Next Generation IoT: Integrity of Trust

Human-Centric Systems Thinking & Doing, in this Digital Age

Over-dependability on Undependables

People, society, public and private sectors have become over-dependent on undependable systems. It has exposed us to increasingly deteriorating levels of sovereignty and other meaningful control – putting all eggs in one or two baskets –. This trust we have given away ourselves, for whatever reason but generally not for the right reasons. Now it has clearly shifted to growing levels of mistrust.

However smart and otherwise advanced one may want to market the current phase of this Digital Age and however we would love to trust it, it has proven not to be immune to evil, build-fast-fix later business models, ignorance, stupidity, no-free-lunch services, intentional information asymmetry and other breaches of values and norms, including breaches of public trust and trust by individuals.

These threaten systems, services, lives of people, key networks and even entire nations, democracies, and societies. And, both the malicious actors including the robber baron’s of the current first part of this Digital Age do not work alone. They have joined forces, they exchange collected or derived data, and they are winning.

Bring Back the Integrity of Trust

All in all, it further erodes trust. It also hinders our ability and need to focus on societal challenges of this 21st Century (both in the physical, cyber-physical and cyber world), and for that deploy all means that we have, including strategic, operational and financial means, and most of all our human intelligence, willpower and our ability to collaborate, build communities and make things work. Without us trying to counter these currently unfavourable developments, we will remain part of the problem, helping to increase it day-by-day.

The term trust is and has been misused too often. Its integrity is lost. So, we need to bring back the lost integrity of trust, and defend and sustain it. Although not an easy feat, it is a prerequisite for being able to lead, use and being in meaningful control of the next phase of this Digital Age. For this, we need an holistic, system thinking approach and system doing attitude.

Make it Work

In most cyber-physical and other digital systems, trust components such as safety, security, privacy, data protection, transparency, accountability and many other ‘non-functionalities’ are seldom being into account. What if a device, system or service does not work as intended, as expected or as actually used?

Cybersecurity, safety, privacy but also digital sovereignty, data protection, transparency, accountability, resilience, trust and trustworthiness are examples of non-functionals that should, by design and by default, be part of any truly ‘working’ application, technology, product, system and service.

These non-functionalities are generally still seen as a mere after-thought; a seemingly engineering and manufacturing nuisance and cost-adding factor. However, given the pace at which technology has developed and is developing, these non-functionals are not nice-to-haves anymore.

These are essential trust components, and they are absolute need-to-haves; by universal values, ethics and accountability, and nowadays (although quite late) more and more by the Rule of Law. Without them, there will be no trust, no trustworthiness, and no future-proof digital ecosystems.

Make IoT Work

From now on, we need to – only and consistently – design, create, market, implement, update respectively procure, deploy, use, monitor and sustain cyber-physical or other digital systems that work, not merely function.

Making IoT work, with the relevant, contextual trust components and trustworthiness capabilities as essentials and as enablers (so not anymore as problems) is in my view what project ARDACIAN-IoT is all about.

With the spirit and executing power of the project such as ARDACIAN-IoT and its consortium and network, I am sure we can jointly build IoT ecosystems that actually work, with useful functionalities and relevant non-functionalities included by design, monitored when deployed, and continuously double-looped and optimised during and after – also for new useful by-design functions and features, without function creep –.

IoT should bring progress for people, society and planet; not trigger more mistrust, loss of sovereignty or undermining of democracy (being self-sovereignty, data sovereignty, community sovereignty, open democracy, and that of member states, union, allies and friends).

ARCADIAN-IoT Use Cases & State of the Art

When one closely assesses the three (3) main cases that ARCADIAN-IoT is developing (industrial control systems, personal safety aid, and tele-medicine) on which, where, how and to what extent those non-functionals are used, balanced and embedded in those use cases, one the main notable features it that identity is mentioned in each, as an apparent essential dimension. Identity of objects, identity of communications, identity of persons, and the authentication and protection of each thereof. This is for sure an essential state of the art trust component, in this case being an all-present trust dimension.

Obviously, there are many other trust components, and in the ARCADIAN-IoT use cases descriptions one sees many explicitly mentioned and otherwise taken in already.

The right, dynamic set of combined trust components – each with the contextually relevant ones included – is what brings back and caters for integrity of trust.

N-Dimensional State of the Art (SOTA), End to End Digital Ecosystems

Combining the vast domain of trust components within even vaster IoT ecosystems (sometimes connected/centralised, interconnected/decentralised, hyper-connected/distributed and sometimes already even unconnected/autonomous) is a necessity. Yet, it is quite complex and difficult to grasp and comprehend.

In order to come to workable and actionable frameworks and models to address the pre-requisite trust and trustworthiness components of for instance security, privacy and data protection in IoT, and to assess which technical and organisational security measures it needs to consider and implement, various organisations in the public sector and private sector, as well as academia, NGOs and others, have set up committees, taskforces, conferences, workshop-driven developments and consultation proceedings.

