Threat modelling of cyber physical systems: A real case study based on window cleaning business

Threat modelling Cyber-Physical System built on cloud infrastructure to monitor and manage the window cleaning operation using Window Cleaning Warehouse as a case study. Focusing on IoT data collection and cloud infrastructure security and the connections with the Cyber-Physical System. External dependencies and trust levels are defined before using trust boundaries and data flow diagrams to highlight attack surfaces. Expected scenarios from the data flow diagrams are discussed to identify violated intended use of the system using STRIDE threat classification. A risk assessment of assets that may be of interest to an adversary aid the discovery of more security risks that are then prioritised using the DREAD methodology. The results of the research present a comprehensive breakdown of vulnerabilities associated with IoT data security for route optimisation ranging from GPS spoofing, to Firestore vulnerabilities in the real-time database to Bluetooth Low Energy vulnerabilities in the IoT hardware, all of which could be common risks in cyber-physical systems designed by SME businesses. The research concludes various security risks applicable to SME businesses adopting industry 4.0 to alleviate the risk of new security breaches to the business through this adoption, increasing the likelihood of successful adoption of industry 4.0.