What
is the network equivalent of an aircraft's black-box? Is there an
argument for governments pushing for more regulation on telco-side
data-retention?
As far as I know, telcos are not under any obligation to maintain full logs of the state/operation of their network elements, either hardware or software – or make them available for authorities to inspect. As networks become more virtualised and complex, with NFV, orchestration, AI-led automation of network policies, slicing and so on, what happens if something goes seriously wrong?
The industry is hoping that 5G and other networks will be used in safety-critical verticals, with "ultra-reliable" requirements, but that brings risks and responsibilities too.
That could mean authorities may need to do a diagnostic “post-mortem” if a network fails - or perhaps as a way to spot if the network is doing something it shouldn’t, such as discrimination in wholesale, or net neutrality violations.
Aviation has rigorous rules about flight data recorders (“black boxes”), and has an admirable record of learning lessons from catastrophe, and changing inspection and certification regimes, if needed. Air travel is a one-way ratchet, becoming ever-safer, because of this.
So, if a commercial 5G or FTTX network is being used for ultra-reliable uses (such as managing a power grid’s control, or a telemedicine app, or perhaps connected vehicles), is there a basis for countries having a “Network Accident Investigation Board” and better international cooperation? And would this not also imply a better way to store crucial background data is required? If a plane crashes, investigators can examine the physical wreckage, but this problem is much harder for software-controlled networks with no moving parts.
This is also an issue if a network gets compromised by hacking or a bug - who is responsible, how can it be fixed, and what prevents re-occurrence? And something similar applies for keeping records that may prove/disprove competition problems, eg did a virtualised network resource do something illegal, perhaps on a temporary basis? How could a complaint be investigated, or a prosecution brought?
The problems get multiplied massively if AI is involved, as any issues with underlying machine-learning algorithms are potentially a single point of failure, if that system is used widely (eg for coordinating 100’s or 1000’s of network-slices in an automated fashion).
Do regulators have the legal rights, obligation or ability to forensically analyse what’s gone wrong in such situations? Or the various cybersecurity agencies, or police forces?
One option might be to encrypt network configuration and operational logs, and keep them “in escrow” using blockchain to ensure anti-tamper properties, so that they could only be examined after a warrant or other legal instrument ordered decryption. There are likely numerous other technical approaches to consider as well.
In either case, as public networks become part of critical systems, this topic will only rise in importance. Policymakers should start thinking about it now - and the telecoms industry should face up to its responsibilities here, rather than push back without thinking. Do Boeing or Airbus complain about the need for data recorders?
As far as I know, telcos are not under any obligation to maintain full logs of the state/operation of their network elements, either hardware or software – or make them available for authorities to inspect. As networks become more virtualised and complex, with NFV, orchestration, AI-led automation of network policies, slicing and so on, what happens if something goes seriously wrong?
The industry is hoping that 5G and other networks will be used in safety-critical verticals, with "ultra-reliable" requirements, but that brings risks and responsibilities too.
That could mean authorities may need to do a diagnostic “post-mortem” if a network fails - or perhaps as a way to spot if the network is doing something it shouldn’t, such as discrimination in wholesale, or net neutrality violations.
Aviation has rigorous rules about flight data recorders (“black boxes”), and has an admirable record of learning lessons from catastrophe, and changing inspection and certification regimes, if needed. Air travel is a one-way ratchet, becoming ever-safer, because of this.
So, if a commercial 5G or FTTX network is being used for ultra-reliable uses (such as managing a power grid’s control, or a telemedicine app, or perhaps connected vehicles), is there a basis for countries having a “Network Accident Investigation Board” and better international cooperation? And would this not also imply a better way to store crucial background data is required? If a plane crashes, investigators can examine the physical wreckage, but this problem is much harder for software-controlled networks with no moving parts.
This is also an issue if a network gets compromised by hacking or a bug - who is responsible, how can it be fixed, and what prevents re-occurrence? And something similar applies for keeping records that may prove/disprove competition problems, eg did a virtualised network resource do something illegal, perhaps on a temporary basis? How could a complaint be investigated, or a prosecution brought?
The problems get multiplied massively if AI is involved, as any issues with underlying machine-learning algorithms are potentially a single point of failure, if that system is used widely (eg for coordinating 100’s or 1000’s of network-slices in an automated fashion).
Do regulators have the legal rights, obligation or ability to forensically analyse what’s gone wrong in such situations? Or the various cybersecurity agencies, or police forces?
One option might be to encrypt network configuration and operational logs, and keep them “in escrow” using blockchain to ensure anti-tamper properties, so that they could only be examined after a warrant or other legal instrument ordered decryption. There are likely numerous other technical approaches to consider as well.
In either case, as public networks become part of critical systems, this topic will only rise in importance. Policymakers should start thinking about it now - and the telecoms industry should face up to its responsibilities here, rather than push back without thinking. Do Boeing or Airbus complain about the need for data recorders?
1 comment:
I think this line of argument is just as applicable (and maybe more so) to the system endpoints than the network.
Post a Comment