[opendtv] Re: If 5G Is So Important, Why Isn't It Secure?
- From: "Manfredi (US), Albert E" <albert.e.manfredi@xxxxxxxxxx>
- To: "opendtv@xxxxxxxxxxxxx" <opendtv@xxxxxxxxxxxxx>
- Date: Tue, 22 Jan 2019 01:33:49 +0000
Monty Solomon posted:
If 5G Is So Important, Why Isn't It Secure?
https://www.nytimes.com/2019/01/21/opinion/5g-cybersecurity-china.html
Sorry, but this article only serves to feed the ignorance of the hopelessly
clueless, such as our current FCC Chairman, and the confused popular press. You
know, those who can't tell the difference between an ISP and a web site, or
other user of the telecom service. This is that same sort of cluelessness.
That's not how security works, in short.
The networks, including the cellular wireless networks, only have the
responsibility to secure themselves. Meaning, their routing tables, their node
management access, access to their edge nodes, and their infrastructure in
general. But articles like this one have to educate. The end-to-end security of
network applications, such as autonomous vehicle communications, your phone
conversations, or even your bank account, CANNOT be left up to the network
middleman. It should be very obvious why.
If you want to talk securely with Aunt Sally, the security protocol has to be
installed your telephone instrument and that of Aunt Sally. Or, if you want to
do your banking online, the security protocol belongs in your PC, or
smartphone, and in the bank's servers. Otherwise, (1) anyone, within the telcos
between you and Aunt Sally, or you and your bank, can tap into your
conversation, and even more importantly perhaps, (2) even if the telco were
perfectly secured, there's always that connection between the telco's edge
access points and your two phones, or your PC and the bank's servers. Anyone
can eavesdrop in those segments of the end to end path. So, security always has
to be end-to-end.
And surely, we all know that (except the FCC Chairman, of course). We all know
that in HTTPS sessions, we get that locked symbol right on our browser. We
don't entrust Verizon with that job. And more, we don't differentiate whether
"the network" is 4G, 5G, FiOS, DOCSIS, DSL, Verizon, AT&T, or Charter.
For autonomous vehicles, same thing. You can't allow intrusion into your
vehicle's controls, or spoofing of comms from other vehicles. Protection has to
be from your own vehicle's internal network all the way to the other vehicles'
internal networks, or to the network of road sensors. In other words, the user
applications have to be secured, not just the 5G, or any other network nodes,
between the end points.
"If 5G is so important, why isn't 'it' secure," the article asks. What's this
vague "it"? What makes "5G" any different from what we've had since day 1? You
really expect Cox or Verizon to be responsible for the absolute secrecy of your
phone conversations, your bank transactions, or your autonomous driving? If so,
think again. Harder, this time.
Bert
----------------------------------------------------------------------
You can UNSUBSCRIBE from the OpenDTV list in two ways:
- Using the UNSUBSCRIBE command in your user configuration settings at
FreeLists.org
- By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word
unsubscribe in the subject line.
Other related posts: