Metcalf's Law states that a network's value increases exponentially with every node attached to it. This is true, a single computer sitting in a room by itself has minimal value in the real world. This concept describes the power of the internet and it can't be disputed. However, there is an aspect that has gone overlooked. For every node connected to the network, there has to be an operator of each node. Those operators can be one of three things, neutral agents, benevolent agents or malicious agents. While the majority of users are neutral agents, there will always be malicious agents present as well. Its much like the human immune system. Red blood cells exist as the neutral agents, serving the purpose of providing necessary nutrients for the body. White blood cells are the benevolent agents, fighting off the malicious agents such as viruses and bacteria. In the context of the human body, the benevolent agents normally greatly outnumber the malicious agents present. However, in the context of the Internet and computing systems, it seems that malicious agents far outnumber the benevolent agents. Therefore, while Metcalf's law applies to the value of a network, it also applies to the overall security of the network. For every node that joins the network, the potential security of the network decreases exponentially.

How does one prevent this, or even counteract it enough to make the network a sane environment? The simplest answer would probably be that its impossible. With the ratio of malicious users to neutral users, who may have no concept of security whatsoever being so lopsided, the malicious users on the Internet have made the network a highly infected and contagious system. The desperate shortage of benevolent agents (white hat hackers, penetration testers, etc) allows the malicious agents (black hats, hacktivists, terrorists) to basically run free. Not only do they go mainly unchecked in the system, they mutate at a rapid pace by creating new methods of taking advantage of people, programs, and network systems, making treating them a very difficult task. The only hope the system has is for more people to become educated in ethical hacking and become inclined to act as the white blood cells of the Internet. Ideally, ALL non-malicious users should have at least some security training to help protect the system in some capacity. While it will probably never be that every user connected to the Internet is a security-conscious, careful individual, everyone that can do their part should. Keeping your own systems clean of virii and malware to help keep the spread minimal, being educated about scams and hoaxes, and helping educate others about the dangers of online scams and hoaxes are great places to start that don't require you to work in security or even be highly trained.

Network security can be simply described by the following equation:

Where S represents the potential security of the system, Bh represents the malicious Black Hats, Wh represents the benevolent White Hats, and N represents the neutral entities. As the ratio of White Hats to Neutral agents increases, the impact by the Black Hats is decreased and the security of the whole is increased. The problem with the nature of the equation and the Internet is that while that ratio is increasing, so is the value of Bh, making it even harder for an equilibrium to be achieved. The security of computing systems relies on the same principles as the health of a living body, the malicious agents must be outweighed by the benevolent agents. This can never happen without people like YOU voluntarily becoming the benevolent agents. Don your white hats.