Draft:Trustworthiness (technical system)

Trustworthiness is the degree of confidence one has that a technical system performs as expected with characteristics including safety, security, privacy, reliability and resilience in the face of environmental disturbances, human errors, system faults and attacks.

History
Trustworthiness of a technical system was first time described by the Committee on Information Systems Trustworthiness at 1999, published by Fred B. Schneider. The purpose of this committee was mostly addressing challenges of cyber-connected IT systems (websites etc). Its definition of trustworthiness was: "Trustworthiness is assurance that a system deserves to be trusted—that it will perform as expected despite environmental disruptions, human and operator error, hostile attacks, and design and implementation errors. Trustworthy systems reinforce the belief that they will continue to produce expected behavior and will not be susceptible to subversion."

The National Institute of Standards and Technology (NIST) redefined trustworthiness for the challenges of cyber-physical systems (CPS) and the IoT systems. NIST introduced trustworthiness to a wider public in 2016 with a workshop having the title Exploring the Dimensions of Trustworthiness: Challenges and Opportunities with a keynote of Vint Cerf. The Industrial Internet Consortium (IIC) refined the NIST definition (ref: Vocabulary). The first IIC publication with a detailed introduciton ws the IISF (ref: IISF). A short introduction into trustworthiness is in the IIC Journal of Innovation article A Short Introduction into Trustworthiness, an overview about the definition and the usage can be found in the Trustworthiness Framework Foundations document ''. Trustworthiness of software is introduced in the ''Software Trustworthiness Best Practices paper.

Usage of Trustworthiness
An important area for Trustworthiness is the operation of industrial systems and Supply Chain of Goods and Services.

IT/OT Convergence
Trustworthiness can be used to understand the challenges when IT-technology and OT-technology merges together in IIoT systems - named as IT/OT Convergence. [TBA]

Software Trustworthiness
Most control systems and SCADA systems are heavily loaded and controlled by software. Software is critical to security attacks and probably responsible for safety operations. In general software needs to be reliable and protect the privacy of users (employees) and probably customers (like patients in a hospital). Finally software should also work in disrupted situations, so resilience of the used operation (especially in safety) is required.

Trustworthiness in Digital Twins
Digital Twins are interacting each other. For that they will need a level of trust. This includes reliability, resilience, privacy and security, not so much safety, except their usage is in safety-environments. Especially Digital Twins as part of a system of systems have to trust each other. For this the model of trustworthiness is very helpful.