“Huh, why hasn’t this burnt down the house yet?”
That’s not a question that you want to find running through your mind on a chilly fall morning. But, it what crossed my mind as I retrieved my light toasted honey oatmeal bread from the cheap toaster on the counter.
I then took the next two minutes to clean the crumb tray and then upend the toaster over the compost to get the rest of the debris out of the toaster.
As I emptied the toaster, I was shocked at the approximate three loaves worth of crumbs buried in the nooks and crannies of the appliance. How did the bread guides—the little cage in the slots for the toast—still even slide down?!?
Then my brain starting noodling on the concept of toaster maintenance.
Shocking Discovery
Growing up, toast was a breakfast staple. My parents provided the requisite guidance at an early age, “Don’t stick a knife in the toaster to get the toast out or you could get electrocuted.”
Electrocuted, not shocked. Parenting was different in the seventies and eighties.
That warning burnt into my brain, I continued to add toast to my complete breakfast each day. I was a curious kid and always tried to figure out how things worked in the world.
As is the junior engineer’s habit, my explanation for how the toaster worked was far more complicated than necessary.
In my mind, the dial on the front was wired to a sensor inside of the toaster. That sensor would constantly monitor the toast and when it had reached a standardized 4, the toast would pop.
Somewhere, with great thought, a standards committee had determined what level of toasting each number represented and all toasters implemented this approach. Toasting was solved.
Conveniently, my innocence simply removed bagels from the equation.
I remember when I finally learned that the dial system was far simpler than I ever imagine. For most cheap toaster, a simple capacitor is tied to the dial (or slider if you’re fancy). Once charged to a specific voltage, the capacitor turns off the heating elements and triggers the spring to pop the toast.
Simple. Reliable. Good engineering and the reason most of us will own one, may two $20 toasters over the course of our lives.
The only time I’ve been more surprised by a toaster was when I discovered the crumb tray.
Too Reliable
Toasters may so reliable that they are borderline dangerous. Have you ever read the instructions for a toaster?
No. Of course not. Why would you?
Toast in, set the dial, push down the lever. Wait.
Why would you need instructions or a manual? It turns out the manual contains a number of safety warnings. Most so obvious that they must be the result of lawsuit and are now provided to simple remove any liability.
The maintenance instructions however, are actually important. And, I would venture a guess that 99.999% of all toaster users have no idea they exist.
Of these maintenance items, the most important is this:
WARNING: Empty the Crumb Tray frequently. Crumbs will accumulate in the Crumb Tray and could catch fire if not emptied periodically
The problem is that failing to empty the crumb tray has almost no immediate consequences. It doesn’t even have short or medium term consequences. You can ignore the crumb tray for years before there’s an issue.
Most people consider the biggest risk of using a toaster to be burnt toast. For those of us brought up under the constant threat of nuclear war, quicksand, and train tracks, electrocution probably makes the list.
The real issue? A desert of crumbs representing all of the grains of the world. A desert slowly growing in size to the point where it simply cannot be contained by this simple metal cage and bursts into flames as it leaps for freedom.
After years of ignoring the unknown crumb tray, the threat scales well beyond the perceived risk of using the toaster.
A Cybersecurity Paradox
This may seem to be a rant against toaster technology, it’s not. My latest experience with crumb tray raised an important question, “Can something be built too well?”
A tool with no operational requirement is the dream. In pursuit of that dream, we continue to reduce the operational impact of those tools.
For cybersecurity, we’re in the early days and any reduction in the operational impact—frankly, burden at this point—is welcome. Toasters are on the opposite end of the spectrum nearing the zero operational requirement.
The issue is that there are still operational requirements for toaster. You have to clean that crumb tray out every couple of years. If you don’t, the risk of a fire continues to increase with every breakfast.
Based on this, the curve of operational risk should look something like this 👇
Risk drops a bit slower than the operational efforts required to maintain the tool. There are still maintenance tasks to be done and mistakes can, and will be made.
However, as you get more familiar with the required maintenance, it becomes easier. More routine. Less error prone. Things are running smoothly. You’re used to this tool and what is needed to get the most of it.
But, you can get too comfortable. The toaster is a prime example of this. When operational burden is near zero, the risk actual spikes. It’s more risky. Why? Maintenance only happens occasionally. That gap between maintenance activities is similar to when the tool is first being adopted. Mistakes will be made.
If you can remove the last bit of maintenance, than the risk is also removed. It’s an unexpected pattern, but a critical one.
To be clear, the goal of tooling—physical or cybersecurity—should be to remove any operational impact. You want to use a tool when needed and not worry about it until that time.
Right now, for most things in the digital world, you need to evaluate the operational burden against the potential upside. Does this tool solve more problems than it creates?
When evaluating a tool in the physical world, we usually ask, “Does this make my life easier?”
I would love for our digital tools to have the toaster problem. They usually don’t. Someday, we’ll get there and be happy to tackle the problem.