VIEW 28
Self-similar networks
Picture a hipster sipping a double espresso while surfing the internet in a trendy cafe—they may not be aware that the same science connects the percolation of water through coffee grounds in the machine and the underlying structure of their Facebook friendship network. Both are governed by a power law distribution, the governing principle of “scale free” or “self-similar” networks.
There are many examples of self-similarity in nature, where a small part of the object looks exactly the same as the object as a whole. Romanesco broccoli is good example. Each little floret looks like a miniature version of the whole head. The same is true of ferns: the individual leaves are the same as the larger fronds.
The more you look, the more you find that we are surrounded by examples of self-similarity.

The branching of trees, the spread of river deltas, snowflakes, blood vessels, coastlines, and share price charts all show self-similar patterns that repeat when you examine them more closely. And, as you may have guessed, so does the internet.
Mathematically speaking, self-similarity can be expressed as a power law, where one quantity varies as a power of the other regardless of scale—hence “scale free.” Such distributions are known as “long tail” or “following the 80-20 rule.” Coffee grounds can be modeled as a three-dimensional network composed of granules and gaps, the “clumpyness” of which follows a power law. Web hyperlinks are the same. Barabasi and Albert17 put forward a model based on preferential attachment to explain this. The more links a website has, the more visible the site is, and so the more likely it is that it will receive further links in the future. So, the preferential attachment model can be summed up as “success breeds success” or “the rich get richer.”
The cyber world is rife with power law distributions. Cyber space is unconstrained by geographic boundaries, creating a huge universal common pool. The larger the pool, the greater the rewards to those at the top end of a power law distribution. This explains the extraordinary global dominance of tech titans like Google, Facebook, Apple, and Microsoft. We see power law distributions in operating systems (Android), in application software (MS Office), in popular website links (Wikipedia), and social media followers (Twitter). Even in operational technology (OT), certain equipment manufacturers have dominant positions that follow the 80-20 rule. Self-similar networks that follow power law distributions can be highly resilient to interruption if the disturbance is purely random.
Sadly, cyber criminals do not pick their victims randomly. Phishing attacks through social media, watering hole attacks through popular websites, and zero-day vulnerabilities in widely used software packages are favored vectors that focus on the dominant entities at the top end of the power law distribution. But at the same time, the concentration of usage means that once a patch has been developed, it can effect widespread remediation. Fix once, fix everywhere—a power law cuts both ways.