Within the European Union these have been or are being codified more and more into principle-based frameworks that aim to coming to or towards mandatory levels of appropriate dynamic accountability, as for instance set forth in the General Data Protection Regulation (GDPR), Radio Equipment Directive (RED) with its 2021 Delegated Act for Connected Product, 2021 Medical Device Regulation (MDR), revised Payment Services Directive (PSD2) with its Regulatory Technical Standard (RTS), and upcoming revised Network Information Security Directive (NIS2), Digital Governance Act (DGA) and the Digital Services Act (DSA), to name a few.

The last decade this has further resulted in several hundreds of public, industry, societal and public-private IoT-related initiatives, frameworks, recommendations, standards, best practices and other guidelines on state-of-the-art level non-functionals in IoT. Although one may think it is leading to fragmentation, the various sets of publications consist of hundreds of trust components and related principles that can be extracted, combined, loaded with context and used for the benefit of any human-centric IoT device, system or service. So, this particular fragmentation can be seen as an enabler, as it democratises and distributes efforts, use and outcomes.

To date, we have found more than 500 unique trust components that are relevant for IoT and in IoT ecosystems. With these, one can make any desired or required risk mitigation, chemical reaction, intertwined physics structure and therefor any desired and trustworthy human-centric dynamic IoT devised, system or service.

In order to address this, a N-Dimensional State of the Art (SOTA) model has been developed to identify, segment and at a high level categorise relevant technology, stakeholders, data (classes) and context, identify data flows, segment the technical stack, risk and impact on relatively high level, same as the relevant dimensions, structure, contextualize and heat-map the above, and address interdependencies, conflicts, resilience, impact and possible trade-offs. This model can be used as the basis to discuss and address non-functionals and related principles in cyber-physical and other digital ecosystems.

When one structures and analysing these, one can for instance segment it from the perspective of four (4) main (more or less technical) layers and three (3) main dimensions. Each dimension may be relevant in one, more or even all of the layers.

The four (4) main layers are the following:

  1. Service
  2. Software/Application
  3. Hardware
  4. Infrastructure/Network

The three (3) main dimensions are the following:

  1. User/Human
  2. Data
  3. Identities & Authentication

These four main layers and three main dimensions can be visualized as set forth below.

Example of the State-of-the-Art (SOTA) N-Dimensional Model

The N-dimensional aspect of this model can for instance be seen when each of the four layers would be applicable and relevant in a digital ecosystem, and each of the three dimensions are applicable and relevant as well in each of those layers. This would accrue to 12 dimensions already. There can, however, be less or more dimensions in play, depending on the particular use case, application and context. The various ARCADIAN-IoT use cases demonstrate that.

When taken the perspective of certain connectivity of the IoT device, system or service, the N-Dimensional SOTA model would accrue to various schemes that could for instance, for example, constitute the following:

Non-connected: 6 dimensions, when segmenting the layers and dimensions as follows:

Two (2) main layers

  1. Software/Application
  2. Hardware

  Three (3) main dimensions:

  1. User/Human
  2. Data
  3. Identities & Authentication

Connected: 12 dimensions, when segmenting the layers and dimensions as follows:

Four (4) main layers:

  1. Service
  2. Software/Application
  3. Hardware
  4. Infrastructure/Networks

  Three (3) main dimensions:

  1. User/Human
  2. Data
  3. Identities & Authentication

 Inter-connected: 15 dimensions, when segmenting the layers and dimensions as follows:

Five (5) main layers:

  1. Service
  2. Software/Application
  3. Edge Devices
  4. Communication Networks
  5. Computing Infrastructure

  Three (3) main dimensions:

  1. User/Human
  2. Data
  3. Identities & Authentication 

Hyper-connected: 15 dimensions, when segmenting the layers and dimensions as follows:

Five (5) main layers:

  1. Service
  2. Software/Application
  3. IoT Devices
  4. Communication Networks
  5. (Additional, Decentralised) Computing Infrastructure

Three (3) main dimensions:

  1. User/Human
  2. Data
  3. Identities & Authentication

The segmentation and structuring as set above obviously is not the only one possible. Various other segmentations are to considered as well, such as for instance real-time, near-real-time or not. Other segmentations that can be considered are fixed/unmovable IoT (such as in the ICS use case of ARCADIAN-IoT) or personal/movable IoT (such as in the other two use cases), single-vendor or multi-vendor, OEM, public, private, public-private, et cetera.

Risk Classification Spectra: A Multi-Layered Approach

If one wants to think and talk about trust in a sensible way, one needs to think and talk about risk. Otherwise, one can never walk the talk.

