Threat Modeling for Digital Twins
Asset Description
Capabilities transformed to the asset
What can happen to the asset
Telematics device( ECU) on vehicle
Raw data on vehicle
Processed data in cloud
Service data on vehicle and in cloud
Device Security Device Management
Data Acquisition & Ingestion Data Streaming Data Encryption Data Transformation Data Contextualization Batch Processing Data Aggregation
Event logging System monitoring
Physical tampering, removal Firmware / software tampering or invalid update
Raw data tampering
Abuse of processing algorithms Processed data tampering Processed data removal
Service data tampering Service data removal
Seamless integration capability to reduce service costs
ML capability to flag anomalies
Real-time processing Prediction Digital Twin Integration Enterprise System Integration
Collab Platform Integration
API Services Machine Learning Digital Twin( DT) Model Repository Data Analysis & Analytics
Abuse of real-time processing and prediction algorithms
Denial( delay) of service of external platforms and services
Spoofing of external platforms and services Tampering of data from external services
Abuse of machine learning algorithms( adversarial inputs, data poisoning) Model stealing
Maintenance capability
Basic Visualization Dashboards Reporting Prescriptive Recommendations
Table 2-1: The list of assets for the FleetTwin case study.
Denial of service of visualization and maintenance services Data tampering for visualization and reporting Spoofing of recommendation services
The predefined list of capabilities of digital twin helps to define a pretty short list of valuable assets. This list may be validated with stakeholders and used to describe damage from attacks. At the same time, the clear connection to capabilities can be used for further analysis to reveal attack paths.
Journal of Innovation 27