Threat Modeling for Digital Twins
organization( e. g. ICS matrix is separate from the matrix for the enterprise environment). The attacking techniques are implemented at each step, work because of the technology issues and vulnerabilities of components. Actually, the attack likelihood may be evaluated depending on the complexity of the supposed tactic, each attacking technique and exploited vulnerabilities.
The disadvantage of this method is its complexity and the need to know the implementation details of the system. When it is unclear whether the technique may be used to attack the component, we have to follow the pessimistic approach( all techniques are applicable) or make the assumptions which are probably inappropriate. At the same time, this is the most optimal way to describe and evaluate attack scenarios for the complex environments.
Other approaches to assess the attack likelihood may be applied, for example:
• Based on the attack vector. This approach is used at the early stages of system design( when there are no details about system implementation). The likelihood of the remote attack is higher than the likelihood of the attack restricted by the physical access to the system.
• Based on the CVSS rating 9 of vulnerabilities used for the attack. This approach may fit the needs to assess likelihood of attack to the separate system components or platforms with known security issues.
Example
To describe attacks and assess attack likelihood for the FleetTwin case study, it is needed to consider both cloud environments and physical devices which may be exploited or physically tampered. It is difficult to decide whether we should use a single method and lose the benefits of knowing specific vulnerabilities or attack vectors, or use different ways of assessing attacks and end up with an inconsistent likelihood score for different components.
Finally, it is proposed to assess attacks on control units in the physical world based on knowledge of attack vectors and typical vulnerabilities of ECUs and the E / E architecture of the vehicle. For the cloud components, including machine learning, it is necessary to apply an assessment based on a matrix of attack tactics and techniques. For the simplicity, we unify the scale and refer the“ low / medium / high” likelihood of the attack. For the external services accessed through APIs, we always assume the highest level of attack likelihood.
5 CONSIDERATIONS ON RISKS
After assessing the categories and size of potential damage and the likelihood of an attack, a risk rating must be assessed.
9
The Common Vulnerability Scoring System( CVSS) is a method used to supply a qualitative measure of vulnerability severity rating. https:// nvd. nist. gov / vuln-metrics / cvss
Journal of Innovation 31