Swiss-cheesing our way out of Corona
A recent NY Times article speaks about a Swiss cheese model of protecting people from the SARS-COV-2 virus.
A layered defense model for Corona makes eminent sense.
SARS-COV-2 is going to be around for a long time. Forward defense and defense-in-depth were used in Roman times and are the standard for the past 50 years for network and application security.
In this post, I’ll do a threat analysis and suggest 6 reasons why the Swiss-cheese defense is not effective for SARS-COV-2.
I’ll conclude this essay with some thoughts on distributed defenses independent of central control.
6 reasons why current Corona mitigation is not working
1. The fatal mismatch
The first reason is fundamental: static defense can’t keep up with a virus that mutates and transmit.
2. Central government is a single-point of failure
As in network security, it is important to assure integrity of the endpoints (the people) but reliance on a single mainframe (let’s call it a national Ministry of Health) may create a single point of failure.
3. Trusted endpoints are key to layered defenses
My personal perspective is based on living in Israel, being a cybersecurity consultant and a tech entrepreneur providing a platform for automated detection and response in clinical trials. (Shameless plug — Flaskdata.io — provides real-time observability for clinical data).
This makes me opinionated and confident of my opinions but open to listening to anyone who challenges my ideas. Otherwise, what kind of tech entrepreneur would I be?
There is in Israel, a fundamental lack of trust in MOH and the government in general. If public/government policy is part of the layered defense, then this strategy is doomed to failure in advance because citizens will not cooperate, as proven by the current state.
If central government is willing to ceded control of policy to the municipalities, then the probability of success of a layered defense plan improves. This is the trend in countries like Ukraine and Israel and it seems to work well, when the city government has the leadership and resources.
It is unclear that a complete laissez-faire strategy will work better.
4. Practical threat mitigation is better than perfect
A case in point is the Israeli Ministry of Health decision not to implement privacy-preserving contact tracing (designed by Google and Apple back in April and implemented by a team of volunteers at Shopify Canada in August).
The IT manager in charge decided that they needed more accurate means; which no one has and no one will achieve. In the meantime, the MOH decided to go with highly-inaccurate Israeli Security Service contact-tracing and their highly-vulnerable mobile app (Magen) based on GPS.
A double knockout to public trust in the system.
5. Centralized systems do not scale
Around August, the Israeli Army got involved and built a centralized system for epidemiological investigations using the MOH IT systems. I believe they actually delivered a working system in November. But — remember lesson number 1 from computing — centralized systems do not scale.
6. Public policy rests on private trust
A national Ministry of Health could be perfect on defense-in-depth but fail to curb the virus because there is a single point of failure on top and large scale vulnerabilities in the endpoints (citizens).
Going forward past Swiss cheese
The most fundamental problem is the mismatch between static defenses and viruses and other infectious diseases that mutate and transmit.
We need a dynamic defense system that can mutate as the virus mutates and transmit as fast as the virus.
It seems to me that a distributed defense approach based on networks of people, unencumbered by centralized government may work better than a static Swiss-cheese defense.