A framework for enhancing cyber incident response with Security-Enhancing Digital Twins in Cyber–Physical Systems

IF 6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2025-02-25 DOI:10.1016/j.iot.2025.101547

Sabah Suhail , Mubashar Iqbal , Kieran McLaughlin , Brian Lee , Babar Imtiaz

{"title":"A framework for enhancing cyber incident response with Security-Enhancing Digital Twins in Cyber–Physical Systems","authors":"Sabah Suhail , Mubashar Iqbal , Kieran McLaughlin , Brian Lee , Babar Imtiaz","doi":"10.1016/j.iot.2025.101547","DOIUrl":null,"url":null,"abstract":"<div><div>Standalone traditional cybersecurity solutions and tools often fall short in covering the lifecycle of critical assets, conducting vulnerability identification, and correlating cyber incidents with adversary knowledge bases. This limitation can lead to fragmented incident response (IR) strategies. Security-enhancing digital twins (SEDTs) can act as complementary security solutions alongside existing solutions to support various IR lifecycle phases in cyber–physical systems (CPSs). In this work, we propose a framework that can serve as a guide for plant operators on how to design, develop, deploy, and manage SEDT-based IR solutions across four key phases, including prerequisites, design-and-engineering, operation-and-maintenance, and end-of-life. With the automotive manufacturing industry as a cyber–physical production system (CPPS) use case, we thoroughly examine the applicability of the proposed framework. Furthermore, we evaluate the proposed framework in both industry and academic settings, covering various aspects, including the design and operation requirements of SEDTs. This evaluation helps identify gaps between academic findings and practical industry solutions, such as in SEDT objectives, architecture, integration with existing security solutions, and lifecycle.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"31 ","pages":"Article 101547"},"PeriodicalIF":6.0000,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660525000605","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Standalone traditional cybersecurity solutions and tools often fall short in covering the lifecycle of critical assets, conducting vulnerability identification, and correlating cyber incidents with adversary knowledge bases. This limitation can lead to fragmented incident response (IR) strategies. Security-enhancing digital twins (SEDTs) can act as complementary security solutions alongside existing solutions to support various IR lifecycle phases in cyber–physical systems (CPSs). In this work, we propose a framework that can serve as a guide for plant operators on how to design, develop, deploy, and manage SEDT-based IR solutions across four key phases, including prerequisites, design-and-engineering, operation-and-maintenance, and end-of-life. With the automotive manufacturing industry as a cyber–physical production system (CPPS) use case, we thoroughly examine the applicability of the proposed framework. Furthermore, we evaluate the proposed framework in both industry and academic settings, covering various aspects, including the design and operation requirements of SEDTs. This evaluation helps identify gaps between academic findings and practical industry solutions, such as in SEDT objectives, architecture, integration with existing security solutions, and lifecycle.

查看原文本刊更多论文

利用网络物理系统中增强安全的数字孪生增强网络事件响应的框架

独立的传统网络安全解决方案和工具在覆盖关键资产的生命周期、进行漏洞识别以及将网络事件与对手知识库相关联方面往往存在不足。这种限制可能导致碎片化的事件响应（IR）策略。增强安全的数字孪生（sedt）可以作为现有解决方案的补充安全解决方案，以支持网络物理系统（cps）中的各种红外生命周期阶段。在这项工作中，我们提出了一个框架，可以作为工厂运营商在四个关键阶段（包括先决条件、设计和工程、运营和维护以及寿命结束）如何设计、开发、部署和管理基于sedt的IR解决方案的指南。将汽车制造业作为网络物理生产系统（CPPS）用例，我们彻底检查了所提议框架的适用性。此外，我们在工业和学术环境中评估了拟议的框架，涵盖了各个方面，包括SEDTs的设计和操作要求。这种评估有助于确定学术发现与实际行业解决方案之间的差距，例如SEDT目标、体系结构、与现有安全解决方案的集成以及生命周期。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.