This is the 8th blog in a series about security and how security is about how you think.
In my last blog, I started looking into security monitoring of my house and asking the question about what I should monitor. With all of this new “Internet of Things”, do I have to worry about these new devices and how they affect the security of my house? Do I have to worry if my refrigerator remembers my midnight snacking habits? Do I have to worry if my washing machine knows that I wash colors on Thursdays? Is my Internet-connected toaster a security risk to me?
In order to answer this question – we’re going to continue to look at the security of my house using the same processes that we use to understand the security of a computer datacenter. We need to gather as much SECURITY INTELLIGENCE on each item and how it works in order to understand how it affects the security of the greater environment. Again, it’s how we THINK about security that’s going to help us understand the security of the overall environment.
Some questions that I’m asking myself about my new Internet-connected toaster (there are many more):
These questions and those like them, are to uncover the nature of each device. If I know how these devices THINK about security, then I can understand how they contribute (or not) to the overall security of my environment. And the last question starts to think of my toaster as a mission-critical appliance – can it be disabled through a normal operation? So how, through my security intelligence, can I decide which appliances in my house are the most mission-critical? Is it my smartphone? Refrigerator? Toaster?
So, which appliance in my new “internet of things” house is the most suspect? Which one has the most information that I need to secure? It all comes from thinking about the security of my house as individual objects and how they interact and knowing the security intelligence of each object. The overall security of the system is directly connected to the security of each object and how they interact. Again, it comes down how we THINK about security, whether we’re talking about an Internet-connected toaster or a computer datacenter.