What The “Monkey Arms War” Can Teach Us About Network Security
November 12th, 2006By Kevin McTiernan
A story appeared on the Time magazine website in October describing a serious problem in India – the city of Delhi is inundated with Rhesus monkeys. With monkeys considered sacred by Hindus, a feast of bananas and peanuts left out for them is commonplace. Encroachment on their habitat, coupled with years of inaction and the “feasts,?” have brought the monkey population in Delhi proper to as much as ten thousand. In search of food, they have attacked people, broken into Parliament, kept people from entering homes and wreaked havoc to offices (in 2002, a pack of monkeys attacked students in a girl’s college in Darjeeling India; and, in 2004, monkeys were blamed for ransacking the offices of the Ministry of Defense). Initial responses to the problem were for offices to glue windows shut. But a new solution has taken hold - langurs (large black-faced apes) are now being deployed by office building managers and city officials to protect buildings and scare away the monkeys.
Primatologists believe that using langurs is a bad idea for several reasons. First, the apes only scare the smaller monkeys, just moving them to another building or part of the city. Second, there is evidence that the apes will eventually coexist with the monkeys and no longer scare them. Third, the apes are scary (and potentially dangerous) to humans. Fourth is the obvious cruelty aspect. The final reason comes from me, hasn’t anyone there ever watched Planet of the Apes?
When I first read the article, I laughed out loud and explained the story to nearby coworkers. I then found myself intrigued about the subject and read more, realizing the business lessons it provided; in particular to network security:
The monkeys are similar to hackers or botnets. The growth of the Internet and a limitless “feast?” of resources consisting of unprotected home computers and only slightly more protected computer networks have resulted in their population and audacity to swell. Some businesses completely lock down networks through firewalls (glue their windows shut), and while seemingly protected, in turn actually keep employees imprisoned and customers disinterested. And, some of what people would assume to be the most secure facilities (Ministry of Defense or Parliament), turn out to be vulnerable to the most basic of attacks or exploits. The quick reaction of deploying a “bigger hammer?” (langurs) to scare away attackers will work only with the smaller threats. But in reality, this approach will simply cause the tactic to change to another location or to come back in a larger group - but you can be assured, they will be back! Finally, a static system, over time, will not be much of a deterrent at all - only by learning and adapting can the threat be eliminated while not affecting service. This agility gained through learning and adaptation will ensure that when the next threat changes shape (from monkey problem to lion problem, for example) your security solution does not become a zoo of deterrents.
Check out the original story in Time Magazine and another one from HTT.
An Aside
The whole saga is oddly reminiscent of an episode of the Simpsons (“Bart the Mother?”) where Bart is forced to care for two eggs after killing a bird. The eggs turn out to be that of a lizard that eats bird eggs. The town decides the lizards must be killed, but change their minds after they learn the lizards kill pigeons. With “feathered rats?” out of the picture and lizards running rampant, the next plan becomes to deploy snakes to wipe out the lizards. To rid the town of snakes the plan is to use gorillas that like snake meat. They hope the task will be completed by winter as the next plan is to let the apes freeze to death.
Radar has a great timeline of how this story is the beginning of our path to the Planet of the Apes.
The Simpson Archive has the “Bart the Mother?” episode.