Skip to main content
profile image
Selected Works of Lotfi ben Othmane
Presentation
Threat Modeling of Cyber-Physical Systems in Practice
The 16th International Conference on Risks and Security of Internet and Systems (2021)
  • Jamil Ameerah-Muhsinah, IOWA STATE UNIVERSITY LIBRARY
  • Lotfi Ben Othmane, Iowa State University
  • Altaz Valani, Security Compass
Download
Abstract
Traditional Cyber-physical Systems (CPSs) were not built with cybersecurity in mind. They operated on separate Operational Technol- ogy (OT) networks. As these systems now become more integrated with Information Technology (IT) networks based on IP, they expose vulnerabilities that can be exploited by the attackers through these IT networks. The attackers can control such systems and cause behavior that jeopardizes the performance and safety measures that were originally designed into the system. In this paper, we explore the approaches to identify threats to CPSs and ensure the quality of the created threat models. The study involves interviews with eleven security experts working in security consultation companies, software engineering companies, an Original Equipment Manufacturer (OEM), and ground and areal vehicles integrators. We found through these interviews that the practitioners use a combination of various threat modeling methods, approaches, and standards together when they perform threat modeling of given CPSs. Key challenges practitioners face are: they cannot transfer the threat modeling knowledge that they acquire in a cyber-physical domain to other domains, threat models of modified systems are often not updated, and the reliance on mostly peer-evaluation and quality checklists to ensure the quality of threat models. The study warns about the difficulty to develop secure CPSs and calls for research on developing practical threat modeling methods for CPSs, techniques for continuous threat modeling, and techniques to ensure the quality of threat models.
Disciplines
Publication Date
Fall November, 2021
Location
Ames, IA
Citation Information
Jamil Ameerah-Muhsinah, Lotfi Ben Othmane and Altaz Valani. "Threat Modeling of Cyber-Physical Systems in Practice" The 16th International Conference on Risks and Security of Internet and Systems (2021)
Available at: http://works.bepress.com/lotfi-benothmane/15/
Creative Commons License
Creative Commons License
This work is licensed under a Creative Commons CC_BY-NC-SA International License.