Spuds and system security
Recently, there has been a great deal of concern over the rise is prices of common staple food grains. A frequently cited cause for this price jump is international speculation in commodity markets, and the disproportionate aspect this can have on the price of the commodities themselves, quite apart from the usual cycles of supply and demand.
What fewer people may know is that the UN declared 2008 as the international year of the potato. (They did this, of course, some time ago, so the contrast in notions becomes even more intriguing.)
There is some irony in that, but it gets better. (Both from the perspective of irony, and from the point of view of useful analogies for infosec.)
The potato (the “humble” potato, as it is frequently described) is suitable to a great many climatic conditions, and is generally more productive than grain crops (and *much* more productive than meats, etc.) It is also surprisingly nutritious.
(Ah! I hear you cry, what about the Potato Famine? Well, in that case the potato was, oddly, a victim of its own success. We know, or should know, the dangers of the monoculture, which was what led to the famine. [And that topic has relevance to infosec as well, but it has been amply discussed elsewhere.] However, what is less well known is that the introduction of the potato, 250 years prior to the famine, led to a 5-8 fold increase in the population of Ireland over those twenty-five decades, due to an increase in both food source and in nutrition.)
So, what about world food crops, commodities, and skyrocketing prices? If we convinced people to grow potatoes, wouldn’t we just become dependent upon potatoes, and then there would be speculation in potato futures? Well, oddly, it seems not.
Grain, when harvested, is fairly dry, and can easily be dried even more for storage and shipment. And, to pretty much anyone except a pasta maker, wheat flour is wheat flour. You can make any product you want out of basically any flour you can get.
Potatoes are wet. They get used fresh, for the most part. (The technical advances in producing dried mashed potatoes seems to parallel that or artificial intelligence: there is a lot of interest, and a lot of work, but those who have tried the results can tell you that there is work yet to be done.) Also, people who use and eat potatoes tend to have preferences. (And there are a great many varieties of potatoes. Remember that monoculture bit?)
It seems that potatoes are one of the few staple crops that are resistant to commodity markets (however susceptible it may be to the blight).
So, what’s the point for infosec? Remember the lessons of security architecture. Build your architecture based on resilient and resistant technologies, not on the most popular. It’s not a new lesson: it rests on the foundation of risk management which should be foundational to all security.