Finding good metrics can be extraordinarily helpful in managing a situation. For cybersecurity, finding a decent security metric is a challenge, which I have written about before. And, the cybersecurity field can always learn from biology. After all, nature has come up with some pretty nasty attacks, such as the Covid-19 virus. As this attack has turned society upside down at the moment, a key question for many is “when can we return to normal?” Certainly, anyone who has dealt with an incident response where malware has infected a network has needed to deal with a similar issue. How do you know when to return to normal after a malware infection. So, what can we learn from this pandemic?
The Covid-19 pandemic has been, and continues to be, a challenge that we have not seen in our lifetime before. As I write this, it is April 8th, 2020. We are still learning about this virus, but by all accounts it is more lethal than the standard flu. For those that are interested in the details (and it is good to know your enemy), this virus is lethal because of the damage it can cause to the small air sacs in the lungs. The damage it causes makes it much more difficult for a person with the virus to get the oxygen he or she needs.
As an aside, I volunteer on a first aid squad, and the past couple of weeks have been pretty busy. We have have quite a few covid or suspected covid calls. While not responding to first aid calls, we are being asked to practice “social distancing”, a fancy way of say “stay away from me.” Restaurants are closed except for take out. Many typical activities are currently suspended. This is done with the hope of keeping the number of people infected down.
At first glance, it did not appear that this social distancing was working, was it? We continued to get a high number of first aid calls. But, perhaps the number of calls was not the right metric. It is true that the number of those that have been taken by this disease is clearly the most heart wrenching number, of that there is no doubt. With that said, how can we tell if the social distancing we are asked to do is actually helping us reduce that number?
Since this virus makes people sick for days, one way to learn if we are “turning the corner” with respect to the spread of this virus would be to look at the number of new cases reported in a day, and compare that number with the prior day. Of course, this assumes that testing is relatively of the same quality day after day. (and, in reality, it might be wise to assume that testing is actually improving day over day.)
Let’s look at a chart for the number of new cases reported in NJ. In this chart, look at what happened on April 3 and April 4, where the red arrow is.
After that day, the number of new cases starts to decrease. This means, as long as testing is being performed at the same quality, that the social distancing is resulting in fewer new cases for NJ as of April 4th. Perhaps this means that social distancing is starting to take hold. The next few days will reveal more…
Now, let’s look at the chart for Pennsylvania.
In this case, it does not yet appear that Pennsylvania has “turned the corner”. This could be for a few reasons, including that test results are coming in from a backlog, artificially increasing the day over day change. However, if we consider that the quality of the testing is the same day over day, this would indicate that the growth of new cases has not yet reversed in PA.
Perhaps looking at the change in the number of new cases being reported day over day can be considered a leading indicator. A leading indicator is a metric that can help us predict how good or bad things may be in the future. In the case of both charts presented here, both states appear to still have some tough days ahead. However, perhaps NJ has turned the corner, and PA will soon as well.
Trends in high tech security 