Remove the IoT training wheels
I’ve recently qualified as a British Cycling coach and volunteer my Saturday mornings to teach young riders. My creative side can’t help but make connections and in two minutes I’m going to persuade you to remove the training wheels on any family bikes (or vow to never buy them) and the training wheels on the Internet of Things. I'll come to what those IoT wheels are later but first on to the bikes.
Think back to before you could ride a bike and let your inner child process these thoughts...
Why do you want to ride a bike? "To travel faster or go further. "
What skills do you need to ride from A to B? "Pedalling, steering and braking."
What’s stopping you? "Falling off."
Aha! The “Solution” you are looking for is training wheels: Training wheels stop you falling off so you can get from A to B!
Wait, did we jump to a solution too quickly? We’re fixing a symptom not the root cause of a problem. Let’s ask a couple more questions:
Why are you falling off? "I haven’t learned balance."
Do you think that training wheels have some magic property that when removed suddenly unlock the skill of balance in your mind? "No."
So what’s going on? Imagine you need to go around a right-hand corner; you turn the handlebars to the right. That sets up a force on the bike that makes it tend to lean left.
Simplistically, you counteract that force by leaning the bike to the right, and you go round a corner (don’t shoot me on the Newtonian mechanics!) Most of your cornering ability comes from leaning, handlebars are for fine tuning. With me so far?
Leaning is good for cornering, sometimes this good:
(That's not photoshopped https://www.pinkbike.com/news/myth-buster-matt-hunter-video-2014.html)
Now let’s try that right hand corner on a bike with training wheels. Notice the right hand training wheel. It stops you from leaning the bike to the right. That cornering force rotating the top of the bike to the left now can’t be balanced by leaning right, so the bike flips to the left where the left hand training wheel is forced to the ground.
Training wheels teach young minds to keep upright and worse still that the way go around a right hand corner is to lean slightly to the left. When the wheels come off your brain needs to unlearn two mistakes while learning how to corner and balance properly. Better to begin with never fitting them.
How can you learn balance?
Use a balance bike and learn to lean. The Solution to falling less often is to discover balance. You're now consciously aware that the old-schools of thought need stopping - your parents didn't know any better and were sold on the training wheels "solution".
So what’s this got to do with IoT and InfoSec?
The old-school InfoSec training wheels of network perimeters, firewalls, anti-virus need to come off (assume attackers have circumvented them anyway) for the IoT. They are symptomatic fixes. We need Internet Things that stand up for themselves and can lean to negotiate obstacles. This core balance skill starts with cryptographically strong identities of Things. Of course there are many more skills needed (trusted code bases, isolation mechanisms etc) and many resources are available to teach what’s needed. An example here. I'll be talking about the Identity of Things at the Cloud Identity Summit in Chicago June 19-22.
Are you persuaded? Then take spanners to the bikes and demand that IoT devices stand up for themselves. It’s time to banish all training wheels.