LLM-Assisted CPSTRIDE Threat Modeling for Critical Water Infrastructure

Authors

DOI:

https://doi.org/10.34190/iccws.21.1.4484

Keywords:

Critical infrastructure, Cyber-physical systems, LLM-assisted security analysis, Threat modeling, Water treatment facilities, Unmanned aerial vehicles (UAVs), Unmanned underwater vehicles (UUVs)

Abstract

Critical infrastructures face hybrid threats that threat modeling frameworks like STRIDE, MITRE ATT&CK, and Cyber Kill Chain are ill-suited to capture. These frameworks focus on cybersecurity, leaving blind spots, and their reliance on human expertise limits scalability. Attacks on critical water infrastructure underscore the importance of cyber-physical threat modeling, as does the emergence of autonomous vehicles as hybrid attack vectors. This research presents CPSTRIDE, a framework for cyber-physical threat modeling that extends Microsoft's STRIDE. CPSTRIDE defines security properties for cyber-physical systems and exposes vulnerabilities, threats, and attack vectors that conventional approaches miss. We also introduce an LLM-assisted methodology, leveraging Anthropic's Claude Sonnet 4.5 as a domain expert. We apply this approach to construct a comprehensive threat landscape for a water treatment facility, articulating hybrid attack scenarios involving unmanned aerial and underwater vehicles.

Author Biographies

Dallas Elleman, University of Tulsa

Dallas Elleman is a Cyber Fellow and Ph.D. student in Cyber Studies at The University of Tulsa (TU)  in Oklahoma, U.S, and a Jack Kent Cooke Scholar. His research leverages graph theory for security modeling and analysis in multi-agent AI architectures and cyber-physical systems.

Amorita A. Christian, University of Tulsa

Amorita A. Christian is a Southern Regional Education Board Doctoral Scholar and a Cyber Fellow and Ph.D. candidate in the Cyber Studies program at the University of Tulsa. Her research centers on cyber-physical security within the water and wastewater systems critical infrastructure sector.

John Hale, University of Tulsa

John Hale is a Professor of Computer Science and Tandy Endowed Chair in Bioinformatics and Computational Biology at the University of Tulsa.  His research has been funded by the US Air Force, National Science Foundation, Defense Advanced Research Projects Agency, National Security Agency, and the Army Corps of Engineers.

Downloads

Published

19-02-2026

Issue

Vol. 21 No. 1 (2026): Proceedings of the 21st International Conference on Cyber Warfare and Security (ICCWS 2026)

Section

Academic Papers

License

Copyright (c) 2026 Dallas Elleman, Amorita A. Christian, John Hale

Creative Commons License

This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.