[iot-discussion] What role does the SP play in protecting consumers re IoT?

Hello Jim,

Jim Reid wrote:
>
>> On 11 Apr 2017, at 10:36, Victor Reijs <victor.reijs at heanet.ie> wrote:
>>
>> I understand that they gave the technology to cut, but in many countries the cutting of utility services is just not allowed (even if the bill is not paid)...
>
> That’s not the issue.
>
> Smart meters make it possible for a utility company’s computers to switch off the power, irrespective of what the national law is. [Prevailing national law will be implementation detail in this context. Just provide the necessary configuration hooks in the IT systems.] Now maybe those computer systems will enforce safeguards to comply with prevailing national law or regulation. Maybe they won’t.

As we are talking in general about regulation, we are also taking about 
keep up to regulation. So if there is a law, there is a law...
If we don't respect that rule (in society) lets not make rules.

If a company still does it wrong: There will also the effect that 
people/law will objecting a lot: so there is a kind of 'self' (law) 
regulation (but that is the whole mechanism of [societal] rules). I know 
that the impact that that slow societal process can be (or is already) 
too late for some cases.

But if people indeed don't obey rules, everything is possible (and that 
is what we try to overcome;-): even trucks running into pedestrian areas.

> However the underlying concern is (or should be) smart meters introduce a new set of vulnerabilities that previously didn’t exist. There’s now a remote controlled kill switch that’s managed by some utility company's IT systems. If those IT systems misbehave or get compromised -- something that never, ever happens to any IT system, right? -- people are going to be literally frozen out or kept in the dark.

I see that as another aspect: any device will add new threads by 
definition, but I thought we were not talking about that.
I thought we were talking about: if there is a thread, how do we 
park/isolate it. We have protocols, procedures, fuses (or in case of 
individual power generation: other type of 'NTE's). We might need proper 
Internet NTEs (edge devices: but who manages that... the ISP or the 
user...).

Of course we also need to handle the aspects of vulnerabilities.

> This is part of a bigger concern with IoT stuff more generally. What’s the fall-back for these devices and IT systems when they misbehave or when the interwebs break? Will Marco be able to have toast for breakfast when his Internet connection is down? That particular example doesn’t matter much -- sorry Marco -- but suppose the IoT failure affects a city’s street lighting or a hospital’s pharmacy.

Agree. And that is beside the ethical, non-existence of anonymity in the 
dataworld, etc. But that is not only related to IOT of course: that is 
due to deep analytics/search machines available (with [cloud] processing 
capacity).

So there are many layers/areas in IOT: some are very known/old issues 
(hopefully can use existing solutions that can scale up); some are due 
to bad design (non/difficult/unmanageable upgradability); some are due 
to bad security design/procedures (bad userid/password management), etc. 
And of course there is the sheer amount of future/present IOT devices 
expected.

I hope we can use some kind of layered/segmented approach...

All the best,

Victor

-- 
Victor Reijs
Network Development Manager and International Relations
HEAnet CLG, Ireland’s National Education and Research Network
1st Floor, 5 George’s Dock, IFSC, Dublin D01 X8N7, Ireland
+353 (0)1 6609040   victor.reijs at heanet.ie  www.heanet.ie
Registered in Ireland, No. 275301.  CRA No. 20036270 (w)