Threat Modeling for IoT Devices Explained

Skip to content

The Growing Importance of IoT Threat Modeling

The growth of the IoT, through both legacy products with added connectivity features and new products coming to market, is creating a new age of opportunity where the data from connected devices will drive new services and business efficiencies to transform whole industries. However, as we become ever-more reliant on the data provided by these devices, we have an increased need to trust this data and prevent hacks that can manipulate the device or data. This trust is built upon right-size security in every IoT device.

The yearly PSA Certified Security Report, consistently finds that threat modeling is being under used by businesses. The numbers in 2023 show that only 40% are carrying out a threat model for every new product they bring to market. These stats are staggering when you consider that it’s one of the most useful tools for identifying security vulnerabilities.

In this blog, we will explore what IoT threat modeling is, how and when it should be carried out and how companies can be equipped to overcome the barriers of cost and limited expertise to ensure their products are built with security best practices from the ground-up. We cover the step-by-step process of threat modeling so trust can be built into every device that will fuel digital transformation.

Easing Security Analysis and Design

With no ‘one-size-fits-all’ solution to IoT security, we need to bridge the gap between the current applications of security best practices and the growing knowledge that they can’t be ignored. Added to this is the stark reality that smaller companies are taking bigger risks when it comes to security, we need to address the challenges that prevent security best practices; two of which are cost limitations and expertise/resource constraints.

What is Threat Modeling?

Threat modeling of a specific device and its use cases is the systematic process of identifying the sensitive assets, threats to those assets, and vulnerabilities that make the threats a necessary concern. The aim is to define security requirements that mitigate the threats and in turn protect the assets. Threat modeling guides the development of the necessary device architecture to ensure right-size security requirements for a specific device and its use case.

A device should be designed, manufactured, tested, and certified based on the threat model used to architect and design the device, saving costs further down the development process and ensuring trust is built in from the ground up.

When Should Threat Modeling be Carried Out?

A threat model should be created at the beginning of the product design to guide the architecture and design of a product. This ensures that the right security measures are mapped out before product development.

We have covered threat modeling in our foundational training course to make threat modeling accessible to everyone. In this module we cover threat modeling terminology, what threat modeling is and the benefits of completing a threat model.

How to Carry Out Threat Modeling

While there are multiple methods of threat modeling, the analysis is typically carried out by considering the topics outlined below:

Threat modeling results in documentation of the assets, threats, and counter-measures known in PSA Certified as Threat Models and Security Analysis (TMSA) document.

In our foundational training course, we cover four key methodologies for threat modeling: NIST Cybersecurity Framework, STRIDE, DREAD and ENISA.

Getting Started

PSA Certified provides resources to enable the IoT ecosystem to collaborate and take steps today to protect society tomorrow.

We offer three editable TMSA documents that can be used as a guide for threat modeling and can be adapted for specific use cases.

Free Editable Threat Model Document

Download our three threat model examples to guide your own

Download now

With clear measurement of security robustness for your device, you can choose the right components to meet your security functional requirements. PSA Certified offers objective measurement, and certification of silicon in three levels of increasing robustness; PSA Certified Level 1 that offers security best practice, PSA Certified Level 2 offering protection against scalable remote software attacks, and PSA Certified Level 3 with protection against hardware attacks, without the complexities and costs, and can focus on the differentiating features of your product.

In summary, it is clear that security analysis should not be missed in the design of connected devices. Threat modeling provides a systematic way to analyze and define security requirements that, when implemented, will mitigate the costs of security inaction. PSA Certified provides the resources to get started with your threat modeling, lowering the barrier to best practice security.