After being withdrawn shortly after publication, NIST’s white paper draft on IoT trust concerns is now available for public comment until November 16th. The 50-page document introduces the concept as follows:
Trust is viewed as a level of confidence. In this publication, trust is considered at two levels: (1) whether a “thing” or device trusts the data it receives, and (2) whether a human trusts the “things,” services, data, or complete IoT offerings that it uses. In this document, we are more focused on [human trust].
The paper identifies 17 somewhat overlapping technical concerns “that can negatively affect one’s ability to trust IoT products and services”:
Overwhelming Scalability – Mass proliferation of inexpensively-produced IoT functionality results in feature bloat and spiralling complexity
Heterogeneity – Diversity of interoperating devices creates unforeseen security and reliability issues
Loss of Ownership and Control – IoT functionality provided by third-party vendors can lead to security, reliability issues
Composability, Interoperability, Integration, and Compatibility – Hardware and software components are inherently liable to malfunction
Abundance of “Ilities” – The challenge of achieving quality standards when many are inherently in conflict, or difficult to measure
Synchronization – Abundant IoT activity occurring in parallel produces synchronization anomalies, affecting performance and security
Lack of Measurement – Trust-related metrics and measurements are still lacking in the IoT sector
Predictability – Components in IoT devices can interact unpredictably, confounding design efforts
Testing and Assurance – The IoT creates additional testing challenges, due to their degree of interdependency and lack of transparency
Lack of Certification Criteria – The processes of certification often clash with business priorities and interests
Security – Stringent security considerations in IoT design, operations and maintenance, usually clash with business priorities and interests
Reliability – It is almost impossible to guarantee that an IoT device will optimally handle any event thrown at it
Data Integrity – Data’s accuracy, fidelity, availability and security
Excessive Data – Excessive amounts of diverse data can rarely be perfectly managed
Speed and Performance – Top computational performance inhibits ability to log and audit transactions, and affects responses to failure
Usability – User experience is often constrained by small displays or remote-only operation
Visibility and Discovery – IoT devices are notorious for operating discreetly and opaquely
Further:
Appendix A reviews the impact that many of the 17 technical concerns have on insurability and risk measurement. Appendix B discusses how a lack of IoT regulatory oversight and governance affects users of IoT technologies by creating a vacuum of trust in the products and services that they can access.
To submit a comment on this white paper, email [email protected]