Digital twin-enhanced incident response for cyber-physical systems

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Cyber-physical systems underpin many of our society’s critical infrastructures. Ensuring their cyber security is important and complex. A major activity in this regard is cyber security incident response, whose primary goal is to detect and mitigate cyber-attacks in order to ensure the continuity and resilience of services. For cyber-physical systems this is particularly challenging because it requires insights both from the cyber and physical (process) domains and the engagement of stakeholders that are not strictly concerned with cyber security. A technology that is receiving a lot of attention are digital twins – virtual representations of real-world (cyber-physical) systems. They can be used to support tasks such as estimating the state of a system and exploring the consequences of interventional activities (e.g., upgrades). In this paper, we examine the use of digital twins to support cyber security. Specifically, our novel contribution is to provide a comprehensive analysis of the types of activities and how different modalities of digital twin use can be applied to the phases of cyber security incident response. Building on this analysis, we propose a structured approach to enhancing cyber security playbooks for cyber-physical systems incident response with digital twins. Playbooks are an essential component of incident response, ensuring that multi-disciplinary teams are effective in responding to cyber security incidents; therefore, improvements in their execution can result in increased resilience. To illustrate our approach, we present its use for a playbook that is concerned with mitigating a cyber-attack to critical industrial equipment.
Original languageEnglish
Title of host publicationARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security
PublisherAssociation for Computing Machinery
Number of pages10
ISBN (Electronic)9798400707728
DOIs
Publication statusPublished - 01 Aug 2023
EventARES 2023: The 18th International Conference on Availability, Reliability and Security - Benevento , Italy
Duration: 29 Aug 202301 Sept 2023

Conference

ConferenceARES 2023: The 18th International Conference on Availability, Reliability and Security
Country/TerritoryItaly
CityBenevento
Period29/08/202301/09/2023

Fingerprint

Dive into the research topics of 'Digital twin-enhanced incident response for cyber-physical systems'. Together they form a unique fingerprint.

Cite this