Interview: Cisco's security supremo on the Internet of Everything
El Reg asks Chris Young how we can stop the IoT becoming a $19 TREELLLION honeypot
Beyond the MAC address
El Reg: Let's look at the identity part. Conceptually, how do you expect identity of devices to evolve? At the moment, the nearest thing we have is a MAC address, really.
Young: That's probably right.
El Reg: The MAC address probably isn't immutable … but it's close. How do we say “we want to associate with the device, with other things we know about the devices, with what we know about the device should be doing,” so we can say “that device shouldn't be calling Bulgaria on port 443” or whatever?
How do we extend what we now think of as a device identity to a security-useful identity?
Young: It's a great point. Think about it this way: my name is Chris Young, but my identity is so much more than my name. It's the company I work for, the people I work with, the places I go, the things I do – all of that constitutes my identity.
Why would we assume that in the device context, where identity becomes more relevant, that the only thing you need is a name?
Even if you had a unique identifier – think of a social security number as a parallel – that identifier is only a facet of your identity.
For human beings, we've gotten to the point where we enrich the name with all these other attributes to ascribe someone an identity. We haven't yet gotten to that place for a machine – we just think of it as a MAC address, or an IP address.
What we're going to have to do, as machines become more connected, and the context in which they operate becomes more important, then we will have to ascribe other elements of identity to machines, in order to be able to make better decisions about what those machines can and cannot do.
That could be: “This is a machine, it has this image on it, it belongs to this group. Its normal behaviour looks like this, so if one day it behaves like this, then we have a problem”.
El Reg: If we're talking about a sensor that's nailed to a telegraph pole, it probably should not be sending out 40,000 e-mails in an hour.
Young: Yes. Think about it, we apply those principles today. Your credit card company is building an identity profile on you, and if a transaction happens that's outside that profile, what do they do? They block the transaction, and say “call me”.
“Were you at this gas station?” There's no reason that the same methodology could not be applied to machines, particularly machines that could have behaviour that could result in a data breach or some other malicious act.
El Reg: How does the industry also get better at the granularity of its disclosures? If I put an app on my phone, I will get maybe three advisories saying “memory, network, and power” and not the option of turning those off.
Young: You can make those determinations for a lot of apps …
El Reg: But when we broaden it out to the refrigerator or the washing machine ...
Young: It becomes too complex. That's why you can't be deterministic, you can't rely on the individual to make these decisions. You've got to have profiles of behaviour, and you've got to have visibility to behaviour and context.
Then when something gets out of the tolerance, the right profile tolerance, that's when you take corrective action.
I think that's the only way to deal with it, because if you get to the world where you've got to make all these decisions about “what can your refrigerator do, what can your washing machine do, what can talk to what”, you'll never … it's just not possible. The permutations just in your home are too complicated already, and we haven't even started.
We've only connected one percent of those fifty billion devices.
El Reg: Already a lot of the upstream data gathering is simply the Facebook model – you didn't buy the product, therefore you are the product. In a lot of cases, what seems to be happening is “fill an enormous data centre with the diaries of light-bulbs”.
For the data collector, what on earth is the value model that they hope to get to?
Young: That one's harder. It's hard for me to speculate …
El Reg: Go ahead, speculate!
Young: ...energy usage patterns, using that as information on the transaction of energy rights, when to provision energy. Just knowing a little about the power grid, there's massive amounts of money to be made or saved depending on when energy gets delivered.
It's much cheaper to consume electricity in the middle of the night. There's use-cases like that where I can see why the data might be more valuable than it seems at first.
But there are security implications to that, and it's all the way up and down the chains. The security on the device, the security of the data transmission, the identity and context of that data, the comings and goings of the person – those are things that are all very relevant security considerations when you consider the kind of information that's going to be generated.
El Reg: This isn't really a Cisco-specific question: it's really easy to do the big data stuff, have a good picture of circumstances, and get the wrong answer anyway. Are we even remotely ready to get the right answers out of the data when it really matters, or are we still at Base Camp One on Everest?
Young: I have found in my career that the right answer is as often a function of the right questions, as it is of the process and the output. So – the challenge with Big Data today is that it's become this buzzword that people focus on.
But if you've done any statistical research, you'll know that if you aren't asking the right question you won't get the right answer. ®
Disclosure: The author travelled to Cisco Live! as a guest of Cisco.