IoT Security’s Train Analogy


I have an analogy I like to use for IoT Security: it’s like a giant train that seats billions of people, and it’s currently boarding.

The people getting on read the marketing and they’re super excited—IoT is evidently like Disneyland, but way better. The conductor is the free market, and there is nothing stopping him from leaving the station as fast as possible.

All of us in security are shouting and waving our hands frantically from the station. We saw the conductor build the train as fast as possible using random spare parts, and we’re telling people not to get on so quickly—to think about it, to re-read the brochure. We’re telling the conductor he’s got major issues with the train, and that he shouldn’t leave without having them addressed.

But nobody is listening.

Our punishment, like a horrified time traveler with no ability to interact with the past, is that we’re about to watch this train crash, frame by frame, in slow motion, for the next 30 years.

We saw the train get built, we saw the people get on, and we saw it crash. But there was nothing we could do to stop it. And the pain was magnified exponentially by the fact that we knew what could have been done to prevent the tragedy.

It’s just like the Internet. Imagine you go back in time to 1995 and you start screaming at everyone about the dangers of using unauthenticated UDP for core infrastructure.

Nobody would listen. They would ignore you because functionality is the priority, and true understanding of risk only comes from hardship.

The internet would get built mostly the same as it was because suffering is part of the necessary cycle. And here we are with lots of scratches and bruises, but we’re ok.

It’s going to be the same with IoT Security.

But this time the scale is far greater, as in trillions of connected devices, and so the impact will be greater as well.


Here’s what we can say for sure:

  1. The train is not safe.

  2. The train is leaving and there’s nothing we can do to stop it.

  3. The train WILL crash, and our punishment will be to watch it crash in slow motion when we knew what could have been done to prevent it.

  4. And finally, it will be ok.

Let’s do our best to view the future with the wise lens of inevitable hindsight.


  1. The good news here is that there are other train factories and other train stations still being built, and we can do our best to influence things there even though we couldn’t help the main one. And over time, after many crashes and millions of incremental improvements, things will improve.

Related posts: