Ruiwen He,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9346835

2020-01-01

Abstract:With the development of information technology and Power Internet of Things, the increasing number of networked terminals presents new network security threats. Industrial control equipment and systems have vulnerabilities in hardware, software and firmware, and advanced persistent threat against ICS has become more complex and diverse. However, most of the research are aimed at the detection of single vulnerability, and lack attack mechanism analysis and threat assessment for attack chain. We proposed a threat assessment method based on vulnerability descriptive text and described the attributes of attack samples according to the classification results in attack targets, methods and consequences. We constructed attack graphs based on attack sample attributes and cyber-physical topology to quantitatively evaluate the feasibility and benefits of each attack path from vulnerability capabilities and the impact of devices in the physical world. Finally, we took the substation device status monitoring system as an example to verify the feasibility of this method.

Jichao Bi,Shibo He,Fengji Luo,Wenchao Meng,Luyue Ji,Da-Wen Huang

DOI: https://doi.org/10.1109/TII.2022.3231406

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial Internet of Things (IIoT) is vulnerable to advanced persistent threat (APT). In this article, we study a scenario in which APT is launched to attack IIoT devices. Considering the APTs lateral movement, a node-level state evolution model is established to calculate the probability of every device in an IIoT system to be compromised by APT. Based on this, a Stackelberg game model is proposed for the APT attacker and defender, which can accurately describe the gaming process. An effective computational approach is developed to obtain the potential Stackelberg equilibrium strategy pair of the game. Extensive case studies and comparison studies are conducted to validate the effectiveness of the proposed method.

Paul Griffioen,Bruno Sinopoli

DOI: https://doi.org/10.48550/arXiv.2110.07771

2021-10-14

Cryptography and Security

Abstract:Threat modeling and risk assessments are common ways to identify, estimate, and prioritize risk to national, organizational, and individual operations and assets. Several threat modeling and risk assessment approaches have been proposed prior to the advent of the Internet of Things (IoT) that focus on threats and risks in information technology (IT). Due to shortcomings in these approaches and the fact that there are significant differences between the IoT and IT, we synthesize and adapt these approaches to provide a threat modeling framework that focuses on threats and risks in the IoT. In doing so, we develop an IoT attack taxonomy that describes the adversarial assets, adversarial actions, exploitable vulnerabilities, and compromised properties that are components of any IoT attack. We use this IoT attack taxonomy as the foundation for designing a joint risk assessment and maturity assessment framework that is implemented as an interactive online tool. The assessment framework this tool encodes provides organizations with specific recommendations about where resources should be devoted to mitigate risk. The usefulness of this IoT framework is highlighted by case study implementations in the context of multiple industrial manufacturing companies, and the interactive implementation of this framework is available at http://iotrisk.andrew.cmu.edu.

Simon Liebl,Leah Lathrop,Ulrich Raithel,Andreas Aßmuth,Ian Ferguson,Matthias Söllner

DOI: https://doi.org/10.48550/arXiv.2405.16318

2024-05-26

Abstract:The growing connectivity of industrial devices as a result of the Internet of Things is increasing the risks to Industrial Control Systems. Since attacks on such devices can also cause damage to people and machines, they must be properly secured. Therefore, a threat analysis is required in order to identify weaknesses and thus mitigate the risk. In this paper, we present a systematic and holistic procedure for analyzing the attack surface and threats of Industrial Internet of Things devices. Our approach is to consider all components including hardware, software and data, assets, threats and attacks throughout the entire product life cycle.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Bruno Paes Leao,Jagannadh Vempati,Siddharth Bhela,Tobias Ahlgrim,Daniel Arnold

2024-05-31

Abstract:Modern industrial systems face a growing threat from sophisticated cyberattacks that can cause significant operational disruptions. This work presents a novel methodology for identification of the most critical cyberattacks that may disrupt the operation of such a system. Application of the proposed framework can enable the design and development of advanced cybersecurity solutions for a wide range of industrial applications. Attacks are assessed taking into direct consideration how they impact the system operation as measured by a defined Key Performance Indicator (KPI). A simulation model (SM), of the industrial process is employed for calculation of the KPI based on operating conditions. Such SM is augmented with a layer of information describing the communication network topology, connected devices, and potential actions an adversary can take based on each device or network link. Each possible action is associated with an abstract measure of effort, which is interpreted as a cost. It is assumed that the adversary has a corresponding budget that constrains the selection of the sequence of actions defining the progression of the attack. A dynamical system comprising a set of states associated with the cyberattack (cyber-states) and transition logic for updating their values is also proposed. The resulting augmented simulation model (ASM) is then employed in an artificial intelligence-based sequential decision-making optimization to yield the most critical cyberattack scenarios as measured by their impact on the defined KPI. The methodology is successfully tested based on an electrical power distribution system use case.

Systems and Control

Shaharyar Khan,Stuart Madnick,Stuart E Madnick

DOI: https://doi.org/10.1109/tdsc.2021.3093214

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Recent cyber-physical attacks, such as Stuxnet, Triton etc., have invoked an ominous realization about the vulnerability of critical infrastructure, including water, power and gas distribution systems. Traditional IT security-biased protection methods that focus on improving cyber hygiene are largely impotent in the face of targeted attacks by advanced cyber-adversaries. Thus, there is an urgent need to analyze the safety and security of critical infrastructure in a holistic fashion, leveraging the physics of the cyber-physical system. System-Theoretic Accident Model & Processes (STAMP) offers a powerful framework to analyze complex systems; hitherto, STAMP has been used extensively to perform safety analyses but an integrated safety and cybersecurity analysis of industrial control systems (ICS) has not been published. This paper uses the electrical generation and distribution system of an archetypal industrial facility to demonstrate the application of a STAMP-based method – called Cybersafety – to identify and mitigate cyber-vulnerabilities in ICS. The key contribution of this work is to differentiate the additional steps required to perform a holistic cybersecurity analysis for an ICS of significant size and complexity and to present the analysis in a structured format that can be emulated for larger systems with many interdependent subsystems.

computer science, information systems, software engineering, hardware & architecture

Md Habibor Rahman,Rocco Cassandro,Thorsten Wuest,Mohammed Shafae

2023-12-30

Abstract:An attack taxonomy offers a consistent and structured classification scheme to systematically understand, identify, and classify cybersecurity threat attributes. However, existing taxonomies only focus on a narrow range of attacks and limited threat attributes, lacking a comprehensive characterization of manufacturing cybersecurity threats. There is little to no focus on characterizing threat actors and their intent, specific system and machine behavioral deviations introduced by cyberattacks, system-level and operational implications of attacks, and potential countermeasures against those attacks. To close this pressing research gap, this work proposes a comprehensive attack taxonomy for a holistic understanding and characterization of cybersecurity threats in manufacturing systems. Specifically, it introduces taxonomical classifications for threat actors and their intent and potential alterations in system behavior due to threat events. The proposed taxonomy categorizes attack methods/vectors and targets/locations and incorporates operational and system-level attack impacts. This paper also presents a classification structure for countermeasures, provides examples of potential countermeasures, and explains how they fit into the proposed taxonomical classification. Finally, the implementation of the proposed taxonomy is illustrated using two realistic scenarios of attacks on typical smart manufacturing systems, as well as several real-world cyber-physical attack incidents and academic case studies. The developed manufacturing attack taxonomy offers a holistic view of the attack chain in manufacturing systems, starting from the attack launch to the possible damages and system behavior changes within the system. Furthermore, it guides the design and development of appropriate protective and detective countermeasures by leveraging the attack realization through observed system deviations.

Cryptography and Security

Georgios Michail Makrakis,Constantinos Kolias,Georgios Kambourakis,Craig Rieger,Jacob Benjamin

DOI: https://doi.org/10.48550/arXiv.2109.03945

2021-09-08

Cryptography and Security

Abstract:Critical infrastructures (CI) and industrial organizations aggressively move towards integrating elements of modern Information Technology (IT) into their monolithic Operational Technology (OT) architectures. Yet, as OT systems progressively become more and more interconnected, they silently have turned into alluring targets for diverse groups of adversaries. Meanwhile, the inherent complexity of these systems, along with their advanced-in-age nature, prevents defenders from fully applying contemporary security controls in a timely manner. Forsooth, the combination of these hindering factors has led to some of the most severe cybersecurity incidents of the past years. This work contributes a full-fledged and up-to-date survey of the most prominent threats against Industrial Control Systems (ICS) along with the communication protocols and devices adopted in these environments. Our study highlights that threats against CI follow an upward spiral due to the mushrooming of commodity tools and techniques that can facilitate either the early or late stages of attacks. Furthermore, our survey exposes that existing vulnerabilities in the design and implementation of several of the OT-specific network protocols may easily grant adversaries the ability to decisively impact physical processes. We provide a categorization of such threats and the corresponding vulnerabilities based on various criteria. As far as we are aware, this is the first time an exhaustive and detailed survey of this kind is attempted.

