TY - JOUR
T1 - Risk Analysis of Water Grid Systems Using Threat Modeling
AU - Rahim, Fiza Abdul
AU - Jamil, Norziana
AU - Cob, Zaihisma Che
AU - Sidek, Lariyah Mohd
AU - Sharizan, Nur Izz Insyirah
N1 - Publisher Copyright:
© Published under licence by IOP Publishing Ltd.
PY - 2022
Y1 - 2022
N2 - Critical infrastructure systems consist of physical and cyber assets that are essential to the operation of the economy and the government. As one of the most important critical infrastructures worldwide, the water sector has become vulnerable to new risks in the form of cyber threats that can severely impact public health, and are difficult to detect. A water grid system (WGS) plays an important role in guarding the business processes of the water sector against possible threats and risks. Threat modeling can be used to analyze threats to the WGS. It is applied to identify points of access to the assets and devices of the system, classify threats to them, assess the risks posed by them, and suggest mitigation measures. Each threat is classified based on its type according to the STRIDE methodology, and the results of the threat classification can be used to assess the level of risk by using the DREAD methodology. This yields a risk rating for each threat that can be used to devise mitigation measures to minimize the risk posed by it. Through the threat modeling stage, it is known that the high-risk threats on WGSs are tampering with a risk score of 14, denial of service threats with a risk score of 13, and repudiation threats with a risk score of 12. The results of the ranking are used to formulate recommendations in the form of mitigation controls against these threats.
AB - Critical infrastructure systems consist of physical and cyber assets that are essential to the operation of the economy and the government. As one of the most important critical infrastructures worldwide, the water sector has become vulnerable to new risks in the form of cyber threats that can severely impact public health, and are difficult to detect. A water grid system (WGS) plays an important role in guarding the business processes of the water sector against possible threats and risks. Threat modeling can be used to analyze threats to the WGS. It is applied to identify points of access to the assets and devices of the system, classify threats to them, assess the risks posed by them, and suggest mitigation measures. Each threat is classified based on its type according to the STRIDE methodology, and the results of the threat classification can be used to assess the level of risk by using the DREAD methodology. This yields a risk rating for each threat that can be used to devise mitigation measures to minimize the risk posed by it. Through the threat modeling stage, it is known that the high-risk threats on WGSs are tampering with a risk score of 14, denial of service threats with a risk score of 13, and repudiation threats with a risk score of 12. The results of the ranking are used to formulate recommendations in the form of mitigation controls against these threats.
UR - http://www.scopus.com/inward/record.url?scp=85134422444&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85134422444&partnerID=8YFLogxK
U2 - 10.1088/1742-6596/2261/1/012015
DO - 10.1088/1742-6596/2261/1/012015
M3 - Conference article
AN - SCOPUS:85134422444
SN - 1742-6588
VL - 2261
JO - Journal of Physics: Conference Series
JF - Journal of Physics: Conference Series
IS - 1
M1 - 012015
T2 - 2022 11th International Conference on Information and Electronics Engineering, ICIEE 2022
Y2 - 19 February 2022 through 21 February 2022
ER -
