{"id":32956,"date":"2021-05-12T16:20:33","date_gmt":"2021-05-12T21:20:33","guid":{"rendered":"http:\/\/huewhite.com\/umb\/?p=32956"},"modified":"2021-05-12T16:20:33","modified_gmt":"2021-05-12T21:20:33","slug":"the-costs-of-monoculture","status":"publish","type":"post","link":"https:\/\/huewhite.com\/umb\/2021\/05\/12\/the-costs-of-monoculture\/","title":{"rendered":"The Costs of Monoculture"},"content":{"rendered":"<p>At least in the computer field. Remember the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Petya_(malware)\" target=\"_blank\" rel=\"noopener\"><em>NotPetya<\/em><\/a> malware? Unlike the ransomware that <a href=\"https:\/\/www.cnn.com\/2021\/05\/12\/politics\/what-matters-panic-buying\/index.html\" target=\"_blank\" rel=\"noopener\">hit<\/a> <em><strong>Colonial Pipeline<\/strong><\/em> earlier this week, it wasn&#8217;t reversible, making it a tool of vandalism &#8211; I shan&#8217;t dignify it was the &#8216;ware&#8217; suffix, which might make it seem sexy or something. It&#8217;s just a vandal&#8217;s tool.<\/p>\n<p>This interview with Adam Banks, the Chief Technology &amp; Information Officer of <strong><em>Maersk<\/em><\/strong>, the big shipping concern that was one of the victims of <em>NotPetya<\/em>, is revealing:<\/p>\n<blockquote><p>\u201cAll end-user devices, including 49,000 laptops and print capability, were destroyed,\u201d he says. \u201cAll of our 1,200 applications were inaccessible and approximately 1,000 were destroyed. Data was preserved on back-ups but the applications themselves couldn\u2019t be restored from those as they would immediately have been re-infected. Around 3,500 of our 6,200 servers were destroyed \u2014 and again they couldn\u2019t be reinstalled.\u201d<\/p>\n<p>The cyber-attack also hit communications. All fixed line phones were inoperable due to the network damage and, because they&#8217;d been synchronized with Outlook, all contacts had been wiped from mobiles \u2014 severely hampering any kind of coordinated response.<\/p>\n<p>Maersk was hardly the only company experiencing an IT meltdown at the hands of NotPetya: food and beverage manufacturer Mondelez, pharmaceutical giant Merck, advertising agency WPP, health and hygiene products maker Reckitt Benckiser, French construction company Saint-Gobain and FedEx\u2019s European subsidiary TNT Express were among thousands of multinationals impacted.\u00a0<em>[<a href=\"https:\/\/www.i-cio.com\/management\/insight\/item\/maersk-springing-back-from-a-catastrophic-cyber-attack\" target=\"_blank\" rel=\"noopener\">Global Intelligence for Digital Leaders<\/a>]<\/em><\/p><\/blockquote>\n<p>Staggering by sheer numbers.<\/p>\n<p>It seems to me that the measure of your vulnerability correlates to how closely you approach 1 in the monoculture metric &#8211; that is, if all your company uses is <strong><em>Microsoft<\/em><\/strong>, you&#8217;re going to be a 1. Doubt it?<\/p>\n<blockquote><p>Banks is candid about the breadth of the impact: \u201cThere was 100% destruction of anything based on Microsoft that was attached to the network.\u201d<\/p><\/blockquote>\n<p>And it appears the closer your company is to a 1, the more likely blackmailers and vandals can inflict serious damage on your company.<\/p>\n<p>This raises the question, no doubt already under discussion or even answered among IT security professionals: do we limit our efforts to trying to stop the initial infection, or do we accept that occasionally it will happen and structure the systems to resist and hinder the spread of such software once it&#8217;s become present in a company&#8217;s networks? And how much does that add to our costs?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>At least in the computer field. Remember the NotPetya malware? Unlike the ransomware that hit Colonial Pipeline earlier this week, it wasn&#8217;t reversible, making it a tool of vandalism &#8211; I shan&#8217;t dignify it was the &#8216;ware&#8217; suffix, which might make it seem sexy or something. It&#8217;s just a vandal&#8217;s \u2026 <a class=\"continue-reading-link\" href=\"https:\/\/huewhite.com\/umb\/2021\/05\/12\/the-costs-of-monoculture\/\"> Continue reading <span class=\"meta-nav\">&rarr; <\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-32956","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/32956","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/comments?post=32956"}],"version-history":[{"count":1,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/32956\/revisions"}],"predecessor-version":[{"id":32957,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/32956\/revisions\/32957"}],"wp:attachment":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/media?parent=32956"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/categories?post=32956"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/tags?post=32956"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}