Handling Pandemic-Scale Cyber Threats: Lessons from COVID-19

TL;DR

This paper draws lessons from COVID-19 to develop a framework for preparing and responding to pandemic-scale cyber threats, emphasizing collaboration, roles, and proactive strategies for resilience.

Contribution

It introduces a framework for pandemic-scale cyber event response, highlighting lessons from COVID-19 and differentiating large-scale cyber threats from smaller incidents.

Findings

Six critical lessons from COVID-19 for cyber preparedness

A framework for action focused on the US context

Actionable steps for developing a cyber defense playbook

Abstract

The devastating health, societal, and economic impacts of the COVID-19 pandemic illuminate potential dangers of unpreparedness for catastrophic pandemic-scale cyber events. While the nature of these threats differs, the responses to COVID-19 illustrate valuable lessons that can guide preparation and response to cyber events. Drawing on the critical role of collaboration and pre-defined roles in pandemic response, we emphasize the need for developing similar doctrine and skill sets for cyber threats. We provide a framework for action by presenting the characteristics of a pandemic-scale cyber event and differentiating it from smaller-scale incidents the world has previously experienced. The framework is focused on the United States. We analyze six critical lessons from COVID-19, outlining key considerations for successful preparedness, acknowledging the limitations of the pandemic metaphor, and offering actionable steps for developing a robust cyber defense playbook. By learning from COVID-19, government agencies, private sector, cybersecurity professionals, academic researchers, and policy makers can build proactive strategies that safeguard critical infrastructure, minimize economic damage, and ensure societal resilience in the face of future cyber events.