Threat Modeling of Cyber-Physical Systems in Practice

03/07/2021
by   Ameerah-Muhsinah Jamil, et al.
0

Traditional Cyber-physical Systems(CPSs) were not built with cybersecurity in mind. They operated on separate Operational Technology (OT) networks. As these systems now become more integrated with Information Technology (IT) networks based on IP, they expose vulnerabilities that can be exploited by the attackers through these IT networks. The attackers can control such systems and cause behavior that jeopardizes the performance and safety measures that were originally designed into the system. In this paper, we explore the approaches to identify threats to CPSs and ensure the quality of the created threat models. The study involves interviews with eleven security experts working in security consultation companies, software engineering companies, an Original Equipment Manufacturer (OEM),and ground and areal vehicles integrators. We found through these interviews that the practitioners use a combination of various threat modeling methods, approaches, and standards together when they perform threat modeling of given CPSs. key challenges practitioners face are: they cannot transfer the threat modeling knowledge that they acquire in a cyber-physical domain to other domains, threat models of modified systems are often not updated, and the reliance on mostly peer-evaluation and quality checklists to ensure the quality of threat models. The study warns about the difficulty to develop secure CPSs and calls for research on developing practical threat modeling methods for CPSs, techniques for continuous threat modeling, and techniques to ensure the quality of threat models.

READ FULL TEXT
research
04/30/2020

Fundamental Challenges of Cyber-Physical Systems Security Modeling

Systems modeling practice lacks security analysis tools that can interfa...
research
01/24/2022

STRIDE-based Cyber Security Threat Modeling for IoT-enabled Precision Agriculture Systems

The concept of traditional farming is changing rapidly with the introduc...
research
04/07/2022

cyberaCTIve: a STIX-based Tool for Cyber Threat Intelligence in Complex Models

Cyber threat intelligence (CTI) is practical real-world information that...
research
05/28/2019

On Evaluating the Effectiveness of the HoneyBot: A Case Study

In recent years, cyber-physical system (CPS) security as applied to robo...
research
05/06/2023

Leveraging Semantic Relationships to Prioritise Indicators of Compromise in Additive Manufacturing Systems

Additive manufacturing (AM) offers numerous benefits, such as manufactur...
research
07/29/2023

Auditing Frameworks Need Resource Isolation: A Systematic Study on the Super Producer Threat to System Auditing and Its Mitigation

System auditing is a crucial technique for detecting APT attacks. Howeve...
research
09/22/2021

A Deep Learning Perspective on Connected Automated Vehicle (CAV) Cybersecurity and Threat Intelligence

The automation and connectivity of CAV inherit most of the cyber-physica...

Please sign up or login with your details

Forgot password? Click here to reset