Informatietype:
Project
Thema:
Zero trust
Unit:
ICT, Strategy & Policy

Cyber security for complex networks

Self-driving cars can no longer be viewed as a single system. These are cars with complex computer systems that independently make countless connections with the driver, with other vehicles, with the immediate environment and with various communication systems and networks.

What is zero trust?

Zero Trust works on the basis of 'never trust, always verify'. Whereas in the past certain connections were always open to certain users, in a zero trust design there is no prior assumption as to the degree of trustworthiness of who wants access; be it organisations, users, hosts or datasets.

We want to be sure that these connected systems are reliable. As a result, IT Security Architects must work in a more intricate manner, as the interconnected networks are becoming too complex to oversee as a whole.

Decentralised design on the basis of zero trust.

Decentralised design on the basis of zero trust

By decentralising the design of an IT architecture and thus dividing the design into a number of clear sub-divisions (each with its own responsibilities), an overview can be created. This provides certainty regarding the security of each sub-part, the connections which are relevant to this sub-part and how they can be protected. In this way, an organisation can get a better grip on possible attacks because they can already monitor them within a smaller sub-part. All of this is done on the basis of the Zero Trust philosophy. The foundation for Zero Trust is ‘never trust, always verify’. Whereas certain connections were always open to certain users in the past, a Zero Trust design has no prior assumptions on the degree of reliability regarding those who want access – regardless of whether this concerns organisations, users, hosts or datasets.

Implied trust zones methodology

In the TNO Implied Trust Zones methodology, an IT architecture goes from a centralised process (with one architect at the helm) to a decentralised process with several responsible parties. The relationships and connections are clearly visualised and the system is set up through a series of separate Implied Trust Zones. As an example from the automotive industry, take a car that communicates with surrounding cars, traffic lights, road information, weather information and traffic information in order to drive safely and autonomously in as optimal a manner as possible (or: to support the driver). While this is very complex as a whole, the individual parts can remain clear with the right methodology.

Due to the decentralised design, individual components can now also be tested and validated separately. In other words, a smart traffic light can be deemed secure without the need to test all other connected systems (cars, other infrastructure) as well.

The method is currently being tested in the automotive industry within the SECREDAS project, and a healthcare case is being developed.

More secure and resilient: This methodology offers major advantages because the architecture becomes clear, processes remain transparent and responsibilities are straightforward. An architecture with a decentralised design conducts analyses more easily and acts faster and more effectively in the event of possible attacks. The Implied Trust Zones methodology ensures that the impact of an incident is kept to a minimum.

Better designs lead to a safer and more flexible environment: The method helps to identify and correct ‘errors’ and shortcomings in IT designs from the outset AND helps to better plan urgent measures to be taken, including where they best fit into the architecture.

The Implied Trust Zones methodology is applicable in many areas of cybersecurity:

  • For more secure information transactions, such as for financial or governmental organisations.
  • For chain partners: organisations that have to work together and where information is frequently passed on, particularly when privacy and security are important.
  • For organisations where the design of an IT architecture is large and complex, which could concern policy, people, suppliers, digital services, etc.

But the methodology also quickly helps to provide answers to questions such as:

  • How do you debug a security architecture?
  • Systems-of-systems: is the security solution in the right place?
  • Secure and flexible infrastructures: how do you design them?

Collaboration

TNO has the unique expertise to advise on tailor-made solutions. If you want to work with us and/or learn more about the Implied Trust Zones methodology, please contact Mark Buningh.

Get inspired

19 resultaten, getoond 1 t/m 5

Quantum Application Lab receives grant for quantum computing application development

Informatietype:
News
24 November 2023
The Quantum Application Lab (QAL), a public-private R&D partnership, has received the “Subsidie Economische Structuur en Arbeidsmarktversterking" (SESA) from the Amsterdam municipality.

Successful demonstration system for automated cyber security in healthcare

Informatietype:
News
20 October 2023

The future of cyber security: autonomous system of systems

Informatietype:
Insight
12 October 2023

TNO’s view of 2030: Digital privacy and security for everyone

Informatietype:
Insight
21 April 2023

The PQC Migration Handbook

Informatietype:
News
4 April 2023