Context Hazard Threat Result of an incident Accident Attack Cause of incident
Random or direct consequence of another accident
Intentional or direct consequence of another attack
Protecting Trustworthiness Methods
Reliability , Safety , Resilience or Privacy
Security
Table 4-1 : Terms and definitions of the peril model .
All IoT systems use software to control the flow of data . The reason that a software module does not work as expected is known as a Software Bug . In general , Software Bugs are design or implementation flaws ( in many cases a result of poor programming practices ) but assumed to be unintentional - no serious software designer or code will implement software bugs intentionally . And results of such bugs – crashing of code-executing software modules – are defined as accidents and not as attacks . That ’ s why in the context of trustworthiness , software bugs are hazards and not threats .
Another gray area is nature-caused incidents , e . g ., when a physical system is hit by a heavy windstorm , unusually hot weather , or an earthquake . Are such incidents caused by hazards or threats ? Human or autonomous robots do not intentionally start such incidents , and because they may lead to accidents , they generally are not seen as attacks to the system . That ’ s why in the context of trustworthiness nature-caused incidents are caused by hazards and not by threats .
The dictionaries generally define peril as “ great danger ” ( Collins ) or “ exposure to the risk of being injured , destroyed , or lost ” ( Merriam-Webster ) without defining any specific reason . This makes this word suitable to be used in the context of trustworthiness as an umbrella term for hazard and threats :
Any system incident is caused by one or more of its perils , which can either be a threat or a hazard .
So far , we have introduced the terms incident , hazard , accident , software bug , threat , attack , and peril . They all appear in visual relation in Figure 5-1 . Table 5-1 shows the definitions of these terms proposed by this article .
Journal of Innovation 11