One key driver is Section 14a of the German Energy Industry Act (EnWG), which aims to use small, building-level installations (heat pumps, home batteries, EV chargers, etc.) in a grid-supportive way. For this, grid operators must rely on systems that they do not own and that are connected via public telecom networks, in contrast to the traditional situation where almost only their own, tightly controlled components and communication networks are used. At the same time, the number and sophistication of cyberattacks are rising, increasing the risk of manipulation of components and data and undermining the previous default trust in process data.

Today, monitoring is typically split into silos: energy management systems (EMSs) observe grid operation, while security operation centers (SOCs) monitor IT security. Legal constraints and missing domain knowledge often prevent SOCs from comprehensively monitoring building-side or telecom assets; EMSs in turn lack the security context from SOCs to properly interpret alarms. In future smart cities with many automated buildings – some of them critical infrastructure – and customer-owned components such as smart metering systems, this tension will increase further. This creates the need for a shared, technical notion of “trust” that goes beyond pure information security and also includes, among others, safety, reliability, and credibility, as well as mechanisms for exchanging such trust information across domains and organizational boundaries.

TRACEY develops a cross-domain, multivariate trust ontology together with software systems that implement it. These are intended to continuously assess technical trust in components, data, services, and entire systems during operation, to aggregate this into trust scores, and to trace back where loss of trust originates. The ontology is designed to be reusable across different domains; in the project, power systems, building automation, and telecommunications are examined together as a multi-domain setting. Demonstrators will show how very heterogeneous data sources can be transformed into a coherent technical trust picture. TRACEY focuses on modeling, measuring, and representing technical trust.

TRACEY builds on zero-trust architecture concepts (“never trust – always verify”) and turns them into an explicit, multivariate trust ontology. At its core the a so-called Trust Assessment Pyramid:

• At the bottom are domain-specific objects of interest, (systems, components, or data).
• These objects are enriched with many kinds of trust-relevant information, for example identities, configuration and patch levels, communication patterns, measurement and operational data, and traditional security-monitoring results.
• Transformation functions convert these heterogeneous inputs into trust values and assign them to so-called trust facets, such as security.

This yields a multidimensional concept of trust where an object is not merely “trusted or not,” but is evaluated along several facets. Domain-specific systems like EMS, BMS, and NMS make use of the ontology to capture trust in real time, provide better context for events, and exchange trust information across domains in a semantically interpretable way. At the same time, aggregation into trust scores is designed to keep information loss low and to preserve access to the underlying detailed trust inputs.