Next Generation IoT: Integrity of Trust

Human-Centric Systems Thinking & Doing, in this Digital Age

Over-dependability on Undependables

People, society, public and private sectors have become over-dependent on undependable systems. It has exposed us to increasingly deteriorating levels of sovereignty and other meaningful control – putting all eggs in one or two baskets –. This trust we have given away ourselves, for whatever reason but generally not for the right reasons. Now it has clearly shifted to growing levels of mistrust.

However smart and otherwise advanced one may want to market the current phase of this Digital Age and however we would love to trust it, it has proven not to be immune to evil, build-fast-fix later business models, ignorance, stupidity, no-free-lunch services, intentional information asymmetry and other breaches of values and norms, including breaches of public trust and trust by individuals.

These threaten systems, services, lives of people, key networks and even entire nations, democracies, and societies. And, both the malicious actors including the robber baron’s of the current first part of this Digital Age do not work alone. They have joined forces, they exchange collected or derived data, and they are winning.

Bring Back the Integrity of Trust

All in all, it further erodes trust. It also hinders our ability and need to focus on societal challenges of this 21st Century (both in the physical, cyber-physical and cyber world), and for that deploy all means that we have, including strategic, operational and financial means, and most of all our human intelligence, willpower and our ability to collaborate, build communities and make things work. Without us trying to counter these currently unfavourable developments, we will remain part of the problem, helping to increase it day-by-day.

The term trust is and has been misused too often. Its integrity is lost. So, we need to bring back the lost integrity of trust, and defend and sustain it. Although not an easy feat, it is a prerequisite for being able to lead, use and being in meaningful control of the next phase of this Digital Age. For this, we need an holistic, system thinking approach and system doing attitude.

Make it Work

In most cyber-physical and other digital systems, trust components such as safety, security, privacy, data protection, transparency, accountability and many other ‘non-functionalities’ are seldom being into account. What if a device, system or service does not work as intended, as expected or as actually used?

Cybersecurity, safety, privacy but also digital sovereignty, data protection, transparency, accountability, resilience, trust and trustworthiness are examples of non-functionals that should, by design and by default, be part of any truly ‘working’ application, technology, product, system and service.

These non-functionalities are generally still seen as a mere after-thought; a seemingly engineering and manufacturing nuisance and cost-adding factor. However, given the pace at which technology has developed and is developing, these non-functionals are not nice-to-haves anymore.

These are essential trust components, and they are absolute need-to-haves; by universal values, ethics and accountability, and nowadays (although quite late) more and more by the Rule of Law. Without them, there will be no trust, no trustworthiness, and no future-proof digital ecosystems.

Make IoT Work

From now on, we need to – only and consistently – design, create, market, implement, update respectively procure, deploy, use, monitor and sustain cyber-physical or other digital systems that work, not merely function.

Making IoT work, with the relevant, contextual trust components and trustworthiness capabilities as essentials and as enablers (so not anymore as problems) is in my view what project ARDACIAN-IoT is all about.

With the spirit and executing power of the project such as ARDACIAN-IoT and its consortium and network, I am sure we can jointly build IoT ecosystems that actually work, with useful functionalities and relevant non-functionalities included by design, monitored when deployed, and continuously double-looped and optimised during and after – also for new useful by-design functions and features, without function creep –.

IoT should bring progress for people, society and planet; not trigger more mistrust, loss of sovereignty or undermining of democracy (being self-sovereignty, data sovereignty, community sovereignty, open democracy, and that of member states, union, allies and friends).

ARCADIAN-IoT Use Cases & State of the Art

When one closely assesses the three (3) main cases that ARCADIAN-IoT is developing (industrial control systems, personal safety aid, and tele-medicine) on which, where, how and to what extent those non-functionals are used, balanced and embedded in those use cases, one the main notable features it that identity is mentioned in each, as an apparent essential dimension. Identity of objects, identity of communications, identity of persons, and the authentication and protection of each thereof. This is for sure an essential state of the art trust component, in this case being an all-present trust dimension.

Obviously, there are many other trust components, and in the ARCADIAN-IoT use cases descriptions one sees many explicitly mentioned and otherwise taken in already.

The right, dynamic set of combined trust components – each with the contextually relevant ones included – is what brings back and caters for integrity of trust.

N-Dimensional State of the Art (SOTA), End to End Digital Ecosystems

Combining the vast domain of trust components within even vaster IoT ecosystems (sometimes connected/centralised, interconnected/decentralised, hyper-connected/distributed and sometimes already even unconnected/autonomous) is a necessity. Yet, it is quite complex and difficult to grasp and comprehend.

