A Short Introduction into Trustworthiness
trustworthiness characteristics, IIC also
specified four groups of threats that
endanger a trustworthy system, which
resulted in the following definition:
destruction. Information Technology (IT)
security ensures availability, integrity and
confidentiality (AIC model) of data at rest, in
motion or in use. In industrial systems, the
control data used to execute physical
operations has a potential of physical
damage and requires advanced protection.
Systems also need “traditional” security that
protects the system from theft or
unauthorized access by installing fences,
walls and locks or by employing security
guards.
“Trustworthiness is the degree of confidence
one has that the system performs as
expected. Characteristics include safety,
security, privacy, reliability and resilience in
the face of environmental disturbances,
human errors, system faults and attacks.” 6
The five characteristics are defined as
trustworthiness characteristics and the
group of threats as trustworthiness threats,
as represented in Figure 1.
Reliability describes the ability of a system or
component to perform its required functions
under stated conditions for a specified
period of time. This includes any
considerations for physical abrasion, expired
software versions, and well-known potential
malfunctions that result in frequent
maintenance,
replacing
end-of-life
components or software updates. Reliability
protects the operation of the system and the
system itself, as it is essential for it to be a
productive system.
T RUSTWORTHINESS C HARACTERISTICS
A deeper view into the trustworthiness
characteristics identifies the strengths of
trustworthiness. All characteristics are
defined in the IIC Vocabulary Technical
Report 6 :
Safety ensures that a system operates
without unacceptable risk of physical injury
or damage to the health of people and
indirectly on damage to property or to the
environment. In general, nearly any
damaging environmental event (e.g.,
pollution of soil, air or water) presents a risk
to human health, in which case, safety
implementations should minimize those
risks. Safety does not protect the operation
or the system itself, unless it involves human
risk.
Resilience describes the ability of a system or
component to maintain an acceptable level
of service in the f ace of disruption. In
contrast to reliability, resilience addresses
unexpected and unplanned system statuses
that can result, for example, from human
errors in operation or an environmental
event (loss of electric power, earthquake,
etc.). The main purpose of resilience is to
prevent or at least reduce any serious impact
of a disruption to the system by damage or
loss of operation.
Security protects a system from unintended
or unauthorized access, change or
6 Industrial
Internet Consortium: Vocabulary, V2.1, August 2018, https://www.iiconsortium.org/vocab
- 3 -
IIC Journal of Innovation