Research outfit TNO has announced Dutch bank ABN Amro will be the first entity to use ‘self-healing’ cybersecurity software that can repair itself when under attack from viruses.

Cybercriminals scout for loopholes in software used by large firms to steal data, and combating cybercrime has been a major challenge.

The self-healing software draws its concept from the human immune system, which is capable of repairing itself when attacked by viruses.

ABN Amro CISO Martijn Dekker said: “Self-healing security software looks very promising. We are continuously exploring and experimenting with new technologies to see how much security they will be able to offer in the future. It’s a good way to learn from bioscience and to apply this knowledge to our IT systems.”

The software will soon be made publicly available so that everyone can use it.

ABN Amro had signed up for TNO’s Partnership for Cybersecurity Innovation (PCSI) in order to explore ways of combating cyberattacks.

The PCSI worked with experts from various partners, including immunologists, to develop this software.

TNO Self-Healing Security project leader Bart Gijsen said: “Basically, we started from the way cells in the human body fight viruses and bacteria and renew themselves. We translated that into a concept for ICT security. Large organisations such as banks have problems with cyber attackers who keep coming up with something new. This software offers them protection by limiting the options of attackers.”

The team developed a system that is decentralised, can repair itself and also understands the moment to do so.

Renewal is based on the current ICT technology, called Kubernetes, which features the possibility of rebooting and renewing. However, the new software comes with an added functionality so that containers, a type of virtual computer server, can renew themselves at regular intervals to create more moments so that cyberattacks can be quickly intercepted.

Furthermore, the software is capable of anomaly detection, which enables containers with suspicious behaviour get immediately terminated without having the need to go through a central system.