IoT Trustworthiness is a Journey and NOT a Project
Failure to meet the minimum requirements can lead to significant consequences, such as
industrial accidents, data breaches and operational interruptions. These consequences can, in
turn, result in personnel injury, capital equipment damage, litigation costs and reputational
damage.
Compliance with the minimum requirements of trustworthiness is not only about avoidance of
negative outcomes. It can lead also to better outcomes, such as:
Align the operation of the IoT System with Corporate Business Objectives
Improve the visibility of Operational Risks throughout the lifecycle
Mitigate the impact of fluctuations in Trustworthiness levels during the lifecycle
Furthermore, senior management within the organization may choose to exceed the minimum
requirements of trustworthiness. The reasons could be to enhance the strategic positioning vis-
à-vis competitors or perhaps to align the work on trustworthiness with other ongoing quality
initiatives within the organization. It may be also to proactively achieve compliance ahead of
anticipated changes in laws and regulations.
The efforts to establish and maintain trustworthiness in IoT systems must cover the full lifecycle
of these systems. These lifecycles can be decades long in some cases; examples, a pipeline oil
leak monitoring system, a pumping sub-system in a power plant, etc.
During these long lifecycles, the trustworthiness requirements may change and fluctuate:
New legal and/or regulatory frameworks may add new requirements or significantly
change existing ones
Changes in corporate strategies and roadmaps may add new requirements or
fundamentally change existing ones
Achieved levels of trustworthiness may fluctuate and decay over time due to system and
human errors, lapses, cyberattacks, malicious activities, etc.
Therefore, establishing IoT Trustworthiness in a system is not a point-in-time project. It is an
effort that must be maintained systematically throughout the lifecycle journey of the system.
I O T S YSTEMS H AVE L ONG L IFECYCLES
The IIC Industrial Internet Reference Architecture 8 (section 3) asserts that the concerns about the
architecture of the IoT system cover the full lifecycle of that system.
Equally, concerns about trustworthiness also cover the full lifecycle of IoT systems. These
lifecycles can be very long due to the nature of industrial systems. As mentioned in the example
in the Introduction section, the lifecycle of power plants and some of their major systems such
as turbine cooling pumping system may be measured in decades. During such long lifec ycles,
8
www.iiconsortium.org/IIRA.htm
September 2018
- 63 -