Digital Twins for Cyber-Physical Threat Detection & Response
The aim of the SecurityTwin project is to develop the fundamental methods for employing the digital-twin concept to enhance the security of cyber-physical systems (CPSs). We will develop a framework to efficiently build digital replicas of CPSs based on engineering data, emulating components, networks, and simulating physical processes. Based on this, we will develop a novel intrusion detection technique and a response method in order to detect and mitigate security flaws and early symptoms thereof.
Securing cyber-physical systems (CPSs) throughout their entire lifecycle with adequate measures is of utmost importance for ensuring their reliable and safe operation. However, performing thorough security testing during the engineering and operation phase is typically not feasible due to: i) the high costs of developing custom testbeds for security testing, and ii) the issue that the real CPSs cannot be utilized for security testing as the up-time and safety of such systems is critical and only limited maintenance schedules are available. Furthermore, intruders increasingly cannot be detected and mitigated before they cause severe physical damages. Although numerous solutions of intrusion detection systems (IDSs) for CPSs already exist, they do not consider the semantics of process control actions across multiple dimensions (e.g., PLC logics, sensor readings, physical process, network traffic), which leads to inaccurate detection mechanisms.
The SecurityTwin project employs the digital-twin concept to enhance the security of CPSs. SBA Research (project lead) will develop a framework to efficiently build digital replicas of CPSs based on engineering data, emulating components, networks, and simulating physical processes.
While those digital replicas can be used for security testing and exploration, we will further extend the framework with a novel intrusion detection technique that builds upon a digital-twin synchronization mechanism. Moreover, by taking advantage of a physical component simulation, the framework also facilitates the implementation of a physics-based IDS, adding an additional dimension for detecting adversarial acts. Identifying early symptoms of security flaws during runtime and testing possible mitigation strategies virtually provides the foundation for automatically suggesting and initiating adequate response mechanisms (e.g., reconfiguring control devices).
- The project is led by SBA Research.
The project SecurityTwins is funded through the funding scheme BRIDGE 1, financed by the Federal Ministry for Climate Action, Environment, Energy, Mobility, Innovation and Technology (BMK) and managed by the FFG.