Abstract:

The following essay intends to draw attention to the similarities of code-based malware and biological pathogens, both in operation, behaviour and predictability. Applying methodology from the field of epidemiology rather than looking at novel approaches could allow for an enhanced approach to handle, prevent or mitigate malware outbreaks. This paper will additionally explore the similarities in terminology used in both fields drawing focus to the validity of the comparison

Following the Covid-19 outbreak starting in 2019, topics of handling and controlling infectious disease became an international concern both medically, economically, and politically. Covid-19 will serve as a case study to compare to the digital outbreaks of the WannaCry and NotPetya malware pandemics of 2017. This essay will argue that malware attacks are to be considered cyber pandemics. While far from a novel concept, there is still significant space to explore the use of epidemiological methodology within cyber-security. Additionally, the essay intends to show the lessons drawn from the Covid-19 outbreak could be applied in the sphere of cyber security.

Finally, using the lessons and history of infectious disease, this essay will consider the lack of an internationally supported operational response in the face of digital pandemics and the need for an independent authority on cyber security in the vein of the World Health Organization that has the capacity and intention to better worldwide digital safety and stability.

Introduction:

“Nature is potentially the worst bioterrorist” Anthony Fauci stated in an interview with CBS News in 2018, referring to his opinion that naturally evolving pathogens remain the biggest health threat to humanity[1]. Fauci has served as director of the National Institute of Allergy and Infectious Disease and as Chief Medical Advisor to The President during the Covid-19 pandemic. Fauci´s statement can seem self-explanatory when viewed through the history of disease, from the Plague of Justinian in 541CE[2] through the most lethal contagion of human history, The Black Death, with its up to 65

Disease is caused by microbial organisms and entities that interfere with the human body to propagate. The first section of this essay will explore the terminology used in describing malware and its origins in the epidemiological field. This section aims to show the similarities in operation of digital malware and biological parasites. The second section looks at the way pathogens, both digital and biological, spread through vectors and how awareness of such vectors is critical in containment and recovery. The third section of the essay uses mathematical models designed for modelling and predicting infectious disease, and how these models can be modified and applied to digital malware. The fourth section covers the use of vaccines in the history of disease and discusses the potential conceptual candidates for the use of the term in cyber-security. The term vaccine is used for several similar defence techniques in cyber-security and those will be covered here. The final section discusses the operationally weak response to malware pandemics and looks at the need for an internationally governed authority that can mobilize and guide the world in the face of new malware pandemics.

What is a virus?

The field of cyber security has a long history of borrowing terminology and concepts from epidemiology. Epidemiology has several in depth definitions, but for the purpose of this paper a simpler definition is warranted. The first cited use of the term according to the Dictionary of Epidemiology is as follows “The branch of medical science which treats pandemics”[4].

A pandemic is an interregional outbreak of disease[5], a danger that has followed humanity through its development. Covid-19, The Bubonic Plague, Smallpox and Cholera are historical examples of pandemics. The use of the term pandemic to describe the malware outbreaks of the worms WannaCry and the later NotPetya in 2017 therefore exemplifies the overlap of terminology between epidemiology and cyber security[6].

Terms such as “virus” or “worm” has been used to describe malware since it was coined by Frederick B. Cohen in his 1984 PhD thesis[7]. He used the term to describe a program he wrote that had the capacity to spread and disrupt a user’s system. He described the program thusly: “We define a computer ‘virus’ as a program that can ‘infect’ other programs by modifying them to include a possibly evolved copy of itself»[8]. This initial description of a computer virus that so closely matches the natural workings of a biological[9] virus, as will be shown later, further shows the overlap of terminology.

The ability and tendency for computer virus to propagate and spread through a system and from machine to machine also closely mirrors their biological counterpart similar lifecycle, to the point where using the same mathematical models devised to plot infectious disease can easily and reliably be applied to computer viruses[10].

