DREAD threat model

After the threats have been identified and classified, it is also important to rank and prioritize them. Higher priority threats must be addressed. The DREAD method is designed to rank the threats (MS-DREAD). Although originally developed for subsystem components (software, firmware, and so on), the DREAD concept can be utilized in threat assessment at various levels of granularity of an IIoT system.

DREAD is an acronym that represents five criteria for threat assessment:

• Damage: Assessing the damage that could result if the threat advances to a security attack. In the case of cyber-physical systems, the damage could be data exfiltration, environmental damage, human injury, and so on.
• Reproducibility: A measure of how frequently the specific threat would mature into a successful attack. An easily reproducible threat has a higher chance of being exploited.
• Exploitability: An assessment of the effort, monetary investment, and expertise required to launch the exploit. Threats requiring low levels of skill and experience are more exploitable than those that require highly skilled personnel and great expense to carry out. In the case of IIoT, the exploits usually involve a high degree of complexity and expertise. If an industrial threat can be remotely exploited, then it is more exploitable than an exploit requiring on-site, physical access and special credentials.
• Affected users: The number of users that could be affected by an attack is a measure to prioritize threats. This criteria can also be extended to include the number of devices and assets impacted by the attack.
• Discoverability: The likelihood a vulnerability can be taken advantage of.

In the DREAD classification scheme, threats are quantified, compared, and prioritized based on their risk value. The risk value is computed using the following formula:

Threat risk using DREAD = (Damage potential + Reproducibility + Exploitability + Affected Users + Discoverability) / 5