In life and in business, one of the traits humans seek out in other humans, businesses, and entities is trustworthiness. We want to be able to trust acquaintances, friends, family members, and even strangers just like we want to be able to trust the businesses and entities we interact with on a daily basis. Trustworthiness in technology is just as important, and a new white paper from the IIC (Industrial Internet Consortium) is raising awareness about just how crucial trustworthiness, context, and assurance are to the growing IIoT (industrial Internet of Things) ecosystem.
The newly released “Managing and Assessing Trustworthiness for IIoT in Practice” whitepaper provides practical guidance for trustworthiness including definitions, examples, and best practices. For example, the IIC says several factors go into the collective definition of a system’s “trustworthiness.” These factors include privacy—the right of individuals to control or influence what information related to them may be collected and stored; reliability—the ability of a system or component to perform its required functions; resilience—the ability of a system or component to maintain an acceptable level of service in the face of disruption; safety—the condition of the system operating without causing unacceptable risk of physical injury or damage to the health of people, either directly or indirectly; and security—the property of being protected from unintended or unauthorized access, change, or destruction.
While it may seem like the goal is therefore to achieve as much trustworthiness as possible, the authors recognize this is not always the case. For instance, implementing trustworthiness costs in terms of time and money; it may also hinder user experience and functionality. At times, bolstering one area of trustworthiness may impede another area, e.g., privacy inhibiting security. The IIC’s paper also lays out potential consequences for organizations that become too fixed on any one trustworthiness characteristic. Too much emphasis on safety, for instance, could reduce flexibility, increase process complexity, and reduce productivity, while too much emphasis on resilience could lead to excessive capital and maintenance costs, the IIC says.
So how can companies implementing IIoT solutions strike a practical and profitable balance while also building and maintaining trust in their IIoT systems? The paper outlines a four-phase approach to managing trustworthiness. The first phase—baselining the system by gathering basic information to input into processes—includes developing a business-modeling environment, establishing minimum compliance requirements, and establishing trustworthiness drivers. The following phases include analyzing potential trustworthiness events and gathering options for addressing risks; implementing trustworthiness targets and appropriate governance; and iterating and maintaining the resulting trustworthiness model. Trustworthiness is a dynamic state, not static, and it should be treated that way by management teams focused on building trust within IIoT systems. Just like cybersecurity in IoT systems is an evolving and never-ending pursuit, trustworthiness in IIoT systems requires maintenance and continual revisiting as risks and other factors change over time.
Want to tweet about this article? Use hashtags #IoT #M2M #IIoT #industrial #trustworthiness #data #security #safety #privacy #governance #AI #artificialintelligence #machinelearning #digitaltransformation #blockchain #cybersecurity #5G