Industrial Internet Security Framework v 1.0 | Page 39

Security Framework
•
•
•

6: Permeation of Trust in the IIoT System Lifecycle

Component builders are hardware vendors, software publishers and service publishers
who provide specific capabilities as a standardized product or service.
System builders are system integrators and solution providers who integrate or adapt
these built components in usage-specific individual solutions or service capabilities.
The operational user is the system owner/operator that uses the components, solutions
or services for their intended purposes.

Once again, hardware, software and service components are built upon other components, so
trust permeates from a base component up to higher-level components.
System builders are responsible for integrating components from multiple sources properly. The
components may be delivered through many delivery mechanisms: custom development,
commercial off the shelf (COTS) integration or integration of another system. Each of these
approaches has their respective processes for assuring trust. For some types of equipment, such
as medical, aeronautics, and railroad, well-founded and defendable assurance is addressed by
assurance cases and supporting evidence.1
Trust in custom development environments relies on in-house or third-party developers to build
components that comply with specified requirements. COTS integration requires verification for
compliance of existing products with trust requirements. If the COTS components are not capable
of delivering on those requirements, then system integrators may encapsulate or isolate the
COTS components in environments capable of delivering the required level of trust. Integration
of other systems depends on defining clear interface specifications or interface standardscoupled service level agreements (SLAs) that meet the specified trust requirements.
In each of these system-building approaches, system builders will need to integrate hardware,
software and services components. The component builders must show that their respective
components meet the specified trust requirements. When these components are an aggregation
of other components, the builder of the main component is responsible for assuring that all the
components and their integration meet the specified trust requirements.
The IIoT system owner/operator must trust that each prior step in the process has been
implemented correctly to support the trust assumptions in the layers above him.
Each layer of the trust model depends on the one below it: Each actor builds a trust relationship
with the actor below, following the schema of Figure 6-2. Trust is achieved in the operational
system when assurance that the operational requirements of the system have been met. This
trust then permeates back down through all levels of actors, which created, integrated or
supplied components or sub-systems of the operational system.
The trustworthiness of the operational system produced by the manufacturers and vendors is
transferred to the trustworthiness of the capabilities the system builders provide. These
capabilities again are based on the trustworthiness in the integrated technical components.

1

See [AAMI-TIR2014] and [NASA-CR2015]

IIC:PUB:G4:V1.0:PB:20160926

- 39 -