In order to come to workable and actionable frameworks and models to address the pre-requisite trust and trustworthiness components of for instance security, privacy and data protection in IoT, and to assess which technical and organisational security measures it needs to consider and implement, various organisations in the public sector and private sector, as well as academia, NGOs and others, have set up committees, taskforces, conferences, workshop-driven developments and consultation proceedings.

Within the European Union these have been or are being codified more and more into principle-based frameworks that aim to coming to or towards mandatory levels of appropriate dynamic accountability, as for instance set forth in the General Data Protection Regulation (GDPR), Radio Equipment Directive (RED) with its 2021 Delegated Act for Connected Product, 2021 Medical Device Regulation (MDR), revised Payment Services Directive (PSD2) with its Regulatory Technical Standard (RTS), and upcoming revised Network Information Security Directive (NIS2), Digital Governance Act (DGA) and the Digital Services Act (DSA), to name a few.

The last decade this has further resulted in several hundreds of public, industry, societal and public-private IoT-related initiatives, frameworks, recommendations, standards, best practices and other guidelines on state-of-the-art level non-functionals in IoT. Although one may think it is leading to fragmentation, the various sets of publications consist of hundreds of trust components and related principles that can be extracted, combined, loaded with context and used for the benefit of any human-centric IoT device, system or service. So, this particular fragmentation can be seen as an enabler, as it democratises and distributes efforts, use and outcomes.

To date, we have found more than 500 unique trust components that are relevant for IoT and in IoT ecosystems. With these, one can make any desired or required risk mitigation, chemical reaction, intertwined physics structure and therefor any desired and trustworthy human-centric dynamic IoT devised, system or service.

In order to address this, a N-Dimensional State of the Art (SOTA) model has been developed to identify, segment and at a high level categorise relevant technology, stakeholders, data (classes) and context, identify data flows, segment the technical stack, risk and impact on relatively high level, same as the relevant dimensions, structure, contextualize and heat-map the above, and address interdependencies, conflicts, resilience, impact and possible trade-offs. This model can be used as the basis to discuss and address non-functionals and related principles in cyber-physical and other digital ecosystems.

When one structures and analysing these, one can for instance segment it from the perspective of four (4) main (more or less technical) layers and three (3) main dimensions. Each dimension may be relevant in one, more or even all of the layers.

The four (4) main layers are the following:

  1. Service
  2. Software/Application
  3. Hardware
  4. Infrastructure/Network

The three (3) main dimensions are the following:

  1. User/Human
  2. Data
  3. Identities & Authentication

These four main layers and three main dimensions can be visualized as set forth below.

Example of the State-of-the-Art (SOTA) N-Dimensional Model

The N-dimensional aspect of this model can for instance be seen when each of the four layers would be applicable and relevant in a digital ecosystem, and each of the three dimensions are applicable and relevant as well in each of those layers. This would accrue to 12 dimensions already. There can, however, be less or more dimensions in play, depending on the particular use case, application and context. The various ARCADIAN-IoT use cases demonstrate that.

When taken the perspective of certain connectivity of the IoT device, system or service, the N-Dimensional SOTA model would accrue to various schemes that could for instance, for example, constitute the following:

Non-connected: 6 dimensions, when segmenting the layers and dimensions as follows:

Two (2) main layers

  1. Software/Application
  2. Hardware

  Three (3) main dimensions:

  1. User/Human
  2. Data
  3. Identities & Authentication

Connected: 12 dimensions, when segmenting the layers and dimensions as follows:

Four (4) main layers:

  1. Service
  2. Software/Application
  3. Hardware
  4. Infrastructure/Networks

  Three (3) main dimensions:

  1. User/Human
  2. Data
  3. Identities & Authentication

 Inter-connected: 15 dimensions, when segmenting the layers and dimensions as follows:

Five (5) main layers:

  1. Service
  2. Software/Application
  3. Edge Devices
  4. Communication Networks
  5. Computing Infrastructure

  Three (3) main dimensions:

  1. User/Human
  2. Data
  3. Identities & Authentication 

Hyper-connected: 15 dimensions, when segmenting the layers and dimensions as follows:

Five (5) main layers:

  1. Service
  2. Software/Application
  3. IoT Devices
  4. Communication Networks
  5. (Additional, Decentralised) Computing Infrastructure

Three (3) main dimensions:

  1. User/Human
  2. Data
  3. Identities & Authentication

The segmentation and structuring as set above obviously is not the only one possible. Various other segmentations are to considered as well, such as for instance real-time, near-real-time or not. Other segmentations that can be considered are fixed/unmovable IoT (such as in the ICS use case of ARCADIAN-IoT) or personal/movable IoT (such as in the other two use cases), single-vendor or multi-vendor, OEM, public, private, public-private, et cetera.

Risk Classification Spectra: A Multi-Layered Approach

If one wants to think and talk about trust in a sensible way, one needs to think and talk about risk. Otherwise, one can never walk the talk.

