Self-driving cars can no longer be viewed as a single system. These are cars with complex computer systems that independently make countless connections with the driver, with other vehicles, with the immediate environment and with various communication systems and networks. We want to be sure that these connected systems are reliable. As a result, IT Security Architects must work in a more intricate manner, as the interconnected networks are becoming too complex to oversee as a whole.

Decentralised design on the basis of zero trust.


Decentralised design on the basis of zero trust

By decentralising the design of an IT architecture and thus dividing the design into a number of clear sub-divisions (each with its own responsibilities), an overview can be created. This provides certainty regarding the security of each sub-part, the connections which are relevant to this sub-part and how they can be protected. In this way, an organisation can get a better grip on possible attacks because they can already monitor them within a smaller sub-part. All of this is done on the basis of the Zero Trust philosophy. The foundation for Zero Trust is ‘never trust, always verify’. Whereas certain connections were always open to certain users in the past, a Zero Trust design has no prior assumptions on the degree of reliability regarding those who want access – regardless of whether this concerns organisations, users, hosts or datasets.

Implied trust zones methodology

Dividing an IT design into sub-parts

In the TNO Implied Trust Zones methodology, an IT architecture goes from a centralised process (with one architect at the helm) to a decentralised process with several responsible parties. The relationships and connections are clearly visualised and the system is set up through a series of separate Implied Trust Zones. As an example from the automotive industry, take a car that communicates with surrounding cars, traffic lights, road information, weather information and traffic information in order to drive safely and autonomously in as optimal a manner as possible (or: to support the driver). While this is very complex as a whole, the individual parts can remain clear with the right methodology.

Due to the decentralised design, individual components can now also be tested and validated separately. In other words, a smart traffic light can be deemed secure without the need to test all other connected systems (cars, other infrastructure) as well.

The method is currently being tested in the automotive industry within the SECREDAS project, and a healthcare case is being developed.

Potential impact for organisations

More secure and resilient: This methodology offers major advantages because the architecture becomes clear, processes remain transparent and responsibilities are straightforward. An architecture with a decentralised design conducts analyses more easily and acts faster and more effectively in the event of possible attacks. The Implied Trust Zones methodology ensures that the impact of an incident is kept to a minimum.

Better designs lead to a safer and more flexible environment: The method helps to identify and correct ‘errors’ and shortcomings in IT designs from the outset AND helps to better plan urgent measures to be taken, including where they best fit into the architecture.

Application areas

The Implied Trust Zones methodology is applicable in many areas of cybersecurity:

  • For more secure information transactions, such as for financial or governmental organisations.
  • For chain partners: organisations that have to work together and where information is frequently passed on, particularly when privacy and security are important.
  • For organisations where the design of an IT architecture is large and complex, which could concern policy, people, suppliers, digital services, etc.

But the methodology also quickly helps to provide answers to questions such as:

  • How do you debug a security architecture?
  • Systems-of-systems: is the security solution in the right place?
  • Secure and flexible infrastructures: how do you design them?


TNO has the unique expertise needed to advise you on customised solutions.

If you would like to collaborate with us and/or learn more about the Implied Trust Zones methodology?

Please contact Mark Buningh


More tech? Smarter Cybersecurity!

Picture this: autonomous vehicles that only make secure connections to their environment; always receiving the best treatment in hospital while your privacy is guaranteed; carefree online business in which... Read more
Our work

Carefree entrepreneurship thanks to security monitoring and detection

Technology, data and data-driven solutions are becoming increasingly important to the functioning of our society. The Netherlands is experiencing rapidly growing digitalisation in terms of processes... Read more

Multi-party computation: optimising care by encrypting patient data

Healthcare costs in the Netherlands amount to 100 billion euros annually (10% of GDP) and are expected to rise to over 170 billion euros by 2040. It is essential to continue improving care and to keep... Read more
Our work

Cybersecurity by quantum - safe crypto

Picture this: a quantum computer exists which can handle complex problems that are practically unsolvable for today’s computers as the calculations would take centuries. Which contributes to new products... Read more
Our work

The Digital Resilience of The Netherlands

Our Dutch defence and security organisations, including the national police and the NCTV, are jointly responsible for our national security – including in the digital domain. In addition to the sea, land,... Read more