1

© 2016 IBM Corporation

Security according to Leafcutter Ants Collaboration strategy based on 120 million years of warfare experience Mike Chung | Associate Partner IBM Security May 2016

2 © 2016 IBM Corporation

Items

!  Why ants?

!  How do ants deal with security?

!  What can we learn?

2

3 © 2016 IBM Corporation

Why ants?

4 © 2016 IBM Corporation

Ants in everyday life

3

5 © 2016 IBM Corporation

Origins

6 © 2016 IBM Corporation

Classification

Hymenoptera

Formicidae

Wasps

4

7 © 2016 IBM Corporation

Classification

Hymenoptera

Formicidae Atta and Acromyrmex

Wasps Other 8 genera

8 © 2016 IBM Corporation

Eusociology

Larvae

Colony

Adults

5

9 © 2016 IBM Corporation

Eusociology

Larvae

Colony

Adult generation 1 Adult generation 2

10 © 2016 IBM Corporation

Eusociology

Larvae

Colony

Adult generation 1 Adult generation 2

Reproductive members

6

11 © 2016 IBM Corporation

Share of eusocial insects

Total number of animal species (2 million)

Number of insect species (1 million)

Eusocial insect species (0.02 million)

12 © 2016 IBM Corporation

Share of eusocial insects

Total bio-mass of animals

Eusocial insects' bio-mass (30%)

7

13 © 2016 IBM Corporation

Security according to Leafcutter Ants

14 © 2016 IBM Corporation

Life of Leafcutter Ants Cutting and gathering leaves

8

15 © 2016 IBM Corporation

Life of Leafcutter Ants Cutting and gathering leaves Gardening fungus

16 © 2016 IBM Corporation

Life of Leafcutter Ants Cutting and gathering leaves Gardening fungus Raising offspring

9

17 © 2016 IBM Corporation

Threat landscape Environmental threats:

-  Flooding -  Drought

Enemies:

-  Predators -  Competitors

18 © 2016 IBM Corporation

Threat landscape Environmental threats:

-  Flooding -  Drought

Enemies:

-  Predators -  Competitors

Pests:

-  Parasitic flies -  Parasitic fungi

Diseases:

