Cyber security for complex networks
Self-driving cars can no longer be viewed as a single system. These are cars with complex computer systems that independently make countless connections with the driver, with other vehicles, with the immediate environment and with various communication systems and networks.
What is zero trust?
Zero Trust works on the basis of 'never trust, always verify'. Whereas in the past certain connections were always open to certain users, in a zero trust design there is no prior assumption as to the degree of trustworthiness of who wants access; be it organisations, users, hosts or datasets.
Decentralised design on the basis of zero trust
By decentralising the design of an IT architecture and thus dividing the design into a number of clear sub-divisions (each with its own responsibilities), an overview can be created. This provides certainty regarding the security of each sub-part, the connections which are relevant to this sub-part and how they can be protected. In this way, an organisation can get a better grip on possible attacks because they can already monitor them within a smaller sub-part. All of this is done on the basis of the Zero Trust philosophy. The foundation for Zero Trust is ‘never trust, always verify’. Whereas certain connections were always open to certain users in the past, a Zero Trust design has no prior assumptions on the degree of reliability regarding those who want access – regardless of whether this concerns organisations, users, hosts or datasets.
Implied trust zones methodology
Dividing an IT design into sub-parts
In the TNO Implied Trust Zones methodology, an IT architecture goes from a centralised process (with one architect at the helm) to a decentralised process with several responsible parties. The relationships and connections are clearly visualised and the system is set up through a series of separate Implied Trust Zones. As an example from the automotive industry, take a car that communicates with surrounding cars, traffic lights, road information, weather information and traffic information in order to drive safely and autonomously in as optimal a manner as possible (or: to support the driver). While this is very complex as a whole, the individual parts can remain clear with the right methodology.
Due to the decentralised design, individual components can now also be tested and validated separately. In other words, a smart traffic light can be deemed secure without the need to test all other connected systems (cars, other infrastructure) as well.
The method is currently being tested in the automotive industry within the SECREDAS project, and a healthcare case is being developed.
Potential impact for organisations
More secure and resilient: This methodology offers major advantages because the architecture becomes clear, processes remain transparent and responsibilities are straightforward. An architecture with a decentralised design conducts analyses more easily and acts faster and more effectively in the event of possible attacks. The Implied Trust Zones methodology ensures that the impact of an incident is kept to a minimum.
Better designs lead to a safer and more flexible environment: The method helps to identify and correct ‘errors’ and shortcomings in IT designs from the outset AND helps to better plan urgent measures to be taken, including where they best fit into the architecture.
The Implied Trust Zones methodology is applicable in many areas of cybersecurity:
- For more secure information transactions, such as for financial or governmental organisations.
- For chain partners: organisations that have to work together and where information is frequently passed on, particularly when privacy and security are important.
- For organisations where the design of an IT architecture is large and complex, which could concern policy, people, suppliers, digital services, etc.
But the methodology also quickly helps to provide answers to questions such as:
- How do you debug a security architecture?
- Systems-of-systems: is the security solution in the right place?
- Secure and flexible infrastructures: how do you design them?
TNO has the unique expertise to advise on tailor-made solutions. If you want to work with us and/or learn more about the Implied Trust Zones methodology, please contact Mark Buningh.