In the Fall 2018 issue of the Industry IoT Consortium (IIC)’s Journal of Innovation, I published an article on Trustworthiness in Industrial System Design. The article introduced trustworthiness as an integral part of the design of industry IoT systems, and in particular, put forward the concept of Trustworthiness Methods as an important implementation technique and the Trustworthiness Systems Status for assigning trustworthinesss methods to keep the system in a specific status.
Perhaps not as dramatic as the recently released sequel to the popular American film Top Gun (Top Gun: Maverick), a sequel to the afore mentioned article appears in the July 2022 issue of the IIC Journal of Innovation. This new essay, titled Trustworthiness in Operating Industrial Systems, extends the trustworthiness concept to the actual operation of industry IoT Systems. This piece defines the key terms − incidents, hazards, accidents, software bugs, threats, attacks and perils − and discusses them in the context of the Trustworthy System Status Model and Trustworthiness Security Methods.
Here is a closer look at the key terms and their definitions:
- Incident: The event that a peril targets the system.
- Hazard: A peril which results in an accident if it targets the system. A hazard occurs randomly and may be visible or hidden.
- Software Bug: A hazard in the design or implementation of software.
- Threat: A peril which results in an attack if it targets the system. A threat occurs intentionally and is mostly visible but may be hidden in rare cases.
- Peril: A peril is either a hazard or a threat. All specific hazards and threats to a system is the Perils of the System
- Accident: The result of a hazard-caused incident. The system should be protected with a Trustworthiness Reliability, Safety, Resilience or Privacy Method.
- Attack: The result of a threat-caused incident. The system should be protected with a Trustworthiness Security Method.
In general, a system is protected against hazards with Trustworthiness Methods: If the process inside the system requires protection (preventing a disruption), they are Reliability Methods; if humans need to be protected from harm of a hazard, they are Safety Methods; If personal information needs protection, they are Privacy Methods; and if the system itself requires protection, they are Resilience Methods.
If such methods cannot defend successfully against a hazard-caused incident, the status of a normally running system leads to disruption. And if the hazard cannot be stopped in the status of the interrupted system, there is a risk of damage or even total loss of the system.
If you are involved with industrial IoT systems, I invite you read the full article and gain an in-depth understanding of the key issues in designing and operating trustworthy industry IoT systems, courtesy of IIC.
