https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Getty Images

threat modeling process

Threat Modeling Process Is Key When Deploying Technologies

The threat modeling process can help organizations manage IoT projects.
  • Written by Brian Buntz
  • 6th February 2020

Deploying new technologies without careful consideration can lead to unintended consequences. 

A recent reminder of that fact is the Iowa caucus chaos, which delayed the release of presidential primary election results. The event also served as a reminder of how digital technology can sometimes complicate a seemingly straightforward task — in this case, tallying votes. A segment of the public speculated that a foreign adversary targeted Iowa’s voting infrastructure. In reality, election officials acknowledged that a faulty smartphone sabotaged the results. 

The Iowa caucus misfire underscores the importance of quantifying risk that includes but transcends cybersecurity, according to Andrew Jamieson, director, security and technology at UL and his colleague Anura S. Fernando, UL chief innovation architect in the organization’s medical systems security division. When deploying any technology for a critical function, it’s key to thoroughly analyze potential problems, whether the system is a smartphone in an election or an Internet of Things technology in a factory or medical device. 

“Risk is a tough thing to quantify, objectively,” Jamieson said, which is why the threat modeling process is so important. It enables organizations to detail and understand “the threats that may exist in your environment and implementation,” he added.

[IoT World is North America’s largest IoT event where strategists, technologists and implementers connect, putting IoT, AI, 5G and edge into action across industry verticals. Book your ticket now.]

Another consideration is the continued use of older equipment and technology. Aging systems are often difficult to patch and update to protect against vulnerabilities. “The problem is, of course, that no company can patch and maintain systems indefinitely,” Jamieson said. At some point, maintaining legacy products securely is no longer an option.

Determining when to upgrade aging technology requires understanding your organization’s risk of exposure while also analyzing security liabilities new technologies may pose. 

Understanding potential operational problems begins by asking simple questions. “What is your goal — technical or business — at the highest level? Everything you do, and everything you implement, then needs to be informed by that understanding of your goal,” Jamieson said. 

Identifying operational goals may require more complex answers, though.. “The real answer is often more nuanced than that, involving the needs of your customers, your employees, social needs of the areas in which you work and so on,” Jamieson said. 

Once your organization understands risk related to its core operational goals, it is necessary to do a thorough study of potential vulnerabilities across your organization. “Nothing can really replace the need for a complete and thorough audit of your systems to determine exactly what systems you do have and what their current exposure is,” Jamieson said. “This can be daunting for many organizations . . .and it really is an essential first step.” 

While the results of a security audit inform threat modeling, some organizations attempt to short-circuit the process by focusing on potential threats first. “You can’t model threats to your environment when you don’t understand your environment,” Jamieson said.

Organizations that need to understand potential liabilities in their environment should consider standards and best practices, Fernando counseled. The Healthcare Sector Coordinating Council for example, released documents to help medical device makers and users enlist a maturity model to improve their cybersecurity posture. Those documents include the Health Industry Cybersecurity Practices (HICP) and the Joint Security Plan (JSP). 

Similar guidance exists for other areas, ranging from the Department of Homeland Security’s guidelines for securing voting infrastructure to the ISA/IEC 62443 and ISO/IEC 25063 standards for industrial control system security and software quality, respectively. 

Still, a thorough risk analysis can be daunting and expensive, especially if no significant problems have occurred. “It’s easy to say, retroactively, that companies can find [for cybersecurity initiatives] once there is a breach – but the difficulty of managing a large IT deployment these days can be extraordinarily complex,” Jamieson said. 

An asset discovery and threat modeling process can also help organizations “prioritize what has to be done and where,” Fernando said. “Often, the complexity can be overwhelming, so by prioritizing systems, it can help with a structured approach that brings order to that complexity.” 

Prioritization begins by identifying the highest-risk areas. “Which systems are most easily accessible or could cause the most damage — actual or reputational — if compromised?” asked Jamieson. “Look to implement both protective and detective measures,” he said. “No patching methodology is going to be perfect and having solutions to detect where potential compromise or attacks may be occurring, along with plans on how to mitigate these, is equally important in any complex environment.” 

Tags: Security services Security Features

Related


  • Image shows welding robotics and a digital manufacturing operation.
    IoT Supply Chain Vulnerability Poses Threat to IIoT Security
    The supply chain provides building blocks for IoT but also vulnerabilities. IT pros need to ward against malicious attacks that exploit supply chain security gaps.
  • IoT Security Needs Pen Testing Approach
    IoT pen testing is a no-brainer, say experts. But don’t test everything.
  • Image shows a digital background depicting innovative technologies in security systems,
    Securing IoT Devices With Zero Trust Requires Mindset Shift
    Zero-trust approaches require a shift in mindset to ensure IoT devices have rigorous security policies applied — and the work is never done, say IT pros.
  • An Integrated Approach to IoT Security
    This e-book provides a comprehensive framework to help organizations reduce risk in IoT products and environments.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Common Internet of Things Security Pitfalls 
  • Can Privacy-Preserving Machine Learning Overcome Data-Sharing Worries?
  • Developing a Critical Infrastructure Cybersecurity Strategy
  • Addressing IoT Security Challenges From the Cloud to the Edge 

Roundups

View all

IoT Product Roundup: PTC, Nokia, Arm and More

19th May 2022

IoT Deals, Partnerships Roundup: Intel, Nauto, Helium and more

14th May 2022

IoT Product Roundup: Amazon, Synaptics, Urban Control and More

27th April 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Dylan Kennedy of EMQ

Embedded IoT World 2022: Dylan Kennedy of EMQ

Dylan Kennedy, EMQ’s VP of global operations, sat down with Chuck Martin at Embedded IoT World 2022.

Embedded IoT World 2022: Omdia’s Sang Oh Talks Vehicle Chip Shortage

Omdia’s automotive semiconductor analyst sits down with Chuck Martin at this year’s event

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Explore Emerging Tech For Enterprises at @TechXLR8 2022 this June ➡️ Join us from 1-3 June in harnessing the pow… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Clearview AI has been fined $9.4 million for collecting images of people from social media platforms to add to its… twitter.com/i/web/status/1…

24th May 2022
IoTWorldToday, IoTWorldSeries

Swiss-startup Airyacht is developing an eponymously named vehicle that it says will take the luxury-yacht experienc… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

@Tesla’s #Autopilot being investigated once again following fatal crash in Newport Beach, California. iotworldtoday.com/2022/05/23/tes…

23rd May 2022
IoTWorldToday, IoTWorldSeries

A new Kansas law will enable #driverless deliveries from @Walmart and its partner @Gatik_AI. #AVs… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

Access a world of opportunity in 2022 with @IoTWorldToday ➡️ Now is time to unlock ROI, by accessing a global com… twitter.com/i/web/status/1…

23rd May 2022
IoTWorldToday, IoTWorldSeries

3D Home Printer to Build 72 Residences for National Homebuilder dlvr.it/SQhWSF https://t.co/XJOs70DqzH

19th May 2022
IoTWorldToday, IoTWorldSeries

Microsoft Ramping up Cybersecurity Service Offerings dlvr.it/SQhPR0 https://t.co/nYzaDRnyVY

19th May 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X