hazard has been stopped and the system status is back to normal , the correct operations to prevent this hazard in the future must be documented as well .
Most threats to a system are well-known and should be already documented during the design phase . But in the world of cyber-attacks , in particular , new attack methods often appear , and new crime variants become popular . An example is ransomware . It was hardly used before 2005 [ Wikipedia Ref ] and has since expanded into different variants of crime : Originally after paying the ransom , the blocked information was “ returned ” by supplying a decryption key . Today , there is also the threat that the locked business information could be sold to competitors or just delivered to the public if the ransom is not paid . Again , such new threats need also to be identified , documented , and addressed with effective Trustworthiness Methods .
The expansion of the well-known IT / OT model to four areas – Traditional IT , Operational IT , Digital OT , and Physical OT will help reduce the gap in thinking and implementing between the IT and OT world of an Industry IoT system . Trustworthiness Methods can be better assigned to these four areas rather than just to IT and OT ; many of them will either overlap Traditional IT and Operational IT , Operational IT and Digital OT , and finally Digital and Physical OT .
This article also introduces the System Peril Model : In the past , only threats were seen as challenges to a trustworthy system . But now we strictly separate between threats and hazards and the results with attacks and accidents . Moreover , trustworthiness characteristics are clearly assigned to these perils : Security to threats and attacks , Safety , Reliability , Resilience and Privacy to hazards and accidents .
[ 1 ] Marcellus Buchheit : Trustworthiness in Industrial System Design , Industry IoT Consortium , Journal of Innovation , Fall 2018
[ 2 ] Marcellus Buchheit , Frederick Hirsch , Sven Schrecker : A Short Introduction into Trustworthiness , Fall 2018
The views expressed in the IIC Journal of Innovation are the author ’ s views and do not necessarily represent the views of their respective employers nor those of the Industry IoT Consortium ®.
Journal of Innovation 15