FAA touts a biological model for IT defense
- By William Jackson
- Feb 25, 2004
SAN FRANCISCO'The Federal Aviation Administration is promoting a concept of IT security that mimics the defenses used by the human body.
'What we're moving toward in Android Cyber Defense is an evolution from straight defense in depth,' said FAA CIO and assistant administrator Dan Mehan.
Mehan was speaking at the RSA Security Conference to promote the concept in the hope of stimulating more research in the area.
Since the late 1990s the emphasis in federal IT security has been on policy and on accrediting federal IT systems, while the speed and sophistication of malicious code has continued to grow. Mehan said the idea of Android Cyber Defense, first developed in September, is based on the fact that the human body is a complex and robust system that protects itself on multiple integrated levels.
The human body depends on basic good health and nutrition and physical boundaries such as skin to protect itself from attacks, and uses immune systems, system monitoring and lessons learned from past experiences to ward off infection and recover from injury when its defenses have been breached. Each of these elements is essential and all work together in a way that has not been accomplished in cybersecurity, Mehan said.
'It's more than a convenient way to describe security,' Mehan said of the concept. 'Computers won't act like humans, but by studying how bodies protect themselves, the end result will be a more resilient defense' for IT systems.
He said little high-level research has been done on mathematical modeling for system behavior and defense. FAA is promoting the Android Cyber Defense idea to encourage such research.
William Jackson is a Maryland-based freelance writer.