{"id":2022,"date":"2019-10-22T03:17:15","date_gmt":"2019-10-22T03:17:15","guid":{"rendered":"http:\/\/kusuaks7\/?p=1627"},"modified":"2024-03-11T10:57:27","modified_gmt":"2024-03-11T10:57:27","slug":"iot-threat-modeling-made-easy","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/iot\/iot-threat-modeling-made-easy\/","title":{"rendered":"IoT Threat Modeling Made Easy"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThe Internet of Things is all around us – think of the virtual assistant in your living room or a sensor that turns on the lights when you enter an empty conference room at work. These small internet-connected devices raise the level of security threats in ways your traditional enterprise has yet to see. As you roll out more IoT devices, it\u2019s time to add IoT threat modeling \u2013 a structured approach to identifying, quantifying, and addressing IoT security risks to your cybersecurity strategy.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Know How Your IoT Devices Affect Other Systems<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tA common threat modeling mistake\u00a0according to CSO<\/a>\u00a0is not knowing how your IoT devices affect other systems, making this exercise all the more important for maintaining the security and compliance of your enterprise IoT devices. Some common IoT device components that are\u00a0threat surfaces<\/a>\u00a0you should account for in your threat model include:\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

\u00b7 Device memory;
\u00b7 Device firmware;
\u00b7 Physical interfaces;
\u00b7 Device network services;
\u00b7 Local data storage;
\u00b7 Device web interface; and
\u00b7 Update mechanisms.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tYou also need to look past the devices in your models to include:\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

\u00b7 Access control;
\u00b7 Ecosystem communications;
\u00b7 Administrative interfaces;
\u00b7 Cloud web interfaces;
\u00b7 Vendor application programming interfaces (APIs);
\u00b7 Third-party back-end APIs; and
\u00b7 Mobile apps.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThreatModeler\u00a0provides an interesting IoT threat modeling example using Virgin Atlantic. It takes the extra step in the example to stress the importance of including both data and devices in your IoT threat model.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Create Architecture Diagrams<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tStart with an architecture diagram of the IoT devices you\u2019re rolling out. The goal of the diagram is to show the major components and trust boundaries of the IoT device,\u00a0according to Denim Group<\/a>. You can use standard diagramming tools to create the diagram. If you\u2019re rolling out multiple IoT device types, look for ways to create diagram standards and templates to ensure consistency.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tCreating the architecture diagram needs to become part of your standard best practices for rolling out IoT devices. It\u2019s a task that you can, of course, task to the IT staff rolling out the devices. It can also be a task that you assign to technical writers and service desk staff who have the appropriate diagramming skills. Your cybersecurity team should be at the top of the reviewer\u2019s list for these diagrams.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Make IoT Threat Modeling Iterative and Collaborative<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tIoT threat modeling should never be a one-and-done project. The security threats that the IoT can introduce into an enterprise demand more than that. The diagrams and other documentation you produce for your IoT devices should serve as tools for collaboration between the teams that support your IoT initiatives. Tools such as\u00a0Lucidchart<\/a>\u00a0and\u00a0Microsoft Visio Online<\/a>\u00a0can enable teams collaborate on IoT threat modeling diagrams online so that they can update and revise the IoT threat models continuously as they learn more about IoT and adapt infrastructure and security to meet the new security challenges these devices represent.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Smart Home Technology and the IoT Threat Models<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tAccording to Statista<\/a>, the smart home market size by 2022 will be $53.5 billion. However, we\u2019ve yet to add IoT threat modeling to \u201cthe home game\u201d to help consumers secure their home networks against IoT-related attacks. It\u2019s only a matter of time until some home networking or security vendor seizes on this market need and devises a subscription-based solution to improve IoT security on consumer networks.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

IoT Threats and Your Enterprise<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tMoving to IoT threat modeling should be a cross-functional team exercise that you make part of your overall IoT development and management processes and frameworks. If your enterprise isn\u2019t there yet, IoT threat modeling is the first step in growing your IoT security and integrating it into your overall cybersecurity strategy.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

The Internet of Things is all around us – think of the virtual assistant in your living room or a sensor that turns on the lights when you enter an empty conference room at work. These small internet-connected devices raise the level of security threats in ways your traditional enterprise has yet to see. As<\/p>\n","protected":false},"author":582,"featured_media":2443,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[195],"tags":[93],"ppma_author":[3272],"class_list":["post-2022","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iot","tag-internet-of-things"],"authors":[{"term_id":3272,"user_id":582,"is_guest":0,"slug":"will-kelly","display_name":"Will Kelly","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","user_url":"","last_name":"Kelly","first_name":"Will","job_title":"","description":"Will Kelly is Senior Technical Writer at CSRA Inc, a provider of high-tech IT solutions to the government IT market. He has published bylined articles on a range of topics including DevOps, enterprise mobility, and cloud computing, and other technologies on sites such as SearchITOperations, DevOpsAgenda, Mobile Business Insights, CNET TechRepublic, and others."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2022","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/582"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=2022"}],"version-history":[{"count":5,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2022\/revisions"}],"predecessor-version":[{"id":36334,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2022\/revisions\/36334"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/2443"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=2022"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=2022"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=2022"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=2022"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}