Threat Modeling of Cyber-Physical Systems in Practice

“…While there are many methods proposed in the literature, few methods are used in practice (e.g., STRIDE, LINDDUN). The study ( Jamil et al, 2021 ) shows that when performing CPSs threat modeling, some practitioners use known methods then elaborate on them based on their experience. As per the same study, practitioners also combine known methods and approaches, and they sometimes use their own risk assessment techniques in CPSs threat modeling, which indicates a need for creating a more structured methodology that could be widely used in organizations.…”

“…Despite being a well-known practice in IT systems, threat modeling has not been widely adapted to the life-cycle of CPSs. One of the main reasons is that although the existing threat modeling methods guide well in identifying the information-centric results in software-based systems, they are not well-equipped for exploring the interaction between cyber and physical spaces within the framework of CPSs ( Fernandez, 2016;Jamil et al, 2021 ).…”

“…Threat modeling methods (e.g., STRIDE) do not have strong threat enumeration constructs beyond their system models. Thus, the success of the threat elicitation usually depends on the experience of the experts involved in the work ( Jamil et al, 2021;Scandariato et al, 2015 ). However, a knowledge base in the form of threat databases, attack lists/taxonomies, or vulnerability databases is an essential construct that increases the outcome quality of the threat enumeration and partly eliminates the dependence on highly-experienced experts.…”

Threat Modeling of Cyber-Physical Systems - A Case Study of a Microgrid System

“…While there are many methods proposed in the literature, few methods are used in practice (e.g., STRIDE, LINDDUN). The study ( Jamil et al, 2021 ) shows that when performing CPSs threat modeling, some practitioners use known methods then elaborate on them based on their experience. As per the same study, practitioners also combine known methods and approaches, and they sometimes use their own risk assessment techniques in CPSs threat modeling, which indicates a need for creating a more structured methodology that could be widely used in organizations.…”

“…Despite being a well-known practice in IT systems, threat modeling has not been widely adapted to the life-cycle of CPSs. One of the main reasons is that although the existing threat modeling methods guide well in identifying the information-centric results in software-based systems, they are not well-equipped for exploring the interaction between cyber and physical spaces within the framework of CPSs ( Fernandez, 2016;Jamil et al, 2021 ).…”

“…Threat modeling methods (e.g., STRIDE) do not have strong threat enumeration constructs beyond their system models. Thus, the success of the threat elicitation usually depends on the experience of the experts involved in the work ( Jamil et al, 2021;Scandariato et al, 2015 ). However, a knowledge base in the form of threat databases, attack lists/taxonomies, or vulnerability databases is an essential construct that increases the outcome quality of the threat enumeration and partly eliminates the dependence on highly-experienced experts.…”

Threat Modeling of Cyber-Physical Systems - A Case Study of a Microgrid System