On Fri, 4 Aug 2000, Mahadevan Iyer wrote:
At first glance, it seems sheer idiocy to use an open network like the
Internet to control critical matter-of-life-and-death public
infrastructure like power systems. What do you think?
I believe:
* Engineers will build any possible feature into a
product, install back doors, and not adequately
test their code. Of course complexity (IPsec,
policies, etc.) will probably not make adequate
testing possible.
* Marketing to demand all kinds of crazy features
and convince the public at large they need them.
* Lawyers to write liability limitations and
unintelligible wording into warrantee and
purchase contracts.
* Consumers and providers to not properly configure
devices and maintain them.
* Congress (USA) to pass liability limiting laws.
* Crackers to find holes and post cracking scripts.
Today we have remote control (not over the Internet, AFAIK) of alarm
systems and HVAC systems. The Internet provides a far greater reach and a
more cost effective model of managing these and other systems. So, I
believe these and many other systems will eventually find themselves
connected to the Internet. Additionally, there have been several articles
in the popular press in the past few years of the advertising community
salivating at the idea of displaying advertisements on home appliances
via the Internet -- imagine the "free Internet" equivalent of a "free
dishwasher."
Or do you think, it is possible to build ultra-reliable secure
real-time communication channels in the Internet? Maybe..
No I do not believe so, but not so much for technological reasons; rather
for the reasons I previously listed.
On Thu, 3 Aug 2000, Dennis Glatting wrote:
On Thu, 3 Aug 2000, Keith Moore wrote:
[snip]
burning IP addresses into devices is a good way to give vendors the
ability to control those devices, monitor their usage, and to lock
their customers in to particular services. not my idea of a desirable
state.
It might also be a good way for script kiddies to efficiently scan the
Internet looking for a particular manufacturer's device to exploit a
discovered security flaw, such as turning off a stove's gas pilot and
turning on all burners. If that doesn't sound realistic, how about a
cracker inside a manufacturer's systems doing the same; or how about a
terrorist?
It is reasonable to assume that HVAC systems will someday soon be
controlled over the Internet by a maintenance firm (video surveillance
systems already are controlled and monitored over the Internet). It may
become possible, for example, to raise building temperatures across the
lower Manhattan area and shut down most financial centers, at least for a
short while.