The growing connectivity of industrial devices as a result of the Internet of Things is increasing the risks to Industrial Control Systems. Since attacks on such devices can also cause damage to people and machines, they must be properly secured. Therefore, a threat analysis is required in order to identify weaknesses and thus mitigate the risk. In this paper, we present a systematic and holistic procedure for analyzing the attack surface and threats of Industrial Internet of Things devices. Our approach is to consider all components including hardware, software and data, assets, threats and attacks throughout the entire product life cycle.

翻译：随着物联网技术推动工业设备互联程度不断提升，工业控制系统的安全风险也日益加剧。由于对此类设备的攻击可能对人员与机械设备造成实质性损害，必须采取适当的安全防护措施。因此，需要通过威胁分析来识别系统脆弱性，从而降低潜在风险。本文提出一种系统化、整体性的分析方法，用于评估工业物联网设备的攻击面与安全威胁。我们的研究思路是：在整个产品生命周期中，综合考量硬件、软件与数据、资产、威胁及攻击向量等所有构成要素。