Extending the IIC IoT Security Maturity Model to Trustworthiness
impossible to correct problems after a
production release. Consequently, the
analysis and design processes should be
exhaustive and receive greater attention
than typical consumer products. Regulatory
oversight by the FDA requires that certain
design benchmarks be met during the
development of an implanted pacemaker.
Evidence of those benchmarks must be
provided during the submission process.
Additionally, importance is given to design
considerations that maximize safety and
reliability. For example, some wireless
protocols and encryption algorithms may be
vetoed during the design process due to
their high energy requirements and
subsequent red uction in the battery’s life.
CONCLUSIONS
The IIC IoT Security Maturity Model provides
a process and model to enable an organized
and effective way to match investments to
actual security needs. This can be directly
applied to and extended to trustworthiness
by using profiles and making necessary
changes to the hierarchy model. Key aspects
of the model, such as maturity
comprehensiveness levels and scope are
directly applicable as is the use of a hierarchy
of Domains, Sub-Domains and Practices.
Many of the items in the model, including
the Governance, Enablement and Hardening
domains are also applicable. This article
reviewed and explained where and why
some additions might be appropriate. The
Security Applicability Task Group at the IIC
continues to work on this.
In addition, design must take into account
consideration of maintenance when patients
use medical facilities lacking advanced
equipment to work with implanted devices.
Device manufacturers must take into
account the fact that patients will travel far
from their care providers after receiving an
implanted device. Manufacturers need to
ensure that those patients have a low barrier
to receive care should they suffer an incident
while they are traveling. Consequently,
designs for implanted pacemakers often
make concessions in the practices of
authentication and authorization that would
be unacceptable in other circumstances.
Doing so ensures that medical care providers
in less comprehensive medical facilities can
still access the implanted device and provide
care when needed.
The addition of an Institutional Domain that
includes Organizational Culture, Training
and Continuous Improvement and Learning
Sub-Domains aligns with existing safety and
privacy maturity models and with the
concept that support for trustworthiness
must become part of the organization’s DNA
itself. We also recommend the addition of
Performance Measurement and Metrics as a
Governance Sub-Domain to reflect the need
to measure and analyze important aspects of
systems to achieve control.
Trustworthiness by design, to reflect the
existing concept of Privacy by Design, is
important and is reflected by the addition of
the “Analysis and Design” Sub-Domain to the
Enablement Domain. The Hardening Domain
is extended to include “Verification and
Validation” which is important in safety, for
example.
- 114 -
IIC Journal of Innovation