Threat Modeling for Digital Twins
At first glance, there will be no particular differences between digital twins and other types of IIoT systems. Usually, the rating is assessed based on a table that correlates the values of potential damage and the probability of an attack. It is quite easy to determine the maximum and minimum risk ratings in the corners of the table( see Figure 5-1).
Figure
5-1: Table with risk ratings.
The question remains how to assess the risk rating in the cells in the middle of the table. Will a very likely risk with catastrophic consequences have the same degree as an“ almost certain” risk with critical consequences? What degree of risk is acceptable, and will it be located in the middle of the table? What degree should be attributed to a very likely risk with minor consequences?
The point is that here in our table with a fairly simple scale of damage and a clear scale of five likelihood ratings there will be 20 risk level options( and they may also depend on the risk category). One of the examples is shown in Figure 5-2.
Figure 5-2: Example of risk ratings.
32 May 2025