I’ve been fighting computer viruses on behalf of the companies I serve for over 20 years. This is the first time I’ve had to deal with the impact of a biological virus. It’s interesting. There are some similarities, and some differences. While this experience has yet to fully unfold, I thought it would be timely to share my thoughts. When it comes to the coronavirus, we’re all in this together.

The adversary

With computer viruses, I know my adversary. There’s always a motivated individual or organization with some sort of agenda, even if it’s simply to wreak havoc. The virus itself is the medium. It’s a well-engineered payload designed to spread and cause damage by exploiting computer vulnerabilities.

With the coronavirus, there is no adversary. I’m not a conspiracy theorist, so I accept that this virus came into existence and spread through the world naturally and not by the direct will of any person or organization. This is a unique and unprecedented natural disaster.

The incident response

When a computer virus hits, we mobilize into action. It’s very common to know very little at the start of an incident. Early assumptions can be wrong, and it is very common to operate in a “fog of war” situation. Regardless, we initiate our communication and coordination plans and act on the best available intelligence.

Incident response is similar with the coronavirus. CHS values safety. It not just a priority, but it guides everything we do as a company. We assembled right away and started making decisions and communications based on the knowledge available at the time. What is apparently obvious with the coronavirus is the quick cycle-time needed on information-gathering, collaboration, and decision-making. It’s real-time and around the clock.

The experts

Even though I’ve been working with computer viruses for over 20 years, I don’t consider myself an industry expert. I might be the smartest person in the room on the subject (depending on the room), but that’s not enough. I make a habit of engaging actual experts such as security researchers, analysts, consultants, and cyber defense companies.

When it comes to biological viruses, I’m even less of an expert. I watched the 1995 movie, Outbreak, over the weekend, so that’s my level of education on the subject. I rely on the CDC, our state department of health, and the Environmental Health and Safety professionals at my company.

The mitigation

Computer virus mitigation can be complicated, and the steps vary based on the type. Sometimes, the most impactful viruses have a novel aspect, which makes for a more creative mitigation process. In general, we mitigate computer viruses by patching vulnerabilities, applying antivirus signatures, updating firewalls, rebuilding computers, and restoring good data from backups.

The mitigation for the coronavirus is social distancing by eliminating travel and adopting universal work from home. Enabling my company’s workforce for work from home has been my full-time job for a little over a week now. We’re not perfect, but it has been going pretty well, all things considered. I’m not going to cover the details of how to enable enterprise work from home in this article, because some colleagues of mine already did so in this excellent article.

Sending a global corporation to work from home may sound straightforward, but it is not. We’ve had a team working around the clock, including weekends, to make this as smooth as possible. And of course, it’s not just about the technology solutions, but also the clear communication and coordination that goes along with it.

The consequence of failure

I’m the type of person that likes to picture the worst-case scenario. I let it rattle around in my mind. I let it disturb me a bit. Then I accept it and do my best to improve upon that scenario without fear.

The worst-case scenario for a computer virus is lost money and lost or compromised data. That’s bad, really bad, but no one dies. Computer viruses are capable of causing kinetic damage, especially in our world of internet-connected industrial control systems, but those cases are rare and isolated today. Hopefully, it will stay that way.

The worst-case scenario for coronavirus is hard to accept. Without a doubt, lives are at stake. Few computer viruses have shuttered large companies, but I know that most large companies are enacting their business continuity plans to do just that: make sure the business continues.

In conclusion

I’ll come right out and say it. I like battling computer viruses a whole lot more than I like battling biological viruses. This isn’t particularly fun, but our work is mission critical. Our companies, our families, and our society is counting on us to do our part. I’m grateful that I get to work alongside a group of competent and committed professionals who work as a team to do big things.

I’m certain that I’m not the only one who has gone from fighting computer viruses to fighting the coronavirus. How’s it going on your team? Please comment below.

Podcast: Play in new window | Download