Computer viruses takes its name from its biological namesake. Viruses in nature are small packages constructed out of protein, carrying strands of genetic material, either DNA or RNA depending on the type of virus[11]. DNA and RNA are strains of genetic information containing the genetic code, the information used as a template for the creation of new cells[12]. Viruses are parasitical in nature and utilize the energy and continued operation of a living host cell for its propagation. Propagation happens when the virus inserts their genetic material into host cells that proceed to use the viruses genetic code as their template and unwittingly create more virus cells, rather than the cells needed by the body[13].

In a similar vein, computer viruses tend to be embedded in a host file, such as an executable file or a document[14]. When the user takes a required action to trigger the virus, often by opening or running the infected file, the viruses code runs as well. The virus depends on the host file to function and to run for it to propagate. Malware such as Emotet can, after a successful infection of the host, scrape data from the user’s email service and the associated accounts to create fake emails (phishing emails) that contain new copies of the malware in order to spread to new hosts[15].

Another term commonly used for malware (that also borrows from a biological pathogen) is “worm”. First coined in the 1975 science fiction novel The Shockwave Rider by John Brunner[16], his digital worm took inspiration from real life Helminths[17], and tapeworms (Cestoda) specifically. Tapeworms are comprised of a head section that attaches itself to the host, and several segments that will fill with eggs and detach to create new worms[18]. Brunner’s worm act much the same, with the segments being of code and can detach from the original worm to create new worms[19].

A computer worm is essentially the same as a computer virus, they are both contagious malware but differ in their means of propagation. While a virus depends on a host file to propagate, worms are capable of self-propagation and can infect and spread with no user intervention required[20].

Both Cohen´s and Brunner´s coined terms for computer malware are therefore accurate. Both computer virus/worms and their biological counterpart utilize the energy and operation of an unwilling host to use its code to create further copies of itself that proceeds to spread to other hosts autonomously.

The Pathways of Parasites

Transmission of pathogens from host to host can be a challenge, whether the pathogen is carbon or code based. Amongst the most contagious and lethal of humanity’s plagues are vector-borne diseases[21]. In epidemiology, a vector is a living organism that transports the contagious pathogen from one host to the next one[22]. Most common amongst these are arthropods such as fleas or mosquitos. The discovery of vectors in disease came from Ronald Ross, who discovered the malaria-mosquito relationship in 1897[23]. This discovery was important as it made the connection between the vector (the mosquito) and the disease (malaria). Such an understanding is vital in combating infectious disease, as without it the disease will seemingly appear from thin air.

Thin air was in fact where scholars thought disease originated from, the idea that disease came from filth or dirty vapour known as miasma[24]. The theory that small microbial lifeforms were the cause of disease instead, a breakthrough that began with the discovery of Mycobacterium tuberculosis by German scientist Robert Koch in 1882[25].

Today, the understanding that small lifeforms cause disease is prevalent, and its generally understood that such lifeforms spread through insects, filth, or other sick humans. This understanding has yet to come through in the digital space, however. In a study by Lee Hadlington published in the International Journal of Cyber Criminology, Hadlington found that 58

In the digital realm, vectors are key to the spread of malware. While not as cut and dry as the biological term, the term vector is used in computer science to refer to methods of gaining access to a computer system. Vector come in many shapes such as social engineering, the manipulation of human beings into allowing malware access to their system[27].

Another vector being exploited to great success is phishing emails, with The Hill reporting a 600

The change in attitude that humanity completed (albeit slowly) after the discovery of the microbial organisms like Tuberculosis and Malaria is needed in the digital space. The vast integration of systematic hygiene steps in society, such as sanitation, easy access to disinfectant and the filtering of water is lacking an equivalent in cyber space. Vectors need to be looked at the same way they are in nature with a USB stick or pdf file being viewed like a mosquito or a cough. A potential biohazard for the computer.

Threats in cyber security are commonly referred to as attacks[30], and this is entirely warranted. But what the term fails to convey is the contagious and uncontrolled nature of infectious malware. In cybercrime and cyberwarfare, the chain is only as strong as its weakest link, and this requires the need for competent and informed individuals. Viewing malware as a precision guided attack, and not as the contagious disease it bears a close semblance to could be part of an explanation for the astounding level of cybercrime and cyberwarfare attacks in the previous years[31].

