Internet use is ubiquitous in the age of IoT. The role of and access to the Internet in our lives is top of mind. Tyson Macaulay shares some thoughts given the recent government ruling around net neutrality.
Q: The government’s recent ruling on net neutrality affirms that broadband Internet should be treated as a utility, not a luxury. What does this mean for the regulations that will be put on web users and access to online content?
The intent is that large media players and service providers cannot buy a competitive advantage from large carriers by having their traffic routed through faster paths and thereby delivering better experiences for their customers. The intent is that users will get comparable services from large and small providers alike through a “level playing field,” which is what net neutrality means. For providers of services, they will need to compete in other ways, such as content and marketing and customer services unrelated to network performance.
Q: How does this ruling impact or change the services that cable and broadband providers can provide?
The ruling means that service providers are no longer allowed to provision their networks as they see fit, or to maximize performance or assurance without regulatory appeal by any other service providers that feel disadvantaged. It also means that premium content providers cannot buy privileged access to the network as part of a competitive strategy. The driving argument behind the ruling is that a “neutral” Internet will allow smaller vendors without similar resources to be able to compete effectively against larger competitors from a performance perspective.
Q: In your opinion, what does treating the Internet like a utility, similar to water and power, mean for network security?
In my opinion, the ruling is short-sighted and very much founded on older internet use-cases, neglecting the most important use-cases of the future: IoT (Internet of Things). The IoT will manage many safety-critical functions through remotely managed, semi-automated, and cloud-assisted endpoint devices. IoT devices will support critical systems such as energy, transportation, home safety, personal health monitoring, and much more. Many of these systems will be developed and planned for use across the Internet, as developing separate private networks and dedicated bandwidth will not be possible due to costs and complexity. These will be critical services. For some of them, lives will literally be on the line. Soon enough, customers and IoT service providers will begin asking service providers to prioritize some IoT network flows and packets over other generalized Internet traffic. Is network traffic from your aged mother’s in-home health monitoring platform more important than first-person-shooter-game traffic from the teenager nextdoor? Not according to net neutrality. But net neutrality was not conceived with the IoT in mind: it just happened to finally get implemented as the IoT is starting to take flight. Bad timing.
Q: Have you received any direct feedback from broadband providers on the push for net neutrality? Does it open up different types of business models and services for the industry and security’s role within these services?
I have had plenty of discussion with carriers about why net neutrality is inappropriate, based merely on contemporary use-cases and rationale. IoT service opportunities are just emerging for carriers and service providers, and they recognize that net neutrality is encumbering them at a critical time in their evolution.
Q: Do you see network security becoming the next ‘utility’?
“Utility” or “Commodity”? Net neutrality seems to think networks should be forced to take the form of a commodity. (Utilities can and do have different qualities and metrics from place to place.) A commodity network will be bad for everyone in the IoT market. It will make the IoT LESS secure. It will deny carriers and service providers an important business opportunity (security) which would allow them to add value and differentiate their networks. It will also increase the risks in the IoT as well as the costs of trying to provide and manage an IoT service with any safety-critical elements; possibly to the point of making the service nonviable if the network is commoditized to the point that it cannot take up the security load.
All these points are also documented in my new book: RIoT Control.