On October 24-25 2018, I attended a conference about Counterterrorism and Criminology (EISIC 2018) at Blekinge Institute of Technology in Karlskrona, Sweden. Among, the keynotes was Dr. Dieter Gollman professor of security in distributed applications at Hamburg University of Technology. Among his wide repertoire of contributions, his textbook “Computer Security” is a household name among Information Security students. Personally, I have used it for my Masters and am using it now for my students.

Two key points that Dr. Gollman mentioned and that me reflect on are: i) that the Internet of Things (IoT) especially when it comes to network security “is a new balloon for floating ideas”, and ii) that better models than the CIA triad may be needed for IoT systems.

On i) it was emphasised that especially when it comes to working on IoT security one should not only coin something as state-of-the-art without having done a proper review of literature. For doing so, one must not simply search for IoT and security, but should also consult the literature for WSN and MANET security as otherwise 15-20 years of relevant results may be lost.

In terms of ii), it was suggested to replace the CIA model with a new model – the Control Triad (CO2).  In the new model, there are three dimensions: Controllability, Observability, and Operability. These dimensions are important because in a control system, as is the IoT, a threat agent may not be keen on CIA but instead wants to control the system, to put it in a state that the actor wants it to be in or to operate it according to the agent liking, etc.

I hope that this short post will somewhat make you reflect on stuff you may be working on.