Threat Models in OT Systems
You are tasked to execute a threat model for “The Ankle Monitor Predictor of Stroke (AMPS)”, a fictional home use medical device.
Exercice 1 : Use Case #1: Domestic Medical Device - Part 1 (Data Flow Diagram)
Using the material below, do
- draw Data Flow Diagram
Solution
Exercice 2 : Use Case #1: Domestic Medical Device - Part 2 (STRIDE)
You are tasked to execute a threat model for “The Ankle Monitor Predictor of Stroke (AMPS)”, a fictional home use medical device.
Using the previous analysis, do
- identify relevant threat scenario using STRIDE methodology, incl. at least one example per threat dimension
Exercice 3 : Use Case #1: Domestic Medical Device - Part 3 (Attack Trees)
Using the previous analysis, do
- assess Attack Trees taking into consideration the comments below
Based on assumption you may define, either list attack path steps, or draw down attack trees related to following threat scenarios
- “An attacker could pretend to be an authorized phone app to obtain readings from the device”
- “Invalid input could cause device to crash”
Assuming impact rating as SEVERE for (1) for privacy issues, and MODERATE for (2) for operational issues, compute risk values and propose risk treatment decisions