Mind the Trust Gap !
across organizations . This makes it very hard for businesses to use data that comes from the outside in any serious process since it essentially requires blind faith that the sender of that data followed an adequate process when creating and handling it . Such blind faith is understandably rare , and this is one place where trust gaps are found in supply chains .
Traditional security products and techniques rooted in Internet and IT don ’ t really help since they too are very silo-oriented , protecting one organization ’ s data inside that one organization ’ s network . Advanced or ‘ unbreakable ’ cryptography will not solve the problem since this technology does not address the business problems . For example , no matter how strong a digital signature may be , there can always be doubts over the quality of the input , the processes behind the creation of the signature ( e . g . the authorization to sign in a given role ) or the management and administration of the private keys behind the curtain .
This can be stated in short as : “ your security is not my security ”. This can be overcome with paper agreements and audits , but this approach is typically slow , expensive and static which means information tends to flow far less widely or quickly than is needed to achieve business objectives .
Many security and trust standards and best practices exist , but invariably they only focus on one of the key dimensions of trustworthiness : security , safety , privacy , reliability , resilience . These characteristics need to be considered holistically but often are siloed . Tradeoffs are always required based on business goals and considerations , but it is too easy to go deep into one dimension while ignoring the others . This is apparent in standards that are only very narrowly applicable or impractical to deploy at scale .
In cyber physical systems such as digital twins where virtual actions can lead to real-world consequences it is necessary to consider all of the dimensions of trustworthiness holistically . It is vitally important for system operators to be able to make tradeoffs appropriate to their needs , and for the system stakeholders to know what choices were made when they decide how much trust to put in the digital twin . It is not just making the tradeoffs that matters , but also communicating them to a relying party so that party can decide whether the decision is appropriate to their needs . The trust vector approach provides a uniform approach for handling the trustworthiness characteristics in a holistic manner .
Manual assurance and audit processes tend to follow the model of “ trust but verify ”. This is not only slow and expensive but also leaves long windows of potential vulnerability . Security audits go stale within days , site visits offer only a snapshot of operating capability , and yield numbers tend to be released too late to be useful . This means risk decisions are made on the basis of
Journal of Innovation 65