Mind the Trust Gap !
Determining the appropriate values requires understanding and a common approach , which can be achieved using a model like the IIC IoT Security Maturity Model ( SMM ) 6 , for example . This model is designed for security , but the approach could be extended more broadly to trustworthiness 7 . The SMM organizes the complex security space into eighteen practices covering governance , security enablement and operations with guidance regarding four comprehensiveness levels for each , as well as a process for applying the model . Insights from this model may be used to understand practices that contribute to a security score . The SMM 62443 mapping for Asset Owners and Product Suppliers 8 further maps 62443 requirements to the security maturity comprehensiveness levels making it easier to understand an appropriate score . All of this can be taken into account ( as well as related work such as the NIST Cybersecurity Framework ) in assessing the general suitability for a supply chain partner , vendor , or other stakeholder as a trust vector counterparty .
It is certainly not necessary for every organization to have the maximum trust vector score for all ( or any ) trustworthiness characteristics – what is needed should be appropriate to the use case . It is vitally important , however , that how trust vector values are calculated and relate to maturity model scores be known to , and understood by , the partners who put their trust in them so that they can take control of their own risk .
Businesses have recognized the need for digital transformation , interconnection and faster operation . Managing risk and relationships needs to keep up with this change . Taking an approach of zero trust , using trust vectors and digital twins to manage risk can support the need to have dynamic trust in the emerging business world . If you have been struggling with unlocking the potential of digital transformation with connected systems due to issues with trustworthiness and feel that this article points to a way forward , then please read the detailed works of the IIC and DTC to find out more and join us in our efforts to improve the trustworthiness of our systems .
6
7
8
Journal of Innovation 67