Threat Modeling Data Analysis in Socio-technical Systems

TL;DR

This paper discusses adapting threat modeling techniques from software security to analyze and improve the security and reliability of data-driven decision-making processes in socio-technical systems.

Contribution

It introduces a systemic approach to threat modeling in socio-technical systems, highlighting adaptations needed for new threats and assets.

Findings

Threat modeling can identify vulnerabilities in socio-technical decision processes

Adapting security practices enhances resilience against sophisticated attacks

Framework supports designing more trustworthy decision-making systems

Abstract

Our decision-making processes are becoming more data driven, based on data from multiple sources, of different types, processed by a variety of technologies. As technology becomes more relevant for decision processes, the more likely they are to be subjects of attacks aimed at disrupting their execution or changing their outcome. With the increasing complexity and dependencies on technical components, such attempts grow more sophisticated and their impact will be more severe. This is especially important in scenarios with shared goals, which had to be previously agreed to, or decisions with broad social impact. We need to think about our decisions-making and underlying data analysis processes in a systemic way to correctly evaluate benefits and risks of specific solutions and to design them to be resistant to attacks. To reach these goals, we can apply experiences from threat modeling analysis used in software security. We will need to adapt these practices to new types of threats, protecting different assets and operating in socio-technical systems. With these changes, threat modeling can become a foundation for implementing detailed technical, organizational or legal mitigations and making our decisions more reliable and trustworthy.