Page 251 - Trust in ICT 2017
P. 251
Trust in ICT 5
Risks at the physical world: Devices and sensors have been more and more integrated to ICT
infrastructures which are sometimes unrecognized by humans. The physical components are usually
resource-constrained, computation-limited, and resulting in poor security mechanisms implemented.
Thus, they are vulnerable to both external and internal attacks.
Risks at the cyber world: The number of vulnerabilities, threats, and cyber-attacks is increased in
cyberspace. Cyber security and privacy mechanisms should protect both networks and services from
unauthorized access. However, the large-scale data collection and data analytics can pose critical
privacy, security, and trust issues. The risks of unanticipated uses of consumer data (such as human life
and business behaviours) may be outstanding.
Risks at the social world: Social networking services have given rise to numerous online communities
and people use them as a communication medium. Also, social networking services try to connect as
many people as possible. Since many people share their private activities on the social networks, their
private information is propagated to others outside community. On the other hand, artificial intelligence
or social internet of things, which try to mimic human, also have unexpected risks.
Risks from the integration of the physical, cyber, and social worlds: In ICT infrastructures and services,
entities in the physical, cyber, and social worlds are integrated. Cyber-physical system (CPS) cannot be
fully operable if a physical world and a cyber world have some mismatch. If the malfunction of a physical
system does not notify at the responsible entities in the cyber world, there are some risks to prevent
safety in the physical world. Moreover, without recognizing a set of rules and external conditions of CPS,
both humans and devices may understand or perceive CPS operations incorrectly, which may result on
risks or failures of the integrated environment. Unintentional or intentional errors as well as mismatch
of the integrated environment may be a primary cause or a contributing factor in risks and accidents.
Risks at data, information, knowledge, and wisdom process: ICT infrastructures and services provide
1
data, information, knowledge, and wisdom (DIKW) process. As numerous data is generated, the
number of erroneous data is also increasing. Malfunction of DIKW process, which may be caused by
malicious inputs, misbehaviour of process itself, or unintended/intended manipulation, etc., creates
false or biased results. There are also unidentified risks about entities, which produce and utilize DIKW.
NOTE – Detailed potential risks are explained in Appendix I.
ICT has an important role for the increasing interconnectivity in physical, cyber, and social worlds. However,
the lack of trust have been invoked various problems as aforementioned. The large-scale data acquisition
from sensors and devices in the physical world impose many issues, ranging from risks of unanticipated uses
of consumer data offered by stakeholders to undesirable discrimination enabled by data analytics. If all the
entities in ICT infrastructures and services are exploited for malicious intentions, it irreparable damage and
uncertain dangers may be happened. Therefore, it is important to build the trusted ICT infrastructure to
minimize the unexpected risks and maximize the survivability of physical, cyber, and social worlds.
The concept of trust infers belief and confidence, which the functional entities in ICT infrastructures and
services will behave in expected ways. As ICT-based applications and services will scale over other industrial
domains and involves multiple stakeholders, trust evaluation for corresponding value chains of business, as
well as for system and component levels in a holistic manner may enable the users to have confidence on
their services and applications. Consequently, the trust provisioning is one of the most important functional
capabilities in the ICT infrastructures and services.
1 DIKW (Data, Information, Knowledge and Wisdom) [b-Rowley]: This refers loosely to a class of models for representing purported
structural and/or functional relationships between data, information, knowledge, and wisdom. “Typically information is defined in
terms of data, knowledge in terms of information, and wisdom in terms of knowledge.”
243