A Report of the Lawfare Institute’s Trusted Hardware and Software Working Group
In a world of growing dependence on technology, consumers of information and communications technology (ICT) goods face increasingly important questions: How, and to what extent (if any), can they be confident that the systems on which they rely are worthy of trust? At the most basic level, when we determine the trustworthiness of a digital artifact (a component, a device, or a system), we are attempting to describe that artifact in terms of its security.
We say that a digital artifact that does what is expected of it and nothing more is trustworthy. The challenge is not so much in defining the desired end-state of trustworthiness but, rather, in defining how it is that one may demonstrate trustworthiness to a skeptical world. In modern systems, all artifacts are the sum of multiple parts—so the inquiry of trustworthiness is an inquiry into creation, into assembly out of diversely produced components, into distribution, and into use. In effect, it is to ask about the entire supply chain of ICT goods from conception to consumption.