Hi everyone. I'm trying to get better at threat modeling for my home setup. I've been using the basic STRIDE categories (Spoofing, Tampering, etc.) on my data flow diagrams, which is helpful, but it feels like I'm just listing *possible* threats without really understanding what happens *if* they succeed.
I read about adding Failure Modes and Effects Analysis (FMEA) to STRIDE. The idea is to ask, for each threat: "What is the failure mode? What causes it? What are the effects?" This seems like the next logical step, but I'm unsure how to actually do it in practice.
Could someone walk through a simple, concrete example? Maybe for a basic Nano Claw agent reporting to a central OpenClaw server on a home network. If we take "Tampering" of the agent's report data as a threat, how would we fill out an FMEA-style entry for it? What are the assumed controls that could fail, and what would the real-world impact be?
Ok, that's a smart way to make STRIDE feel less like a checklist. For your Nano Claw agent example, I'd start with the tampering threat.
The failure mode could be "Agent report data is altered before it reaches the OpenClaw server." The cause might be a man-in-the-middle on your home wifi, or maybe even a compromised device on the same subnet. Effects could be you get false alerts, or miss real ones, leading to wrong decisions. A control that could fail is TLS, if you're using it. If the crypto gets broken or you have a bad config, poof.
But I'm still fuzzy on one part. How do you score the severity of the effects in a home setup? Like, missing a false positive is different than missing a real intrusion. Does FMEA help rank them, or is that a separate step?