A recent market research report predicted cyber-physical systems (CPS) market size will touch US$137,566 Mn by 2028, up by over 50% in current terms. With improved internet accessibility, the popularity of the cyber-physical systems market will only grow. A secure CPS strategy requires an understanding of the threats and vulnerabilities in the architecture. This is where threat modelling emerges as a mechanism to fortify system security. While roadblocks for its integration with CPS remain, threat modelling can help find the many vulnerabilities in the CPS and safeguard against attacks.
Threat modelling for Cyber-Physical Systems (CPS)
CPS is a combination of computation, physical processes, and networking built on the traditional embedded systems technology. Though it has been around for some time, users and experts alike have not truly realized its actual potential. However, companies and institutions are understanding the wealth of opportunities CPS promises in recent years and are investing heavily to catalyze its development.
CPS is not immune to cyber or physical threats. There are three main reasons for this: system diversity, reliance on sensitive information, and large-scale deployment. Exposure of these systems to threats can have far-reaching ramifications, but efficient threat modelling can prevent this. Here are three ways threat modelling can protect CPS:
STRIDE stands for a combination of six security threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Microsoft first developed it to identify computer security threats. Researchers at Queen’s University improved upon it and developed a STRIDE-based threat modelling mechanism in 2017. Lightweight and effective, their mechanism analyses missing security properties that could help determine emerging threat types. It also identifies how a vulnerability in a system component can weaken the security structure.
PASTA stands for Process for Attack Simulation and Threat Analysis. A popular threat modelling mechanism, PASTA gives a complete picture of threats hovering over products and applications by combining impact analysis and business risk. PASTA offers a multi-stage framework: defining the business objectives and the technical scope of the components; threat analysis; vulnerability detection; attack analysis; risk and impact analysis; developing countermeasures.
The advantage of PASTA is that it puts security at the center of the entire business. This approach seeks to involve all the organization stakeholders and understand the influence of security threats on their goals. Since PASTA is not a static assessment, it evolves with emergent threats. It allows the company to assess whether existing safeguards suit the new product.
LINDDUN stands for Linkability, Identifiability, Nonrepudiation, Detectability, Disclosure of Information, Unawareness, and Noncompliance. It is a privacy threat modelling technique that systematically mitigates privacy threats in software architectures. It supports the customer in navigating the threat modelling process in a structured way. LINDDUN gives knowledge support to even non-experts for understanding privacy threats.
Using the LINDDUN framework, organizations can model their systems with data flow diagrams, determine the scenario and identify threats, and finally map the threats back to a data flow diagram. Using this analysis, companies get the support to prioritize threats and create case-appropriate threat mitigation and management strategies.
In cyber-physical systems, the system's state is determined using the measurement values derived from the physical components. The threats to these assets can only be correctly determined when these parameters and how they interact are threat modelled. Secondly, when an attacker makes a breach, the attack cascades the entire system. A robust threat modelling mechanism can help mitigate this. Before making a CPS purchase, companies should institute a proper mechanism for threat modelling. Seeking security experts like Packetlabs can help proactively secure cyber-physical systems.