When looking at the above-mentioned hyperconnected IoT devices (sub d, above) and taking a risk-perspective to those, a methodology to do high-level quality risk classification is to have a multi-layered approach and do such risk classification per spectrum, starting with the risk classification of the connectors and connectivity of the IoT device itself.

It is essential to understand the various risks that are embedded in or could arise from such IoT device. Subsequently, other risk spectra should be considered and risk classified, as visualised below.

Cyber-Physical Ecosystem Security Risk Spectra, starting with one (1) IoT Device

Regarding risk classification, in most situations, sectors and markets three (3) categories of main risk levels are used: basic/low, substantial/medium and high. These are also generally used in applicable regulations, standards and other policy instruments, also within the European Union.

Based on the outcome of (i) a risk classification for each spectrum, and (ii) the interim outcome of each risk spectrum as well as the holistic, combined outcome of the risk classifications from Spectrum 1 (Connectors) through 15 (Function Creep), the applicable, dynamic baseline risk classification can be established.

Based on that applicable baseline, the holistic, system perspective constitutes the combined risk classification on which one can consider, organise and implement technical and organisational measures to take in and balance out the relevant trust components.

As per the dynamics of IoT and IoT ecosystems, any of the risk classification spectra can be expected to trigger, change or otherwise show relevant dynamics, such as (A) technical or other threats and vulnerabilities, (B) actors and other stakeholders anomalies, updates or upgrades in code, datasets or attributes, or (C) changes in regulatory standards, policies or other relevant best practices, it is recommended to double-loop as well, including those spectra that are or may be related or otherwise are (inter)depended on the particular spectra. Therefore, it is recommended to continuously monitor the risks, and where necessary or otherwise double-loop thereafter to keep the security measures up to date and resilient.

The Five T’s

Trust and the integrity of trust can be catered for in many ways, including by demonstrating trustworthiness and accountability, both before, during and after deployment and use of any IoT device, system or service.

In this article we have (relatively briefly) touched on a few of the ways to (re)build trust, including (A) identifying the contextual and dynamic trust components, (B) segmenting and structuring in order to help taxonomy, common understanding, appreciation and orchestration, (C) focusing on holistic life cycle thinking, design, deployment and dynamic assurance, including continuous monitoring, optimalisation and accountability, also with the notion that trust equals consistency over time.

All this, to be able to create, build, nurture and cater for interdisciplinary human-centric, transparent and trustworthy digital means, as an aid for individuals, communities, society, economy and planet, that respect and protect the human values of each person.

This can be summarised and sequenced with five (5) T’s: Taxonomy, Transparency, Trust, Transformation and Trustworthiness, as visualised below.

IoT: Internet of Five T’s

If we do this right in projects such as ARCADIAN-IoT, in my view we have a global market of about eight (8) billion individuals that we can help to improve their quality of life with the above-mentioned five (5) Ts as the unique selling point. For once, this next generation of IoT devices, systems and services can scale and succeed to levels of great affordability, resilience, durability and (economic, societal and ecologic) sustainability. And, each will always have the main trust principle in its DNA: the Principle of No Surprises.

December 2021. Blog by Arthur van der Wees, Managing Director of Arthur’s Legal, Strategies & Systems, Amsterdam, Security Advisory Board Member as well as Ethics Advisory Board Member of ARCADIAN-IoT.

To Share, or Not to Share, that is the trust question

Dynamic Digital Age

Technology changes the world at an ever-increasing pace. Whether we like it or not. The change is expedited by both non-digital global occurrences such as the ongoing Covid-19 pandemic (Covid-19) as well as by increased and ever-converging technical capabilities such as connected devices, platforms, available data, artificial intelligence and the like. These enable connecting, inter-connecting and hyper-connecting billions of individuals, organizations, communities, societies and data, with tens of billions of objects and entities. Furthermore, digital has become a must-have, for people, society and our ecosystems, within the European Union as well as globally.

Threats

However smart and otherwise advanced one may want to market this Digital Age is, it is for sure not immune to evil, stupidity, build-fast-fix later business models and other breaches of norms and values. These threaten systems, services, lives of people, key networks and even entire nations, democracies, and societies. And, the true malicious actor does not work alone. They have joined forces, and they win.

The Blame Game

One may feel the urge to blame it all on the others. Or feel the urge to believe that the battle – and the war – is lost. However, there is no way one can point to the other, and blame them for everything. Whatever and whoever is part of the Digital Age is part of the problem. So, that includes you and me.

However, whatever and whoever is part of this, is part of the solution as well. One of the solutions is to join forces, to partner up, to start and continue collaborating, orchestrating our knowledge, values and other capabilities – and to organise ourselves in and for this dynamic Digital Age –. Without being part of those efforts, one will remain just part of the problem, helping to increase it day-by-day. Let’s stop pointing fingers. We are all accountable, and co-accountable.

To Share, or Not to Share

One way to contribute and do one’s part is to share. Share information, share threat intelligence, share good practices, share lessons-learned, and share other knowledge. It should not be that hard to do, right?

