TMAP: A Threat Modeling and Attack Path Analysis Framework for Industrial IoT Systems (A Case Study of IoM and IoP)

Industrial cyber-physical systems (ICPS) are gradually integrating information technology and automating industrial processes, leading systems to become more vulnerable to malicious actors. Thus, to deploy secure Industrial Control and Production Systems (ICPS) in smart factories, cyber threats and risks must be addressed. To identify all possible threats, Threat Modeling is a promising solution. Despite the existence of numerous methodological solutions for threat modeling in cyber-physical systems (CPS), current approaches are ad hoc and inefficient in providing clear insights to researchers and organizations involved in IIoT technologies. These approaches lack a comprehensive analysis of cyber threats and fail to facilitate effective path analysis across the ICPS lifecycle, incorporating smart manufacturing technologies and tools. To address these gaps, a novel quantitative threat modeling approach is proposed, aiming to identify probable attack vectors, assess the path of attacks, and evaluate the magnitude of each vector. This paper also explains the execution of the proposed approach with two case studies, namely the industrial manufacturing line, i.e., the Internet of Manufacturing (IoM), and the power and industry, i.e., the Internet of Production (IoP).