ORIGINAL RESEARCH article

Front. Comput. Sci.

Sec. Computer Security

Volume 7 - 2025 | doi: 10.3389/fcomp.2025.1647179

This article is part of the Research TopicAI-Driven Cyber Risk Assessment and InsuranceView all articles

A Framework for Cyber Threat Modeling and Risk Assessment in Smart City Environments

Provisionally accepted
Mariya  OuaissaMariya Ouaissa1*Mariyam  OuaissaMariyam Ouaissa2Zineb  NadifiZineb Nadifi2Sarah  El HimerSarah El Himer3Yassine  Al MasmoudiYassine Al Masmoudi4Ali  KartitAli Kartit2
  • 1Cadi Ayyad University, Marrakesh, Morocco
  • 2Universite Chouaib Doukkali, El Jadida, Morocco
  • 3Universite Sidi Mohamed Ben Abdellah, Fes, Morocco
  • 4Universite Chouaib Doukkali Faculte des Sciences, El Jadida, Morocco

The final, formatted version of the article will be published soon.

With the rise of digital transformation, the concept of the smart city has emerged as a key pillar of modern urban development. However, as smart cities increasingly rely on the Internet of Things (IoT), cloud computing, and real-time data processing, they also face an expanded attack surface and growing cybersecurity threats. This paper presents a comprehensive threat modeling and risk assessment approach tailored to smart city environments. It begins by identifying the core components and data flows within a typical smart city architecture covering domains such as surveillance, transportation, and healthcare. A Data Flow Diagram (DFD) is constructed to visualize the interactions and pinpoint critical assets. The STRIDE methodology, supported by the Microsoft Threat Modeling (MTM) tool, is employed to systematically uncover threats including spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege. To enrich the analysis and align with realworld adversarial behavior, the MITRE ATT&CK framework is also utilized to map identified threats to known tactics and techniques. Each discovered threat is evaluated through a detailed risk assessment using the Common Vulnerability Scoring System (CVSS) and a 5 by 5 risk matrix, allowing a quantifiable estimation of impact and likelihood. The analysis revealed 21 threats across smart city domains, with spoofing, tampering, and denial of service being the most frequent. Five threats were rated as critical based on CVSS, particularly targeting cloud services and web applications. Furthermore, the paper introduces a dedicated case study involving the Internet of Vehicles (IoV), applying the Cyber Kill Chain model to demonstrate the progression of a cyber-attack targeting connected vehicle systems, with a focus on identifying less common yet critical ATT&CK techniques at each phase. The study concludes by proposing targeted mitigation strategies and architectural recommendations aimed at enhancing the cyber resilience of smart city infrastructures.

Keywords: threat modeling, STRIDE, MITRE ATT&CK, MTM, Risk Assessment, CVSS, Cyber Kill Chain Adversarial Tactics, techniques

Received: 14 Jun 2025; Accepted: 10 Jul 2025.

Copyright: © 2025 Ouaissa, Ouaissa, Nadifi, El Himer, Al Masmoudi and Kartit. This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) or licensor are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.

* Correspondence: Mariya Ouaissa, Cadi Ayyad University, Marrakesh, Morocco

Disclaimer: All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article or claim that may be made by its manufacturer is not guaranteed or endorsed by the publisher.