CyberSecurity design weekly recap for October 26-31.
This week: Renzo Piano and the California Academy of Sciences. There’s a tension when designing a security architecture. The architecture must meet and mirror culture of the organization. The design can’t run contrary to how the organization works. But at the same time, the new controls must facilitate a cultural change towards a more secure way of being. The architecture mirrors while it modifies. Principle: Design for change and stability.
Previously: Paul Hekkert and the Unified Model of Aesthetics. Most Advanced, Yet Acceptable (MAYA) is the name Hekkert has given this principle. How advanced can the design be while still remaining familiar, still being acceptable, still looking like work? The answer will vary from organization to organization due to culture. But the question must remain top of mind for security leaders pushing the envelope. Principle: Balance familiarity with novelty.
One thing more: I was asked this week: “How can companies reduce the human errors that so often lead to security breaches?” Here’s the thing. The number one cause of problems in early flight? Human error. The number one cause of manufacturing accidents? Human error. Number one cause of nuclear power plant problems? Human error. Security problems? Yep, human error. The root cause of all these issues: poor design.
This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.
It has been said San Francisco is forty-nine square miles surrounded by reality. Fleeing Michigan snows for a week in San Francisco leads to feeling the otherworldliness. One flight and everything changes.
In San Francisco, underneath a series of hills reminiscent of Hobbit holes, is the California Academy of Sciences. The hills reflect the structures below, such as the planetarium. The overall field forms a living roof which keeps “interior temperatures about 10 degrees cooler than a standard roof and reducing low frequency noise by 40 decibels. It also decreases the urban heat island effect, staying about 40 degrees cooler than a standard roof.” This according to the California Academy of Sciences press release from 2007.
Renzo Piano designed building. His starting point was a question that’s delightful in his lateral thinking: “what if we were to lift up a piece of the park and put a building underneath?” In the California Academy of Sciences building and throughout Piano’s work, he returns again and again to themes of culture and change.
“The world keeps changing,” Renzo Piano said on the TED stage. “Changes are difficult to swallow by people. And architecture is a mirror of those changes. Architecture is the built expression of those changes. Those changes create adventure. They create adventure, and architecture is adventure.”
There’s a tension when designing a security architecture. The architecture must meet and mirror culture of the organization. The design can’t run contrary to how the organization works. But at the same time, the new controls must facilitate a cultural change towards a more secure way of being. The architecture mirrors while it modifies.
There’s another tension when designing a security architecture. Ongoing change will impact how people perceive and experience security. But at the same time, the security principles and posture must remain unchanged in the face of far ranging organizational change. “Architects give a shape to the change,” Piano once said. The architecture is flexible but stable.
My last trip in the US, before the pandemic, was to San Francisco. Within a month, everything had changed. We are experiencing the greatest migration in human history. A migration from the office to the home, certainly. More significantly, a migration from the physical to the digital. We now live in 1440 square pixels surrounded by reality.
Security architects must meet the wave of this change while holding steadfast to our security principles.
This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.
“Here are the materials, ideas, and forces at work in our world. These are the tools with which the World of Tomorrow must be made.” With that, the pamphlet announced the 1939 New York World’s Fair.
Alfonso Iannelli was right at home in the World of Tomorrow. Having gotten his start designing posters for vaudeville, Iannelli was also right at home with hype. Sunbeam Products was showcasing two of Iannelli’s designs: a toaster and a coffee pot, or the T-9 Toastmaster and C-20 Coffeemaster. These hardly seem innovative to today’s audience. But toasters were still an emerging tech in the 1930s. And the C-20 pioneered the vacuum coffee process which even today connoisseurs consider the superior way to make coffee.
Most importantly, the C-20 and T-9 brought the Streamline Moderne style to life. The push towards modernism was a recurring theme in Iannelli’s work. And there it was, at the World’s Fair, courtesy of Sunbeam.
Unified in style and updated in technology, these appliances have parallels in security capabilities. We’re often updating existing capabilities along with designing and implementing new ones. For example, suppose we have an existing workforce identity and access management program. Suppose we also have customer identities within the ecommerce website. A common challenge is to bring these two programs up-to-date and centralize the way identity is secured.
When developing a vision for the future, we naturally look for ways to implement the latest technology. It is equally important that we look for ways to standardize and unify the design for the experience.
Find the Streamline Moderne of identity and access management. First, find your vision.
After acclaim at the New York World’s Fair, Sunbeam put the coffee maker and toaster into production. The Coffeemaster would stay on the market nearly thirty years, wrapping up its run in 1964. Meanwhile? The Toastmaster was immortalized in a slice of Americana. On the cover of the Saturday Evening Post in 1948, central to the Norman Rockwell painting, there sat Alfonso Iannelli’s toaster. Moderne had arrived.
The starting point was the World of Tomorrow. Likewise, with your vision, the starting point is showcasing a pilot. Develop a proof-of-concept. Tie it to something larger. Hype it with all the gusto of a vaudeville poster.
Showcase your vision. Take this moment to gain early support and feedback.
This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.
It was the early nineties when I first saw the photograph of a small robot wandering the desert. I would go on to buy the Robo Sapien book which featured photographs from the same shoot, along with more from Peter Menzel. Iconic. Simple. Inspiring and, most of all, achievable.
