Trustworthiness for Cyber-Physical Systems
Trustworthiness, and confidence in that trustworthiness, are essential aspects of cyber-physical systems. Inattention to trustworthiness can lead to loss of human life, long-term environmental impacts, interruption of critical infrastructure, or other dire consequences such as disclosure of sensitive data, destruction of equipment, economic loss, and reputation damage. These risks and negative consequences intensify with increasingly networked and connected industries. With this understanding, the Industrial Internet Consortium (IIC) recently published the IIoT Trustworthiness Framework Foundations paper. This foundational document explains the key concepts and benefits of trustworthiness in context, relating it to the real-world supply chain and offering model approaches.
In many modern industrial systems, multiple parties and systems interact automatically with minimal knowledge of each other while system functions may be hidden from users. Suppliers and service providers each have their own standards. Globally connected systems are subject to local rules and politics. Many systems have the potential for dangerous, expensive failure.
For these reasons industrial Internet systems require trustworthiness at every phase of design, operations, and management. The IIoT Trustworthiness Framework Foundations document defines trustworthiness as a combination of security, safety, reliability, resilience, and privacy and the tradeoffs made among them in the face of environmental disturbances, human errors, system faults, and attacks. Ultimately, trustworthiness depends on the strategic intent and motivation of an organization, particularly its top management, to create and operate systems that inspire trust by partners, customers, and other stakeholders, including the community.
The Foundations document targets owners, operators, system integrators, business decision makers, architects, engineers, buyers, and any stakeholder with interest in the security, safety, reliability, resilience, and privacy of cyber-physical systems.
Here are some of the key elements of trust and trustworthiness, and the important factors and considerations needed to achieve them, outlined in the document:
- The importance of context, in which critical factors of trustworthiness differ depending upon a particular system
- The interconnection between organizations and trustworthy operations, including the dependence of a system on the trustworthiness of the organizations responsible for it
- Approaches for organizations to increase trustworthiness over time
- Interactions between systems that can affect trustworthiness
- The assurance and evidence that trust is flowing from supplier to consumer
- How trustworthiness status can change under both correct and incorrect operation of a system
- The importance of software to trustworthiness in modern systems
- A sample framework for active management of trustworthiness between the different actors (for example executive and operations or operational user and component builders); this illustrates possible methods of evaluating and rating the trustworthiness of parties, accumulating, and using digital evidence, and creating a management system for enabling interaction
- Examples of trustworthiness from the automotive industry, supply chain, software, battery manufacturers and more
- Principles for trustworthiness in theory and practice.
This document is a work product of the Industrial Internet Consortium Trustworthiness Task Group, which I am co-chairing with Frederick Hirsch (Upham Security) and Robert A. Martin (MITRE), all of whom served as editors and content contributors to the paper. Additional content contributions were made by Dr. Vincent Bemmel (Corlina), Antonio J Espinosa (Corlina), Bassam Zarkout (IGnPower), Charles F. Hart (Hitachi), Mitch Tseng (Tseng InfoServ).
For an engaging conversation on all the above topics from the authors themselves, we invite you to join us to a live event held by the IIC on 1 and 2 September. The stakes could not be higher, so knowing which systems we can trust should not be left to guesswork.