Mind the Trust Gap !
• Provide mechanisms to share information about the data ( metadata ).
Once data is flowing and its provenance is known , it is necessary to trust it before using it for decision making . By continuously collecting trustworthy data from all around the system and feeding it into the right engine at the right time it is possible to create and use assurance cases more quickly , more accurately , and with smaller windows of damage when an attack or exception occurs . This is the point at which connectivity turns to a true security advantage : rather than seeing it as increasing the attack surface it should be seen as increasing the knowledge surface .
Enabling trustworthiness is the subject of trust vectors discussed later in this paper .
Once trustworthy data with known provenance is available it is possible to determine how to make decisions . Once the components of the digital twin system are able to communicate and make high quality decisions based on up-to-the-minute information it is possible to make the final transformative change : dynamic assurance cases . This entails changing the expression of an assurance case from a static rule (“ the light must turn green before the robot can proceed ”) into an outcome-based intent (“ no worker should ever be hit by an autonomous mobile robot ( AMR )”). By enabling all components of the digital twin to use all the rich situational data from the whole system , even unforeseen threats and pathological situations can be successfully dealt with .
These steps are relatively simple , but there are a couple of practical problems to adoption : they demand cross-border sharing of data between supply chain partners which might have jurisdictional implications and using that data in critical ( preferably automated ) decision-making .
Moving data between organizations has long been a challenge in digital systems . Most of the historic effort in cyber security has gone into keeping data inside organizational walls and outside users and systems out . This is contrary to modern business where data has to flow across organizational boundaries and much of the perceived benefit of connection and digital transformation relies on the ability to use ‘ external ’ data in automated systems .
Unfortunately the vast majority of relevant compliance standards today focus on processes and operations and assume that all compliance of consequence is within the single organization . They do not take into account the need for cross-organization data sharing and communication to the degree needed . Thus compliance requirements are not easily transferrable across corporate boundaries , especially due to managing training , escalation procedures , and exception handling
64 July 2022