Merging FMEA and Digital Twins to Improve Trustfulness

We show that the integration of adversary emulation and the FMEA methodology can improve the trustfulness of an ICT infrastructure by discovering and stopping the attack paths due to faults. To achieve the required level of accuracy, the emulation exploits the digital twin of the infrastructure and those of the threat actors. The infrastructure twin is a smart inventory describing the infrastructure modules and their instances, the physical and logical connections among instances, the module vulnerabilities, and the attacks they enable. A threat actor twin describes its attack surface, the attacks it can implement, its strategy, and its final goal if any. We present alternative strategies to discover new attack paths due to faults. The simplest one assumes failures have occurred and updates the infrastructure twin to model their effects. Then, it runs the emulation to discover, and stop, the new attack paths due to failures. Other strategies dynamically update the infrastructure twin during the emulation to simulate the occurrence of faults. The paper also discusses how to select countermeasures to stop the attack paths a fault enables to prevent a threat actor from reaching its goal.