Threat Modeling for Digital Twins
3 DAMAGE CATEGORIES AND RATINGS
The damage is directly related to risk. Measuring the possible impact of a cyberattack makes it possible to assess the risk in financial or other terms. For Industrial Internet of Things( IIoT) systems, including digital twins, the possible consequences of attacks are not only related to financial losses, but also to the operational consequences, sometimes to safety and other trustworthiness aspects.
Damage categories help to determine risk measurement approach. Damage is also directly connected to the assets which we just defined. By reviewing the short list of assets, stakeholders can define damage categories and ratings by following the recommendations:
• Financial category is preferable: if the damage can be measured by money or equivalent, the appropriate method should be used.
• Categories of damage used by the industry: incidents that can happen at least to physical assets are usually measured by their severity; these scales can be appropriately reused for the cyberattacks impact assessment.
• Newly introduced categories and ratings of damage or the neutral rating like“ high / medium / low damage” may be used only if existing ones do not fit the nature of possible threat.
Example
The FleetTwin case study can be analyzed for potential adverse consequences using ISO / SAE 21434:2022, which includes impact categories such as safety, financial, operational, and privacy( S, F, O, P). Damage ratings are introduced as follows:
1. Safety impact rating criteria are taken from ISO 26262-3:2018: a. Severe( S3)- Life-threatening injuries( survival uncertain), fatal injuries b. Major( S2)- Severe and life-threatening injuries( survival probable) c. Moderate( S1)- Light and moderate injuries d. Negligible( S0)- No injuries
2. Financial impact rating criteria are connected to the number of cars in the fleet and the average annual cost of service. a. Severe( S3) – Exceeding the estimated fleet maintenance costs by more than 100 % over a certain period of time( at least one month) b. Major( S2)- Exceeding the estimated maintenance costs by more than 50 % c. Moderate( S1)- Exceeding the estimated maintenance costs by more than 10 % d. Negligible( S0)- Exceeding the estimated maintenance costs by less than 10 %
3. Operational impact rating criteria are connected to the number of cars in the fleet and the time required for the car to be repaired due to the improper maintenance( comparing to the optimized predicted time).
28 May 2025