Abstract
A proper assessment of potential cyber threats is vital for security decision-making. This becomes an even more challenging task when dealing with new system designs and industry sectors where there is little or no historical data about past security incidents. We have developed a threat likelihood estimation approach that supports risk management under such circumstances. Quantifiable conditions are determined from the environment in which the system will reside and operate, that is the availability of potential threat actors, their opportunities of performing attacks, the required means that are needed for the attack to succeed, and motivation factors. Our research method follows the principles of practice research where both researchers and practitioners have played central roles in a real-life development project for a maritime communication system. We used a qualitative case study for feature-based evaluation of the approach and associated tool template, and to gather evidence on practical aspects such as suitability for purpose, efficiency and drawbacks from five user groups. The results show that representative participants from the cyber security and maritime community gave positive and consistent scores on the features, and regarded time usage, traceability of the threat assessment and the ability to indicate underlying uncertainty to be very appropriate. The approach has been proven useful for this domain and should be applicable to others as well, but the template requires up-front investments in gathering knowledge that is relevant and reusable in additional context situations.
Highlights
Many recent reports show that cyber attacks are becoming more sophisticated and frequent [1,2,3,4]
Though the organisations originate from the same geographical area (Norway), they are all wellrecognised in international shipping and provide systems and services to customers globally
We have developed the threat likelihood approach and associated template as artefacts addressing our first research question; how can we estimate threat likelihood for a new design? It should not be seen as a total replacement for existing assessment practices, but as an additional, systematic aid when dealing with storyless systems, that may still be on the drawing board or have not been released into the wild yet
Summary
Many recent reports show that cyber attacks are becoming more sophisticated and frequent [1,2,3,4]. Cyber security decision-making is uncertain by nature, and even more so when dealing with new system designs and industry sectors that are undergoing rapid digitalisation, opening themselves up to more exposure. Under such circumstances, we can talk about systems that are storyless, meaning that there is little or no (his-)story or knowledge related to past security incidents. In 2000, Schneier [6] described threat modelling as a way of imagining the vast vulnerability landscape of a system and ways to attack it. The manifesto defines threat modelling as ‘‘analyzing representations of a system to highlight concerns about security and privacy characteristics’’, where some of the most central questions one should try to answer are ‘‘what are you building?’’, ‘‘what can go wrong?’’, ‘‘what to do about it?’’ and ‘‘did you do a decent analysis job?’’
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
