Cybersystems fail much like biological systems because cyber systems were (and are) modeled after biological systems. They are prone to virus attacks and malware (digital pathogens), and they get slower and more prone to failure with age. Alan Turing was the first person to call a machine a computer when he deemed his device human-like. Before the modern computing era, a computer was a person. 

So let’s consider the work of Charles Darwin. He theorized that biological systems adapt and evolve, with those less fit for survival eventually dying off and becoming extinct. Evolutionary pressure is tightly linked with the environment where the organism lives. We can observe these effects in practice, and his theory is verifiable and provable. 

Biological systems are affected by the environment and other factors that will lead to their demise if the system cannot adapt or if the species is not actively given the setting or ability to adapt. Allowing natural selection to run its course means that the species become more robust and better match its environment by adapting.

That notion certainly also holds for computer systems. Older legacy systems are more prone to cybersecurity attacks (digital pathogens) than newer systems that have evolved to afford better protection against such attacks. The problem is that we simply do not want to allow the older, less fit “species” of software to die. We build walls and try to isolate them from the changing environment, which is now a risk for them. We also continue to produce and implement systems that are not fit for the current environment concerning cybersecurity. 

The unwillingness to build-in upgrade paths is especially true with many OT systems, such as controllers used in various industries. Initially, they were created to be reliable in systems not connected to the polluted and infected internet. They did pretty well back then and were fit for the intended purpose. And yes, they still work reliably today as long as they don’t get assaulted or infected by digital pathogens.  

Today, such systems are pervasive on the Internet and still mass-produced and cheaper than modern systems designed to resist cyberattacks. We see the problem but will not allow such systems to be decommissioned while functional. They weaken the networked world with their continued existence.

We must evolve in our thinking about this. The current approach runs entirely counter to the notion of survival of the fittest and natural selection. We can identify and fix vulnerable systems, but eventually, we need to move away from the idea of segregation and toward allowing more evolved systems to take their place. We all know it is true.

Charles Darwin was a smart guy. We can learn a lot from his work.