Hello Jim, Jim Reid wrote:
On 11 Apr 2017, at 10:36, Victor Reijs <victor.reijs@heanet.ie> wrote:
I understand that they gave the technology to cut, but in many countries the cutting of utility services is just not allowed (even if the bill is not paid)...
That’s not the issue.
Smart meters make it possible for a utility company’s computers to switch off the power, irrespective of what the national law is. [Prevailing national law will be implementation detail in this context. Just provide the necessary configuration hooks in the IT systems.] Now maybe those computer systems will enforce safeguards to comply with prevailing national law or regulation. Maybe they won’t.
As we are talking in general about regulation, we are also taking about keep up to regulation. So if there is a law, there is a law... If we don't respect that rule (in society) lets not make rules. If a company still does it wrong: There will also the effect that people/law will objecting a lot: so there is a kind of 'self' (law) regulation (but that is the whole mechanism of [societal] rules). I know that the impact that that slow societal process can be (or is already) too late for some cases. But if people indeed don't obey rules, everything is possible (and that is what we try to overcome;-): even trucks running into pedestrian areas.
However the underlying concern is (or should be) smart meters introduce a new set of vulnerabilities that previously didn’t exist. There’s now a remote controlled kill switch that’s managed by some utility company's IT systems. If those IT systems misbehave or get compromised -- something that never, ever happens to any IT system, right? -- people are going to be literally frozen out or kept in the dark.
I see that as another aspect: any device will add new threads by definition, but I thought we were not talking about that. I thought we were talking about: if there is a thread, how do we park/isolate it. We have protocols, procedures, fuses (or in case of individual power generation: other type of 'NTE's). We might need proper Internet NTEs (edge devices: but who manages that... the ISP or the user...). Of course we also need to handle the aspects of vulnerabilities.
This is part of a bigger concern with IoT stuff more generally. What’s the fall-back for these devices and IT systems when they misbehave or when the interwebs break? Will Marco be able to have toast for breakfast when his Internet connection is down? That particular example doesn’t matter much -- sorry Marco -- but suppose the IoT failure affects a city’s street lighting or a hospital’s pharmacy.
Agree. And that is beside the ethical, non-existence of anonymity in the dataworld, etc. But that is not only related to IOT of course: that is due to deep analytics/search machines available (with [cloud] processing capacity). So there are many layers/areas in IOT: some are very known/old issues (hopefully can use existing solutions that can scale up); some are due to bad design (non/difficult/unmanageable upgradability); some are due to bad security design/procedures (bad userid/password management), etc. And of course there is the sheer amount of future/present IOT devices expected. I hope we can use some kind of layered/segmented approach... All the best, Victor -- Victor Reijs Network Development Manager and International Relations HEAnet CLG, Ireland’s National Education and Research Network 1st Floor, 5 George’s Dock, IFSC, Dublin D01 X8N7, Ireland +353 (0)1 6609040 victor.reijs@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 (w)