author photo
By Clare O’Gara
Mon | Sep 30, 2019 | 4:30 AM PDT

If you've ever touched a hot pan of cookies—and who hasn't?—then you know about the power of the nervous system.

It's the thing that pulls your hand away instinctively before you get burned even more.

And while it may prevent you from grabbing a delicious chocolate chip cookie, it can also save your fingers in the process.

But what if your hand was a computer or phone and the tempting-but-too-hot cookie was a dangerous security threat?

Could that way of viewing things reduce the cyber risk to your organization?

The University of Arizona's Partnership for Proactive Cybersecurity Training project

At the University of Arizona, they're starting to look at cybersecurity this way: like the reflexes in a human body.

They are working on a project called "Partnership for Proactive Cybersecurity Training," and its major goal is proactive cybersecurity.

"I felt we could learn about how the body protects us by reacting to threats and maybe apply it to cyber by building a 'cyber immune system,'" said Salim Hariri, the project's principal investigator.

"We're trying to build these abilities where, when somebody attacks your computer, these measures can detect the attack and act on it before you're even aware something is compromised."

The project is funded by a three-year, $3 million grant through the University of Arizona.

Making security personal

The research team is using machine learning to teach computers how to recognize and respond to cyber threats faster and faster.

To co-investigator Gregory Ditzler, the "hot stove" analogy (or plate of hot cookies analogy) applies perfectly to the work at U of A.

"Once you put your hand down on that stove, you know not to touch it again, because it's hot. But how can you be prepared to recognize other dangers, like putting your hand in a toaster? This is where machine learning comes in."

In this case, machine learning could help devices recognize threats quickly, including threats a device has never encountered before.

And it also could help make security stronger and more personal, especially for those who are outside of the IT or cybersecurity fields.

For example, what if you could deploy technology like this to protect your employees at work and at home? That would be a great way to make security personal. 

Making security personal is something we often hear about at SecureWorld conferences across North America.

If this new research proves effective, then applying biology to cybersecurity may eventually give everyone greater power to protect against vulnerabilities in cyberspace.

Check out more details on the project here.