A Short Introduction into Trustworthiness
Privacy protects the right of individuals to
control or influence what information
related to them may be collected and stored
and by whom and to whom that information
may be disclosed. Individuals comprise all
types of people including customers, guests
or employees.
There are several interesting relationships
between these characteristics:
Some characteristics’ goals oppose
each other. Security protects an
industrial system and its components
from the malicious attacks or
erroneous behavior of humans
(including the system designers and
operators) and from environmental
disturbances. In direct contrast,
safety protects humans (including
the employees within the system)
and the environment from any bad
behavior of the system.
Some characteristics are context-
dependent. Reliability addresses the
correct functionality of the system
under specified conditions. Ideally,
reliability ensures that the operation
of the system is not disrupted as long
as it works under stated conditions.
In direct contrast, resilience
addresses the functionality of the
system
under
non-planned
conditions. In practicality, resilience
cannot guarantee that the system
operates completely as expected but
can reduce the consequences to an
acceptable minimum.
Some
characteristics
are
interdependent. Privacy protects
only human-related data but does
September 2018
not address business- or operational-
related data. Such data is part of the
system, and if protection is
necessary, security is responsible.
The
characteristics
must
be
considered together, rather than in
isolation. For example, safety is only
involved in protecting people and
indirectly the environment; security
and reliability are responsible for the
protection of the system itself when
it works under stated conditions.
Additionally, resilience is responsible
as soon as the normal, reliability-
controlled condition is lost.
Trustworthiness is still evolving. For
example, safety addresses only human and
environmental factors, as there is no “cyber
safety” to protect data: If a sensor runs out
of control and attempts to delete all data in
a cloud database, no safety function will
protect the database. But in that case,
security around the cloud database should
block the attack from the sensor.
The trustworthiness characteristics can
enhance each other or limit each other.
Reasonable system design has to control the
impact of such challenges. Establishing trust
in a system requires assurance that the
system is trustworthy. Such assurance can
be based on evidence that the
trustworthiness characteristics have been
met appropriately for a specific industrial IoT
system. Different decisions and tradeoffs
must be made depending on the nature of
the system. Concerns in a factory are
different from in a hospital operating room.
This means that there is no simple course of
action. Instead, one must develop an
understanding of the many considerations
- 4 -