An IoT gateway will be used as interface between PLCs and other automation components to access process data and IT tools to monitor and analyze these data. Since the gateway supports different protocols and has access to machine critical information, it could be used as interface to launch an attack on the system. We were asked to support in securing this device from possible attacks (of different levels).
To provide a good cybersecurity protection, it is essential to know the risks and the potential attack vectors.
The threat assessment has the following objectives:
- Identify vulnerabilities (architecture design, code review, gap in procedures (i.e. maintenance), user configuration, user authentication, etc…)
- Documentation of the vulnerabilities
- Guidance to solve identified vulnerabilities
- Establishing the scope of the assessment and identify attack vectors
- Determine the threat of the attack vectors, the probability of occurrence and impact
- Use the vulnerabilities based on implemented protection and calculate the risks
- Improve protection to reduce the risks
We use STRIDE:
- Information disclosure
- Denial of service
- Elevation of privileges
As a result, we provided a complete threat modelling which was the basis for the evaluation of the risks, taking into consideration the attacker’s motivation, tools and equipment necessary, skills, time, costs and probability of success.
Generally, when the costs to hack a system are higher than the benefits, the risk is seen as low.
The final step was the development of a risk management process, which is a dynamic process requiring continuous adaptation and improvements along the life cycle of the device.