“Trust in Me” sings the snake Kaa, in the Disney Jungle Book animated movie. Whilst his intentions are nefarious, i.e. eating our hero Mowgli, he does not sing about the word Security. Yet, in the technology world, especially in IoT, security is an often-used term and generally combined with descriptions relating to the lack of it. A few years ago, the Industrial Internet Consortium started to define not just Security, but overall Trustworthiness as the attribute that has to be applied across systems and their interconnections. It is certainly something we cover a lot at 451 Research with a specific channel dedicated to elements of the security industry across the board, as well as focussing on the implications in specific areas such as Industrial IoT. But what elements are there in this definition of Trustworthiness?
Security: In an IT system this generally refers to the notion that hackers, thieves and vandals can’t easily get into somewhere (or sometimes out of somewhere if it’s a prison). The physical security of walls, doors and locks is mapped to that of segregated networks, firewalls and access control policies. Whilst there is inherent complexity in the details of this it is the easiest to understand for many people. It is about blocking or spotting the bad guys before they do something. Of course, it is not simply that there are people trying to individual break in to IT systems, but there are also the automated tools such as viruses that are created to just go off and do the break in so a little more is needed than simply and virtual locked door. However, at the core, before any trust can be put in a system it needs to have known level of this basic security.
Are you sure that’s right?
Reliability: It may not be as obvious to consider that in the realm of trust is it is important to be able to rely of a system to deliver the results needed in a timely and accurate fashion. Errors either from data inaccuracy, programming bugs or malicious interference due to a lack of the basics of security, all have the same impact downstream. If a system you expect to do something does something else, trust is inherently lost. There will always be failures, mechanical and digital, and different use cases require different levels of reliability versus cost to implement, but it is another core part of trust. When you push the brake pedal on your car you need reliability, as much as when an oil pipeline sensor indicates a rising value that may lead to a dangerous situation. Your social media app crashing and restarting in 2 seconds will not be on the same scale.
Keep On Going
Resilience: Very close to reliability is resilience. Not failing outright, adjusting and rerouting around errors, coping and still delivering and accurate result is another key element for trust. Will this service still be working tomorrow when I need it to run my business. Much of what we have come to be used to within Cloud services is around this concept. The elastic rescaling of resources based on demand can make any business more resilient than fixed data centres.
That’s not yours!
Privacy: In many ways this has become one of the biggest issues that individuals are having to face across the use of online technology, which of course includes that more personal end of IoT instrumentation. We have, rightly or wrongly, chosen to share vast amounts of information in exchange for service such as social media provides. For many, trust in privacy was naively implied, that the collectors of this information were not going to do anything that may breach that trust. That has not been the case with countless examples of political intrigue, mass over selling, ever changing terms and conditions all working alongside the now ever common phishing attempts by the criminals. Privacy concerns as much to the individual on social media as it does to the intricate details of how an industrial machine is operating at peak capacity. Therefore, privacy and data sovereignty are another key variable in trust.
Safety: This is the final element needed to ensure Trustworthiness in a system. Rather like the basics of physical security that resonate with us as people not techies, safety of us and those around us makes a great deal of sense. Going back to the car example, as you press the brake pedal it is often the case that computer systems take over, monitoring the braking performance and adjusting accordingly. Dodgy mechanics or bad code here makes the car unsafe. Industrial systems are not often left on full auto pilot, but most people can relate to the fact that an error, malicious, accidental or because of failures in any of the above needs could make something very large break and become very dangerous. We have seen recent examples locally with a robot factory having a catastrophic failure, further impacting the ability to bring fire under control due to the human free design of the space. It is the cornerstone of pretty much every disaster movie as cascading failures bring peril. At the start of this article I mentioned poor Mowgli, whose own safety protocol did not include being aware of large hungry snakes in the jungle.
A lot to consider
When building products or implementing a system it is well worth just taking a step back and considering the wider aspects of Trust, not just Security. You might want to ask us industry analysts for a few words of advice. You may want to consider engaging people like Cygenta to probe into how your systems, digital, analogue and human work. Whilst you may not be in the industrial sector the Industrial Internet Consortium’s Security Framework and related documents may well help you too.