Fifteen years ago three national security strategists published a paper which would resonate with a new crop of cyber practitioners in the Department of Defense, Intelligence and Law Enforcement Communities titled “Information Terrorism: Can You Trust Your Toaster?” This paper, by Matt Devost, Brian Houghton and Neal Pollard, outlined a scenario for how attacks against IT could impact operations, and then captured context, provided definitions and proposed frameworks of solutions, most of which are still totally relevant today. The paper won the National Defense University’s Sun Tzu Award for Information Warfare writing and has been an important foundational piece for study since then.
I have many great memories about this piece and the conversations I’ve had around it. It has driven action and still motivates. But there are some very serious issues and causes for concern that the paper addressed but the nation failed to respond enough to, and that is cause for concern. The threat has continued to grow since the paper was published, and the IT that serves us so well has only become more interconnected and more widely deployed, making us even more dependent on it. Although great champions of security like Devost are still collaborating broadly to improve things (see, for example, FusionX), there is so much more work to be done in this domain before I will trust my toaster.
And, for the record, I have no intention of buying any computer connected toasters, ever, including the two models pictured below.