Hadlington also found that the issue is evidently not in communicating the risks of cyber-crime, with 84

Viewing this data displays a concise connection between the challenges faced in changing people’s behaviours to comply with transmissions hindering steps, regardless of if these are in relation to biological virus or digital malware. Attempting to leverage successful lessons from the longer, and arguably more successful, history of epidemiology in the digital space could potentially gain a much-needed boost in security in the form of a digital hygiene.

Modelling Infection

A common method to plot and predict the spread of infectious disease is compartmental mathematical models[35]. The population is divided into compartments, with an assumption that a population will not fit in more than one compartment. The basic framework for these types of models is the Susceptible, Infected and Recovered (SIR) model and the model uses differential equations to chart the movements between these compartments[36]. Other more realistic models exist, and often utilise a stochastic framework, for more realistic but complex analysis.

The SIR model is also usable in malware tracking, with novel variations being more accurate such as the SIS model, accounting for recovered hardware commonly being susceptible to reinfection or the SID model presented by Zhu Et. Al that accounts for the effect user awareness has on the spread of malware, showing an important element in malware containment.

The basic SIR model plots the change of people/nodes leaving and entering the different compartments of the model and allows for visualising the change.

The change in the susceptible population is presented thus:

dS/dt = -aSI

The change is negative, as people leave the susceptible population. The “a” represents a transmission constant and the more interaction between S group and I group, the more infections occur.

The change in the infected population:

dI/dt = aSI – bI

All those who leave the S group goes to the I group. Here “b” represents a recovery constant (for disease, this represents how long a person remains sick).

For the recovered population change:

dR/dt = bI

Being able to use these models to both plot and model infectious disease[37] and computer malware[38] displays how similar the infectious pathogens behave and spread despite the fundamental difference in their existence.

The SIR model is the basis for many different infection models. While useful in its simplicity, it is often not adequate to account for the complicated factors of real-world transmission. This is even more so true for computer virus. An example of a much more detailed probabilistic model is the pSEIRS model[39]

t = Time

N(t) = Total Population Size

S(t) = Susceptible Population

E(t) = Exposed Population

I(t) = Infected Population

R(t) = Recovered Population

p = Probability of temporary immunity after recovery

This model follows in general a SEIRS model (Susceptible, Exposed, Infected, Recovered, Susceptible), a model which mainly aims to account for how recovered machines can be infected after recovery, but considers another factor, p, that represents anti-virus software granting the node temporary immunity.

The main variable in these models is the R0 (R-Nought or R-Zero) number. This number represents how many people/nodes that are being infected by an infected person/node. This is crucial to predict the direction of the infection. To predict if an infectious disease will become an epidemic, R0 is found by looking right around the start of the spread, when t = 0.

dI/dt = aS0I0 – bI0 where t = 0

This gives us the argument for R0 (dI) to be:

R0 = aS0/b

If R0 > 1 it means the infection is spreading exponentially. As an example, if R0 = 2 then for every person infected, they proceed to infect 2 new people.

This is important, as the ways to slow or stop an infection lies in this equation and possible steps to curb spread can be found in the variables used by the model. In the simple SIR model when applied to infectious disease, the recovery constant (b) is difficult to change. When a person becomes infected and sick, the time they remain sick is generally constant. But the other two factors can be manipulated. The a represents the transmission rate and can be lowered by individual steps such as hand washing or through social policy such as social distancing. The S0 number represents the people in society that are susceptible to disease. Vaccines are the crucial component to lower this number. If the R0 number becomes less than 1, the infection will burn itself out and disappear.

In more complex models, such as the pSEIRS model, there are several more variables and constants that can be monitored and edited to model ways to lower the R0 number below zero.

