Building Bridges of Security, Sovereignty and Trust in Business and Industry 27th Edition | Page 39

Threat Modeling for Digital Twins

too many details, and it may not be clear how to handle the information about the separate vulnerabilities and components exposed to attacks to get a proper risk rating.

The consistent approach based on the in-field knowledge and understanding of capabilities of the designed solution makes it possible to assess the risks. The threat model is updated together with the digital twin system for which it serves, maintaining the required level of security and trustworthiness assurance. This approach, therefore, contributes to security-by-design and security-by default principles of digital twin systems implementation, as described in [ 6 ].

7 REFERENCES [ 1 ] ISO / IEC TS 5793:2022 Trustworthiness— Vocabulary [ 2 ] ISO / IEC TS 30149:2024 Internet of Things( IoT)— Trustworthiness principles

[ 3 ] McKee, D.( 2023). Platform Stack Architectural Framework: An Introductory Guide. A Digital Twin Consortium White Paper.

https:// www. digitaltwinconsortium. org / wp-content / uploads / sites / 3 / 2023 / 07 / Platform- Stack-Architectural-Framework. pdf

[ 4 ] Pieter van Schalkwyk.( 2022). Digital Twin Capabilities Periodic Table. A Digital Twin Consortium User Guide. https:// www. digitaltwinconsortium. org / wpcontent / uploads / sites / 3 / 2022 / 06 / Digital-Twin-Capabilities-Periodic-Table-User- Guide. pdf

[ 5 ] Shevchenko, N.( 2019). Evaluating Threat-Modeling Methods for Cyber-Physical Systems

https:// insights. sei. cmu. edu / blog / evaluating-threat-modeling-methods-for-cyberphysical-systems /

[ 6 ] Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by Design and-Default. Cybersecurity and Infrastructure Security Agency( 2023). https:// www. cisa. gov / sites / default / files / 2023-04 / principles _ approaches _ for _ securityby-design-default _ 508 _ 0. pdf

8 ACKNOWLEDGEMENTS

The views expressed in the OMG Journal of Innovation are the author’ s views and do not necessarily represent the views of their respective employers nor those of the Object Management Group ®( OMG ®).

© 2025 The OMG logo is a registered trademark of Object Management Group ®. Other logos, products and company names referenced in this publication are property of their respective companies.

‣ Return to the beginning of this article

‣ Return to the Table of Contents

34 May 2025