IIC Journal of Innovation 20th Edition Trustworthy July 2022, 20th Edition | Page 38

5 CONCLUSION

Achieving trustworthy operation requires an understanding of a system , the context in which it operates , and the potential losses and the hazards that can contribute to those losses . Designing and building a trustworthy system requires an understanding of system design , necessary constraints and requirements and use of principles to reduce complexity and enable resilience . Traditional risk analysis , systems theory analysis , and resilience management are all necessary . Using these together allows an organization to deal with hazard scenarios .

An organization can assess its resilience by using the Resilience Analysis Grid ⁴⁰ as well as using guidelines such as the Australian Radiation Protection and Nuclear Safety Agency ⁴¹ safety guidelines which explicitly mention resilience . Realizing that the concerns affecting safety and security are related to resilience and that governance , controls and operations matter in all instances , assessing the system using the IIC IoT Security Maturity Model ^{42 , 43} or with safety assessments can be useful . One of the goals of the IIC work in trustworthiness is to break down the siloes among the communities working with different trustworthiness characteristics , with an understanding of the commonality of the need to prevent losses by addressing the associated hazards .

Achieving resilience requires effective governance for the monitoring and anticipation , response , recovery , and learning phases of resilience . This requires leadership , management support and commitment , and a culture supporting trustworthiness . It also requires systems architecture , design and operations personnel to understand resilience principles , indicators , and actions . There is no silver bullet , but system design and resilience engineering can enhance risk management enabling safer and more trustworthy systems .

6 REFERENCES AND FURTHER READING

In addition to the specific resources quoted in the footnotes this paper also drew upon the following resources .

40

Erik . Hollnagel , “ RAG - The Resilience Analysis Grid ,” in Resilience Engineering in Practice : A Guidebook .

41

ARPANSA , “ Regulatory Guide - Holistic Safety - Sample Questions ( ARPANSA-GDE-1754WEB ).”

42

Sandy Carielli et al ., “ IoT SMM Practitioner ’ s Guide Version 1.2 ,” May 5 , 2020 , https :// www . iiconsortium . org / pdf / IoT _ SMM _ Practitioner _ Guide _ 2020-05-05 . pdf .

₄₃

The SMM offers many domains and practices directly applicable to resilience , such as the governance domain , monitoring and continuity practices , to give some examples . Learning and anticipation are accounted for in the Level 4 comprehensiveness levels . Although targeted at security there is thought about extending the SMM to trustworthiness in general , see Frederick Hirsch et al ., “ Extending the IIC IoT Security Maturity Model to Trustworthiness ,” IIC Journal of Innovation , 2018 , 16 , https :// www . iiconsortium . org / news / joi-articles / 2018-Sept-JoI-Extending-the-IIC-Security-Maturity- Model-to-Trustworthiness . pdf .

Journal of Innovation 33