There are many different ways to approach cybersecurity. One of the most effective ways to critically approach cybersecurity is by leveraging systems thinking. This method considers how all the systems we manage interact at an aggregate level. Building on this foundation, parallels can be drawn to other fields to uncover valuable insights. Systems thinking is common in cybersecurity, but another field that could offer intriguing perspectives is plant pathology
Plant pathology is the scientific study of plant diseases caused by pathogens, such as fungi, bacteria, viruses, and environmental conditions. It focuses on understanding how these diseases develop, spread, and affect plants, with the ultimate goal of developing methods to prevent, manage and mitigate their impact on agriculture and ecosystems. By examining plant-pathogen interactions, plant pathology helps protect food resources, maintain biodiversity, and sustain agricultural productivity. Given that cybersecurity already draws heavily from human virology, it is clear that valuable insights can also be gleaned from plant pathology.
It is generally accepted that there are four control options for experts to protect plants from pathogens: exclusion, eradication, protection, and resistance. These cover both preventative and responsive tactics. There are parallels between these plant protection strategies and the five domains outlined by the National Institute of Standards and Technology Cybersecurity Framework 2.0 (NIST CSF 2.0): Govern, Identify, Protect, Detect, Respond, and Recover.
Governance or “Govern” is the newest addition to the CSF and is essential for creating a framework to oversee and support effective threat management. Just as agricultural systems require planning, oversight, and quality control to ensure successful crop health management, cybersecurity governance structures establish policies, standards and accountability for cyberrisk across the organization. Governance enables consistent oversight and fosters a culture of security that integrates each layer of the framework.
Exclusion in plant pathology refers to preventing pathogens from reaching crops, such as through quarantines and border controls. In cybersecurity, exclusion is about keeping internal and external threats away from an organization’s critical systems. This aligns with NIST’s “Identify” and “Protect” functions. The “Identify” function involves understanding which assets are most critical and where vulnerabilities lie, enabling organizations to prioritize vulnerable assets. Then, through the “Protect” function, organizations establish preventive measures, such as access controls and network segmentation, to shield key systems. Firewalls, VPNs, and zero-trust architectures function as quarantines, ensuring only authorized, secure entities can gain access, thus limiting the risk of compromise from external actors.
In plant health, eradication involves removing an infection once detected, often by isolating (quarantining) the infected plant, applying treatments to cure it, or, in severe cases, destroying it to prevent further spread. Similarly, in cybersecurity, once a threat is identified, steps must be taken to isolate and neutralize it before it can propagate. This involves ensuring that containment measures, such as quarantining systems or eliminating compromised files, are in place to stop the infection from impacting other parts of the network. This approach directly aligns with NIST’s “Detect” and “Respond” functions. Effective eradication requires threat-hunting practices, malware removal, and automated containment systems that allow security teams to act decisively and remove compromised elements from the network, much like uprooting infected plants to protect the overall crop.
Protection in plant pathology involves creating physical or chemical barriers to prevent pathogens from affecting healthy plants. Similarly, in cybersecurity, protection refers to deploying measures that safeguard systems from external and internal threats. This aligns with the NIST “Protect” function, which includes encryption, multi-factor authentication, and endpoint security as barriers that prevent unauthorized access and limit damage from compromised accounts. These security layers ensure that even if one defense is breached, others are in place to mitigate the impact. Just as protective barriers prevent disease spread among plants, layered security controls reinforce an organization's defenses, reducing vulnerability to threats.
In plant pathology, resistance involves cultivating crops to be naturally resilient to specific diseases. This is achieved by crossbreeding for traits that confer resistance to anticipated threats. Likewise in cybersecurity, resistance comes from fostering technological and organizational resilience, allowing systems and users to withstand threats. A healthy startup culture in cybersecurity contributes to this by building products that aid in resistance. NIST’s “Recover” function emphasizes strategies that help an organization bounce back after an attack. Just as resistant crops are better equipped to survive in challenging conditions, organizations that prioritize resilience through recovery plans are better prepared for inevitable cyber challenges.
It is important to recognize that viewing cybersecurity through a different lens can help frame what cyberprofessionals do more clearly. Centuries of plant pathology research have shaped our current agricultural practices, and ongoing research continues to address the evolving landscape of plant threats. Adopting a holistic approach to cybersecurity that includes governing security practices, identifying threats, excluding or eradicating them, protecting assets, and building resilience allows organizations to manage cyberrisk as effectively as farmers manage crop health, fostering a security posture that is both strong and adaptable.
Jack Freund
Is the chief risk officer for Kovrr, coauthor of the award-winning book on cyber risk, Measuring and Managing Information Risk, 2016 inductee into the Cybersecurity Canon, ISSA Distinguished Fellow, IAPP Fellow of Information Privacy, ISC2 Global Achievement Awardee, and ISACA’s John W. Lainhart IV Common Body of Knowledge Award recipient.