Trustworthiness and the Permeation of Trust in IIoT Systems
25/09/2018 Marcellus Buchheit
In 2016, the Industrial Internet Consortium gained agreement upon an understanding of the term “trustworthiness” and its effect on design and operation of an industrial system. At the core of that understanding was a definition of trustworthiness and the designation of five characteristics that define trustworthiness.
As defined by the IIC in its recently released Industrial Internet of Things Vocabulary v2.1 document: “Trustworthiness is the degree of confidence one has that the system performs as expected. Characteristics include safety, security, privacy, reliability and resilience in the face of environmental disturbances, human errors, system faults and attacks.”
Let’s take a deeper look at the 5 foundational characteristics at the core of trustworthiness:
Safety ensures that a system operates without causing unacceptable risk of physical injury or damage to the health of people. This protection of humans is focused either directly or indirectly, as the result of damage to property or to the environment.
Security protects a system from unintended or unauthorized access, change or destruction while Information Technology (IT) security ensures availability, integrity and confidentiality (AIC model) of data at rest, in motion or in use.
Reliability describes the ability of a system or component to perform its required functions under stated conditions for a specified period of time.
Resilience describes the ability of a system or component to prevent or at least reduce any serious impact of a disruption while maintaining an acceptable level of service.
Privacy protects the right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
Achieving trustworthiness in industrial IoT systems requires recognition that a complex IoT system is comprised of subsystems and the integral components of the subsystems. The trustworthiness of the overall system depends upon the trustworthiness of each of the subsystems and each of the components, how they are integrated, and how they interact with each other. Trustworthiness must be pervasive in IoT systems, which means there must be trustworthiness by design and a means to achieve assurance that the trustworthiness aspects have been addressed properly. Permeation of trust is the flow of trust within a system from its overall usage down to its smallest components and requires trustworthiness of all aspects of the system. Trustworthiness requires ongoing effort over time as systems and circumstances change.
As such, the IIC Trustworthiness Task Group, in close cooperation with the IIC Security Working Group, is tasked to frequently enhance and redefine the definition and role of trustworthiness in industrial systems as the IIoT continues to evolve. Ultimately, their goal is to moves system designers from traditional safety thought processes into a new paradigm for system design that takes into consideration all 5 of the trustworthiness characteristics and their interactions within the system.
Co-founder of WIBU-SYSTEMS AG, President and CEO of WIBU-SYSTEMS USA
Marcellus Buchheit is co-founder and Chairman of the Board of WIBU-SYSTEMS AG in Karlsruhe, Germany. He currently serves as the President and CEO of Wibu-Systems USA Inc., located in Edmonds, WA where he resides.
Marcellus earned his Master of Science degree in computing science at the University of Karlsruhe, Germany in 1989. In the same year, he co-founded Wibu-Systems together with Oliver Winzenried. As the original architect and first software developer of the company’s successful WibuKey, CodeMeter, and SmartShelter product lines, he is well known in his field for his expertise in designing innovative techniques to protect software against reverse-engineering, tampering, and debugging. The products he designed have never been cracked by hackers in multiple public global contests.