Abstract
With the diffusion of integrated design environments and tools for visual threat modeling for critical infrastructures, the concept of Digital Twin (DT) is gaining momentum in the field of cybersecurity. Its main use is for enabling attack simulations and evaluation of countermeasures, without causing outage of the physical system. However, the use of a DT is considered foremost as a facilitator of system operation rather than an integral part of its architecture design. In this work, we introduce a specific architecture view in the system representation, called Cybersecurity View. From it, we derive a cybersecurity Digital Twin as part of the security-by-design practice for Industrial Automation and Control Systems used in Critical Infrastructures. Not only this digital twin serves the purpose of simulating cyber-attacks and devising countermeasures, but its design and function are also directly tied to the architecture model of the system for which the cybersecurity requirements are posed. Moreover, this holds regardless of whether the model is generated as part of the development cycle or through an empirical observation of the system as-is. With this, we enable the identification of adequate cybersecurity measures for the system, while improving the overall system design. To demonstrate the practical usefulness of the proposed methodology, its application is illustrated through two real-world use cases: the Cooperative Intelligent Transport System (C-ITS) and the Road tunnel scenario.
Similar content being viewed by others
Notes
As defined in ISO 62443. Equivalent to Industrial Control Systems, a term still in use.
Security Information Event Management.
Security Operation Centre.
The architectural layers have a role in describing essential structural properties of the system being modeled, namely relationships between assets to protect, and the several representations of information assets over their lifetime (creation, processing, transmission, persistence and destruction).
See, e.g., NIST cybersecurity framework for the protection of critical infrastructure [1].
See, https://www.dhs.gov/science-and-technology/critical-infrastructure. Usually countries maintain a list of Critical Infrastructure which is kept confidential.
Decentralized Environmental Notification Message.
All the sample files created are available at https://github.com/mascanc/mascanc.
Using the NIST framework in conjunction with RAMI 4.0 is detailed in [38].
References
NIST: Cybersecurity Framework (2021). https://www.nist.gov/cyberframework
Sellitto, G.P., Masi, M., Pavleska, T., Aranha, H.: A Cyber security digital twin for critical infrastructure protection: the intelligent transport system use case. In: Serral, E., Stirna, J., Ralyté, J., Grabis, J. (eds.) The Practice of Enterprise Modeling—14th IFIP WG 8.1 Working Conference, PoEM 2021, Riga, Latvia, November 24–26, 2021, Proceedings. Lecture Notes in Business Information Processing, vol. 432, pp. 230–244. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-91279-6_16
Sellitto, G.P., Aranha, H., Masi, M., Pavleska, T.: Enabling a zero trust architecture in smart grids through a digital twin. In: Adler, R., Bennaceur, A., Burton, S., Salle, A.D., Nostro, N., Olsen, R.L., Saidi, S., Schleiss, P., Schneider, D., Schwefel, H. (eds.) Dependable Computing—EDCC 2021 Workshops - DREAMS, DSOGRI, SERENE 2021, Munich, Germany, September 13, 2021, Proceedings. Communications in Computer and Information Science, vol. 1462, pp. 73–81. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-86507-8_7
Jones, D., Snider, C., Nassehi, A., Yon, J., Hicks, B.: Characterising the digital twin: a systematic literature review. CIRP J. Manuf. Sci. Technol. 29, 36–52 (2020). https://doi.org/10.1016/j.cirpj.2020.02.002
Pokhrel, A., Katta, V., Palacios, R.C.: Digital twin for cybersecurity incident prediction: a multivocal literature review. In: ICSE ’20: 42nd International Conference on Software Engineering, Workshops, Seoul, Republic of Korea, 27 June–19 July, 2020, pp. 671–678. ACM, New York (2020). https://doi.org/10.1145/3387940.3392199
Fuller, A., Fan, Z., Day, C.: Digital twin: enabling technologies, challenges and open research. IEEE Access 8, 108952–108971 (2020)
