As part of its ongoing commitment to secure product development, GEA is aligning its automation teams with IEC 62443-4-1, the standard for secure development lifecycle processes in industrial automation and control systems. This effort is not only about meeting a standard, but about creating a shared security mindset that can scale across sites, disciplines and product generations.
Product Security Champions play a key role in this transformation. They act as local multipliers, bridging central security strategy and day-to-day engineering work, while ensuring that security processes are practical, repeatable and embedded into existing development workflows.
A two-day, on-site alignment workshop brought together Product Security Champions from Kitzingen, Ahaus, Hildesheim, Sarstedt and Büchen, with the goal of harmonising approaches, sharing experience, and building hands-on capability around core IEC 62443-4-1 processes.
The Challenge
GEA’s Product Security Champions were aligning on common processes to support the secure development lifecycle. Threat modelling is a key part of IEC 62443-4-1, yet often viewed as slow, complex, and tedious. The group needed a way to break down hesitation and make the exercise productive and approachable.
From the outset, GEA wanted to ensure that its approach would:
- Encourage broad participation from engineering teams, not just security specialists
- Fit naturally within existing development workflows and time constraints
- Remain engaging and productive, even when sessions extend over several hours
- Support consistent execution across multiple sites and automation teams
For Product Security Champions, the challenge was not just to perform threat modelling, but to be able to confidently run and repeat it with their local automation teams in a way that delivers real value.
This created a strong case for exploring game-based threat modelling as a practical alternative to more traditional methods.
How the session was run, and what the participants observed
During the two-day workshop, the team dedicated the second day entirely to a threat modelling exercise using the Elevation of Privilege game. A typical UHT system from the Ahaus site was selected as the basis for a full threat modelling exercise. This ensured technical relevance while remaining accessible to participants from different locations.
The session began at 8:00am. Rather than relying on free-form brainstorming, the Elevation of Privilege card deck was used to actively prompt discussion around security weaknesses and attacker goals. Each card introduced a focused scenario, helping the group explore threats systematically while keeping discussions grounded in the system under review.
To reinforce engagement, participants awarded points for meaningful insights and well-articulated threats. Light competition, combined with snacks and informal rewards, helped maintain momentum and focus throughout the day. Importantly, these elements were seen as enablers rather than distractions, supporting participation without undermining technical depth.
Within a single session, the group achieved strong technical outcomes:
- 35 distinct threats identified
- The majority documented with clear and realistic mitigation options
- Threats mapped naturally into IEC 62443-4-1 development activities
Crucially, these results were achieved without relying on heavy tooling or specialist-only facilitation, demonstrating the effectiveness of the game-based approach.
From the participants’ perspective, the effect was clear. The session felt collaborative and creative, rather than procedural or bureaucratic. Even over several hours, energy levels remained high, and contributions were shared across the group rather than dominated by a small number of specialists.
For the Product Security Champions, this experience demonstrated that using a game-based approach can fundamentally change how threat modelling is perceived. The game-based approach removed fear and hesitation around threat modelling, transforming it into a shared problem-solving activity. What is often expected to be a six-hour slog became a structured, engaging exercise that delivered tangible results and one that they could realistically run with their own teams.
Key takeaways
From GEA’s perspective, the session gave Product Security Champions direct experience of a threat modelling approach that felt practical and manageable to run. The Elevation of Privilege game lowered the barrier to participation while the structured prompts helped keep discussions focused and comprehensive. The collaborative and informal format supported sustained engagement over a full working day and helped build shared understanding between participants from different sites.
As a reflection of the group’s confidence in the approach, a German-language version of the card deck was also created, demonstrating commitment to making the method accessible across teams.
