Daily Archives: 13th May 2017

The Great Ransomeware Debacle

Or, How the NHS was screwed by free market policy

So here’s the issue: WHY was the NHS so easily attacked by the recent penetration by ransomeware? In order to answer that, let me describe another (relevant) scenario.

Suppose farmers only had ONE strain of potatoes. And suppose those potatoes were grown everywhere in large amounts. Then suppose a virulent strain of potato blight attacked the tatties. What happens? Well, epidemiology would predict that the blight cuts a swathe through the entire potato population, destroying whole crops. There is (at best) a great shortage of potatoes, or (at worst) mass starvation. Perhaps governments then investigate the problem, and decide to blame the farmers (“didn’t secure their crops adequately”) and the potatoes themselves (“too old… we need modern potatoes”). The public laps it all up, not realising that the true issue is staring them in the face: monocultures.

A monoculture has no genetic diversity built-in, and therefore is unable to resist infections, and is inherently ‘unhealthy’ due to its sensitivity to local conditions and the management of the growth environment.

Now let’s return to the computer world. We have an almost identical situation, where Microsoft’s operating systems dominate the world personal and administrative computer domain. This is a software monoculture, which is HIGHLY vulnerable to attack because of its very ubiquity. Since Microsoft is everywhere, sold to you with your computer, taught in schools, used at work, and in our public services, the chances of a single carefully-crafted worm or virus spreading throughout the connected world is very high indeed. It is the monoculture that is to blame for the recent panic-ridden events striking the NHS, not the machines or the people concerned.

Of course, our government will not come clean and say this. They’re so embroiled in the ideology of the free market that to blame Microsoft’s counter-productive business practices is almost beyond their thought. Instead, they advise ‘tightening security’ — which is a stop-gap that cannot defeat a continually evolving threat to the monoculture itself.

A friend recently said to me that “all computers, even Linux ones, are threatened” by viruses (etc.). This is true, but only up to a point. In fact, if you consider computer usage throughout the world it’s because of the very success of Microsoft’s marketing practices (not their software) that we’ve got a problem in the first place. And like junkies, we’re too ‘hooked’ on their systems to realise this. Our very lack of awareness of the political situation is causing the issue we wish to avoid.

There’s a solution: diversity. Don’t simply use what you’re given. Choose a Mac, or a Linux-based machine, or Android, or ChomeOS, or even a Microsoft machine… but for the Gods’ sake, don’t just use what’s given to you! Choose your computer operating system the same way you choose your wallpaper or carpets. Then learn how to use it. I am especially concerned that children (and adults) learn ‘computer’ skills, and not simple ‘Microsoft’ skills. We need to break this corporate monoculture in order to sustain a more secure data environment. This is a role for the education system. Instead of just tinkering around with security advice (like putting your finger in the hole in the dyke!), we need to solve the problem of security at a fundamental level.

And if anyone says to me “it takes time to learn something new” — can I say, didn’t you do just that when you learned to drive?

And if someone says to me “what about exchanging documents and data from one system to another, wont your much-vaunted diversity cause communication problems?” — can I say that we need international data format standards, not absolutely standardised operating systems.