Digital Twins for Cyber-Physical Threat Detection & Response
The aim of the SecurityTwin project is to develop the fundamental methods for employing the digital-twin concept to enhance the security of CPSs. We will develop a framework to efficiently build digital replicas of CPSs based on engineering data, emulating components, networks, and simulating physical processes.
Cyber-physical systems (CPSs) and the Industrial Internet of Things (IIoT) constitute technological enablers for strategic initiatives, like Industry 4.0. Due to the integration of interconnected components and their complexity, the attack surface and cybersecurity risks increase significantly, endangering human lives, the environment, and production lines alike. Thus, securing CPSs throughout their entire lifecycle with adequate measures is of the utmost importance. However, performing thorough security testing during the engineering and operation phase is typically not feasible due to: i) the development of custom testbeds for security testing is cost-intensive and time-consuming, and ii) the real CPSs cannot be utilized for security testing as the up-time and safety of such systems is critical and only limited maintenance schedules are available. Furthermore, intruders increasingly cannot be detected and mitigated before they cause severe physical damages. Although numerous solutions of intrusion detection systems (IDSs) for CPSs already exist, they do not consider the semantics of process control actions across multiple dimensions, which leads to inaccurate detection mechanisms.
The SecurityTwin project employs the digital-twin concept to enhance the security of CPSs. SBA Research (project lead) will develop a framework to efficiently build digital replicas of CPSs based on engineering data, emulating components, networks, and simulating physical processes. While those digital replicas can be used for security testing and exploration, we will further extend the framework with a novel IDS, namely a synchronization mechanism, which – compared to traditional IDSs – does not depend on a signature-based detection nor on a collection of benign training data. Moreover, by taking advantage of a physical component simulation, the framework also facilitates the implementation of a physics-based IDS, adding an additional dimension for detecting adversarial acts. Identifying early symptoms of security flaws during runtime and testing possible mitigation strategies virtually provides the foundation for automatically suggesting and initiating adequate response mechanisms.
- The project is led by SBA Research.
The project SecurityTwins is funded through the funding scheme BRIDGE 1, financed by the Federal Ministry for Climate Action, Environment, Energy, Mobility, Innovation and Technology (BMK) and managed by the FFG.