Adapting the Immune System

Vaccines are the ultimate tool in combating infectious disease. Smallpox had plagued humanity for at the very least over 1700 years and is a highly contagious and lethal virus[40]. Yet by 1977 the disease had been wiped from the face of the earth[41]. Its extinction was caused by vaccinations against the virus. There are various types of vaccines, but they all base themselves on a similar concept, preparing the adaptive immune system for a potential infection. Vaccines do this by injecting enough pieces of a pathogen to trigger a response from the immune system, letting it create antibodies to combat the pathogen, but not enough to cause an infection in the patient[42].

In the combat of malware, the term vaccine has been used to refer to the use of security patches[43]. The analogy is useful, in the sense that it refers to the deployment of defensive capabilities after learning about the exploits used by a malware. It also mirrors the logistical issues of vaccinations in the need for voluntary actions by the population. The NotPetya worm that raged through the world, and Ukraine especially in 2017 utilised the EternalBlue exploit leaked from the NSA earlier that year[44]. Due to the leak, the exploit had been patched but many machines remained unpatched and NotPetya was able to infect these unsecured machines and then spread itself to the supposedly safe, patched machines[45].

A better use of the term vaccine in cyber security is for a niche defence tool that in fact more closely mirrors the real-world medical use of vaccines. Most malware has a system in place to avoid infecting an already infected machine, as this can have unforeseen consequences[46]. A concept for a malware vaccine therefore is to insert harmless snippets of a malware to fool the malware into malfunction. These snippets are often called infection markers[47]. For a famous example, the WannaCry attack of 2017 was at its time the worst cyber-attack yet, was neutralised when Marcus Hutchins discovered a kill switch in the worm[48]. Even more applicable to the medical term, Amit Serper was able to find a similar function in the more devastating NotPetya attack. If a certain file was present on the machine, the worm would not infect it[49].

Malware vaccines have some drawbacks however, when compared to anti-virus software. Firstly, they are detected by anti-virus software as malicious, due to the code being drawn from actual malicious software. Additionally, a successful malware vaccine will not inform the user of the infection because one did not occur. This is also not ideal, as the user needs to know and threat was present[50].

Malware vaccines have a niche use as a defensive tool. But their use in combating malware pandemics can be crucial. A system that implements specific malware vaccines when this malware is detected on a system or reported during an outbreak could be a key defensive application of malware vaccines.

The Need for a Cyber- WHO

Beginning in 2019, the world was struck with a novel coronavirus (SARS-Cov-2), also known as Covid-19, that soon became a true pandemic, with close to 600 million cases and well above 6 million fatalities[51]. Only a month after the first cases were discovered in the city of Wuhan, China, the World Health Organisation declared it a Public Health Emergency of International Concern. With this declaration came an emergency committee, with strategic goals, recommendations, and objectives for nations to follow and use. Large amounts of international funding were raised by nation states, with the EU creating a €10, 000, 000 fund for research and the UK investing €20,000,000 in vaccine funding as examples[52]. When the WHO presented guidelines on washing hands, using disinfectant, and social distancing it curbed the spread of Covid-19[53].

The development and distribution of vaccines development has been critical in hampering spread and reducing deaths[54]. The three central vaccines (Pfizer, Moderna and Oxford/AstraZenica) are developed by American (Pfizer/Moderna) and British/Swedish (Oxford/AstraZenica) pharmaceutical companies. While it is important to acknowledge that the distribution of vaccines have not been done pragmatically and fairly[55], the response to Covid-19 was an international one.

In such international cooperation, withholding information that could be crucial in combating infectious disease is something frowned upon in the international community. China was criticized for this throughout the outbreak[56]. In the cyber security world, this is the default. Zero Day vulnerabilities, security flaws in software the company making the software is unaware of (hence having had zero days to respond), are the most dangerous tools in a hacker’s arsenal. These flaws are coveted by malicious criminals and government organisations alike. A zero day can go for well above $50 000 on the black market[57]. Unlike information about infectious disease, these are national secrets. The NotPetya worm utilised one such vulnerability. Specifically, it used a program called EternalBlue. EternalBlue was developed by the National Security Agency, in the US, which the agency subsequently lost control of following a hacking incident[58].

