MENU
Contact Us




Project

Risk assessment

Risk asessment of an industrial edge gateway



CPU

ARM Cortex

Manufacturer

Toradex

OS

Linux

Skills

Security
IEC 62443
STRIDE Model

Project size:

Difficulty:




Request/problem:

An IoT gateway will be used as interface between PLCs and other automation components to access process data and IT tools to monitor and analyze these data. Since the gateway supports different protocols and has access to machine critical information, it could be used as interface to launch an attack on the system. We were asked to support in securing this device from possible attacks (of different levels).

Solution:

To provide a good cybersecurity protection, it is essential to know the risks and the potential attack vectors.

The threat assessment has the following objectives:

  • Identify vulnerabilities (architecture design, code review, gap in procedures (i.e. maintenance), user configuration, user authentication, etc…)
  • Documentation of the vulnerabilities
  • Guidance to solve identified vulnerabilities
With known vulnerabilities, the threat model can be executed, following these main steps:
  • Establishing the scope of the assessment and identify attack vectors
  • Determine the threat of the attack vectors, the probability of occurrence and impact
  • Use the vulnerabilities based on implemented protection and calculate the risks
  • Improve protection to reduce the risks
For embedded systems, it is important to start with the physical interfaces as well as the firmware architecture. There are different models and tools that help the threat analysis.
We use STRIDE:
  • Spoofing
  • Tampering
  • Repudiation
  • Information disclosure
  • Denial of service
  • Elevation of privileges
The system and its software architecture are visualized, the STRIDE elements are identified (entry points, data flow, processes, data memory, confidence zone and limits), the system decomposed and threats identified.

Results:

As a result, we provided a complete threat modelling which was the basis for the evaluation of the risks, taking into consideration the attacker’s motivation, tools and equipment necessary, skills, time, costs and probability of success. Generally, when the costs to hack a system are higher than the benefits, the risk is seen as low. The final step was the development of a risk management process, which is a dynamic process requiring continuous adaptation and improvements along the life cycle of the device.