Trustworthiness in Industrial System Design
risk that a security vulnerability could be
opened by some incomplete best
practice would be high.
Reliability is also addressed by such
engineering knowledge but additionally
by best practice of an industrial branch
and probably even inside a specific
system.
Resilience, similar to reliability, has its
foundation in best practice and
engineering. However, from the
educational perspective, resilience in
general is less engineered than
reliability, which is why the main
foundation (the rim of resilience fills the
entire quadrant) is best practice and not
engineering.
Similar to the Target Model, the Foundation
Model’s four quadrants describe all sources
of knowledge. These sources are well
addressed by specific trustworthiness
characteristics and represent more evidence
of the completeness of trustworthiness.
The boundaries of the Trustworthiness
Characteristics in the Foundation Model
describe the original historical motivation
for these characteristics and it can be
expected that the related sectors will
become wider in the future. For example,
privacy is likely to be a future target of
industrial regulations and engineering.
To demonstrate that the boundaries of the
five characteristics are as sharp as shown in
the quadrants, we can test the opposite and
see that:
Of course, there are other important design
principles for an industrial system, examples
of which include usability, efficiency or
flexibility: They are not part of
trustworthiness and they are not part of
trust that the system works as expected.
These principles are partially affected by
trustworthiness but the analysis of this
interaction is outside of the scope of this
article.
Even with reliability and resilience as the
oldest characteristics in the industrial
system design, there are very few
government laws or standards focused
on these two areas. They are both
demanded by the stakeholders of an
industrial system and fulfilled by
engineering principles and best practice.
Safety and privacy on the other hand are
mostly government enforced or
demanded in standards, so there is little
foundation from best practice and
engineering.
Of
course,
safety
equipment and future privacy functions
will be designed using engineering, but
this is an implementation rather than a
foundation for these two characteristics.
Finally, security is not a target of
government law, at least not today. And
it would be a bad idea to implement and
operate security by best practice: The
T RUSTWORTHINESS M ETHODS
The first challenge of using trustworthiness
in system design is that none of the
trustworthiness characteristics can be
implemented as a separate technology and
that the trustworthiness of an industrial
system cannot be implemented by just
combining
such
technologies:
The
characteristics may support or block each
- 15 -
IIC Journal of Innovation