The difference in the NotPetya attack and the Covid-19 outbreak highlights the need for an independent international body of authority, much like the World Health Organisation, in the field of computer security. It is a gap in the worlds ability to respond and coordinate that has not, and cannot, be filled by the current actors.

An international response led by any one sovereign nation would fail due to lack of trust. Any nation capable of the level of incident response required to combat a serious malware outbreak is by those very means also a suspect behind it.

Most of the candidates for an international leadership role also have a track record of clandestine cyber operations that have harmed international stability. The American National Security Agency was the organization behind the development of the EternalBlue exploit[59] that allowed the NotPetya worm to become the most devastating cyber incident in modern history and the most advanced cyber weapon ever released, Stuxnet, is evidently also of American design, as evidenced by Kim Zetter in his book on Stuxnet, Countdown to Zero Day[61].

Andy Greenberg’s book on the hacking group known as Sandworm (aka VodooBear or allegedly Unit 74455) also gives compelling evidence that the group is a Russian state-run group[62]. The group is allegedly behind a long list of cyberattacks, including the 2015 blackout in Ukraine[63] and famously the NotPetya pandemic[64].

China has been accused of several cyberattacks[65] and Chinese military hackers were charged by the US for the massive data breach of Equifax in 2017 that led to the leak of sensitive personal data on 147 million Americans[66].

No nation state could reasonably be expected to trust another major power when it comes to cyber incidents and response. Yet such trust is vital if any form for incident response is to be successful. This is far from a novel conclusion, however. In 1999 Moira West-Brown and Klaus-Peter Kossakowski authored a paper on this exact topic for CERT. In it, West-Brown and Kossakowski identify the lack of an international body to combat cyber incidents, and the need for its existence. West-Brown and Kossakowski´s state:

“Today’s approach is not reliable, does not scale, and it must be made more effective. It is critical to have a global response infrastructure to replace a less reliable system based on trust between individuals with a reliable and effective system based on global understanding/agreement.”[67]

Yet despite the over twenty years since the papers publishing, these words ring just as true, if not more so, today.

To discuss an international authority for cyber incidents it’s imperative to look at why something like the WHO functions well despite a volatile international landscape. This paper has established the similarities in malware and cyber-weapons and infectious disease, but there is one element of infectious disease that is noticeably different. Disease occurs naturally, and so rarely is there a concerted effort to attribute a disease outbreak to a specific actor. Understanding and attempting to ease concerns of international blame and the fallout that follows a devastating cyber-attack is important if an international authority is to avoid being dead on arrival. Evidence of this can be seen in the Covid-19 pandemic, where then sitting US President Donald J. Trump accused the Chinese government of creating the Covid-19 virus in a lab, and therefore responsible for the pandemic that followed[68]. Following later that month, a resolution at the World Health Assembly was backed by over 100 nations and pushed by Australia for an independent inquiry into the origin of the virus[69]. James Griffiths covered Beijing’s response for CNN when he wrote:

«That was met with an angry response from Beijing, which accused Canberra of a “highly irresponsible” move that could “disrupt international cooperation in fighting the pandemic and goes against people’s shared aspiration. »

Beijing’s response highlights why the problem of attribution must not be a consideration for an international authority that aims at combating malware outbreaks. Malware, unlike biological pathogens, could not occur naturally and it so follows that someone is inherently responsible for a malware pandemic. Attribution is an important challenge in cyber-security, particularly in terms of deterrence[70], yet holds more importance in the military and national security applications of cyber security. For the public and its digital safety and stability this is issue remains less central and so should be left to individual states and their agencies.

Conclusion:

The terminology for malware begets a comparison to biological pathogens. This terminology is evocative, with terms such as “virus” and “worm” being used to describe malicious malware. Having compared the use of the terminology in cyber security to their biological origin the terminology remains not merely fitting but overwhelmingly accurate. This trend is followed in the observed behaviour of both forms of pathogen, and allow for accurate modelling using the same techniques.

