{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T07:48:31Z","timestamp":1763452111863,"version":"3.45.0"},"reference-count":27,"publisher":"Wiley","issue":"6","license":[{"start":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T00:00:00Z","timestamp":1758758400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Security and Privacy"],"published-print":{"date-parts":[[2025,11]]},"abstract":"<jats:title>ABSTRACT<\/jats:title>\n                  <jats:p>Cyber\u2010physical systems (CPS) are critical components of many vital infrastructures, including hydro power plants (HPPs). However, these systems are susceptible to various cyberattacks, as evidenced by past attacks. This research paper explores CPS security in HPP environments, presenting a review of existing architectures and threat modeling techniques. Considering the importance of the availability of CPS\u2010based critical infrastructures, we have proposed a redundant HPP\u2010based architecture containing diverse vendor components to improve system resilience and security against both common and zero\u2010day vulnerabilities. Additionally, a novel CritFit Threat Modeling Framework (CritFit\u2010TMF) is proposed by integrating STRIDE, DREAD, and CritFit Scoring. The STRIDE and DREAD threat modeling approaches are intended to identify and evaluate the CPS threats, respectively, whereas the CritFit Scoring is applied to the outcome of the DREAD model so as to contextualize the priorities of security aspects with respect to CPS. The CritFit Scoring methodology is to tailor severity assessments specifically for CPS, recognizing the distinct security priorities of CPS compared to traditional IT systems. This proposed CritFit\u2010TMF enhances the identification, evaluation, and prioritization of threats during the design phase of HPP\u2010based CPS and thus reduces the cost and complexity of patching vulnerabilities during the development or deployment phase of CPS. The proposed CritFit\u2010TMF is simulated by considering our proposed redundant HPP architecture. The evaluations highlight the feasibility, adaptability, and importance of our proposed framework in CPS. Simulation results of the CritFit\u2010TMF revealed that 24.90% of the identified threats were Elevation of Privilege, followed by Denial of Service (24.08%), Spoofing (23.27%), Information Disclosure (10.2%), Repudiation (9.39%), and Tampering (8.16%).<\/jats:p>","DOI":"10.1002\/spy2.70111","type":"journal-article","created":{"date-parts":[[2025,9,26]],"date-time":"2025-09-26T03:04:14Z","timestamp":1758855854000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Threat Modeling to Secure\n                    <scp>CPS<\/scp>\n                    \u2010Based Critical Infrastructures"],"prefix":"10.1002","volume":"8","author":[{"given":"Zakir Ahmad","family":"Sheikh","sequence":"first","affiliation":[{"name":"Department of Computer Science and Information Technology Central University of Jammu  Bagla Jammu and Kashmir India"}]},{"given":"Yashwant","family":"Singh","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Information Technology Central University of Jammu  Bagla Jammu and Kashmir India"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1776-4651","authenticated-orcid":false,"given":"Sudeep","family":"Tanwar","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering Institute of Technology, Nirma University  Ahmedabad India"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0646-5872","authenticated-orcid":false,"given":"Abdulatif","family":"Alabdulatif","sequence":"additional","affiliation":[{"name":"Department of Computer Science College of Computer, Qassim University  Buraidah Saudi Arabia"}]}],"member":"311","published-online":{"date-parts":[[2025,9,25]]},"reference":[{"key":"e_1_2_9_2_1","doi-asserted-by":"crossref","unstructured":"R.Khan K.Mclaughlin D.Laverty andS.Sezer \u201cSTRIDE\u2010Based Threat Modeling for Cyber\u2010Physical Systems \u201d2018.","DOI":"10.1109\/ISGTEurope.2017.8260283"},{"key":"e_1_2_9_3_1","first-page":"1","article-title":"Supposed Cyber Attack on Kudankulam Nuclear Infrastructure\u2014A Benign Reminder of a Possibile Reality","volume":"129","author":"Dilipraj E.","year":"2019","journal-title":"Cent. Air Power Stud"},{"key":"e_1_2_9_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2020.3002851"},{"key":"e_1_2_9_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.arcontrol.2019.04.011"},{"key":"e_1_2_9_6_1","unstructured":"A.Bari\u0161i\u0107andJ.Cunha \u201cSustainability in Modelling of Cyber\u2010Physical Systems: A Systematic Literature Review\u2014Intermediate Technical Report \u201d 2017."