After being withdrawn shortly after publication, NIST’s white paper draft on IoT trust concerns is now available for public comment until November 16th. The 50-page document introduces the concept as follows:

Trust is viewed as a level of confidence. In this publication, trust is considered at two levels: (1) whether a “thing” or device trusts the data it receives, and (2) whether a human trusts the “things,” services, data, or complete IoT offerings that it uses. In this document, we are more focused on [human trust].

The paper identifies 17 somewhat overlapping technical concerns “that can negatively affect one’s ability to trust IoT products and services”:

Overwhelming Scalability – Mass proliferation of inexpensively-produced IoT functionality results in feature bloat and spiralling complexity

Heterogeneity – Diversity of interoperating devices creates unforeseen security and reliability issues

Loss of Ownership and Control – IoT functionality provided by third-party vendors can lead to security, reliability issues

Composability, Interoperability, Integration, and Compatibility – Hardware and software components are inherently liable to malfunction

Abundance of “Ilities” – The challenge of achieving quality standards when many are inherently in conflict, or difficult to measure

Synchronization – Abundant IoT activity occurring in parallel produces synchronization anomalies, affecting performance and security

Lack of Measurement – Trust-related metrics and measurements are still lacking in the IoT sector

Predictability – Components in IoT devices can interact unpredictably, confounding design efforts

Testing and Assurance – The IoT creates additional testing challenges, due to their degree of interdependency and lack of transparency

Lack of Certification Criteria – The processes of certification often clash with business priorities and interests

Security – Stringent security considerations in IoT design, operations and maintenance, usually clash with business priorities and interests

Reliability – It is almost impossible to guarantee that an IoT device will optimally handle any event thrown at it

Data Integrity – Data’s accuracy, fidelity, availability and security

Excessive Data – Excessive amounts of diverse data can rarely be perfectly managed

Speed and Performance – Top computational performance inhibits ability to log and audit transactions, and affects responses to failure

Usability – User experience is often constrained by small displays or remote-only operation

Visibility and Discovery – IoT devices are notorious for operating discreetly and opaquely


Appendix A reviews the impact that many of the 17 technical concerns have on insurability and risk measurement. Appendix B discusses how a lack of IoT regulatory oversight and governance affects users of IoT technologies by creating a vacuum of trust in the products and services that they can access.

To submit a comment on this white paper, email [email protected]