When looking at the above-mentioned hyperconnected IoT devices (sub d, above) and taking a risk-perspective to those, a methodology to do high-level quality risk classification is to have a multi-layered approach and do such risk classification per spectrum, starting with the risk classification of the connectors and connectivity of the IoT device itself.

It is essential to understand the various risks that are embedded in or could arise from such IoT device. Subsequently, other risk spectra should be considered and risk classified, as visualised below.

Cyber-Physical Ecosystem Security Risk Spectra, starting with one (1) IoT Device

Regarding risk classification, in most situations, sectors and markets three (3) categories of main risk levels are used: basic/low, substantial/medium and high. These are also generally used in applicable regulations, standards and other policy instruments, also within the European Union.

Based on the outcome of (i) a risk classification for each spectrum, and (ii) the interim outcome of each risk spectrum as well as the holistic, combined outcome of the risk classifications from Spectrum 1 (Connectors) through 15 (Function Creep), the applicable, dynamic baseline risk classification can be established.

Based on that applicable baseline, the holistic, system perspective constitutes the combined risk classification on which one can consider, organise and implement technical and organisational measures to take in and balance out the relevant trust components.

As per the dynamics of IoT and IoT ecosystems, any of the risk classification spectra can be expected to trigger, change or otherwise show relevant dynamics, such as (A) technical or other threats and vulnerabilities, (B) actors and other stakeholders anomalies, updates or upgrades in code, datasets or attributes, or (C) changes in regulatory standards, policies or other relevant best practices, it is recommended to double-loop as well, including those spectra that are or may be related or otherwise are (inter)depended on the particular spectra. Therefore, it is recommended to continuously monitor the risks, and where necessary or otherwise double-loop thereafter to keep the security measures up to date and resilient.

The Five T’s

Trust and the integrity of trust can be catered for in many ways, including by demonstrating trustworthiness and accountability, both before, during and after deployment and use of any IoT device, system or service.

In this article we have (relatively briefly) touched on a few of the ways to (re)build trust, including (A) identifying the contextual and dynamic trust components, (B) segmenting and structuring in order to help taxonomy, common understanding, appreciation and orchestration, (C) focusing on holistic life cycle thinking, design, deployment and dynamic assurance, including continuous monitoring, optimalisation and accountability, also with the notion that trust equals consistency over time.

All this, to be able to create, build, nurture and cater for interdisciplinary human-centric, transparent and trustworthy digital means, as an aid for individuals, communities, society, economy and planet, that respect and protect the human values of each person.

This can be summarised and sequenced with five (5) T’s: Taxonomy, Transparency, Trust, Transformation and Trustworthiness, as visualised below.

IoT: Internet of Five T’s

If we do this right in projects such as ARCADIAN-IoT, in my view we have a global market of about eight (8) billion individuals that we can help to improve their quality of life with the above-mentioned five (5) Ts as the unique selling point. For once, this next generation of IoT devices, systems and services can scale and succeed to levels of great affordability, resilience, durability and (economic, societal and ecologic) sustainability. And, each will always have the main trust principle in its DNA: the Principle of No Surprises.

December 2021. Blog by Arthur van der Wees, Managing Director of Arthur’s Legal, Strategies & Systems, Amsterdam, Security Advisory Board Member as well as Ethics Advisory Board Member of ARCADIAN-IoT.

To Share, or Not to Share, that is the trust question

Dynamic Digital Age

Technology changes the world at an ever-increasing pace. Whether we like it or not. The change is expedited by both non-digital global occurrences such as the ongoing Covid-19 pandemic (Covid-19) as well as by increased and ever-converging technical capabilities such as connected devices, platforms, available data, artificial intelligence and the like. These enable connecting, inter-connecting and hyper-connecting billions of individuals, organizations, communities, societies and data, with tens of billions of objects and entities. Furthermore, digital has become a must-have, for people, society and our ecosystems, within the European Union as well as globally.

Threats

However smart and otherwise advanced one may want to market this Digital Age is, it is for sure not immune to evil, stupidity, build-fast-fix later business models and other breaches of norms and values. These threaten systems, services, lives of people, key networks and even entire nations, democracies, and societies. And, the true malicious actor does not work alone. They have joined forces, and they win.

The Blame Game

One may feel the urge to blame it all on the others. Or feel the urge to believe that the battle – and the war – is lost. However, there is no way one can point to the other, and blame them for everything. Whatever and whoever is part of the Digital Age is part of the problem. So, that includes you and me.

However, whatever and whoever is part of this, is part of the solution as well. One of the solutions is to join forces, to partner up, to start and continue collaborating, orchestrating our knowledge, values and other capabilities – and to organise ourselves in and for this dynamic Digital Age –. Without being part of those efforts, one will remain just part of the problem, helping to increase it day-by-day. Let’s stop pointing fingers. We are all accountable, and co-accountable.

