended use. So yes, a cyberpandemic is possible, but it would not take the same form as a biological pandemic.
What do you fear the most?
I think that the true pandemic today is disinformation. Much like a disease pandemic, it is viral. Intelligent language or image processing tools are now so sophisticated that they make it possible to create “deepfakes”, fake but entirely credible videos which can make somebody say anything. It is possible to produce false “likes”, fake chatbots, to widely spread false information, attack electoral systems…