Yet as of now the approach to preventative measures, and the psychology behind informational campaigns, differ significantly. This paper has aimed to show that approaching infectious malware closer to the way infectious disease control is approached rather than attempting to obtain cyber-security competency in the entire workforce could form a central pillar in combating the effectiveness of malware campaigns. With this intention, this essay has recognised the lack of an international and operational response capacity found in an authority such as the WHO.

An organisation that is internationally recognised and funded could be crucial in combatting malware spread and create an approach to cyber security akin to that established against infectious disease. The medical concept of hygiene is one that is lacking from the approach to malware. Attempting to shift the international consensus on how to educate employees and civilians on the threats of malicious malware to a hygienic approach and not a digital competency requirement could be a potential paradigm shift in cyber-security.

  1. “‘Nature Is Potentially the Worst Bioterrorist,’ Says Anthony Fauci,” accessed August 25, 2022, https://www.cbsnews.com/news/niaids-anthony-fauci-nature-is-potentially-the-worst-bioterrorist/.
  2. Kyle Harper, Plagues upon the Earth: Disease and the Course of Human History, The Princeton Economic History of the Western World 46 (Princeton: Princeton University Press, 2021), p. 213.
  3. Ibid, p. 246.
  4. John M. Last, A Dictionary of Epidemiology (Oxford University Press Inc, 2000), p. 85.
  5. Ibid, p. 154.
  6. “The NotPetya Global Pandemic – CyberArk Labs Analysis,” accessed August 24, 2022, https://www.cyberark.com/resources/blog/the-notpetya-global-pandemic-cyberark-labs-analysis.
  7. Cohen´s thesis was published later in the journal Computers and Security
  8. Fred Cohen, “Computer Viruses: Theory and Experiments,” Computers & Security 6, no. 1 (February 1, 1987): 22–35, https://doi.org/10.1016/0167-4048(87)90122-2.
  9. Its debated if virus should be considered life, but his debate is outside the scope of this essay
  10. M. S. S Khan, “A Computer Virus Propagation Model Using Delay Differential Equations with Probabilistic Contagion and Immunity,” International Journal of Computer Networks & Communications 6, no. 5 (2014): 111–28, https://doi.org/10.5121/ijcnc.2014.6508.
  11. Estée Török, Fiona J. Cooke, and Ed Moran, Oxford Handbook of Infectious Diseases and Microbiology, Second edition (Oxford ; New York: Oxford University Press, 2017).
  12. Geoffrey Cooper, The Cell: A Molecular Approach, 2nd ed. (Sinauer Associates Inc, 2000).
  13. Török, Cooke, and Moran, Oxford Handbook of Infectious Diseases and Microbiology.
  14. Nica Latto, “Worm vs. Virus: What’s the Difference and Does It Matter?,” Avast, August 13, 2020, https://www.avast.com/c-worm-vs-virus.
  15. “Emotet Malware | CISA,” accessed August 23, 2022, https://www.cisa.gov/uscert/ncas/alerts/aa20-280a.
  16. John Brunner, The Shockwave Rider (Harper And Row, 1975).
  17. Helminth is the greek word for worm
  18. “Tapeworms – an Overview | ScienceDirect Topics,” accessed August 24, 2022, https://www.sciencedirect.com/topics/agricultural-and-biological-sciences/tapeworms.
  19. Brunner, The Shockwave Rider, p. 227.
  20. Latto, “Worm vs. Virus.”
  21. Harper, Plagues upon the Earth.
  22. Last, A Dictionary of Epidemiology.
  23. Harper, Plagues upon the Earth, p. 584.
  24. Ibid, p. 27.
  25. Ibid, p. 27.
