Threat Modeling for IoT Devices Explained

Skip to content

The Growing Importance of IoT Threat Modeling

The growth of the IoT, through both legacy products with added connectivity features and new products coming to market, is creating a new age of opportunity where the data from connected devices will drive new services and business efficiencies to transform whole industries. However, as we become ever-more reliant on the data provided by these devices, we have an increased need to trust this data and prevent hacks that can manipulate the device or data. This trust is built upon right-size security in every IoT device.

The PSA Certified 2021 IoT Security Report, Bridging the Gap, found that just 47% of companies are carrying out a threat analysis in the design of every new product. This number is higher in larger organizations but lower in smaller ones where we see only 33% of companies completing a threat model for each new product.

The same report did, however, show that 86% of companies are likely to perform a threat analysis on products that have already been released, showing signs that security best practice is becoming more important across the IoT industry.

The PSA Certified 2021 Security Report identified that just 47% of respondents carried out a threat analysis at the design stage of each new product

In this blog, we will explore what IoT threat modeling is, how and when it should be carried out and how companies can be equipped to overcome the barriers of cost and limited expertise to ensure their products are built with security best practices from the ground-up. We cover the step-by-step process of threat modeling so trust can be built into every device that will fuel digital transformation.  

Easing Security Analysis and Design

With no ‘one-size-fits-all’ solution to IoT security, we need to bridge the gap between the current applications of security best practices and the growing knowledge that they can’t be ignored. Added to this is the stark reality that smaller companies are taking bigger risks when it comes to security, we need to address the challenges that prevent security best practices; two of which are cost limitations and expertise/resource constraints.

What is Threat Modeling?

Threat modeling of a specific device and its use cases is the systematic process of identifying the sensitive assets, threats to those assets, and vulnerabilities that make the threats a necessary concern. The aim is to define security requirements that mitigate the threats and in turn protect the assets. Threat modeling guides the development of the necessary device architecture to ensure right-size security requirements for a specific device and its use case.

A device should be designed, manufactured, tested, and certified based on the threat model used to architect and design the device, saving costs further down the development process and ensuring trust is built in from the ground up.

When Should Threat Modeling be Carried Out?

A threat model should be created at the beginning of the product design to guide the architecture and design of a product. This ensures that the right security measures are mapped out before product development.

How to Carry Out Threat Modeling

While there are multiple methods of threat modeling, the analysis is typically carried out by considering the topics outlined below:

Threat modeling results in documentation of the assets, threats, and counter-measures known in PSA Certified as Threat Models and Security Analysis (TMSA) document.

Getting Started

PSA Certified provides resources to enable the IoT ecosystem to collaborate and take steps today to protect society tomorrow.

We offer three editable TMSA documents that can be used as a guide for threat modeling and can be adapted for specific use cases.

 The PSA Certified founders provide three editable example threat models to enable the IoT ecosystem to take steps today to protect society tomorrow.

With clear measurement of security robustness for your device, you can choose the right components to meet your security functional requirements. PSA Certified offers objective measurement, and certification of silicon in three levels of increasing robustness; PSA Certified Level 1 that offers security best practice, PSA Certified Level 2 offering protection against scalable remote software attacks, and PSA Certified Level 3 with protection against hardware attacks, without the complexities and costs, and can focus on the differentiating features of your product.

In summary, it is clear that security analysis should not be missed in the design of connected devices. Threat modeling provides a systematic way to analyze and define security requirements that, when implemented, will mitigate the costs of security inaction. PSA Certified provides the resources to get started with your threat modeling, lowering the barrier to best practice security.