Hojun Jin,GyuHyun Jeon,Hee Won Aneka Choi,Seungho Jeon,Jung Taek Seo

DOI: https://doi.org/10.1016/j.heliyon.2024.e39192

IF: 3.776

2024-10-15

Heliyon

Abstract:Internet of Things (IoT) devices are much closer to users than personal computers used in traditional computing environments. Due to prevalence of IoT devices, even if they are compromised and used in attacks, it is difficult to detect and respond to them. Currently, there has been extensive research on threat modeling for cyberattacks. However, there remains a significant gap in research concerning threat modeling for attacks specially targeting IoT devices within the fifth-generation communication environment. In this paper, we present IoT Targeting-Threat Modeling(I3TM) framework established by analyzing botnets that are appeared before 2021 such as Mirai, Pink etc. Through this framework, we identify tactics and techniques to respond to the attacks. Using the identified tactics and techniques from our proposed framework, we can promptly respond to the newly detected attacks. We constructed a Threat Modeling Framework Keyword-Based Metrics to show extracted keywords from reports, academic papers, and white paper that identifies the features of botnet. We also provide an objective way to apply those keywords to the framework. Our framework is organized to analyze the attack process of botnets that may occur against IoT. The framework derives execution for each tactic for objective analysis based on keywords. In the validation for the framework, I3TM identified eight Tactics from Medusa botnet. If the application of the I3TM framework is continuously accumulated, a baseline of similar attack methods and data will be formed. In future research, we are planning to append mitigations for the attacks targeting IoT to the I3TM framework.

Chenquan Gan,Jiabin Lin,Da-Wen Huang,Qingyi Zhu,Liang Tian

DOI: https://doi.org/10.3390/math11143115

IF: 2.4

2023-07-15

Mathematics

Abstract:The industrial internet of things (IIoT) is a key pillar of the intelligent society, integrating traditional industry with modern information technology to improve production efficiency and quality. However, the IIoT also faces serious challenges from advanced persistent threats (APTs), a stealthy and persistent method of attack that can cause enormous losses and damages. In this paper, we give the definition and development of APTs. Furthermore, we examine the types of APT attacks that each layer of the four-layer IIoT reference architecture may face and review existing defense techniques. Next, we use several models to model and analyze APT activities in IIoT to identify their inherent characteristics and patterns. Finally, based on a thorough discussion of IIoT security issues, we propose some open research topics and directions.

mathematics

Xingbin Jiang,Michele Lora,Sudipta Chattopadhyay

DOI: https://doi.org/10.1145/3379542

IF: 5.3

2020-05-31

ACM Transactions on Internet Technology

Abstract:The revolutionary development of the Internet of Things has triggered a huge demand for Internet of Things devices. They are extensively applied to various fields of social activities, and concerning manufacturing, they are a key enabling concept for the Industry 4.0 ecosystem. Industrial Internet of Things (IIoT) devices share common vulnerabilities with standard IoT devices, which are increasingly exposed to the attackers. As such, connected industrial devices may become sources of cyber, as well as physical, threats for people and assets in industrial environments. In this work, we examine the attack surfaces of a networked embedded system, composed of devices representative of those typically used in the IIoT field. We carry on an analysis of the current state of the security of IIoT technologies. The analysis guides the identification of a set of attack vectors for the examined networked embedded system. We set up the corresponding concrete attack scenarios to gain control of the system actuators and perform some hazardous operations. In particular, we propose a couple of variations of Mirai attack specifically tailored for attacking industrial environments. Finally, we discuss some possible

