Page 88 - Trust in ICT 2017
P. 88
1 Trust in ICT
requirements for governance of trusted inter-cloud, requirements for resiliency of trusted inter-
cloud.
The cloud group plans to develop trusted related documents such as trust cloud framework and functional
architecture for trusted cloud, etc.
9.1.3 New Question proposal on security and trust provisioning in IoT in SG20
At the opening plenary of SG20 in October 2015, a contribution to initiate new Question for security and trust
provisioning in IoT was presented. This Contribution highlights security and trust provisioning in IoT since
only the IoT security is not enough to support future converged service environments. In alignment with the
security matters led by SG17, it also provides the Question description for SG20 to have a leadership on all
the IoT issues concerning security and trust matters. SG20 did not take any decision and invited related
Contributions in the next meeting, which will be held in January 2016 for further detailed discussion.
9.2 Related standardization activities in other SDOs
9.2.1 Activities in Online Trust Alliance (OTA) for IoT
Introduction
This sub-section introduces the activities for IoT Trust by the Online Trust Alliance (OTA).
OTA is a non-profit organization with the mission to enhance online trust and address IoT risks
comprehensively. The framework presents guidelines for IoT manufacturers, developers and retailers to
follow when designing, creating, adapting and marketing connected devices in two key categories: home
automation and consumer health and fitness wearables.
Through extensive research, this taskforce concluded that the safety and reliability of any IoT device, app or
service depends equally on security and privacy, as well as a third, often overlooked component:
sustainability.
Without addressing sustainability, devices that may have been secure off the shelf will become more
susceptible to hacking over time. This could lead to hackers remotely opening garage doors and turning on
baby monitors that are no longer patched to infiltrating fitness wearables to spy on health vitals, or creating
mayhem by sabotaging connected appliances.
Although the IoT framework of OTA has identified various requirements, most of them can be seen as
reinterpretation of traditional security and privacy issues. Therefore, we can notice that trust in OTA includes
more broad range of scope covering security and privacy as well as regulatory issues.
Activities relating to Trust
The following requirements are the proposed baseline for any self-regulatory and/or certification program.
It should be noted in addition to what is outlined below, companies must adhere to all regulatory
requirements as they pertain to where their users or consumers reside, including but not limited to breach
notification, disclosure requirements, child protection, anti-spam and related consumer protection laws and
regulations [107],[108],[109].
(1) User should be informed about privacy policy prior to product purchase, download or activation and
be easily discoverable to the user.
Target is to provide the consequences of declining or opt-in policies, including the impact to usage
of main product features or functionality. This can be done in many ways including but not limited
to following options, a short notice on product packaging, providing an online link to privacy policy
or in welcome information pack.
(2) To maximize the clarity and readability, display of policy must be optimized to user interface.
The working group encourage a short-layered format to resent policies to match with the user
interface.
80
