Using Metrics in the Industrial IoT Value Chain to Drive Trustworthiness
regulations). 5 On one of these occasions
Target and Current levels of trustworthiness
have to be increased to meet Minimum
(compliance) levels.
sources (for instance, the use of a new
supplier to provide weather data
inputs to a system)
On request – potentially when
Figure 7: Trustworthiness over time
downstream uses of data (or other
outputs of the IIoT system in question)
change and in response to requests
from relevant stakeholders
Accordingly, the trustworthiness of any
specific IIoT system needs to be revisited and
trustworthiness
measures
reassessed
periodically. A prudent management team
will ensure that trustworthiness measures
are reviewed as follows:
A company’s approach to maintaining
trustworthiness and updating any associated
analyses and impact assessments should be
the subject of a documented and managed
security policy.
Periodically – on a regular basis,
potentially quarterly or annually,
depending on the criticality of the IIoT
solution in question and the overall
levels of risk exposure
Reactively – when the trustworthiness
environment changes, potentially
through the introduction of new
regulations
(for
instance
the
introduction of GDPR) or changes in
the trustworthiness associated with
any upstream processes and/or data
C ONCLUSION
This paper has introduced the idea of a data
value chain and the use of metrics in the
Industrial Internet of Things to provide
assurance of trustworthiness. Data from
operational metrics can be used to inform
design decisions as well as be used to
monitor and take action to keep an
5
From “IoT Trustworthiness is a Journey and NOT a Project” in Sept 2018 Journal of
https://www.iiconsortium.org/news/joi-articles/2018-Sept-JoI-IoT-Trustworthiness-is-a-Journey_IGnPower.pdf
- 98 -
Innovation,
IIC Journal of Innovation