-  Crop diseases -  Infections

10

19 © 2016 IBM Corporation

Roles

Non-reproductives

Reproductives

20 © 2016 IBM Corporation

Roles

Non-reproductives

Reproductives Queen Males Reproductive

females

11

21 © 2016 IBM Corporation

Roles

Non-reproductives

Reproductives Queen Males Reproductive

females

22 © 2016 IBM Corporation

Roles

Non-reproductives

Reproductives Queen Males Reproductive

females

Majors

Minors

12

23 © 2016 IBM Corporation

Roles

Non-reproductives

Reproductives Queen Males Reproductive

females

Majors

Minors

Soldiers Foragers

Assemblers Carers Hitchhikers Gardeners

24 © 2016 IBM Corporation

Roles

Non-reproductives

Reproductives Queen Males Reproductive

females

Majors

Minors

Soldiers Foragers

Assemblers Carers Hitchhikers Gardeners

Age

13

25 © 2016 IBM Corporation

Roles: defense

Non-reproductives

Reproductives Queen Males Reproductive

females

Majors

Minors

Predators

Competitors

Environmental threats

26 © 2016 IBM Corporation

Roles: defense

Non-reproductives

Reproductives Queen Males Reproductive

females

Majors

Minors

Predators

Competitors

Parasitic flies Parasitic fungi

Crop diseases Infections

Environmental threats

14

27 © 2016 IBM Corporation

Roles: defense

Non-reproductives

Reproductives Queen Males Reproductive

females

Majors

Minors

Predators

Competitors

Parasitic flies Parasitic fungi

Crop diseases Infections

Environmental threats

Genetic diversity

28 © 2016 IBM Corporation

Complexity of environment vs. flexibility of roles

Static roles Dynamic roles

Low complexity, e.g. desert

High complexity, e.g. rain forest

Ants

15

29 © 2016 IBM Corporation

Complexity of environment vs. flexibility of roles

Static roles Dynamic roles

Low complexity, e.g. desert

High complexity, e.g. rain forest

Ants

Humans in IT

30 © 2016 IBM Corporation

Nest architecture

Nest

Queen’s chamber

Mound

16

31 © 2016 IBM Corporation

Nest architecture

Nest

Queen’s chamber

Larvae & cocoons chamber

Waste chamber

Mounds “Emergency” exit/entrance

Main tunnel

Penduncle

Egg’s chamber

32 © 2016 IBM Corporation

Nest architecture

Nest

Queen’s chamber

Empty chamber Larvae & cocoons chamber

Fungus chamber

Waste chamber Fungus

chamber

Alternate chamber

Mounds “Emergency” exit/entrance

Main tunnel

Penduncle

Egg’s chamber

17

33 © 2016 IBM Corporation

Nest architecture: defense components

Nest

Queen’s chamber

Empty chamber Larvae & cocoons chamber

Fungus chamber

Waste chamber Fungus

chamber

Alternate chamber

Mounds “Emergency” exit/entrance

Main tunnel

Penduncle

Egg’s chamber

Hard surface

34 © 2016 IBM Corporation

Nest architecture: defense components

Nest

Queen’s chamber

Empty chamber Larvae & cocoons chamber

Fungus chamber

Waste chamber Fungus

chamber

Alternate chamber

Mounds “Emergency” exit/entrance

Main tunnel

Penduncle

Egg’s chamber

Hard surface

Multiple exits/entrances

18

35 © 2016 IBM Corporation

Nest architecture: defense components

Nest

Queen’s chamber

Empty chamber Larvae & cocoons chamber

Fungus chamber

Waste chamber Fungus

chamber

Alternate chamber

Mounds “Emergency” exit/entrance

Main tunnel

Penduncle

Egg’s chamber

Hard surface

Multiple exits/entrances

Escape rooms

Blocks

Blocks

36 © 2016 IBM Corporation

Nest architecture: defense components

Nest

Queen’s chamber

Empty chamber Larvae & cocoons chamber

Fungus chamber

Waste chamber Fungus

chamber

Alternate chamber

Mounds “Emergency” exit/entrance

Main tunnel

Penduncle

Egg’s chamber

Hard surface

Multiple exits/entrances

Escape rooms

Blocks

Blocks

Sanitation

Disinfection

Humidity and temperature regulation

19

37 © 2016 IBM Corporation

Risk-spreading and alternatives

Nest

Queen

Nuptial flights

New nest

New queen

38 © 2016 IBM Corporation

Risk-spreading and alternatives

Nest

Queen

Nuptial flights

New nest

New queen

Merging/joining

Usurping

Hibernation

20

39 © 2016 IBM Corporation

Continuity alternatives

Threat(s) Plan A: Fight back Continuation of colony

Plan C: Disperse (only when reproductive females present)

B1: Join

Survival of genes

Plan B: Move to family nest

B2: Usurp

40 © 2016 IBM Corporation

Security-driven architecture

Leafcutter Ants

Security prerequisites

No single point of failure

Flexible nest architecture

21

41 © 2016 IBM Corporation

Security-driven architecture

Leafcutter Ants Humans in IT

Security prerequisites

No single point of failure

Flexible nest architecture

Financial/business prerequisites

“Crown jewels”

Inflexible IT architecture

42 © 2016 IBM Corporation

Communication

Pheromones ALERT!

Pheromone and poison detection

Touch communication

22

43 © 2016 IBM Corporation

Communication

Poison excretion DANGER!

Pheromones ALERT!

Stridulation HELP!

Pheromone and poison detection

Vibration detection

Touch communication

44 © 2016 IBM Corporation

Communication: information sharing

Potential threat

Colony/group of ants

Ant 1

23

45 © 2016 IBM Corporation

Communication: information sharing

Potential threat

Colony/group of ants

Pheromone mark

Ant 1

46 © 2016 IBM Corporation

Pheromone mark

Communication: information sharing

Potential threat

Colony/group of ants

Ant 1

Ant 2, 3

24

47 © 2016 IBM Corporation

Communication: information sharing

Potential threat

Colony/group of ants

Ant 1

Ant 2, 3

48 © 2016 IBM Corporation

Communication: information sharing

Potential threat

Colony/group of ants

Ant 1

Many ants

Ant 2, 3

25

49 © 2016 IBM Corporation

Collaboration

Threat(s) Information gathering

50 © 2016 IBM Corporation

Collaboration

Threat(s) Information gathering Immediate alert Massive response

Grave danger

26

51 © 2016 IBM Corporation

Collaboration

Threat(s) Information gathering Immediate alert Massive response

Alert Correlation

Grave danger

Local danger

Response

52 © 2016 IBM Corporation

Collaboration

Threat(s) Information gathering Immediate alert Massive response

Alert

Collective storage of events

Correlation

Grave danger

Local danger

False alarm

Response

Sharing of information

27

53 © 2016 IBM Corporation

Shared collective ledger of knowledge

1

Communication

54 © 2016 IBM Corporation

Shared collective ledger of knowledge

1

Communication

2

Update

28

55 © 2016 IBM Corporation

Shared collective ledger of knowledge

1

Communication

2

Update

3 Consensus and validation

56 © 2016 IBM Corporation

Shared knowledge

Leafcutter Ants Humans in IT

29

57 © 2016 IBM Corporation

Threat landscape Environmental threats:

-  Flooding -  Drought

Enemies:

-  Predators -  Competing ants

Pests:

-  Parasitic flies -  Parasitic fungi

Diseases:

-  Crop diseases -  Infections

58 © 2016 IBM Corporation

Mitigations Environmental threats:

•  Alternative locations

•  “Hibernation”

Enemies:

•  Nest architecture •  Physical defense mechanisms

Pests:

•  Polyethism •  Ventilation system

Diseases:

•  Sanitation •  Polyandry (genetic diversity)

30

59 © 2016 IBM Corporation

Recommended literature

!  Bert Hölldobler, Edward O. Wilson: The Leafcutter Ants, Civilation by Instinct, 2011

!  Bert Hölldobler, Edward O. Wilson: The Super-Organism, The Beauty, Elegance, and Strangeness of Insect Societies, 2009

!  Deborah M. Gordon: Ant Encounters, Interaction Networks and Colony Behavior, 2010

60 © 2016 IBM Corporation

Contact details

Drs. Mike Chung RE CISSP

Associate Partner IBM Security

mchung@nl.ibm.com

+31 6 2565 7593