To Share, or Not to Share

One way to contribute and do one’s part is to share. Share information, share threat intelligence, share good practices, share lessons-learned, and share other knowledge. It should not be that hard to do, right?

What, Why, How and When to Share, to Whom? And, Who am I?

Sharing any information with another has proven not to be an easy feat. These and other queries and considerations for sure come up, even before actually sharing any information to anyone:

  1. Who am I? Who am I representing here? What is my mandate?
  2. Why do I feel the urgency or other need to consider sharing that information? Or am I obliged to share, based on new or existing regulations or industry standard practices?
  3. What do I share, and what not? And, what is the provenance, quality and relevance of the information that could be shared?
  4. To what extent am I allowed to share it? And to whom?
  5. Do I know the other party, or not?
  6. What will the recipient do with it? What is in it for me?
  7. And, what is the risk? What if something is wrong or goes wrong with the information, with the sharing, with the use?
  8. Do the potential, envisioned efforts and benefits outweigh the potential risks and consequences?
  9. Why not just leave it, not engage, and not share information?

Trust is not a Five-Letter Word

These and other considerations all boil down to five letters: trust. Trust and related trustworthiness are always the main enablers, also in any of the  cybersecurity domains, any community and any information sharing. Does one have the appropriate level of trust in the assets, trust in its own competences, trust in the organisations and community involved, trust in the technical systems and trust in the ecosystem at large? The right level of trust both brings the courage, confidence and comfort to engage, and share.

Organising Teamwork

One needs many different stakeholders in a community to come to sufficient levels of engagement in order to come to sufficient amounts of relevant and interesting threat intelligence.

Also, although the Digital Age – including cybersecurity and information sharing – are becoming increasingly regulated, those regulations generally only give a trust anchor on the Why, but do not give guidance on the How. Member states that are obliged to organise the How are generally also still struggling with the questions raised above. Society, industry, economy and any sector can not wait. We need to team up, lead the way, lead, share, learn, and continuously improve.

The Dynamics of Cybersecurity Threat Intelligence

The dynamics of cybersecurity, threat intelligence, clearing houses and their various cybersecurity communities are to an already impressive extent captured, orchestrated and deployed by means of the CONCORDIA Platform for Threat Intelligence, which platform consists of three (3) core actionable components: MISP, Incident Clearinghouse and DdoS-Clearinghouse.

The dynamics of cybersecurity, threat intelligence and its communities – and the impact of both providing threat intelligence as well as knowing about it and using it – augment the fact that one needs to have a high level of trust in the professionals and organisations participating – which do not always know each other –, trust in the threat intelligence and related information and data they share, and trust in what others will do with it.

In brief, the many questions raised above, as well as other considerations need to be arranged for, and been brought into the game of threat intelligence. All this, without making the arrangements difficult to access, read, understand and appreciate, and without the need to having to negotiate, sign and manage bilateral agreements every time.

Trust-Augmenting Instrument, Fit for a Digital Sovereign Europe

Together with representatives of MISP, Incident Clearinghouse and DdoS-Clearinghouse that currently constitutes the CONCORDIA Platform for Threat Intelligence, an instrument has been developed:

  1. To help answer the questions raised above;
  2. To make those answer clear and readable;
  3. To otherwise help augment the information, awareness, adoption, usage and uptake of CONCORDIA Platform for Threat Intelligence, and;

To arrange for a dynamic framework, that further evolve in this digital Digital Age, and therefore is fit for a digital sovereign Europe, allies and friends.

Trusted Data Sharing, is Sharing based on Trust

Trusted intelligence sharing is sharing intelligence, based on trust. It’s not only about the intelligence or other information – and whether that can be trusted –. No, it start with trust; Am I informed and otherwise comfortable enough and do I therewith have the courage and confidence to become part of this community, and engage?

To bring it from a different perspective:

  1. Imagine you want to become a member of a sports team, a musical ensemble, an innovation hub, or interest group, to contribute, learn and otherwise engage.
  2. With that, you want to become part of a certain community, each with its specific habits, codes and rules to set clear expectations of the members of such community as well as protect the interests of both the community and each of the members separately, as well as society and the ecosystem within the community is operating.
  3. Imagine this is possible regarding sharing of threat intelligence and related trusted data sharing and engagement. Enter, the Dynamic Code of Engagement. A novel trust-augmenting and easy-to-use cybersecurity instrument.

The dynamics of the Digital Age deserve a dynamic framework of principle-based arrangements that are easy to read, understand, become part of and commit to. This, in order to be able to better collaborate, orchestrate and share data based on trust, transparency, appreciation, clear governance and co-accountability.

The Dynamic Code of Engagement will be made available later this year. So, stay tuned.