Trust is fundamental to the sustainability of digital services – here’s a look at initiatives from around the world to further trust and the global digital economy.
This is the second article in a three-part series summarizing TM Forum’s new technical report Digital trust challenges and opportunities. The first explained what digital trust is and the role for communications service providers (CSPs). This one looks back at efforts (and failure) to establish digital trust and offers a vision for the future. The final article will highlight the digital trust roadmap of challenges.
When the commercial internet was developed, the need for digital trust was generally recognized. For example, the International Telecommunication Union’s X.509 certificate specification – the standard that defines the format of public key certificates – assumes that a trust mechanism exists, even though it’s outside the scope of the protocol to develop it.
Since the late 1990s, the US National Institute of Standards and Technology (NIST) has been sponsoring research on digital trust. In 2001, the IEEE began hosting TrustCom, its annual International Conference on Trust, Security, and Privacy in Computing and Communications.
China and the EU also have been funding ongoing research into digital trust since the early 2000s. (China has hosted TrustCom more often than any other nation.)
In 2002, Microsoft established the Trustworthy Computing initiative (TwC) to increase the level of trustworthiness of Microsoft platforms after an increasing number of cybersecurity incidents. An outcome of the initiative was development of the Security Development Lifecycle (SDL – see graphic), which Microsoft has instituted as a company-wide, mandatory policy.
Despite these activities to establish digital trust capabilities, cyberattacks have accelerated in frequency and severity. Recent high-profile breaches in the US alone have included Target, Home Depot, Yahoo, and the 2016 US elections.
Without digital trust capabilities, the internet and the World Wide Web are becoming exponentially less trustworthy as their size increases, and the repercussions are serious. Cybersecurity Ventures predicts that global annual cyber crime costs will increase from $3 trillion in 2015 to $6 trillion annually by 2021. And according to the 2017 Edelman Trust Barometer, the general population’s trust in four key institutions – business, government, non-government organizations (NGOs) and media – is declining broadly.
“With the fall of trust, the majority of respondents now lack full belief that the overall system is working for them,” the Barometer states. “In this climate, people’s societal and economic concerns, including globalization, the pace of innovation and eroding social values, turn into fears, spurring the rise of populist actions now playing out in several Western-style democracies.”
Where do we go from here?
As digital platforms, digital ecosystems and value fabrics increase in number, size and complexity, risks for security, privacy, safety, reliability and resilience increase exponentially. Collaboration is necessary to mitigate the risks and develop digital trust.
A number of efforts are underway to increase collaboration and build the framework for digital trust, and TM Forum’s work on digital trust draws from all of them.
- NIST has established the Cyber-Physical Systems Public Working Group (CPS PWG), which explores how security, privacy, safety, reliability, resilience and assurance all contribute to the trustworthiness of digital information, devices, systems and networks. The group, which is open to all, collects input from people and organizations involved in cybersecurity worldwide.
- Jeffrey Ritter, Digital Information Expert & External Lecturer, University of Oxford, has proposed a conceptual model for digital trust management that explores the definition of trust and digital trust.
“Trust is the affirmative output of a disciplined, analytical decision process that measures and scores the suitability of the next actions taken by you, your team, your business, or your community; trust is the calculation of the probability of outcomes,” explains Gene Glaudell, former Tesla CIO, Founder of Gn0man and a lead contributor to the new TM Forum report. “Digital trust is authentic trust in the digital information and the devices, systems, and networks…that you access to do your job.”
- Smart contracts, which combine protocols with user interfaces to formalize and secure relationships over computer networks, are now being implemented using Blockchain and distributed ledger technology. Initially proposed in 1997 by Nick Szabo, a computer scientist, legal scholar and cryptographer known for his research in digital contracts and digital currency, smart contracts promise to be a key enabling technology for implementing digital trust.
A vision for digital trust
During the past year, the TM Forum Privacy Project team has worked with Forum members to articulate a vision of the digital trust capabilities necessary to realize the full potential of digital platforms, ecosystems and value fabrics. This vision includes the following goals:
- People, organizations and systems down to the device level can make informed trust decisions in a timely fashion
- Trust decisions are supported by a common language and standards for information, capabilities and open application program interfaces.
- Platforms, digital ecosystems, value fabrics and their participants transparently share trustworthy information on offerings, capabilities and past performance to enable informed trust decisions.
- The IoE realizes its full potential through the possibility of low-friction trust decisions.
The next article in the series will explore these goals in more detail as we look at the digital trust roadmap of challenges. The full technical report Digital trust challenges and opportunities is available for all employees of TM Forum member companies to download by registering on our website.