computer science, information systems, software engineering

Zahra Jadidi,Yi Lu

DOI: https://doi.org/10.1109/access.2021.3133260

IF: 3.9

2021-01-01

IEEE Access

Abstract:An Industrial Control System (ICS) adversary often takes different actions to exploit vulnerabilities, pass the border between Information Technology (IT) and Operational Technology (OT) networks, and launch a targeted attack against OT networks. Detecting these threat actions in early phases before the final stage of the attacks can be executed against industrial endpoints can help prevent adversaries from achieving their goals. Threat hunting in IT networks has been previously studied, and several hunting methods have been proposed. However, these methods are not sufficient for ICSs, as the integration of industrial legacy systems with advanced IT networks has introduced new types of vulnerabilities and changed the behaviour of attacks. The lack of a unified hunting solution for integrated IT and OT networks is the gap that is considered in our paper. The contribution of this paper is an ICS Threat Hunting Framework (ICS-THF) which focuses on detecting cyber threats against ICS devices in the earliest phases of the attack lifecycle. ICS-THF consists of three stages, threat hunting triggers, threat hunting, and cyber threat intelligence. The threat hunting trigger stage identifies events or external resources that can trigger the hunting stage. The hunting stage uses a combination of the MITRE ATT&CK Matrix and a Diamond model of intrusion analysis to generate a hunting hypothesis and to predict the future behaviour of the adversary. This hypothesis will be validated by analysing Diamond models of threat actions. Finally, the cyber threat intelligence stage is responsible for generating Indicators of Compromise (IoCs) to be used for future threat hunting. The Black Energy 3 malware, PLC-Blaster malware, and SWaT dataset are used in this paper to evaluate the efficiency of the proposed framework.

Efe C. Balta,Michael Pease,James Moyne,Kira Barton,Dawn M. Tilbury

DOI: https://doi.org/10.1109/tase.2023.3243147

IF: 6.636

2023-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Smart manufacturing (SM) systems utilize run-time data to improve productivity via intelligent decision-making and analysis mechanisms on both machine and system levels. The increased adoption of cyber-physical systems in SM leads to the comprehensive framework of cyber-physical manufacturing systems (CPMS) where data-enabled decision-making mechanisms are coupled with cyber-physical resources on the plant floor. Due to their cyber-physical nature, CPMS are susceptible to cyber-attacks that may cause harm to the manufacturing system, products, or even the human workers involved in this context. Therefore, detecting cyber-attacks efficiently and timely is a crucial step toward implementing and securing high-performance CPMS in practice. This paper addresses two key challenges to CPMS cyber-attack detection. The first challenge is distinguishing expected anomalies in the system from cyber-attacks. The second challenge is the identification of cyber-attacks during the transient response of CPMS due to closed-loop controllers. Digital twin (DT) technology emerges as a promising solution for providing additional insights into the physical process (twin) by leveraging run-time data, models, and analytics. In this work, we propose a DT framework for detecting cyber-attacks in CPMS during controlled transient behavior as well as expected anomalies of the physical process. We present a DT framework and provide details on structuring the architecture to support cyber-attack detection. Additionally, we present an experimental case study on off-the-shelf 3D printers to detect cyber-attacks utilizing the proposed DT framework to illustrate the effectiveness of our proposed approach. Note to Practitioners—This work is motivated by developing a general-purpose and extensible digital twin-enabled cyber-attack detection framework for manufacturing systems. Existing works in the field consider specialized attack scenarios and models that may not be extensible in practical manufacturing scenarios. We utilize digital twin (DT) technology as a key enabler to develop a systematic and extensible framework where we identify the abnormality of a resource and detect if the abnormality is due to an attack or an expected anomaly. We provide several remarks on how our proposed framework can extend existing industrial control systems (ICS) and can accommodate further extensions. The presented DTs utilize data-driven machine learning models, physics-based models, and subject matter expert knowledge to perform detection and differentiation tasks in the context of expected anomalies and model-based controllers that control the manufacturing process between multiple setpoints. We utilize a model predictive controller on an off-the-shelf 3D printer to run the process, and stage anomalies and cyber-attacks that are successfully detected by the proposed framework.