What, Why, How and When to Share, to Whom? And, Who am I?

Sharing any information with another has proven not to be an easy feat. These and other queries and considerations for sure come up, even before actually sharing any information to anyone:

  1. Who am I? Who am I representing here? What is my mandate?
  2. Why do I feel the urgency or other need to consider sharing that information? Or am I obliged to share, based on new or existing regulations or industry standard practices?
  3. What do I share, and what not? And, what is the provenance, quality and relevance of the information that could be shared?
  4. To what extent am I allowed to share it? And to whom?
  5. Do I know the other party, or not?
  6. What will the recipient do with it? What is in it for me?
  7. And, what is the risk? What if something is wrong or goes wrong with the information, with the sharing, with the use?
  8. Do the potential, envisioned efforts and benefits outweigh the potential risks and consequences?
  9. Why not just leave it, not engage, and not share information?

Trust is not a Five-Letter Word

These and other considerations all boil down to five letters: trust. Trust and related trustworthiness are always the main enablers, also in any of the  cybersecurity domains, any community and any information sharing. Does one have the appropriate level of trust in the assets, trust in its own competences, trust in the organisations and community involved, trust in the technical systems and trust in the ecosystem at large? The right level of trust both brings the courage, confidence and comfort to engage, and share.

Organising Teamwork

One needs many different stakeholders in a community to come to sufficient levels of engagement in order to come to sufficient amounts of relevant and interesting threat intelligence.

Also, although the Digital Age – including cybersecurity and information sharing – are becoming increasingly regulated, those regulations generally only give a trust anchor on the Why, but do not give guidance on the How. Member states that are obliged to organise the How are generally also still struggling with the questions raised above. Society, industry, economy and any sector can not wait. We need to team up, lead the way, lead, share, learn, and continuously improve.

The Dynamics of Cybersecurity Threat Intelligence

The dynamics of cybersecurity, threat intelligence, clearing houses and their various cybersecurity communities are to an already impressive extent captured, orchestrated and deployed by means of the CONCORDIA Platform for Threat Intelligence, which platform consists of three (3) core actionable components: MISP, Incident Clearinghouse and DdoS-Clearinghouse.

The dynamics of cybersecurity, threat intelligence and its communities – and the impact of both providing threat intelligence as well as knowing about it and using it – augment the fact that one needs to have a high level of trust in the professionals and organisations participating – which do not always know each other –, trust in the threat intelligence and related information and data they share, and trust in what others will do with it.

In brief, the many questions raised above, as well as other considerations need to be arranged for, and been brought into the game of threat intelligence. All this, without making the arrangements difficult to access, read, understand and appreciate, and without the need to having to negotiate, sign and manage bilateral agreements every time.

Trust-Augmenting Instrument, Fit for a Digital Sovereign Europe

Together with representatives of MISP, Incident Clearinghouse and DdoS-Clearinghouse that currently constitutes the CONCORDIA Platform for Threat Intelligence, an instrument has been developed:

  1. To help answer the questions raised above;
  2. To make those answer clear and readable;
  3. To otherwise help augment the information, awareness, adoption, usage and uptake of CONCORDIA Platform for Threat Intelligence, and;

To arrange for a dynamic framework, that further evolve in this digital Digital Age, and therefore is fit for a digital sovereign Europe, allies and friends.

Trusted Data Sharing, is Sharing based on Trust

Trusted intelligence sharing is sharing intelligence, based on trust. It’s not only about the intelligence or other information – and whether that can be trusted –. No, it start with trust; Am I informed and otherwise comfortable enough and do I therewith have the courage and confidence to become part of this community, and engage?

To bring it from a different perspective:

  1. Imagine you want to become a member of a sports team, a musical ensemble, an innovation hub, or interest group, to contribute, learn and otherwise engage.
  2. With that, you want to become part of a certain community, each with its specific habits, codes and rules to set clear expectations of the members of such community as well as protect the interests of both the community and each of the members separately, as well as society and the ecosystem within the community is operating.
  3. Imagine this is possible regarding sharing of threat intelligence and related trusted data sharing and engagement. Enter, the Dynamic Code of Engagement. A novel trust-augmenting and easy-to-use cybersecurity instrument.

The dynamics of the Digital Age deserve a dynamic framework of principle-based arrangements that are easy to read, understand, become part of and commit to. This, in order to be able to better collaborate, orchestrate and share data based on trust, transparency, appreciation, clear governance and co-accountability.

The Dynamic Code of Engagement will be made available later this year. So, stay tuned.

Human-Centred AI: Enabling & Facilitating a Climate for Change

Great Capabilities to Improve

Integrated ecosystems sustain life and provide us with an amazing habitat. People and the ecosystems we live in, in this Digital Age, have great capabilities to improve and sustain the quality of life for all.

