Threat Modeling and Attack Simulations of Smart Cities: A Literature Review and Explorative Study

Abstract

Digitization has made enterprises and inter-enterprise organizations (e.g. smart cities) increasingly vulnerable to cyber attacks. Malicious actors compromising computers can have potential damage and disruptions. To mitigate cyber threats, the first thing is to identify vulnerabilities, which is difficult as it requires (i) a detailed understanding of the inter-enterprise architecture, and (ii) significant security expertise. Threat modeling supports (i) by documenting the design of the system architecture, and attack simulation supports (ii) by automating the identification of vulnerabilities. This paper presents a systematic literature review and provides a research outlook for threat modeling and attack simulations of smart cities. The results show that little research has been done in this area, and promising approaches are being developed.