Using Metrics in the Industrial IoT Value Chain to Drive Trustworthiness
be complicated due to the variety of
concerns as well as the number of
approaches that can be taken to mitigate
risks. For this reason a structured and
systematic approach is helpful.
metrics that are used relate to that specific
solution only. These metrics are developed
locally by operation managers and service
providers and are directly useful in managing
the solution during operations. While these
metrics are not necessarily shared across
systems, a standard representation – and
ideally a standard definition – is useful to
compare them as well as to compose them.
Trustworthiness metrics for an entire system
can be derived, incorporating consideration
of the trustworthiness of its constituent
components and sub-servic es.
U SING M ETRICS TO A SSESS AND
C ONTROL T RUSTWORTHINESS
Trustworthiness metrics associated with
operational components provide insight into
the operation of those components and
enable control over trustworthiness aspects,
if the metrics are defined correctly. For
example metrics related to the Reliability
trustworthiness aspect could include:
Trustworthiness aspects may contribute – or
conflict with – each other. Part of managing
trustworthiness in a solution is to define and
control these interdependencies. These
interdependencies may vary from one
system to the other, and sometimes may
impact each other within the same system,
as illustrated in the following examples:
Variability of end-to-end data latency
from source to storage. Keeping such
variability low is desirable as many
application only provide quality output
when latency is well controlled and
within limits. This clearly depends on
many factors (potentially including
device caching and configuration
settings, network latency, and storage
service availability).
Elapsed Time between detection of
stress conditions and dynamic
scalability operations to restore overall
performance expectations.
Trustworthiness metrics are often designed
to be shared by a broad class of systems,
defining a way to adhere to regulations or
industry-defined
standards
and
assessments. This is the case of readiness
metrics such as scorecards derived from
maturity models.
When it comes to managing the operation of
a particular solution, often the performance
- 92 -
Privacy considerations can impact
Security: Privacy regulations may
restrict data replication, prohibit
collecting too much data on clients
accessing a service, or make strong
requirements about disposing of data.
In some cases these restrictions may
adversely impact the security of the
service by preventing useful data
collection or tracing, such as the
identification of requests and their
origin.
Investment in Privacy may contribute
to Security: in other cases the opposite
is true, as Privacy measures may help
reduce data thefts or their
consequences.
IIC Journal of Innovation