Threat Modeling for Digital Twins
• Fine adjustment based on multiple factors: motivation by outcomes, tailoring to use cases, integration, data, domain knowledge and particular implementation in IT / OT systems.
Security risks for the digital twin system are connected to the violation of capabilities determining system behavior and supporting these values. Each capability is implemented by one or more components of composable digital twin. Therefore, considering the attack scenarios on the components, we can assess both possible damage of an attack and its likelihood based on scenario.
Thus, threat modeling for a digital twin can be performed in two stages: assessing the potential damage through assessing the capability violation, identifying components related to capabilities, and assessing attack scenarios that can lead to the corresponding disruption of the component and the implemented capability. Finally, through the introduced qualitative or quantitative assessment of the damage and the probability of the attack scenario, it is possible to evaluate the level of risk. The entire process is illustrated in Figure 1-1.
Figure 1-1: Threat modeling and risk assessment method in a nutshell.
22 May 2025