IoT Threat Modeling Made Easy

Will Kelly Will Kelly
October 22, 2019 IoT & Automation
The Internet of Things is all around us – think of the virtual assistant in your living room or a sensor that turns on the lights when you enter an empty conference room at work. These small internet-connected devices raise the level of security threats in ways your traditional enterprise has yet to see. As you roll out more IoT devices, it’s time to add IoT threat modeling – a structured approach to identifying, quantifying, and addressing IoT security risks to your cybersecurity strategy.

Know How Your IoT Devices Affect Other Systems

A common threat modeling mistake according to CSO is not knowing how your IoT devices affect other systems, making this exercise all the more important for maintaining the security and compliance of your enterprise IoT devices. Some common IoT device components that are threat surfaces you should account for in your threat model include:

· Device memory;
· Device firmware;
· Physical interfaces;
· Device network services;
· Local data storage;
· Device web interface; and
· Update mechanisms.

You also need to look past the devices in your models to include:

· Access control;
· Ecosystem communications;
· Administrative interfaces;
· Cloud web interfaces;
· Vendor application programming interfaces (APIs);
· Third-party back-end APIs; and
· Mobile apps.

ThreatModeler provides an interesting IoT threat modeling example using Virgin Atlantic. It takes the extra step in the example to stress the importance of including both data and devices in your IoT threat model.

Create Architecture Diagrams

Start with an architecture diagram of the IoT devices you’re rolling out. The goal of the diagram is to show the major components and trust boundaries of the IoT device, according to Denim Group. You can use standard diagramming tools to create the diagram. If you’re rolling out multiple IoT device types, look for ways to create diagram standards and templates to ensure consistency.
Creating the architecture diagram needs to become part of your standard best practices for rolling out IoT devices. It’s a task that you can, of course, task to the IT staff rolling out the devices. It can also be a task that you assign to technical writers and service desk staff who have the appropriate diagramming skills. Your cybersecurity team should be at the top of the reviewer’s list for these diagrams.

Make IoT Threat Modeling Iterative and Collaborative

IoT threat modeling should never be a one-and-done project. The security threats that the IoT can introduce into an enterprise demand more than that. The diagrams and other documentation you produce for your IoT devices should serve as tools for collaboration between the teams that support your IoT initiatives. Tools such as Lucidchart and Microsoft Visio Online can enable teams collaborate on IoT threat modeling diagrams online so that they can update and revise the IoT threat models continuously as they learn more about IoT and adapt infrastructure and security to meet the new security challenges these devices represent.

Smart Home Technology and the IoT Threat Models

According to Statista, the smart home market size by 2022 will be $53.5 billion. However, we’ve yet to add IoT threat modeling to “the home game” to help consumers secure their home networks against IoT-related attacks. It’s only a matter of time until some home networking or security vendor seizes on this market need and devises a subscription-based solution to improve IoT security on consumer networks.

IoT Threats and Your Enterprise

Moving to IoT threat modeling should be a cross-functional team exercise that you make part of your overall IoT development and management processes and frameworks. If your enterprise isn’t there yet, IoT threat modeling is the first step in growing your IoT security and integrating it into your overall cybersecurity strategy.
  • Experfy Insights

    Top articles, research, podcasts, webinars and more delivered to you monthly.

  • Will Kelly

    Tags
    Internet of Things
    © 2021, Experfy Inc. All rights reserved.
    Leave a Comment
    Next Post
    How to measure feature importance in a binary classification model

    How to measure feature importance in a binary classification model

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    More in IoT & Automation
    IoT & Automation
    Could the IoT Help End Hunger? Farmers Are Finding Out

    Internet of Things (IoT) gadgets are everywhere. Cars, buildings, roadways, airplanes, home appliances, and other items have tens of billions of sensors, processors, and internet-connected gadgets. IoT devices detect motion, regulate temperature, share and collect data, measure weather, and provide location information, power logistics, and medical research. They also enable self-driving vehicles, to name just

    5 MINUTES READ Continue Reading »
    IoT & Automation
    10 Biggest Opportunities for IoT Innovation in 2021

    IoT is a powerful economic driver. IoT Innovation is actively shaping businesses and consumer trends. Most of the technologies developed before and during the pandemic address the Internet of Things directly or indirectly. From healthcare and retail to automobile and manufacturing, IoT innovations are opening new avenues across industries.  It covers almost every segment of

    8 MINUTES READ Continue Reading »
    IoT & Automation
    10 Things to Consider When Starting an IoT Project

    One of the biggest issues companies face when starting an IoT project is deciding who should be responsible. Should it be the engineering team that is responsible for the core technicalities of the device, or should it be the product management team that is responsible for the end functionalities of the IoT product? Starting on

    8 MINUTES READ Continue Reading »

    About Us

    Incubated in Harvard Innovation Lab, Experfy specializes in pipelining and deploying the world's best AI and engineering talent at breakneck speed, with exceptional focus on quality and compliance. Enterprises and governments also leverage our award-winning SaaS platform to build their own customized future of work solutions such as talent clouds.

    Join Us At

    Contact Us

    1700 West Park Drive, Suite 190
    Westborough, MA 01581

    Email: [email protected]

    Toll Free: (844) EXPERFY or
    (844) 397-3739

    © 2025, Experfy Inc. All rights reserved.