Here is some progress we made recently as part of the OMG threat modeling working group: in order to guide the development of the threat meta mode, we have agreed to scope the work by looking into defining specific use cases and scenarios. The idea is to focus and bound the work so that it will be easier to identify the specific individual tasks and shape the overall threat model architecture. So far, we have identified the following:
- Large Company Use Case: a large multi-national corporation with sensitive information systems, datacenters, and multiple offices, with cyber and physical security systems
- External Attack Scenario: outside criminals or competitors, looking for financial gain or competitive advantages
- Insider Threat Scenario: malicious insider, motivated by financial gain, desire for retaliation, or industrial espionage
- Critical Infrastructure Use Case: North Easterns US power grid
- Terrorist Attack Scenarios: capable terrorists disable critical cyber systems, resulting in physical destruction of core equipment
Going forward we will refine and extend these use cases to develop a clearer picture of how the threat meta model will look like.
Next steps in the threat modeling itself will focus on generalizing the indicator concept to cover non-cyber related threat indicators. This will really be a starting point for the broader model.