Network Design with Pathway Connectivity Gateways & Adjacent Products

Hey there everyone,

So I apologise in advance for the possible wall of text I'm about to write out - I just wanted to lay out my current understanding of newer firmware Pathway gateways and pose some questions to see if my logistical concerns are unfounded or if I have a legitimate concern - and since ETC more or less recommends Pathway, I felt this could be a good conversation to have in the bigger picture of our work.

So, the background to this - I am referencing every bit of information from this video:

The basis of what I'm understanding is this security feature serves the purpose of: preventing your pathscape / lighting network as stated " ensure that you are not hacked, or snooped upon, or some malicious bad actor comes in and defaults all of your pathport configurations while you're not watching."

The reasoning for this addition as stated in the video as well is the following: "So this is new cyber-security laws that different states are implementing". In an email chain with Pathway they restated this being the reason and also implied that this will eventually be a nationwide legal requirement at some point in the future.

Before I start posing my questions/concerns, I'd like to address my understanding of the proprietary domain security system Pathway has integrated into their networking products in Pathscape v3.0 and in all new gateways running their newer firmware (believe it's v5.0).

All of your Pathport gateways when connected to network are defaulted to unsecured in Pathscape, disallowing you to edit any of the node properties. Essentially meaning, you can't actually edit your gateways.

Moving forward, you can assign them to a security domain name which thankfully at the very least, is stored on the device so in the event of hardware failure or a purchase of a new device you're not completely bricked. You then add all of your unsecured devices to the domain. It then gives you a recovery key which allows you to recover administrator and user passwords for the domain that you need to write down / save somewhere in the event this information is lost or forgotten.

If you lose this recovery key - you have to factory reset each device, as I understand it, locally.

So now all of these devices are "secured." However, this does not actually allow property editing. You login to the domain, and the devices come online and properties are read/write.

Here's the kicker though - sACn, Artnet, ETC Net2, Pathport Protocols are defined as "unsecured" protocols. So you have to enable unsecured protocols in order to actually use these lighting network protocols on your network.

...So this is a "workaround" for this as stated by Pathway. You can classify your devices outside of the security domain, factory defaulting them. Then you have to go to each pathport device and set them to local security so you can edit the device properties, but you can't access your devices over Pathscape.

So, here are my initial thoughts/questions:

1. Are these cyber-security laws that are supposedly applying to this technology actually a thing? Why is this seemingly unaffecting other lighting network manufacturers? Does ETC also do something similar I've just somehow missed it? Is ETC planning on implementing this in their Response Mk2 devices as a result of these laws?

2. I'm not saying that this is necessarily a huge deal - it's to me an extra convoluted step in network management. While I have in some instances seen show networks connected to the internet for very specific reasons - it's very, very rare - and there is a reason we do not do it and in practice barely anyone does it. I'm not sure I'm following the fear of malicious individuals snooping or altering my already "within-reason" secured network. It just doesn't compute with me.

3. In a perfect world, networks and devices run smoothly, and if there's any problems, usually a network administrator is around to solve it within a day. However, in the instance of show environments - I find this to be a very unhealthy, unproductive and counter-intuitive. Not everyone who designs these systems for events are necessarily going to be on site or reachable within the required timeframe. I'm witnessing this equipment going out on a show and something failing during or right before show-start and the on-site staff not being able to access it via Pathscape because they do not have user login credentials or for some reason they're set to local security and can't be reached on a truss 50' in the air.

I guess my point is - I grew up with John Huntington's way of thinking with systems design - and that's simplicity and the avoidance of unnecessary complexity so this just doesn't pass the smell test for me. That being said, if Pathway is doing this because of legal requirements, then how much longer before ETC and the rest of the node manufacturers follow suit and this is something I just need to get over and learn to live with? 

...or are my concerns valid and this just seems like fixing a problem that doesn't exist?

Please let me know what all of you think,