Step 3 – decompose the IoT system

At this stage, the focus is on understanding the life cycle of data as it flows through the system. This understanding allows us to identify vulnerable or weak points that must be addressed within the security architecture. To start, you must identify and document the entry points for data within the system. These points are typically sensors, gateways, or control and management computing resources.

Next, it is important to trace the flow of data from the entry points and document the various components that interact with that data throughout the system. Identify high-profile targets for attackers (these can be intermediate or top-level nodes of an attack tree)—these may be points within the system that aggregate or store data, or they may be high-value sensors that require significant protection to maintain the overall integrity of the system. At the end of this activity, a detailed understanding of the IoT system's attack surface (in terms of data sensitivity and system movements) emerges:

Once data flows have been thoroughly examined, you can begin to catalogue the various physical entry points into the system and the intermediate and internal gateways through which data flows. Also, identify trust boundaries. The entry points and trust boundaries have an enormous security bearing as you identify overall threats associated with the system: