Ever heard of the Irish Potato Famine?
The Irish Potato Famine lasted from 1846 to 1850 and about 1 million people – about one in 9 at the time – died from hunger and disease. The famine was, by any standards, a disaster of biblical proportions.
Now there are hundreds of varieties of potatoes but some are more productive than others, and for this reason Irish farmers settled on a variety called the lumper. As potatoes can be easily propagated, what the Irish wound up with were many crops of genetically identical clones – they created a monoculture.
Then in 1845 the fungus Phytophthora infestans, which is responsible for a disease called potato blight, appeared in Ireland. Some varieties of potato are less susceptible to potato blight than others. Unfortunately, the lumper was not one of those. The fact that the lumper was prominent throughout Ireland meant that the fungus wiped out much of the Irish potato crops not only in 1845 but also in 1846 and again in 1848. This was the setting for what we now call the Irish Potato Famine.
One final point about the Famine: politics was also a factor. Ireland at that time actually grew more than enough produce to feed itself but there was no surplus – a significant percentage of Irish crops were earmarked to be sold in England at a price the Irish couldn’t afford. Catharina Japikse writing about the famine in a 1994 EPA Journal story noted that, “The Irish starved not for lack of food, but for lack of food they could afford.”
I bring up the story of the Irish Potato Famine as an example of the dangers of monoculture: Whenever you have a large population with a low variability there is the opportunity for a disease to run rampant. And what have we got today in the computer world? With Windows being the operating system on some 95 per cent of all PCs, I think we can agree that the term monoculture applies.
So what can we conclude? First, we aren’t going to get rid of the monocultures we have. There’s too much invested in our systems for any kind of wholesale change. Second, we should consider alternatives when we add to and replace equipment – we need to increase diversity. The increased support costs will be more than offset by the improved ability to overcome problems and crises in what will become smaller homogeneous populations.
Third, we need to improve our defensive abilities. This means leaning on software vendors – particularly Microsoft – to deliver effective security mechanisms and patch the holes that exist, and we need to be more rigorous about what products we adopt. We also need to invest in and install a wider array of security and management products.
But these approaches will cost. They will cost us not only money but also time because quick fixes are rarely a safe path. In addition, our improvements will require a lot more planning and architecting than we have traditionally applied.
The fact is that we are not at risk for lack of security, but for lack of security we have been willing to afford. Time to start spending.
Thoughts from the trenches to email@example.com.