Many recent IoT security “faux pas” [and I am happy to say faux pas, rather than disasters] seem to trigger a rage of security pundit commentariat like “ZOMG, these people/developers/manufacturers/monkeys are so freaking dumb!!”
Let’s step away from this for a bit and think about tanks and tractors- both heavy, tracked machines.
When you design a tractor, you have to think [presumably] about it not rusting, breaking down under load, falling into a ditch, etc. There are lots of safety and operational resiliency considerations. However, do you think tractor’s product design documents include items like “survive EMP”, “drive over sharp metal objects”, “drive over people lobbing grenades”, “generate electronic countermeasures”? Of course, they do NOT. A lot of technology is NOT meant to survive deliberate threats, we don’t use bullet-proof glass at home and we don’t build bomb-proof bridges and buildings [in most cases]. A lot of technology – and I mean this very, very broadly – is NOT designed to survive deliberate attacks, and that is just fine. Tractor “threat model” does NOT include deliberate threats.
Now, on the other hand, a tank is meant to survive deliberate “tampering” – and occasionally drive right over said “tamperers” (the connoisseurs also suggest turning over them a few times). It is, after all, a machine of war, and war implies that you have dedicated, often creative adversaries (humans … but maybe eventually AIs :-)). These adversaries may use whatever they can think of – old, new, and sometimes entirely unknown to the tank designers – to make it break. They also often have your tank in their lab.Thus, they will look for vulnerabilities (like areas with thin armor), design flaws (like wrong location for fuel tanks), and may utilize entire new classes of technologies to stop you. As you can see, it is VERY different from the above. Tank “threat model” DOES include deliberate threats.
Finally … the point.
BUILD ANYTHING THAT IS ON THE INTERNET AS A MACHINE OF WAR.
CONNECTED? INCLUDE DELIBERATE ATTACKS IN YOUR DESIGN REQUIREMENTS.
ANYTHING ON THE INTERNET MUST SURVIVE DELIBERATE ATTACKS.
There you have it! The future of IoT security “Every business is a digital tank-building business”
Select blog posts tagged “philosophical”:
- Enable the Business? Sometimes Security Must Say “NO”…
- Defeat The Casual Attacker First!!
- Critical Vulnerability Kills Again!!!
- Security Essentials? Basics? Fundamentals? Bare Minimum?
- On “Defender’s Advantage”
- Security And/Or/Vs/Not Compliance?
- Bye-bye, Compliance Thinking. Welcome, Military Thinking!
- Security Chasm Illustrated
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.