The Benefits of Security Threat Modeling and Its Applications to Physical Security

A person using their computer to identify threats using security threat modeling.

Whether you run a business, oversee an entertainment venue, or manage a government or military installation, you are responsible for human lives and physical assets. There are always threats that imperil lives and put physical assets at risk of theft or damage, and security threat modeling is a method of first identifying and then mitigating these threats.

What Is Security Threat Modeling? 

What is threat modeling? Threat modeling is a technique used in software design to anticipate potential threats, identify vulnerable aspects of the system, and determine how to defend against them. Though used primarily in computer programming, the theoretical concept behind threat modeling can also apply to the design and implementation of physical security systems, such as barricades from Delta Scientific.

What Are the Benefits of Threat Modeling for Security?

The purpose of threat modeling is to identify, prioritize, and counteract potential threats. Apart from the obvious benefits (e.g., safeguarding human lives and keeping physical assets out of the hands of those who would use them for nefarious ends), threat modeling offers other significant benefits as well. 

Cost Effectiveness

Physical security threat modeling may require an upfront investment of time and money. Nevertheless, it is ultimately more cost-effective to identify potential threats and have a plan for preventing them before they strike than to absorb the cost of the loss that you might incur. 

For example, an analysis of your premises and the threats that menace it may indicate that you are at risk for vehicle ramming attacks. We offer bollards that can prevent vehicles from coming anywhere near your building. Admittedly, there is a cost involved in purchasing our bollards and having us install them for you, as well as having us replace damaged bollards in the event of a vehicle attack.

However, think of how much more costly it would be to repair the damage from a vehicle attack and to replace stolen or compromised physical assets. Not only that, but bollards also protect pedestrian areas. Stopping a rampaging vehicle could mean saving countless lives and protecting your organization from liability. 

Compliance  

Depending on the type of facility you run, you may have to meet certain safety standards imposed by the government or an accrediting organization. Security threat modeling can help you identify areas in which you may be lacking and help bring you into compliance, meeting or exceeding those standards.  

Awareness

Every member of your organization has a responsibility to prevent security breaches. Threat modeling provides a rubric by which you can educate members of your organization about potential dangers and empower them to play a role in mitigation. 

What Are the Steps Involved in the Security Threat Modeling Process? 

Threat modeling has many different goals, such as identifying potential vulnerabilities and quantifying the severity of the security threats faced. The threat modeling process uses multiple steps to achieve these goals: diagram, identify, prioritize, mitigate, and evaluate:

  • To diagram is to set goals, delineating the end result that the threat modeling should ideally achieve 
  • Within the scope of the analysis, the next step is to identify potential threats that could attack or weaken the system. 
  • Once the threats have been identified, the next step is to prioritize the threats, ranking them according to their seriousness.
  • Mitigation involves coming up with potential defenses against each of the identified threats. 
  • The final step is validation, which confirms that each of the previous steps has been carried out and is effective at protecting your organization from the identified threats.

How Is the Threat Modeling Process Applicable to Physical Security?

Here is an example of the application of threat modeling as it refers to our practice of developing new products at Delta Scientific:

  • Identify potential threats, particularly vehicles used as weapons in ramming attacks and sometimes bad actors on foot.
  • Prioritize the threats, which depend on the facility and the situation. For example, a vehicle ramming attack might seem like a greater threat in general, but if the facility is a repository for sensitive information, a bad actor on foot who could steal or corrupt the files could end up being a greater priority. We take all these factors into consideration when performing our analysis.
  • Diagram or design a barricade that can withstand the threat. For example, a wedge barricade with a crash rating of M50 can stop a 15,000-pound vehicle traveling up to 50 miles per hour.
  • Mitigate the threat effectively with a barricade that can stop a vehicle traveling at a great velocity.
  • Validate the product with crash testing to determine the top vehicle speed at which the barricade will remain effective.
The application of threat modeling being demonstrated with the HD300 Barricade.

Is Threat Modeling an Ongoing Process? 

In software development, threat modeling is not only carried out before the finished product is complete. It continues after deployment to check that there are no lingering problems that did not get worked out during the development process. 

Similarly, we continue to do testing of our products after they are completed, constantly looking for ways that we can improve them. This approach is necessary as terrorist threats continue to become more sophisticated; security products have to evolve to be able to deter the new threats.

What Is the Ultimate Objective of Security Threat Modeling?

Ultimately, the objective of threat modeling is to protect something of value. In the context of physical security, items of value include tangible assets and human lives, the latter of which are irreplaceable. 

At Delta Scientific, we perform our own version of threat modeling when developing our products to ensure that they are strong and effective. Applying a similar process to identify threats to your premises, personnel, and physical assets allows you to mitigate risks before they become reality. 

Security Threat Modeling Solutions Made Simple

At Delta Scientific, we offer customizable solutions to help you protect against physical security threats. With high quality products, outstanding service, technical support and ongoing maintenance, we have solutions for all of your physical security needs. Contact us for more information today.

Sources:

https://www.synopsys.com/glossary/what-is-threat-modeling.html

https://owasp.org/www-community/Threat_Modeling

https://www.exabeam.com/information-security/threat-modeling/

https://www.techtarget.com/searchsecurity/definition/threat-modeling