As we face and urgently need to deal with many societal challenges, we need a climate for change. Various of such societal challenges (figure 1) can be identified in the domains of manufacturing, supply chains, logistics, maintenance and related industry domains.

As these domains will remain essential parts of our society and economy, a climate for change in these essential parts of our ecosystems is needed as well. Safe, trusted and trustworthy Artificial Intelligence (AI) and other or related knowledge, processes, technologies, human intelligence and experience may be an excellent enabler and facilitator to help cater for and sustain such future-proof ecosystems.

The whole supply ecosystem, including sourcing, engineering, manufacturing, assembling, logistics and the like, as well as the related organisations, professionals, partners and customer involved, and the respective societies, ecology and economy can benefit from access to, use and exchange of data, information, knowledge and experience. Digital platforms, AI, intelligent systems, cognitive (edge and IoT) computing, robotic process automation (RPA), cobots, distributed intelligence and autonomous systems are further expediting this process by connecting, inter-connecting respectively hyper-connecting organizations, individuals, communities, societies and data with tens of billions of objects and entities.

Where To Start?

Where To Start?

What can an entrepreneur, company, sector, community or other groups in manufacturing, industry and related sectors and domains do to create overall positive impact while also having a viable and economically sustainable value model, with related business models and (financial and other) feasibility models to get things both started, going, trusted, growing, scaling, resilient and future-proof? Having a big vision and focusing on the horizon is important, but having a clear starting point is one of the main prerequisite success factors.

With that in mind, it is recommended to start with identifying and establishing the particular challenge(s) one would like to focus on, for instance by using the 12 Societal Challenges for Future of Living, as visualised below (Figure 1). These are in line with both the vision of the European Commission as well as the United Nations’ Sustainable Development Goals (SDGs). These Societal Challenges are obviously intertwined and interconnected.

Figure 1: Intertwined Societal Challenges for Future of Living

Let’s have a closer look to Societal Challenges: Demography respectively Skills & Jobs. Where and why may AI in Industry 5.0 context be valuable, appreciated and even necessary? First some backgrounds:

1. Societal Challenge Nr. 4: Demography

Within the European Union, there is a decline in working-age population. It’s expected to reduce by 13.5 million (or 4%) by 2030 compared to 2018. This, as the EU population size will shrink by 5% between 2019 and 2070, to 424 million inhabitants, the development of shorter working weeks could cause a 2% reduction in labour supply.

The EU’s demographic ratio between people above 65 years old and those aged 20-64 are expected to increase from a one-to-four ratio 2010, to a one-to-(less than)-two in 2070.

2. Societal Challenge Nr. 11: Skills & Jobs

According to the OECD, 65% of the kids in schools today will have jobs that haven’t been invented yet. This indicates that we apparently are not yet sure what the future will look like, but that we do for sure acknowledge society will look very differently in a decade. The World Economic Forum points out that among the top 10 most essential skills of the near future are: analytical thinking, empathy, creativity, reasoning, complex problem-solving, self-management, and technology development and use.

Clearly, this list resembles a more intertwined combination of both the right part of the brain with the left part, than currently commonly seems the case.

These two Societal Challenges and backgounds already demonstrate that AI in Industry 5.0 context may be valuable, appreciated and even necessary to address these societal challenges in industry and related society and economy:

  • When focusing on the Societal Challenge of Demography, combining and deploying innovative processes, data and technologies to augment the capabilities of people, industry, supply side and demand side can be a helpful mechanism to compensate this expected decrease in productivity and levels of welfare and quality of life.
  • When focusing on the Societal Challenge of Skills & Jobs, three questions that come to mind are (i) how will the future of work change the industrial sector, and the looks of our urban and rural societies, (ii) how to keep the veins of trade and human values running through our communities, and (iii) whether technology will displace more jobs in 10 years than it creates, or vice versa. With all these questions raised, what role will and can AI play in combination with human interaction?

Human-centric AI capabilities for Industry 5.0

The above does not only demonstrate that there are huge potential and markets for AI and related intelligent systems. It also demonstrates that there is a need for AI- and other technology-supported H2M, M2H, H2M2M and other interaction, communication and cooperation to help address the current and upcoming challenges, avoid social disruption, and improve social prosperity.

Safe, trusted and trustworthy human-centred AI with human and other European and universal values embedded by design can in our view for sure be a great component for enabling and facilitating a future-proof Climate for Change in the Industry 5.0 and related domains. This is exactly why STAR can accelerate the transition towards human-centric AI in manufacturing, and beyond.

With this, the European stakeholders, society and economy can build, deploy, use, enjoy and even export the most trustworthy human-centric AI for Industry 5.0 and related digital (eco)systems and services all over the world. As Commissioner Breton formulates: ‘Europe has everything it takes to lead the technology race’. In our own words: Europe has great capabilities.

