In Industrial Realm, Trustworthy Software Means Safety
Trustworthy software requires significant initial planning and a long-term perspective.
March 23, 2020
While many corporations struggle to win the trust of an ever more cynical public, the stakes are higher for industrial organizations that must rely on various software type.
Problematic software can cause operational downtime, intellectual property loss and, in some cases, life-threatening consequences.
There has been a recent uptick in interest in trustworthy software concerning the Internet of Things (IoT) and software quality in general. The fate of the digital economy depends on “individuals and organizations trusting computing technology.” But trust is “less sturdy” than it has been in the past, as the National Institute of Standards and Technology concluded in 2016.
In recent years, various organizations have made trustworthy software central to their mission. Founded in 2016, the U.K.-based not-for-profit Trustworthy Software Foundation drives best-practices in software development. Late last year, the Linux Foundation launched Project Alvarium, an initiative exploring mechanisms to support trust in heterogeneous systems, including IoT deployments and between diverse stakeholders. The Industrial Internet Consortium advocates the concept of trustworthiness in industrial IoT.
Outcomes to Avoid
A string of events serve as a warning of the risks of relying on untrustworthy industrial software, according to Bob Martin, co-chair of the Software Trustworthiness Task Group at Industrial Internet Consortium who coauthored the organization’s white paper “Software Trustworthiness Best Practices.”
In 2004, for instance, a software glitch caused air traffic control infrastructure and its backup system to shut down in Southern California, according to the L.A. Times. The error resulted in the diversion of 800 commercial airline flights after radio and radar equipment failed for more than three hours.
Other similarly themed stories include a computer-controlled radiation therapy machine that caused several deaths in the 1980s and a power outage in Tempe, Arizona, in 2007 that resulted from a misconfiguration by a vendor engineer.
“Real systems have been deployed in the industrial IoT space with the kinds of errors you don’t want to have on your résumé,” Martin said.
The explosion of connectivity and new applications in industrial IoT settings has increased the numbers of professionals creating and procuring software for critical processes. “People who are new to building systems with software or trying to make software resilient may not have run across these events in their education,” Martin said.
The variety of systems and operating environments involved with industrial IoT devices poses another challenge as it opens up the possibility of security- or safety-related risks, said Johannes Bauer, principal security adviser, identity management and security at UL. It also complicates the process of looking for faults in the various processing elements and code involved in a single project.
Creating a Common Trust Language
In the industrial realm, trustworthiness includes facets, including safety, security, privacy reliability and resilience. Trustworthy software can withstand environmental disturbances, human error, system faults and cyberattacks, according to the Industrial Internet Consortium.
Deploying software that can be trusted requires a comprehensive approach that spans the entire software lifecycle process, according to Simon Rix, product strategist at Irdeto. “You have to incorporate security early, and you have to work out how to automate it,” said Rix, who also co-wrote the IIC whitepaper.
Fostering conversation between those stakeholders can be challenging, however. “How do you get the businesspeople to speak in a way that the technical people can understand, and how do you keep the technological people from rushing off on their mission to design a product quickly?” Rix asked.
“The key is to address the whole life cycle, all the different software development methodologies, and to make sure you bring in the stakeholders of the business as well as the operators,” Martin said. “There’s a need for a translation key or Rosetta Stone for the different parties to be able to talk about what they care about where others around the table can see their perspectives as well.”
Frameworks Provide a Starting Point
A growing number of frameworks distill the subject of trust among various stakeholders, but instilling trust in software remains a complex proposition. “The use of the word ‘trust’ has so much variability that it’s almost a useless concept except it does let us have a dialogue,” Martin said.
Putting controls in place to optimize security and safety of industrial software is a vital first step. But cybersecurity processes need to be continually audited. “The concern I have is you can screw anything up,” said Chester Wisniewski, principal research scientist at Sophos. “For example, I can use [the Advanced Encryption Standard], but I can misuse it far more ways than I can use it correctly.” Wisniewski draws a parallel from retail. “A lot of stores that have chip readers for credit cards have a piece of cardboard with a sign that says, ‘Please swipe.’” he said. “Having chip readers doesn’t mean your credit card processing is secure if you don’t actually use [technology designed to limit fraud].”
Another pitfall is to focus on deploying secure software initially but not consider that it will become obsolete. “We differentiate between end of support and end of use. Just because the original creator may not support the software doesn’t mean that it turns into a salt pillar — that it is unusable,” Martin said.
Ironically, the topic of end-of-life software also underscores the importance of focusing on security considerations from the beginning. “If the software is critical to you, then put it in your contract to get rights to the source,” Martin advised.
Ultimately, understanding how software works in the real world requires long-term focus. “It isn’t magical. It reacts, interacts and sometimes needs to be replaced.”
About the Author
You May Also Like