  26. Lee Hadlington, “Employees Attitude Towards Cyber Security And Risky Online Behaviours: An Empirical Assessment In The United Kingdom,” October 21, 2018, https://doi.org/10.5281/ZENODO.1467909.
  27. Pablo L. Gallegos-Segovia et al., “Social Engineering as an Attack Vector for Ransomware,” in 2017 CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies (CHILECON) (2017 CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies (CHILECON), Pucon: IEEE, 2017), 1–6, https://doi.org/10.1109/CHILECON.2017.8229528.
  28. Maggie Miller, “Experts See over 600 Percent Spike in Malicious Emails during Coronavirus Crisis,” Text, The Hill (blog), March 26, 2020, https://thehill.com/policy/cybersecurity/489692-experts-see-over-600-percent-spike-in-malicious-emails-during/.
  29. Kim Zetter, Countdown To Zero Day, 2014.
  30. Amiah Taylor, “Ransomware Cyberattacks Surged in 2021 According to a New Report | Fortune,” Fortune, 2022, https://fortune.com/2022/02/17/ransomware-attacks-surge-2021-report/; Acronis, “The Top 5 Ransomware Attacks in the UK and Their Hidden Costs,” Acronis, 2019, https://www.acronis.com/en-gb/articles/ransomware-attacks/.
  31. Shannon Williams, “Covid Sees 400
  32. Hadlington, “Employees Attitude Towards Cyber Security And Risky Online Behaviours.”
  33. Ahmed Maged Nofal, Gabriella Cacciotti, and Nick Lee, “Who Complies with COVID-19 Transmission Mitigation Behavioral Guidelines?,” ed. Valerio Capraro, PLOS ONE 15, no. 10 (October 8, 2020): e0240396, https://doi.org/10.1371/journal.pone.0240396.
  34. Hadlington, “Employees Attitude Towards Cyber Security And Risky Online Behaviours.”
  35. Ted Cohen and Yaesoubi Reza, “Novel Framework for Developing Dynamic Health Policies,” European Journal of Operational Research 215, no. 3 (2012): 679–87, https://doi.org/10.1016/j.ejor.2011.07.016.Generalized; K. P. Minogue, “Models for the Spread of Disease: Model Description,” Phytopathology, 1983, https://doi.org/10.1094/phyto-73-1168.
  36. “The SIR Model for Spread of Disease – The Differential Equation Model | Mathematical Association of America,” accessed August 23, 2022, https://www.maa.org/press/periodicals/loci/joma/the-sir-model-for-spread-of-disease-the-differential-equation-model.
  37. Cohen and Reza, “Novel Framework for Developing Dynamic Health Policies.”
  38. Khan, “A Computer Virus Propagation Model Using Delay Differential Equations with Probabilistic Contagion and Immunity.”
  39. Ibid.
  40. Harper, Plagues upon the Earth, p. 209.
  41. Ibid p. 421.
  42. “Understanding Six Types of Vaccine Technologies | Pfizer,” accessed August 24, 2022, https://www.pfizer.com/news/articles/understanding_six_types_of_vaccine_technologies.
  43. Andy Greenberg, Sandworm (Anchor, 2019).
  44. “What Is EternalBlue and Why Is the MS17-010 Exploit Still Relevant?,” What Is EternalBlue and Why Is the MS17-010 Exploit Still Relevant?, accessed August 24, 2022, https://www.avast.com/c-eternalblue.
  45. Ibid.
  46. Lenny Zeltser, “Contemplating Malware Vaccination via Infection Markers,” accessed August 24, 2022, https://zeltser.com/malware-vaccination-infection-markers/.
  47. Karsten Hahn, “Malware Vaccines Can Prevent Pandemics, yet Are Rarely Used,” January 19, 2022, https://www.gdatasoftware.com/blog/2022/01/malware-vaccines; Zeltser, “Contemplating Malware Vaccination via Infection Markers.”
  48. Greenberg, Sandworm, p. 178.
  49. Ibid.
  50. Hahn, “Malware Vaccines Can Prevent Pandemics, yet Are Rarely Used.”
  51. WHO, “Index @ Covid19.Who.Int,” 2021, https://covid19.who.int/