Robotics in the 1980s and 1990s were incredibly complex and costly. Significant computing power and sensor tech was needed to move a limb. The idea of walking robots was a dream, to some, a fantasy. Rodney Brooks had made some advances with Genghis and Attila. But these were still tens of thousands of dollars. Such robots were available to grad students and researchers, but out tantalizingly of reach for the rest of us.
Enter Mark Tilden. The robot in the Menzel’s photograph, and the rest of Tilden’s menagerie in the 1990s, had a price tag of a few hundred dollars. Many were built from scrap parts and recycled electronics. This allowed for rapid prototyping, which in turn facilitated rapid innovation. End result? Simple robots that worked. Inexpensive robots that walked.
The real lesson I took from Tilden, which I applied both when I built his style of robots and when I designed IT systems, was how to copy an idea. It works like this:
Identify the features are providing the value
Deconstruct those into underlying principles and tasks
Emulate those tasks using the people and technology you have on hand
Act on those tasks to reproduce the effect, prototype and iterate, to develop your own way of providing the value
Tilden called his process biomimicry because the stated goal was to mimic biological systems. More broadly, applying Tilden’s process to my framework, you can envision the steps as follows:
Identify = Insects walk with legs controlled by a core set of neurons oscillating in a loop
Deconstruct = an oscillator with feedback
Emulate = two, four, or six inverter oscillators, or in BEAM nomenclature, Bicore, Quadcore, or Hexcore
Act = Unibug 1.0, seen in the photograph below
I wager this is the same process Tilden used to build unthinkable robots for a fraction of the cost using parts he had lying around. Meanwhile, in security, we’re challenged to build security capabilities with little budget using what we have on hand. This is where my IDEA method shines.
Implementing any capability reference model or framework is beyond the capacity of most organizations. So? Don’t.
In October 2019, I was in Haifa visiting the Technion. There I saw robots which mimicked the snakes which populate the deserts of Israel. The same movements that facilitate movement through the deserts of Israel are useful in navigating the rubble of fallen buildings and industrial accidents, in order to find survivors. My mind was instantly transported back to Mark Tilden and his spare-part creatures. It struck me that Alon Wolf’s bio-inspired snakes are the technological children of Tilden’s early experiments.
By following a process that closely mirrors my IDEA model, the engineers at the Technion had created a simple, efficient, and focused device which literally saves lives. They identified an unlikely source of inspiration and deconstructed that down to its most iconic element: the serpentine wiggle. They iterated until they were able to emulate this wiggle. Then they put their invention into action: rescuing folks who would otherwise perish.
We can do the same thing in our cyber security work.
Select your reference model. (Say, for an Identity and Access Management or IAM platform.) Use the process above to see where the value is coming from. (Let’s say, on-boarding and off-boarding.) Deconstruct these down to a few core objectives. Then, see what’s available in your organization in terms of tools and techniques. Run inexpensive and quick pilots to try out the ideas and form a plan.
Don’t act on all the things. Act on the right things.
This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.
On a winter evening in 2014, Nikki Sylianteng got a parking ticket. It wasn’t a surprise. This was in LA where the city collects around $140 million from tickets annually. Sylianteng’s $95 parking ticket wasn’t significant and it wasn’t a surprise. But what happened next was.
When designing security capabilities, we have two aspects to consider:
• The paths people take to complete work – number of steps, familiarity, and friction of each step • The choices people make during work – number of choices, predictability, and cognitive load
I argue that security can improve people’s work. Make it easier. Make it faster. I often get pushback on this argument, and for good reason. A very real problem is that security teams don’t have good visibility into the path and the choices. Even more worrisome, we don’t get good feedback when things are difficult or when security controls are making them worse.
Millions live in LA. Hundreds of thousands get tickets in LA. One person gave feedback with a solution.
Why? It is the same reason the workforce tolerates bad security controls: habituation. People get used it. They become blind to the annoyances along the path they have to take to complete their workflow. Listen for these tell-tale phrases:
• That’s just the way the world works • We’ve always done it this way • Things could be worse
That’s an indication of a workflow security may be to improve while increasing security. There lies habituation. There lies unnecessary steps or choices. There lies an opportunity to improve the path. But we need a partner on the inside, someone who can see beyond the habituation, someone who has what’s called beginner’s mind.
This is what drew me to the story of Sylianteng and her parking ticket. (Listen to Nikki Sylianteng tell her story herself here.) She didn’t accept the ticket. She couldn’t accept the way the parking signs were. She launched To Park or Not to Park and radically redesigned the parking signs. She has since created tools that anyone can use to create their own simplified parking signs.
Imagine our security goal is parking enforcement. Our control, the parking sign. Four million people in LA see the signs. Some follow them. Others don’t. Only one person actually says this is a problem, and takes it on themself to correct the problem. Do we embrace this person? Well. We should. According to Nikki Sylianteng, her new approach “has shown a 60% improvement in compliance and has pilots in 9 cities worldwide.”
Find those with a unique combination of beginner’s mind and desire to make a change. Embrace them. They are your security champions, and by working together, leaps in adoption and compliance are possible.
This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.