But how to make that work? We will discuss this in our subsequent blogs, so please stay tuned.

Blog by Arthur van der Wees, Arthur’s Legal, Strategies & Systems

Sense & Sensibility

In Health, Care & Cure, in this Digital Age

Sensible Healthy Living

Humans are quite resilient. Sometimes, however, one may need some help.

One of the essentials for resiliency is healthy living, also when one feels ill, has gone sick, recovered or otherwise needs care and other support to retain or improve towards a decent level of quality of life, in every phase of life. Health, wellness, prevention, care, cure and post-cure care go hand in hand.

Can these be improved with the capabilities of this Digital Age? If so; what makes sense, what does not, and how to stay fully aligned with human values? This, as it is all about improving the quality of life of people and society in general, and individuals in particular.

No(n)-Sense?

The last decades quite a few have been focusing on the letters e- or m- before healthcare; e-health, m-health and other attempts to introduce technology as the silver bullet in health, care and cure domains.

This technology-centred approach has proven not to be very successful. We believe that the reason is quite clear; the focal point is totally off-topic. Trying to improve quality of life is something else than trying to push as many devices, systems and digital services as possible. Focusing on technology alone makes no sense whatsoever.

The various domains of healthy living do not only concern an abstract human being or treatment protocol. It concerns real individuals, each with its own backgrounds, dreams, particularities and ethics. Each individual will have many persona during its life; regarding healthy living, it can be young, middle-aged or older, professional or amateur sporter, an injured one, a short term or longer term patient, or somebody else that needs special care or other attention for a period of time that differs per individual and per relevant (complex of) personas. Healthy living is personal.

Trust Anchors

However, healthy living is not merely about such persona. It’s also about the many professional caregivers (social, home and other), physicians, doctors, hospitals, health service providers, home care insurance companies, policy makers, agencies and authorities as well as friends and families of the individual, and society at large. These diverse groups of stakeholders are – or should be – trust anchors for any individual that needs care, cure or post-cure care.

The multi-stakeholder-centric approach should also be taken when considering and implementing any capabilities of this Digital Age in the essential yet complex healthy living domain. Such as, for instance, processing of digital data.

This, also as these individuals are vulnerable when that they need care, support and attention. For once, as per their particular health situation but also as per lack of sufficient knowledge and the lower ability (and willingness) to process information in a normal, rational way. They need continuous support by professionals, including professionals in the interdisciplinary convergence of health, data & digital.

Ethical Dilemma

As an example, let’s consider any wearable connected to the internet in some way.

This is one of the reasons why the European project ASCAPE has received funding to work on the above-mentioned interdisciplinary human-centric approach, in particular to explore where and how certain digital capabilities can support cancer patients and improve their quality of life.

The connected device and related software-converted algorithms (including certain artificial intelligence) could help monitor certain health properties of an individual, for instance by sensing and processing those and digitally sharing these with its health professional. Do you believe that such vulnerable individual can freely give consent for the measuring and data sharing? Does such person have a genuine choice to withhold it? How can it independently balance out short and long health impact and short- and long-term privacy impact?

Under the GDPR ‘consent’ by an individual means any ‘freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by statement or by a clear affirmative action, signifies agreement to the processing or personal data relating to him or her’. Consent should cover each of the processing activities carried out, per purpose. For consent to be informed, the data subject should be at least aware of the identity of the data controller and the purposes of the processing for which the personal data are intended. So, what would be your human-centric ethical call in this example? Who would you need to help out with giving well-informed advice to such individual within your professional ethical conduct?

Updated Multi-stakeholders Spectrum

It is clear that adding an updated multi-stakeholders spectrum as additional trust anchors to the interdisciplinary human-centric approach is a prerequisite. Doing so in a technology-neutral and technology-agnostic way is preferred. We believe that this is the only way to make any digitalization in the healthy living domains a success.

But, where to practically start from this perspective of interdisciplinary human-centricity? We believe it starts with transparency in general, and with that with awareness in particular.

Trust starts with Awareness

Trust is not a five-letter word. It is remarkable how little ‘trust’ has been researched, written and clarified, where there are quite a lot dimensions and nuances of trust. Although not the only approach, for this article we would like to highlight the following five phases towards trust, acknowledging that trust equals consistency over time so can be quite dynamic:

  • Awareness: To become aware to be able to build and achieve the appropriate level of trust is obvious, but not that easy. Have insufficient knowledge is generally seen as a blocking factor that is even more essential than concerns about security, privacy or compliance. Insufficient knowledge for instance means a lack of access to relevant information, and the lack of clarity and readability of supplied information. The phase of becoming (more and more) aware is a continuous one.
  • Understanding: Understanding may follow during or after one has become aware. Having things explained does not mean one understands. So, there is a clear distinction between explanation and understanding.
  • Appreciation: If one understands, it could mean that one has a certain level of appreciation, which would be of course the result of multiple considerations, including benefits, risks, impact and risk appetite.
  • Adoption: As mentioned, trust means consistency over time so the fact that one starts to adopt certain capabilities in the Digital Age does not yet mean the appropriate level of trust has already been met – and will continue to be met –.
  • Acceptance: The same goes for the acceptance phase, but in this phase the individual has chosen to trust it.

