IoT Trustworthiness is a Journey and NOT a Project
I NTRODUCTION
Confidence that an IoT system will operate in conformance with requirements 1 results from
assurance that several characteristics of the system are compliant with these requirements
despite environmental disturbances, human errors, system faults and attacks. These
characteristics – security, safety, reliability, resilience and privacy – have been identified by
ISO/IEC (JTC SC41) 23 , National Institute of Standards and Technology (NIST) 4 and the Industrial
Internet Consortium (IIC) (Industrial Internet Security Framework (IISF), Section 3) 5 as defining
trustworthiness 6 of a system. These characteristics manifest themselves in operational,
organizational, commercial, budgetary, architectural and security areas.
Figure 1: IoT Trustworthiness - IIC Industrial Internet Security Framework - source IIC IISF
An IoT system is trustworthy if it meets the minimum requirements for security, safety, reliability,
resilience and privacy, as defined by laws, regulations, standards and industry best-practices. The
OSHA 29 CFR 1910 is an example of such regulation 7 .
In a sense, IoT Trustworthiness is a binary function.
1
2
3
4
5
6
7
Example business objectives, design objectives, risk management objectives, legal and regulatory requirements,
standards, industry best practices, etc.
www.iec.ch/dyn/www/f?p=103:30:31458742125318::::FSP_ORG_ID,FSP_LANG_ID:20486,25
www.itu.int/en/ITU-T/Workshops-and-Seminars/20180604/Documents/Francois_Coallier_P_V2.pdf
www.nist.gov/news-events/events/2016/08/exploring-dimensions-trustworthiness-challenges-and-opportunities
www.iiconsortium.org/IISF.htm
www.iiconsortium.org/vocab/index.htm - definition of IoT Trustworthiness
www.osha.gov/laws-regs/regulations/standardnumber/1910
- 62 -
IIC Journal of Innovation