[Chapter-delegates] About Internet Everywhere (was On visual identity of FB pages)

Marcin Cieslak saper at saper.info
Fri Nov 25 12:51:29 PST 2011 

> On 11/25/2011 10:00 AM, David Solomonoff wrote:
> I've wanted ISOC-NY to address this in terms of net-connected medical 
> equipment for some time. I spoke to the Software Freedom Law Center who 
> have been doing work on this as well as the head of the Occupation Therapy 
> student group here at the State University of New York Downstate Medical 
> Center. I need to follow up on this and make a date.

On Fri, 25 Nov 2011, Thomas Lowenhaupt wrote:

> Google's work on automated auto controls is another area where a ubiquitous 
> protocol causes concern. And similarly in aviation: Did I read about an 
> airline that inadvertently tied its on-board entertainment system into the 
> control system?
>
> Perhaps an area on the new ISOC website: Explorations Into Inappropriate Uses 
> for TCP/IP

Gentlemen,

thank you for this discussion; this is a very interesting subject,
and I love to see how potentially nasty discussion about Facebook
evolved into this!

A paper recently submitted by ISOC to BEREC (European federation of
telecom regulation bodies) [1] distinguishes between "IP based
services" vs. "Internet services", by defining the former as 
"services that are built using the Internet Protocol, but that
operate within a restricted set of networks, or only one network."

This not a walled garden in a sense of Facebook, but it reminds
me of all sorts of utility networks (like smart energy grids,
toll collecting systems etc.) that will be using IP today, but are 
not intended to be connected to "The Internet".

Unfortunately, as I tend to notice recently, that even those 
IP-based networks are becoming part of "The Internet" infrastructure
anyway. This happens because of economic infeasibility to
build and maintain completely separate networks starting at the
level of dark fiber and building a whole infrastructure up.
Services got virtualized, put onto VPNs or MPLS plane. Due
to layered structure of service provider offerings portions 
of traffic, even if not intended by the original
customer, will be carried over or along with the public 
Internet.

Another point of entry are tendencies to install
firewalls and allowing VPN access for provisioning
and management.

The discussion whether to put something "on IP" is more
about whether a packet network with all its unpredictability 
is suitable for the application or not; this is visible
for example in discussion on backhaul networks for mobile 
operators (see article [2] in the recent "IP Journal").
Looking at automotive example - critical functions
like ABS or airbag are sharing the same communication
infrastructure on the Controller Area Network (CAN) with
infotainment systems, fortunately sometimes separated on 
separate busses with different speeds - and this
is already happening since the early 1990s.

We have to prepare ourselves for the prevasive network,
which partially already exists. Lessons learned from 
Stuxnet case and SCADA installations is that perimeter
security model needs to be re-evaluated.

Sometimes when I think of the meaning of the sentence
"to put something online" I often conclude that 
even photos stored on my old non-smartphonic Nokia
are on the Internet already. This phone is reachable
via the GPRS IP-in-IP network as well as various GSM
(like SIM update) protocols; those networks are 
gatewayed one way or the other with The Internet,
and I'm sure that even such an innocent device gets
its own IP address, even if from within RFC1918 range.
So are my photos on the Internet or not? I think
they are, since I am pretty certain a determined
attacker would be able to bypass all those gateways
and achieve some kind of end-to-end (even if
store-and-forward only) connectivity to my 
seemingly innocent device.

The abovementioned net neutrality paper quotes
a BEREC statement:

> The coexistence of Internet access service
> and specialized services and the way that
> network capacity (with consequences on
> users’ connectivity) is shared between
> them should also be itself the subject of
> transparency.

This comes out of concern that not-neutral,
prioritized IP-based services may jeopardize
universal offering of The Internet; interestingly
reverse concern can be heard when talking about
security aspects of those walled gardens. 
And I believe that those two kinds of offerings
("IP-based services" and "The Internet") will
converge in the future with purveyors of network
neutrality rejoicing and security and privacy
experts even more concerned.

A very interesting evolution indeed.

-- 
Marcin

[1] http://www.isoc.org/internet/issues/docs/netneutrality_201110.pdf
[2] http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_14-3/143_backhaul.html

More information about the Chapter-delegates mailing list