MILS: Business, Legal and Social Acceptance

This document is the result of EURO-MILS Work Package 1.3. The objective of the WP is to analyse the business impact of trustworthy ICT for networked high-criticality systems. A multistep work has be done to make a quantitative and qualitative analysis of the different markets and understand the potential of exploitation. It has analysed how security requirements vary from a business (companies) and a social (consumer) point of view. It has analysed the legal implications (national certification authority) of high-assurance cross-European certification.

During the project, we have performed the following tasks:

1. We started the analysing by studying the business requirements and values for multiple independent levels of security in the core markets, defence, avionic, and automotive those require virtualised high-demand critical systems. For that matter, we interviewed face to face the business partners of the project. Along with defining their business requirements, they help to define a questionnaire that has been used in the following steps.
2. We extended the analysis to adjacent markets such as medical, finance, utilities, industries network and communication. All these market deploy embedded systems with high level of security. For example, medical devices become more sophisticated and need to integrate wireless communication, security protocols, USB connectivity, persistent storage, and portable touch screens. Smart meters are being deployed by utility companies in client house and need embed security mechanisms such as worm prevention, or end-to-end data encryption. As Information security research is one of the most intrusive types of organisation research[1], we have focused on a few, selected firms with whom the project team members have developed an excellent rapport and trust. To interact with the selected professionals in the adjacent markets, we ran phone interviews and web surveys. We leveraged the questionnaire elaborated in step 1.
3. We then finish the evaluation in analysing the business impacts and requirement in the consumer market, for example mobile devices. Today, mobile phones run complex multimedia operating systems and require an environment that guarantees the security of critical information and applications without compromising the user experience. We setup a web survey to interact with professionals in enterprises and governments. A partnership with a specialised press media has been established to extend the market responses to the consumer space. To consolidate the results of the study, we ran a Big Data analysis to listen to potential consumers.
4. We analysed legal implications of trustworthy ICT for networked high-criticality systems. In this project, we worked on standardisation to provide an abstract description (“Protection Profile”) of the concrete MILS implementation in the Common Criteria for Information Technology Security (CC) framework. In the context of this project, we therefore analysed the economic value of standardisation and tried to confirm results coming out previous studies such as “Economic benefits of standardization” (Commissioned by DIN in 2000) or “The Empirical Economics of Standards” (Commissioned by the UK Department of Trade and Industry in 2006).

The following document represents the results of these tasks.

• Part I defines the project terminology. As often in information and telecommunications technologies, generic concepts as trustworthiness, security, and safety have different meanings for markets, providers and consumers. The meaning of the terms varies considerably from one context to another. So, it is an important starting point to define the common vocabulary when discussing with experts in different technical domains or even with simple end-user consumers.
• Part II presents the results of the business impact analysis of MILS cross-sectorally beyond the avionics and automotive sectors. MILS is a platform that allows the horizontal integration, which is more open than vertically stacked products. In every industry sector, a trend to such horizontal platforms has been observed. We investigated the business value of a trustworthy ICT from a horizontal platform perspective and identified market requirements of MILS systems
• Part III presents the results of the social impact analysis with a strong focus on consumers. Using a survey, we questioned consumers on their security awareness and practices. We wanted to understand the main security expectations when buying and using a connected device such as a smartphone. We also listened to what consumers where saying on the connected device and security theme using a Big Data analysis. . 
• Part IV presents the results of the legal impact analysis of a certified platform with a specific focus on the new paradigm of the Internet of Things and its legal implications and issues.
• Part V concludes this work.