},{"key":"e_1_2_9_7_1","first-page":"12","article-title":"Threat Agent Library Helps Identify Information Security Risks","volume":"2","author":"Casey T.","year":"2007","journal-title":"Intel White Paper"},{"key":"e_1_2_9_8_1","unstructured":"M.Rosenquist \u201c6\/ Prioritizing Information Security Risk With Threat Agent Risk Assessment \u201d2009IT@Intel White Pap. p. 8."},{"key":"e_1_2_9_9_1","unstructured":"A.Karahasanovic P.Kleberger andM.Almgren \u201cAdapting Threat Modeling Methods for the Automotive Industry \u201dProc. 15th ESCAR Conf. Berlin 2017 1\u201310 2017."},{"key":"e_1_2_9_10_1","doi-asserted-by":"crossref","unstructured":"R. A.Caralli J. F.Stevens L. R.Young andW. R.Wilson \u201cIntroducing OCTAVE Allegro\u2009: Improving the Information Security Risk Assessment Process \u201dYoung no. May pp. 1\u2013113 2007.","DOI":"10.21236\/ADA470450"},{"key":"e_1_2_9_11_1","unstructured":"ITS \u201cTR 102 893\u2014V1.2.1\u2014Intelligent Transport Systems (ITS); Security; Threat Vulnerability and Risk Analysis (TVRA) \u201dvol. 1 1\u201388 2017."},{"key":"e_1_2_9_12_1","doi-asserted-by":"publisher","DOI":"10.3389\/friot.2024.1306465"},{"key":"e_1_2_9_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.heliyon.2024.e39192"},{"key":"e_1_2_9_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3698396"},{"key":"e_1_2_9_15_1","doi-asserted-by":"publisher","DOI":"10.3390\/info11050273"},{"key":"e_1_2_9_16_1","unstructured":"\u201cSkybox Security Introduces Threat\u2010Centric Vulnerability Management for Skybox Security Suite \u201daccessed June 13 2022 https:\/\/www.sourcesecurity.com\/news\/threat\u2010centric\u2010vulnerability\u2010management\u2010for\u2010skybox\u2010security\u2010suite\u2010co\u201014913\u2010ga\u2010npr.22980.html."},{"key":"e_1_2_9_17_1","first-page":"31","article-title":"Towards Comprehensive Threat Modeling for Vehicles","author":"Hamad M.","year":"2016","journal-title":"Critical Embedded Real\u2010Time Systems"},{"key":"e_1_2_9_18_1","unstructured":"N.Shevchenko T. A.Chick P. O.Riordan T. P.Scanlon andC.Woody \u201cThreat Modeling: A Summary of Available Methods \u201d 2018."},{"key":"e_1_2_9_19_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2024.100675"},{"key":"e_1_2_9_20_1","first-page":"171","article-title":"Quantum Computing Threat Modelling on a Generic CPS Setup","volume":"12809","author":"Lee C. C.","year":"2021","journal-title":"Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence, Lecture Notes in Bioinformatics)"},{"issue":"13","key":"e_1_2_9_21_1","first-page":"1","article-title":"A Generalized Threat Model for Visual Sensor Networks","volume":"20","author":"S. Networks","year":"2020","journal-title":"Sensors"},{"key":"e_1_2_9_22_1","doi-asserted-by":"crossref","unstructured":"R.HasanandA. T.Modeling \u201cTowards a Threat Model and Security Analysis of Video Conferencing Systems \u201d 2021.","DOI":"10.1109\/CCNC49032.2021.9369505"},{"key":"e_1_2_9_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102950"},{"key":"e_1_2_9_24_1","first-page":"6","article-title":"Combining Safety & Security Analysis for Industrial Collaborative Automation Systems","volume":"10489","author":"Pl'osz S.","year":"2017","journal-title":"Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence, Lecture Notes in Bioinformatics)"},{"key":"e_1_2_9_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3058403"},{"key":"e_1_2_9_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCNCW.2018.8369033"},{"key":"e_1_2_9_27_1","unstructured":"\u201cThreat Modeling With DREAD \u201daccessed September 8 2022 https:\/\/cyral.com\/glossary\/threat\u2010modeling\u2010with\u2010dread\/."},{"key":"e_1_2_9_28_1","doi-asserted-by":"publisher","DOI":"10.1080\/19361610.2019.1545278"}],"container-title":["SECURITY AND PRIVACY"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/spy2.70111","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T07:43:34Z","timestamp":1763451814000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/spy2.70111"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,25]]},"references-count":27,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2025,11]]}},"alternative-id":["10.1002\/spy2.70111"],"URL":"https:\/\/doi.org\/10.1002\/spy2.70111","archive":["Portico"],"relation":{},"ISSN":["2475-6725","2475-6725"],"issn-type":[{"type":"print","value":"2475-6725"},{"type":"electronic","value":"2475-6725"}],"subject":[],"published":{"date-parts":[[2025,9,25]]},"assertion":[{"value":"2025-06-10","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-09-16","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-09-25","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"e70111"}}