Monoculture (Wiki)

The content of the Security Analogies wiki is now available here, under the GNU Free Documentation License 1.2.

Thanks to Rich for the content of this page.

In Ireland, the horrible effects of the Great Potato Famine was exacerbated by the fact that all the potatoes were the same biologically. When a fungus was introduced that was devastating to the potatoes, it swept through all of them, killing the main source of food for the Irish. If there had been different varieties of potatoes, then the fungus might have killed some, but would have been far less likely to kill all.

Another famous example is English Elm had almost no genetic diversity (essentially they were all clones) being propagated almost exclusively via suckering, and almost every mature Elm tree in the country was killed. Other more genetically diverse Elm species have survived the disease much better.

In the same way, if everyone in a company is running Windows, and a terrible virus gets introduced onto the network, then everyone's computer will be affected and potentially damaged or even destroyed. It would be safer for the company if some people ran Windows, while others ran different operating systems, such as Mac OS X or Linux. That way, those machines would remain untroubled by the problems taking down the Windows machines, and work at the company could continue.

Still relevant today is the plight of the humble Banana, which has lost several of its varieties to Disease. The banana (the plantain) that we now find on the shelves of the local supermarket may in a short time vanish from the shelves, as the onslaught of the disease makes it impractical to farm on a scale necessary to supply the global market.

With such a monoculture, the ability to fend off any sustained attack approaches zero, as any disease gains such massive benefits from adapting itself carefully to maximise the ability to infect just one group, that spending the resources (evolutionary time) is well worth the time. The monoculture makes itself a prime target by the simple fact of its existence.

In computer terms, this would equate to the rise in attacks on the current most mainstream computer operating system (currently Windows), as there is simply such a huge number of machines, all of which are the same. Given time, this rise in the number of exploits could feasibly reach the point that if you install a Windows computer on the internet, you will pretty much be guaranteed of an exploit by some route or another (The operating system vendor has to succeed against every new type of attack, the attackers only need to succeed once, and they have a target group of millions that will fall). The constant threat of infection (and thus the spectre of losing your bank account details, credit card numbers, and the machine just plain running slow because it's using all its resources trying to spread the infection) would, in this case, make it a non-viable product to use to service the global market.

Currently with Windows, a little slack exists in the system by creating a pandemic.

WebSanity Top Secret