IoT Trustworthiness is a Journey and NOT a Project
Exploring the Dimensions of Trustworthiness: Challenges and Opportunities Workshop 28 (NIST
August 2016): In the NIST Cyber-Physical Systems CPS Framework, trustworthiness is captured as
a high-level and critical concern encompassing safety, security, privacy, resilience and reliability.
These system characteristics are typically considered separately and in isolation, resulting in
work, intended to address one of these concerns, adversely impacting work to address one or
more of the others.
The titles of the members of the IoT Trustworthiness Program steering committee will vary
depending on the vertical domain and use case within that vertical. For example, the Security
characteristic may be represented by a senior person in the CISO organization whereas the
Resilience characteristics may be represented by Operations.
It is in this committee where the top-down perspective of IoT Trustworthiness and the bottom-
up perspectives of the individual characteristics of IoT Trustworthiness mesh and integrate. This
is referred to in Figure 8 as the Middle Out approach.
The Steering Committee must also create a Responsible-Accountable-Consulted-Informed Matrix
(RACI) for the program. This matrix should identify the individual tasks involved in the program,
the parties involved in these tasks and the responsibilities of these parties for each task:
Responsible
Accountable (or Approver)
Consulted
Informed
Figure 10: Example RACI Matrix for IoT Trustworthiness Program
28
www.nist.gov/news-events/events/2016/08/exploring-dimensions-trustworthiness-challenges-and-opportunities
- 74 -
IIC Journal of Innovation