Common use of Types of threats Clause in Contracts

Types of threats. As shown in Figure 13, in a 5G (or 4G) network, trust relationships exist between Stakeholders, but in most cases the trustor is trusting technology assets for which the trustee is responsible. Thus the Service Provider trusts the Subscriber to use only compliant equipment, while the Subscriber trusts the Service Provider to protect their data in the Home Network Domain, and to make arrangements for adequate and trustworthy coverage by Access Network Domains. Unfortunately this makes the business of identifying threats quite difficult, because one must consider a wide range of possible ways in which the trustworthiness of the equipment (hardware and software) might fall short of expectations. It makes sense to distinguish several broad classes of potential threats:  Malicious stakeholders: threats representing the possibility that one Stakeholder may act against the interests of another;  Non-malicious actions: threats representing possible adverse consequences caused inadvertently by the action of Stakeholders or their technological proxies, including user errors.  Malicious attacks: threats representing the possibility that technology operated by a Stakeholder may be subverted by an external attacker, and made to act against the interests of the operator or some other Stakeholder.  Internal failures: threats representing faults in systems or processes that may arise without external cause, but which may degrade the system to the detriment of one or more Stakeholders.  External disasters: threats representing damage from non-malicious external causes, such as natural disasters. These threats usually cannot be prevented, but mitigation of the consequences may be possible and in some cases desirable. To this we should add two more classes of threats:  Threats to stakeholder trust: representing the effect of adverse experiences on the stakeholder’s propensity to continue trusting and using a system.  Threats from stakeholder distrust: representing the effect on the system should a stakeholder lose trust and withdraw from the system. Examples of these last two broad classes were found in FP7 OPTET when analysing threats to a proposed Ambient Assisted Living system to support elderly patients. In that case having too many false alarms was identified as potentially reducing the trust of carers, and that distrust may lead to them failing to respond to a genuine alarm. In the context of 5G networks, similar problems might arise if an ad-hoc rural access network provider experienced a high level of attacks from malicious devices, and this led them to withdraw service in an area where no other access networks were operating. From a trust modelling perspective, these last two classes of threat are very significant, because they relate directly to trust decisions and their consequences.

Types of threats. As shown in Figure 13, in a 5G (or 4G) network, trust relationships exist between Stakeholders, but in most cases the trustor is trusting technology assets for which the trustee is responsible. Thus the Service Provider trusts the Subscriber to use only compliant equipment, while the Subscriber trusts the Service Provider to protect their data in the Home Network Domain, and to make arrangements for adequate and trustworthy coverage by Access Network Domains. Unfortunately this makes the business of identifying threats quite difficult, because one must consider a wide range of possible ways in which the trustworthiness of the equipment (hardware and software) might fall short of expectations. It makes sense to distinguish several broad classes of potential threats:  • Malicious stakeholders: threats representing the possibility that one Stakeholder may act against the interests of another;  • Non-malicious actions: threats representing possible adverse consequences caused inadvertently by the action of Stakeholders or their technological proxies, including user errors.  • Malicious attacks: threats representing the possibility that technology operated by a Stakeholder may be subverted by an external attacker, and made to act against the interests of the operator or some other Stakeholder.  • Internal failures: threats representing faults in systems or processes that may arise without external cause, but which may degrade the system to the detriment of one or more Stakeholders.  • External disasters: threats representing damage from non-malicious external causes, such as natural disasters. These threats usually cannot be prevented, but mitigation of the consequences may be possible and in some cases desirable. To this we should add two more classes of threats:  • Threats to stakeholder trust: representing the effect of adverse experiences on the stakeholder’s propensity to continue trusting and using a system.  • Threats from stakeholder distrust: representing the effect on the system should a stakeholder lose trust and withdraw from the system. Examples of these last two broad classes were found in FP7 OPTET when analysing threats to a proposed Ambient Assisted Living system to support elderly patients. In that case having too many false alarms was identified as potentially reducing the trust of carers, and that distrust may lead to them failing to respond to a genuine alarm. In the context of 5G networks, similar problems might arise if an ad-hoc rural access network provider experienced a high level of attacks from malicious devices, and this led them to withdraw service in an area where no other access networks were operating. From a trust modelling perspective, these last two classes of threat are very significant, because they relate directly to trust decisions and their consequences.