automation & control systems

S. Garg,Govind P. Gupta,Rakesh Tripathi,Mohammad Mehedi Hassan,Prabhat Kumar

DOI: https://doi.org/10.1109/TITS.2021.3122368

2023-02-01

Abstract:The recent burgeoning of Internet of Things (IoT) technologies in the maritime industry is successfully digitalizing Maritime Transportation Systems (MTS). In IoT-enabled MTS, the smart maritime objects, infrastructure associated with ship or port communicate wirelessly using an open channel Internet. The intercommunication and incorporation of heterogeneous technologies in IoT-enabled MTS brings opportunities not only for the industries that embrace it, but also for cyber-criminals. Cyber Threat Intelligence (CTI) is an effective security strategy that uses artificial intelligence models to understand cyber-attacks and can protect data of IoT-enabled MTS proficiently. Unsurprisingly, most of the existing CTI-based solutions uses manual analysis to extract relevant threat information, and has low detection and high false alarm rate. Therefore, to tackle aforementioned challenges, an automated framework called DLTIF is developed for modeling cyber threat intelligence and identifying threat types. The proposed DLTIF is based on three schemes: a deep feature extractor (DFE), CTI-driven detection (CTIDD) and CTI-attack type identification (CTIATI). The DFE scheme automatically extracts the hidden patterns of IoT-enabled MTS network and its output is used by CTIDD scheme for threat detection. The CTIATI scheme is designed to identify the exact threat types and to assist security analysts in giving early warning and adopt defensive strategies. The proposed framework has obtained upto 99% accuracy, and outperforms some traditional and recent state-of-the-art approaches.

Computer Science,Engineering,Environmental Science

Mukund Bhole,Wolfgang Kastner,Thilo Sauter

DOI: https://doi.org/10.1109/ETFA52439.2022.9921549

2023-06-22

Abstract:Todays industrial control systems consist of tightly coupled components allowing adversaries to exploit security attack surfaces from the information technology side, and, thus, also get access to automation devices residing at the operational technology level to compromise their safety functions. To identify these concerns, we propose a model-based testing approach which we consider a promising way to analyze the safety and security behavior of a system under test providing means to protect its components and to increase the quality and efficiency of the overall system. The structure of the underlying framework is divided into four parts, according to the critical factors in testing of operational technology environments. As a first step, this paper describes the ingredients of the envisioned framework. A system model allows to overview possible attack surfaces, while the foundations of testing and the recommendation of mitigation strategies will be based on process-specific safety and security standard procedures with the combination of existing vulnerability databases.

Software Engineering,Systems and Control

Shantanu Pal,Zahra Jadidi

DOI: https://doi.org/10.3390/app11209393

2021-10-10

Applied Sciences

Abstract:Industrial Internet of Things (IIoT) can be seen as an extension of the Internet of Things (IoT) services and applications to industry with the inclusion of Industry 4.0 that provides automation, reliability, and control in production and manufacturing. IIoT has tremendous potential to accelerate industry automation in many areas, including transportation, manufacturing, automobile, marketing, to name a few places. When the benefits of IIoT are visible, the development of large-scale IIoT systems faces various security challenges resulting in many large-scale cyber-attacks, including fraudulent transactions or damage to critical infrastructure. Moreover, a large number of connected devices over the Internet and resource limitations of the devices (e.g., battery, memory, and processing capability) further pose challenges to the system. The IIoT inherits the insecurities of the traditional communication and networking technologies; however, the IIoT requires further effort to customize the available security solutions with more focus on critical industrial control systems. Several proposals discuss the issue of security, privacy, and trust in IIoT systems, but comprehensive literature considering the several aspects (e.g., users, devices, applications, cascading services, or the emergence of resources) of an IIoT system is missing in the present state of the art IIoT research. In other words, the need for considering a vision for securing an IIoT system with broader security analysis and its potential countermeasures is missing in recent times. To address this issue, in this paper, we provide a comparative analysis of the available security issues present in an IIoT system. We identify a list of security issues comprising logical, technological, and architectural points of view and consider the different IIoT security requirements. We also discuss the available IIoT architectures to examine these security concerns in a systematic way. We show how the functioning of different layers of an IIoT architecture is affected by various security issues and report a list of potential countermeasures against them. This study also presents a list of future research directions towards the development of a large-scale, secure, and trustworthy IIoT system. The study helps understand the various security issues by indicating various threats and attacks present in an IIoT system.

