Assessing Risks and Modeling Threats in the Internet of Things

Threat modeling and risk assessments are common ways to identify, estimate, and prioritize risk to national, organizational, and individual operations and assets. Several threat modeling and risk assessment approaches have been proposed prior to the advent of the Internet of Things (IoT) that focus on threats and risks in information technology (IT). Due to shortcomings in these approaches and the fact that there are significant differences between the IoT and IT, we synthesize and adapt these approaches to provide a threat modeling framework that focuses on threats and risks in the IoT. In doing so, we develop an IoT attack taxonomy that describes the adversarial assets, adversarial actions, exploitable vulnerabilities, and compromised properties that are components of any IoT attack. We use this IoT attack taxonomy as the foundation for designing a joint risk assessment and maturity assessment framework that is implemented as an interactive online tool. The assessment framework this tool encodes provides organizations with specific recommendations about where resources should be devoted to mitigate risk. The usefulness of this IoT framework is highlighted by case study implementations in the context of multiple industrial manufacturing companies, and the interactive implementation of this framework is available at http://iotrisk.andrew.cmu.edu.