Mind the Trust Gap !
information that is sparsely detailed and potentially months out of date . Taking a digital zero trust approach can address all of these problems by enabling businesses to continuously verify evidence first , then trust , and do this for every decision taken .
When it comes to building systems the number one core principle of zero trust is to “ assume breach ”. This means accepting the reality that nothing is 100 % secure and sooner or later an attack will get through . Nothing is 100 % reliable and sooner or later it will break down and need maintenance to return to reliable operation .
A zero trust approach does not mean that there is no trust . Instead , it aims to increase trust in the system by driving down toward zero all the assumptions , shortcuts , and blind spots that come with traditional network security approaches and manual verification . This is why it is so important to enable the flow of data between components and attach provenance information to all those data flows .
The zero trust approach enables decisions to be made with up-to-the-minute information and in novel situations : in other words , contextual trustworthiness . But in order to be make these decisions correctly it is important for all components to have a common understanding of what the data means . We need an interoperable language for trustworthiness information and the new trust vector concept from the Digital Twin Consortium offers this .
Trust Vectors are a standardized way of communicating trustworthiness needs and capabilities between systems within a digital twin system , including digital twins and assets . Trust vectors allow two entities to exchange and negotiate scores of each of the five dimensions of trustworthiness on a range between a score of 1 ( least trustworthy ) and a score of 5 ( most trustworthy ), along with an optional pointer to additional verification evidence to support the claims . The consumer sets out their needs (“ privacy needs 5 : I really care about privacy ”) while the provider puts out its capabilities (“ safety is 5 : this component has very high regard for safety ”), and these can be updated and refreshed dynamically as the system and its operating context evolves .
The trust vector principle is a scalable way for system components to communicate and answer the question : is this other component going to help me achieve my outcomes in a better , safer way , or do they represent an unreasonable risk ? Confidence in the trust vector approach will require that trust vectors be handled in a trustworthy manner , using secure communication channels for example . More detail will be provided in an upcoming white paper on the trust vector approach .
66 July 2022