Threat modelling for industrial cyber physical systems in the era of smart manufacturing

Abstract

Cyber security risks are considered to be one of the foremost challenges that face organisations intending to leverage the benefits of the Smart Manufacturing paradigm. Due to the rising number of cyber-attacks that target critical Industrial Cyber-Physical Systems (ICPS), organisations are required to consider such attacks as severe business risks. Therefore, identifying potential cyber threats and analysing their impacts is crucial to business continuity planning. This paper proposes a structured threat modelling approach for ICPS that enables prediction and analysis of cyber risks to protect industrial assets from potential cyber-attacks. The method involves classifying ICPS assets based on criticality, and then analysing the cyber security vulnerabilities, threats, risks, impacts, and countermeasures. The proposed methodology enables end-to-end threat modelling through the development of a new framework that is integrated with VueOne digital twin tool to model and analyse threats throughout ICPS lifecycle, identifying cyber risks and proposing mitigation controls. Moreover, it uses meta-data extracted from VueOne tool to automatically generate the software code and hardware configurations that can be directly deployed on ICPS assets in order to implement the countermeasures, thereby protecting them from these potential cyber-attacks. The proposed solution has been implemented on a Festo test rig prototype production line.