A free, open-source extension for the Microsoft Threat Modeling Tool, purpose-built for ICS/OT environments.
This project brings MITRE ATT&CK for ICS and ISA/IEC 62443 logic into threat modeling, so it can be more easily integrated into the rest of your OT security program.
- 🧱 Custom OT stencils: PLCs, RTUs, HMIs, protocols like Modbus and DNP3
- ⚔️ Threat generation rules based on MITRE ATT&CK for ICS
- 🔐 Security Level attributes (SL-0 to SL-4) for assets, aligned with 62443
- 📊 External scripts to analyze models, including:
- Summarizing assets by SL
- Identifying lowest SL in the model
- (Coming soon) Detecting SL gaps and threat model drift
- 🧰 Compatible with the Microsoft Threat Modeling Tool (.tm7 files)
🧪 Currently in early preview. Threat generation logic and security level attributes are implemented.
CLI utilities and SL evaluation scripts are being added incrementally.
See the roadmap for upcoming features.
- Download and install the Microsoft Threat Modeling Tool.
- Clone this repo:
git clone https://github.com/Fortiphyd/ot-threat-modeling.git- Start the Microsoft TMT
- Browse and select the
MITRE_ICS.tb7file under "Template for New Models - Choose "Create a Model"
- Add components to your diagram, threats are generated automatically
- Use external scripts to analyze
.tm7files
Analyze a .tm7 model file and summarize the security levels of all assets:
python summarize_sl.py path/to/model.tm7Example output:
Security Level Summary:
SL-0: 1
SL-1: 2
Unknown: 3
- Stencils for common OT protocols and assets
- Threat generation from ATT&CK for ICS
- Asset SL attributes (SL-0 through SL-4)
- CLI script to summarize SL usage
- Reducing threat noise with more intelligent rules
- Threat model diffing and CI/CD integration
OT specific stencils
Security levels
Example diagram
Generated Threats and Suggested Mitigations
We welcome contributions! See CONTRIBUTING.md for how to get started.