I Am Data, Therefore I Am

Trust can be catered for in many ways, including by demonstrating trustworthiness and accountability, both before, during and after deployment and use of any device, system or digital service. In this Digital Age, however, one should not forget that human-centricity also means that one needs to have the data-centric perspective into the core of each consideration, especially in the Healthy Living domain.

This, if one treats the individuals as mere data points, trust will not even start to build; let alone take-up and scale-up of any digitally-enhanced capability.

When thinking about personal data, it is quite simple. It’s personal. It’s only provided for to be processed and protected by accountable custodians, for a single, clear purpose only. If we are able to create, build, nurture and cater for such interdisciplinary human-centric, transparent and trustworthy digital means, as an aid for individuals in Health Living that respect and protect the human values of each person – including but not limited to privacy, security, safety and accountability –, we have a global market of almost 8 billion individuals that we can help to improve their quality of life.

Projects such as ASCAPE explore these success factors in real-life pilots in multiple countries; what does makes sense, and what is sensible, in which situation and context, et cetera. It is crucial that all stakeholders involved will be able to trust the relevant digital capabilities, including devices, data, algorithms, software, digital ecosystems and services. Awareness, understanding, appreciation, adoption, acceptance are also essential for such stakeholders to work on.

Healthy Living that Makes Sense is a Team Sport

If we as interdisciplinary team players achieve the appropriate level of trust and trustworthiness – the level where things really start to make sense –, it will not only help the particular individual but meanwhile and after also the health professionals to provide better care, cure and post-cure care to other individuals. It’s truly a team sport.

October 2021. Blog by Arthur van der Wees, Arthur’s Legal, Strategies & Systems

Data as an Enabler

Data as Main Priority

Recently, Commissioner Breton stated the following:

‘As a European Commissioner, the question I’ve been probably asked the most in the last few weeks is: what is your priority?

Is it 5G? Is it artificial intelligence? Is it industry? Services? Audiovisual? Tourism? Space? Defence? Obviously, all these topics are priorities.

But for me, their foundation, their common denominator, what runs through all their activities from end to end, is data.’

Data

The Commissioner of Internal Market (DG GROW), Digital Single Market (DG CNECT) and DG Defense & Aerospace could not be clearer. Data is the main priority, as it is the dynamic and all-present dimension that is relevant everywhere in this Digital Age. It can bring huge opportunities, benefits and gains. It is therefore high time that people, society and organizations in any sector start to organize themselves to grab this potential, in an European and collaborative way.

No surprise that the Commission published an ambitious Data Strategy [1] last month.

Common European Data Spaces

In the Data Strategy, the Commission mentions it will support the establishment of common European data spaces in nine (9) strategic sectors & domains of public interest:

  1. Industrial (manufacturing) data space;
  2. Green Deal data space;
  3. Mobility data space;
  4. Health data space;
  5. Financial data space;
  6. Energy data space;
  7. Agriculture data space;
  8. Data spaces for public administration, and;
  9. Skills data space.

The fact that the Commission already indicates these are strategic sectors and domains of public interest implies that cybersecurity is fully in scope and on the radar:

‘The data spaces will be developed in full compliance with data protection rules and according to the highest available cyber-security standards.’

However, the Commission also has the vision of openness:

‘The vision of a common European data space implies an open, but assertive approach to international data flows, based on European values.’

Let’s zoom in to these relationships between data and cybersecurity, while aiming for an open society as envisioned.

Cybersecurity in Data Context

Data protection, whether personal data or non-personal data, is one of the main principles in this Digital Age. Data control, access, use, sharing, management and other functionalities all need the non-functionals that are data protection and cybersecurity.

When done right and therefore in an transparent and accountable way, cybersecurity can greatly contribute to the appropriate levels of data processing and protection. Therefore, cybersecurity is a prerequisite part of the solution to demonstrate trustworthiness and build and sustain trust.

Data in Cybersecurity Context

Data is a great asset to enable, facilitate and optimize cybersecurity. In all technical layers and dimensions as well as cross-layer and cross-dimensions. It can give everything and everybody a ‘contextual digital pulse’. With data and related attributes one can also identify anomalies, fraud and other risk.  

Furthermore, one can add attributes in a chain of trust in order to obtain the appropriate impact-based level of trust necessary with the then relevant context. For instance for digital identity, authorization, relational or transactional purposes.

