548,514 active members*
1,975 visitors online*
Register for free
Login Register
WIBU-SYSTEMS Blog

Perfection in Protection, Licensing, and Security

Trustworthiness for Cyber-Physical Systems

July 2021
28
Author: Wibu-Systems
Company: WIBU-SYSTEMS AG
Trustworthiness for Cyber-Physical Systems

Trustworthiness, and confidence in that trustworthiness, are essential aspects of cyber-physical systems. Inattention to trustworthiness can lead to loss of human life, long-term environmental impacts, interruption of critical infrastructure, or other dire consequences such as disclosure of sensitive data, destruction of equipment, economic loss, and reputation damage. These risks and negative consequences intensify with increasingly networked and connected industries. With this understanding, the Industrial Internet Consortium (IIC) recently published the IIoT Trustworthiness Framework Foundations paper. This foundational document explains the key concepts and benefits of trustworthiness in context, relating it to the real-world supply chain and offering model approaches.

In many modern industrial systems, multiple parties and systems interact automatically with minimal knowledge of each other while system functions may be hidden from users. Suppliers and service providers each have their own standards. Globally connected systems are subject to local rules and politics. Many systems have the potential for dangerous, expensive failure.

For these reasons industrial Internet systems require trustworthiness at every phase of design, operations, and management. The IIoT Trustworthiness Framework Foundations document defines trustworthiness as a combination of security, safety, reliability, resilience, and privacy and the tradeoffs made among them in the face of environmental disturbances, human errors, system faults, and attacks. Ultimately, trustworthiness depends on the strategic intent and motivation of an organization, particularly its top management, to create and operate systems that inspire trust by partners, customers, and other stakeholders, including the community.

The Foundations document targets owners, operators, system integrators, business decision makers, architects, engineers, buyers, and any stakeholder with interest in the security, safety, reliability, resilience, and privacy of cyber-physical systems.

Here are some of the key elements of trust and trustworthiness, and the important factors and considerations needed to achieve them, outlined in the document:

  • The importance of context, in which critical factors of trustworthiness differ depending upon a particular system
  • The interconnection between organizations and trustworthy operations, including the dependence of a system on the trustworthiness of the organizations responsible for it
  • Approaches for organizations to increase trustworthiness over time
  • Interactions between systems that can affect trustworthiness
  • The assurance and evidence that trust is flowing from supplier to consumer
  • How trustworthiness status can change under both correct and incorrect operation of a system
  • The importance of software to trustworthiness in modern systems
  • A sample framework for active management of trustworthiness between the different actors (for example executive and operations or operational user and component builders); this illustrates possible methods of evaluating and rating the trustworthiness of parties, accumulating, and using digital evidence, and creating a management system for enabling interaction
  • Examples of trustworthiness from the automotive industry, supply chain, software, battery manufacturers and more
  • Principles for trustworthiness in theory and practice.

This document is a work product of the Industrial Internet Consortium Trustworthiness Task Group, which I am co-chairing with Frederick Hirsch (Upham Security) and Robert A. Martin (MITRE), all of whom served as editors and content contributors to the paper. Additional content contributions were made by Dr. Vincent Bemmel (Corlina), Antonio J Espinosa (Corlina), Bassam Zarkout (IGnPower), Charles F. Hart (Hitachi), Mitch Tseng (Tseng InfoServ).

For an engaging conversation on all the above topics from the authors themselves, we invite you to join us to a live event held by the IIC on 1 and 2 September. The stakes could not be higher, so knowing which systems we can trust should not be left to guesswork.

0 comments

Blog Archiv

November 2021
October 2021
September 2021
August 2021
July 2021
June 2021
May 2021
April 2021
March 2021
February 2021
January 2021
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016