The Cullinan diamond was split into a number of smaller pieces — nine large pieces and dozens of smaller ones — by Joseph Asscher, a noted diamond cutter of the time. The story goes that the cutting of the diamond required six months of preparation and study, and that the first attempt actually caused the blade he was using to shatter. After more preparation, he attempted a second strike and sealed the deal, actually fainting with exhaustion and stress once the deed was accomplished.

The reason I’m bringing this up is that it’s a pretty good metaphor for what can sometimes happen in security: Diamond is one of the hardest materials on Earth, right? Yet if hit in exactly the right place with the right amount of force, it will splinter, like so much glass. Understanding ahead of time not only that it will splinter but exactly where and how is not only possible — it’s a necessary part of the diamond-cutting process. It’s arguably the primary skill that separates a skilled diamond cutter from an unskilled one.

Security programs are very similar in some respects. There are weak areas that any security program will have — this is true universally, even though the specifics vary from program to program and company to company. Like a diamond cutter, our ability to do our job well rests in part on understanding where those weak spots are, and being alert for the specific situations that will press against them.

This is one reason why it’s so important for security pros to pay attention to the Internet of Things. IoT represents an area of pressure — and the adoption dynamics are such that they may apply that pressure directly against a known weak point in many security programs. Understanding why this is the case — and preparing for it now — can make quite a bit of difference down the road.

The FTC’s significant and growing role in data security and privacy protection does not arise from any direct national security and cyberintelligence aspect of IT, more properly within the scope of the Department of Homeland Security.

Instead, the FTC is concerned about the failure of commercial entities to make adequate disclosures or to properly address data breaches and privacy issues affecting consumers. The agency’s leverage stems from its legal obligation to investigate business fraud and similar offenses.

Creation of the new technology office will “ensure that consumers enjoy the benefits of technological progress without being placed at risk of deceptive and unfair practices,” said Jessica Rich, director of FTC’s Bureau of Consumer Protection.

The OTRI will provide expert research, investigative techniques for law enforcement, and further insights on technology issues involving all facets of the FTC’s consumer protection mission — including privacy, data security, connected cars, smart homes, algorithmic transparency, emerging payment methods, big data, and the Internet of Things.

The new office succeeds and will absorb operations of the existing Mobile Technology Unit, which was set up in 2011. Kristin Cohen, the current chief of the MTU, will lead the work of the OTRI.

“This is a natural evolution for the FTC. As technology gets more complex, and matters hinge on the use and misuse of technology, the FTC needs to be able to better judge whether organizations are doing the right thing,” said Lisa Sotto, a partner at
Hunton & Williams.

“Without a clear understanding of the technology that underpins the use of data, the FTC would not be able to carry out its mission effectively. Having more staff technologists will allow the FTC to better assess whether businesses are using technology in reasonable ways,” she told the E-Commerce Times.