Due in part to the marketing efforts of vendors such as Cisco Systems and the public discourse on infrastructure cybersecurity, the fact that virtually every object in our environment is getting intelligent has been entering the common consciousness. Publications like Scientific American are more often running articles such as the recent “Hacking the Internet of Everything” piece which has been the cause of some conversation in the ICS ISAC Linkedin group.
As with similar evolutions, we remain mostly unable to properly scope the emergent phenomenon. Beyond a certain scale our minds are not made to grasp size and numbers. Since this phenomenon is in part about the difference between millions of devices and billions, a simple metric I learned as a kid might help:
One million seconds = 12 days.
One billion seconds = 32 years.
This issue of scale indicates a great deal about the range of choice available to those interested in securing this vastly connected and dependent environment. While it is conceivable that a diligent group could touch each of thousands of devices or people, it is stretching the limits of such manual effort to touch millions - and flatly inconceivable to touch billions.
Rather than the bespoke method of hand-crafting that has typified cybersecurity during its infancy, a much more organic immunological approach is going to define future efforts. Self organizing, self diagnosing and self treating solutions will be much more the hallmark than the one-off Blackhat war stories that we have come to know and love.
The two issues I have with the linked SA article are therefore: 1/ the focus on the mote vendors rather than beam builders; 2/ and the diminutive view of the future.
- Vendors of the cells of this big beast do indeed need to look more to “secure by design”, but that is a survival issue for them rather than a solution for us all. Where vendors have Media Moments that reveal they caused notable infrastructure failures they will find themselves offering the rest of us Darwinian lessons, and those who fill their niches will be better suited to the task.
- As with a biological analog we are all familiar with - the 100-trillion-cell cooperative entity we each are - the awakening global infrastructure will not be 50 billion points of light but many, many more. Smart paint and clothing lurk around nearer corners than we imagine. Not only our grandchildren but only moderately older versions of ourselves will marvel that we managed to live in a world where lightbulbs were insensate lumps and floor tiles did not know when they were wet.
The solutions are more obvious when we look at the challenges this way, but as is forever the case we will remain biased by the way things have “always” been done. We are correct in one respect, at least, except that it has been Mother Nature who has been solving such challenges of resilience in the face of massive scale, not us.
The Internet of Everything will change not only the way we “live, learn and play”. When we finally come to grips with the scope and scale, it will fundamentally change the way we look at security.