Data-centric security is not yet that much on the radar but is a prerequisite to support human-centric, secure, safe, trustworthy and beneficial digital ecosystems – either cyber or cyber-physical –. More and more data-centricity is recognized and deployed as such. Data is part of cybersecurity, and vice versa.

Principle-based Frameworks

The digital and data domains are highly regulated nowadays. In the last years numerous new regulations respectively updated regulations have come into force. Does this mean one cannot act and maneuver in this Digital Age without the need of continuous legal assistance? We believe the answer is no, and even better: it is up to you to help out! Here is why.

Generally, all these regulations that concern data, cybersecurity or both are principle-based frameworks. Each leave room for you to design, build and deploy your own dynamic architectures and systems within such regulatory frameworks, as long as one explains and documents it well and keep those up to date. The main ingredients that one needs to take into account? These four (4) main principles, all By Design and By Default:

  1. Data Processing
  2. Data Protection
  3. Cybersecurity
  4. Data Management

The regulations mentioned in the landscape visual below provide meta-frameworks in domains such as finance (PSD2), critical infrastructure, vital systems and essential servives (NIS), personal data processing, protection and management (GDPR), identity (eIDAS), non-personal data processing and management (FFDR), open data (Open Data Directive), cybersecurity (CSA) and so on.

Each of these regulations has three to four of the main principles incorporated. Based on these, one can further detail and balance out various layers of subprinciples until some rule-based parts and related governance emerge to organize and balance the appropriate organisational and technical measures you look for, provide, procure, implement or monitor. It’s all about using your own and others’ inter-disciplinary common sense.

Get Involved

Cybersecurity is mentioned almost 20 times in the Data Strategy. The Commission also mentions that the new data paradigm where less data will be stored in data centers and more data will be spread in a pervasive way closer to the user ‘at the edge’. This brings new challenges for cybersecurity. However, it also brings massive opportunities, for all.

So, do not wait for a regulator, authority or court to come with ‘further rules’, as they will generally not. It is up to you to help load these regulatory frameworks, and make the most benefit out of the capabilities, data and other assets available in this Digital Age, while observing continuous appropriate dynamic accountability on the main and related (sub)principles and rule-sets. With this, we can build, deploy, use, enjoy and even export the most trustworthy products, (eco)systems and services in the world. As Commissioner Breton formulates:

Europe has everything it takes to lead the technology race.’

In our own words: Europe has great capabilities.

Arthur van der Wees, Arthur’s Legal, Strategies & Systems

Reference: [1] https://ec.europa.eu/info/sites/info/files/communication-european-strategy-data-19feb2020_en.pdf

Solving Current & Emerging 21st Century Challenging Problem Sets Require Team Work. Nothing Less

Everything is connected

Alexander Von Humboldt, the 18th-century scientist and explorer, world famous in his time, was the first to explain the fundamental functions of the mountains and rain forest for the ecosystem and climate, claiming that the world is a single interconnected organism.

Everything is connected. This is the concept of nature as we know it today. According to Von Humboldt, everything, to the smallest creature, has its role and together makes the whole, in which humankind is just one small part.

Introducing Arthur Strategies & Systems

Arthur Strategies & Systems believes that the 21st Century, with its human, societal, ecological and economical challenges clearly reconfirms and re-establishes Von Humboldt’s view and statement. We are all connected in this dynamic world, and to an increasing extent interconnected and hyperconnected. We help design, build, deploy and sustain these ecosystems, and ecosystems of ecosystems.

Meanwhile, in this Digital Age, technology has outstripped our societal, economical and legal frameworks. How to catch up, and keep up? That’s one of the other key missions of Arthur Strategies & Systems.

We have been working on these challenges for two decades already and have ramped up on those, and have even chosen to decicate a seperate website on it: www.arthurstrategies.com.

Multiplicity

Digital technology changes the world at a fast pace. Yet, Humans are underrated. Build, enhance & retain trust with the combination of human brain power, purpose & passion, machines, algorithms, data & accountability.

We call that the Multiplicity Approach: a dynamic symbiotic combination of diverse groups of people that work together with diverse groups of human-centric machines, algorithms and capabilities to identify, address & solve problems, make & execute decisions, and double-loop to never-stop-learning.

This is Team Sport

This is a Challenging Problem Set. There is No One Solution. There is No One Group with the Answer. There is No One Technical Fixture. This is about Working Together, as Teams. To Achieve Outcomes. This is a Team Sport.

Therefore, Arthur Strategies & Systems operates as a distributed, interdisciplinary organisation, where we build, organise, deploy and manage special teams; per program, per project and per event.

In order to work on solving the current and emerging 21st Century challenging problem sets, we need (A) to team up with all the human brainpower available; from young and old; from junior to senior, left side of the brain AND the right side of the brain; from anybody, and (B) responsibly augment and otherwise amplify all that knowledge, experience, lessons-learned, competences and capabilities, for good.