Threat Modeling for Digital Twins
a. Severe( S3) – Total fleet maintenance time exceeded by more than 100 % over a certain period of time( at least one month) b. Major( S2)- Total fleet maintenance time exceeded by more than 50 % c. Moderate( S1)- Total fleet maintenance time exceeded by more than 10 % d. Negligible( S0)- Total fleet maintenance time exceeded by less than 10 %
4. Privacy impact rating criteria are not considered applicable following the analysis, since the case study does not involve the processing of private data and does not interact with PII holders and other systems that process PII.
Percentage for the financial and operational impact is indicative and subject to change based on stakeholders’ opinions. The other type of risk- business risks- comes into play here.
Damage methods are considered then for the assets. Damage method is connected to the threat scenario. It ' s important to distinguish between the damage method and the attack scenario. Damage method is the action that becomes possible because of the attack, the adverse consequence of it. Each damage method for the asset can be evaluated using the damage categories and ratings: the worst consequences of threat for the object under analysis. Example of damage methods assessment for the FleetTwin case study is provided below.
Example |
Asset |
Damage method |
Safety |
|
|
|
impact |
Financial impact
Operational impact
Telematics device( ECU) on vehicle
Firmware / software tampering
Moderate Major Severe
…
Seamless integration capability to reduce service costs
Impact evaluation is justified as follows.
Denial( delay) of service of external platforms and services
Table 3-1: Damage assessment for the FleetTwin case study.
Negligible Moderate Moderate
Example Firmware tampering for the telematics device may have safety consequences. Insufficiently validated software may affect the operation of other ECUs in the vehicle Electrical / Electronic( E / E) network. At the same time, we assume that the safety requirements for the E / E architecture address overall reliability and safety, even in case of failure of some of the devices in the network. We also assume that improper device may cause separate failures and glitches of the vehicle equipment and lead to the light and moderate injuries in case of car accident( moderate safety impact). Financial impact in
Journal of Innovation 29