Lubna Luxmi Dhirani,Eddie Armstrong,Thomas Newe

DOI: https://doi.org/10.3390/s21113901

2021-06-05

Abstract:Industrial IoT (IIoT) is a novel concept of a fully connected, transparent, automated, and intelligent factory setup improving manufacturing processes and efficiency. To achieve this, existing hierarchical models must transition to a fully connected vertical model. Since IIoT is a novel approach, the environment is susceptible to cyber threat vectors, standardization, and interoperability issues, bridging the gaps at the IT/OT ICS (industrial control systems) level. IIoT M2M communication relies on new communication models (5G, TSN ethernet, self-driving networks, etc.) and technologies which require challenging approaches to achieve the desired levels of data security. Currently there are no methods to assess the vulnerabilities/risk impact which may be exploited by malicious actors through system gaps left due to improper implementation of security standards. The authors are currently working on an Industry 4.0 cybersecurity project and the insights provided in this paper are derived from the project. This research enables an understanding of converged/hybrid cybersecurity standards, reviews the best practices, and provides a roadmap for identifying, aligning, mapping, converging, and implementing the right cybersecurity standards and strategies for securing M2M communications in the IIoT.

Venkata Atluri,Jeff Horne

DOI: https://doi.org/10.1109/southeastcon45413.2021.9401809

2021-03-10

Abstract:Cyber-attacks on our Nation's Critical Infrastructure are growing. In this research, a Cyber Threat Intelligence (CTI) framework is proposed, developed, and tested. The results of the research, using 5 different simulated attacks on a dataset from an Industrial Control System (ICS) testbed, are presented with the extracted IOCs. The Bagging Decision Trees model showed the highest performance of testing accuracy (94.24%), precision (0.95), recall (0.93), and F1-score (0.94) among the 9 different machine learning models studied.

Navid Aftabi,Dan Li,Ph.D.,Thomas Sharkey,Ph.D

2024-01-31

Abstract:Industrial Control Systems (ICSs) are widely used in critical infrastructures that face various cyberattacks causing physical damage. With the increasing integration of the ICSs and information technology (IT), ensuring the security of ICSs is of paramount importance. In an ICS, cyberattacks exploit vulnerabilities to compromise sensors and controllers, aiming to cause physical damage. Maliciously accessing different components poses varying risks, highlighting the importance of identifying high-risk cyberattacks. This aids in designing effective detection schemes and mitigation strategies. This paper proposes an optimization-based cyber-risk assessment framework that integrates cyber and physical systems of ICSs. The framework models cyberattacks with varying expertise and knowledge by 1) maximizing physical impact in terms of failure time of the physical system, 2) quickly accessing the sensors and controllers in the cyber system while exploiting limited vulnerabilities, 3) avoiding detection in the physical system, and 4) complying with the cyber and physical restrictions. These objectives enable us to jointly model the interactions between the cyber and physical systems and study the critical cyberattacks that cause the highest impact on the physical system under certain resource constraints. Our framework serves as a tool to understand the vulnerabilities of an ICS with a holistic consideration of cyber and physical systems and their interactions and assess the risk of existing detection schemes by generating the worst-case attack strategies. We illustrate and verify the effectiveness of our proposed method in a numerical and a case study. The results show that a worst-case strategic attacker causes almost 19% further acceleration in the failure time of the physical system while remaining undetected compared to a random attacker.

Optimization and Control,Systems and Control

Ralph Ankele,Stefan Marksteiner,Kai Nahrgang,Heribert Vallant

DOI: https://doi.org/10.1145/3339252.3341482

2019-08-26

Abstract:The factories of the future require efficient interconnection of their physical machines into the cyber space to cope with the emerging need of an increased uptime of machines, higher performance rates, an improved level of productivity and a collective collaboration along the supply chain. With the rapid growth of the Internet of Things (IoT), and its application in industrial areas, the so called Industrial Internet of Things (IIoT)/Industry 4.0 emerged. However, further to the rapid growth of IoT/IIoT systems, cyber attacks are an emerging threat and simple manual security testing can often not cope with the scale of large IoT/IIoT networks. In this paper, we suggest to extract metadata from commonly used diagrams and models in a typical software development process, to automate the process of threat modelling, security analysis and penetration testing, without detailed prior security knowledge. In that context, we present requirements and recommendations for metadata in IoT/IIoT models that are needed as necessary input parameters of security assurance tools.