I love it!
While Bert is trying to tell us that the current FCC is clueless about cyber
security and that networks of any G (Generation) are not the appropriate focus
for security, he completely missed who wrote this misinformed article...
None other than his hero Tom Wheeler, the former FCC Chairman who did Obama’s
bidding, trying to give the FCC the ability to regulate the Internet.
The reality is that Bert’s post is very informative and largely accurate. It is
not the role of the network to manage the security of the bits that it carries.
That is the role of the devices that are connected.
Obviously, it is not acceptable to allow a foreign actor to intercept
communications, and to alter the stream to create chaos. It is one thing to
cause networking gear to fail, which could cause chaos with improperly designed
product that rely on network connectivity. It s a much more sophisticated
problem to suggest that a foreign actor can intercept very high speed
communications that are probably encrypted, decrypt those bit, and replace them
with maligned bits that are encrypted in a manner that fools the receiving
device. As Bert suggests, why is this not happening with existing network
standards?
Far more relevant is the fact that the author - Chairman Wheeler. Is totally
clueless about the subject he is writing about. For example:
Our current wireless networks are fourth-generation, or 4G. It was 4G that
gave us the smartphone.
Last January, the brightest technical minds in the intelligence community,
working with the White House National Security Council (N.S.C.), warned of
the 5G cybersecurity threat. When the proposed solutions included security
through a federally-owned network backbone, the wireless industry screamed in
protest. The chairman of the Trump F.C.C. quickly echoed the industry line
that “the market, not government, is best positioned to drive innovation and
leadership.” Government ownership may not be practicable, but the concerns in
the N.S.C. report have been dismissed too readily.
On Jan 21, 2019, at 8:33 PM, Manfredi (US), Albert E
<albert.e.manfredi@xxxxxxxxxx> wrote:
Monty Solomon posted:
If 5G Is So Important, Why Isn't It Secure?https://www.nytimes.com/2019/01/21/opinion/5g-cybersecurity-china.html
Sorry, but this article only serves to feed the ignorance of the hopelessly
clueless, such as our current FCC Chairman, and the confused popular press.
You know, those who can't tell the difference between an ISP and a web site,
or other user of the telecom service. This is that same sort of cluelessness.
That's not how security works, in short.
The networks, including the cellular wireless networks, only have the
responsibility to secure themselves. Meaning, their routing tables, their
node management access, access to their edge nodes, and their infrastructure
in general. But articles like this one have to educate. The end-to-end
security of network applications, such as autonomous vehicle communications,
your phone conversations, or even your bank account, CANNOT be left up to the
network middleman. It should be very obvious why.
If you want to talk securely with Aunt Sally, the security protocol has to be
installed your telephone instrument and that of Aunt Sally. Or, if you want
to do your banking online, the security protocol belongs in your PC, or
smartphone, and in the bank's servers. Otherwise, (1) anyone, within the
telcos between you and Aunt Sally, or you and your bank, can tap into your
conversation, and even more importantly perhaps, (2) even if the telco were
perfectly secured, there's always that connection between the telco's edge
access points and your two phones, or your PC and the bank's servers. Anyone
can eavesdrop in those segments of the end to end path. So, security always
has to be end-to-end.
And surely, we all know that (except the FCC Chairman, of course). We all
know that in HTTPS sessions, we get that locked symbol right on our browser.
We don't entrust Verizon with that job. And more, we don't differentiate
whether "the network" is 4G, 5G, FiOS, DOCSIS, DSL, Verizon, AT&T, or Charter.
For autonomous vehicles, same thing. You can't allow intrusion into your
vehicle's controls, or spoofing of comms from other vehicles. Protection has
to be from your own vehicle's internal network all the way to the other
vehicles' internal networks, or to the network of road sensors. In other
words, the user applications have to be secured, not just the 5G, or any
other network nodes, between the end points.
"If 5G is so important, why isn't 'it' secure," the article asks. What's this
vague "it"? What makes "5G" any different from what we've had since day 1?
You really expect Cox or Verizon to be responsible for the absolute secrecy
of your phone conversations, your bank transactions, or your autonomous
driving? If so, think again. Harder, this time.
Bert
----------------------------------------------------------------------
You can UNSUBSCRIBE from the OpenDTV list in two ways:
- Using the UNSUBSCRIBE command in your user configuration settings at
FreeLists.org
- By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word
unsubscribe in the subject line.