Well, you all expect deep technical guidance from us at Gartner GTP – but here you are going to get another “philosophical post” (aka rant) – inspired by the “Jeepgate”, naturally.
Many recent IoT security “faux pas” [and I am happy to say faux pas, rather than disasters] seem to trigger a rage of security pundit commentariat like “ZOMG, these people/developers/manufacturers/monkeys are so freaking dumb!!”
Let’s step away from this for a bit and think about tanks and tractors- both heavy, tracked machines.
 |
 |
When you design a tractor, you have to think [presumably] about it not rusting, breaking down under load, falling into a ditch, etc. There are lots of safety and operational resiliency considerations. However, do you think tractor’s product design documents include items like “survive EMP”, “drive over sharp metal objects”, “drive over people lobbing grenades”, “generate electronic countermeasures”? Of course, they do NOT. A lot of technology is NOT meant to survive deliberate threats, we don’t use bullet-proof glass at home and we don’t build bomb-proof bridges and buildings [in most cases]. A lot of technology – and I mean this very, very broadly – is NOT designed to survive deliberate attacks, and that is just fine. Tractor “threat model” does NOT include deliberate threats.
Now, on the other hand, a tank is meant to survive deliberate “tampering” – and occasionally drive right over said “tamperers” (the connoisseurs also suggest turning over them a few times). It is, after all, a machine of war, and war implies that you have dedicated, often creative adversaries (humans … but maybe eventually AIs :-)). These adversaries may use whatever they can think of – old, new, and sometimes entirely unknown to the tank designers – to make it break. They also often have your tank in their lab.Thus, they will look for vulnerabilities (like areas with thin armor), design flaws (like wrong location for fuel tanks), and may utilize entire new classes of technologies to stop you. As you can see, it is VERY different from the above. Tank “threat model” DOES include deliberate threats.
Finally … the point.
BUILD ANYTHING THAT IS ON THE INTERNET AS A MACHINE OF WAR.
CONNECTED? INCLUDE DELIBERATE ATTACKS IN YOUR DESIGN REQUIREMENTS.
ANYTHING ON THE INTERNET MUST SURVIVE DELIBERATE ATTACKS.
There you have it! The future of IoT security 🙂 “Every business is a digital tank-building business”
Select blog posts tagged “philosophical”:
- Enable the Business? Sometimes Security Must Say “NO”…
- Defeat The Casual Attacker First!!
- Critical Vulnerability Kills Again!!!
- Security Essentials? Basics? Fundamentals? Bare Minimum?
- On “Defender’s Advantage”
- Security And/Or/Vs/Not Compliance?
- Bye-bye, Compliance Thinking. Welcome, Military Thinking!
- Security Chasm Illustrated
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.
Comments are closed
2 Comments
Great point, Anton. A mindset of Threat-Oriented Security will change a lot in our business.
Indeed, especially for those folks who never dealt with anybody intentionally breaking their product AND never felt responsible for such “breakage”, if it occurred.