  52. Catrin Sohrabi et al., “World Health Organization Declares Global Emergency: A Review of the 2019 Novel Coronavirus (COVID-19),” International Journal of Surgery 76 (April 2020): 71–76, https://doi.org/10.1016/j.ijsu.2020.02.034.
  53. N Ferguson et al., “Report 9: Impact of Non-Pharmaceutical Interventions (NPIs) to Reduce COVID19 Mortality and Healthcare Demand” (Imperial College London, March 16, 2020), https://doi.org/10.25561/77482.
  54. Roy M Anderson, “Chapter 1 – The Impact of Vaccination on the Epidemiology of Infectious Diseases,” n.d., 29.
  55. Zhiwei Li et al., “The Effect of the COVID-19 Vaccine on Daily Cases and Deaths Based on Global Vaccine Data,” Vaccines 9, no. 11 (November 15, 2021): 1328, https://doi.org/10.3390/vaccines9111328.
  56. Nectar Gan CNN, “14 Countries and WHO Chief Accuse China of Withholding Data from Coronavirus Investigation,” CNN, accessed August 24, 2022, https://www.cnn.com/2021/03/31/asia/who-report-criticism-intl-hnk/index.html; Lily Kuo, “China Withheld Data on Coronavirus from WHO, Recordings Reveal,” The Guardian, June 2, 2020, sec. World news, https://www.theguardian.com/world/2020/jun/02/china-withheld-data-coronavirus-world-health-organization-recordings-reveal; “Covid-19 Pandemic: China ‘refused to Give Data’ to WHO Team – BBC News,” accessed August 24, 2022, https://www.bbc.com/news/world-asia-china-56054468.
  57. Greenberg, Sandworm.
  58. Ibid.
  59. “What Is EternalBlue and Why Is the MS17-010 Exploit Still Relevant?”
  61. Zetter, Countdown To Zero Day, p. 547.
  62. Greenberg, Sandworm, p. 233.
  63. Ibid, p. 10.
  64. Ibid, p. 190.
  65. Dan Milmo and Dan Milmo Global technology editor, “China Accused of Cyber-Attacks on Ukraine before Russian Invasion,” The Guardian, April 2, 2022, sec. Technology, https://www.theguardian.com/technology/2022/apr/01/china-accused-of-launching-cyber-attacks-on-ukraine-before-russian-invasion; Dan Sabbagh, Dan Sabbagh Defence, and security editor, “Experts Say China’s Low-Level Cyberwar Is Becoming Severe Threat,” The Guardian, September 23, 2021, sec. World news, https://www.theguardian.com/world/2021/sep/23/experts-china-low-level-cyber-war-severe-threat; “China Accused of Cyber-Attack on Microsoft Exchange Servers,” BBC News, July 19, 2021, sec. China, https://www.bbc.com/news/world-asia-china-57889981.
  66. “US Charges Chinese Military Officers over Cyber Attack,” The Week UK, accessed August 25, 2022, https://www.theweek.co.uk/105631/us-charges-chinese-military-officers-over-cyber-attack.
  67. Moira West-Brown and Klaus-Peter Kossakowski, “International Infrastructure for Global Security Incident Resp,” 1999, 56, p. 16.
  68. Zachary Cohen CNN Alex Marquardt, Kylie Atwood and Jim Acosta, “Trump Contradicts US Intel Community by Claiming He’s Seen Evidence Coronavirus Originated in Chinese Lab,” CNN, accessed August 25, 2022, https://www.cnn.com/2020/04/30/politics/trump-intelligence-community-china-coronavirus-origins/index.html; “Coronavirus: Trump Stands by China Lab Origin Theory for Virus – BBC News,” accessed August 25, 2022, https://www.bbc.co.uk/news/world-us-canada-52496098.
  69. Analysis by James Griffiths CNN, “China Has Been Trying to Avoid Fallout from Coronavirus. Now 100 Countries Are Pushing for an Investigation,” CNN, accessed August 25, 2022, https://www.cnn.com/2020/05/18/asia/china-world-health-assembly-investigation-intl-hnk/index.html.
  70. Jon R. Lindsay, “Tipping the Scales: The Attribution Problem and the Feasibility of Deterrence against Cyberattack,” Journal of Cybersecurity, November 27, 2015, tyv003, https://doi.org/10.1093/cybsec/tyv003.