Dietz, M., Vielberth, M., Pernul, G.: Integrating digital twin security simulations in the security operations center. In: Proceedings of the 15th International Conference on Availability, Reliability and Security. ARES’20. Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3407023.3407039
Talkhestani, B.A., Jazdi, N., Schloegl, W., Weyrich, M.: Consistency check to synchronize the digital twin of manufacturing automation based on anchor points. Procedia CIRP 72, 159–164 (2018). https://doi.org/10.1016/j.procir.2018.03.166. (51st CIRP Conference on Manufacturing Systems)
Eckhart, M., Ekelhart, A.: In: Biffl, S., Eckhart, M., Lüder, A., Weippl, E. (eds.) Digital Twins for Cyber-Physical Systems Security: State of the Art and Outlook, pp. 383–412. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25312-7_14
Eckhart, M., Ekelhart, A.: Towards security-aware virtual environments for digital twins. In: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security. CPSS’18, pp. 61–72. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3198458.3198464
Korman, M., Välja, M., Björkman, G., Ekstedt, M., Vernotte, A., Lagerström, R.: Analyzing the effectiveness of attack countermeasures in a SCADA system. In: Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, SPSR-SG@CPSWeek 2017, Pittsburgh, April 21, 2017, pp. 73–78. ACM, Cham (2017). https://doi.org/10.1145/3055386.3055393
Energy Shield: Developing the cyber toolkit that protects your energy grid (2021). https://energy-shield.eu
Damjanovic-Behrendt, V.: A digital twin-based privacy enhancement mechanism for the automotive industry. In: 2018 International Conference on Intelligent Systems (IS), pp. 272–279 (2018). https://doi.org/10.1109/IS.2018.8710526
Franke, U., Cohen, M., Sigholm, J.: What can we learn from enterprise architecture models? An experiment comparing models and documents for capability development. Softw. Syst. Model. 17(2), 695–711 (2018)
Iacob, M.E., Meertens, L.O., Jonkers, H., Quartel, D.A.C., Nieuwenhuis, L.J.M., van Sinderen, M.J.: From enterprise architecture to business models and back. Softw. Syst. Model. 13(3), 1059–1083 (2014)
The European Parliament and the Council of European Union: Directive (EU) 2016/1148. NIS Directive (2016)
United States Department of Transportation: Intelligent Transportation Systems, Joint Program Office (2021). https://www.its.dot.gov/
ICT4CART: A connected future for automated driving (2021). https://www.ict4cart.eu
Smart Grid Coordination Group: Smart Grid Reference Architecture. Technical report, CEN-CENELEC-ETSI (2012)
Integrating the Healthcare Enterprise: The IHE IT Infrastructure Technical Framework. Standard, IHE (2019)
Health informatics—IHE global standards adoption—Part 1: Process. Technical report, International Organization for Standardization, Geneva, CH (2014)
Agence Nationale de la Sécurité des Systèmes d’Information: Practical Case of a Road Tunnel—Part 1: Classification (2014). https://www.ssi.gouv.fr/uploads/2017/09/anssi-ics-tunnel-case-study-part-1.pdf
E.V., D.I.F.N.: DIN SPEC 91345 Reference Architecture Model Industrie 4.0 (RAMI4.0). Technical report, DIN (2016)
The Open Group: TOGAF 9.2 (2019). https://www.opengroup.org/togaf
Uslar, M., Rosinger, C., Schlegel, S.: Security by design for the smart grid: combining the SGAM and NISTIR 7628. (2014). https://doi.org/10.1109/COMPSACW.2014.23
SG-CG/M490/: Smart Grid Information Security. Standard, CEN, CENELEC, ETSI (2014)
Industrial Internet Consortium: The Industrial Internet of Things Volume G1: Reference Architecture (2019). https://www.iiconsortium.org/pdf/IIRA-v1.9.pdf
The Open Group: Reference Architectures and Open Group Standards for the Internet of Things—Four Internet of Things Reference Architectures (2021)
Industrial Internet Consortium: The Industrial Internet of Things Volume G4: Security Framework. IIC:PUB:G4:V1.0:PB:20160919 (2016). https://www.iiconsortium.org/pdf/IIC_PUB_G4_V1.00_PB.pdf
Ross, J.: Enterprise architecture: driving business benefits from it. SSRN Electron. J. (2006). https://doi.org/10.2139/ssrn.920666
ISO: ISO/IEC/IEEE Systems and software engineering—architecture description. ISO/IEC/IEEE 42010:2011(E) (Revision of ISO/IEC 42010:2007 and IEEE Std 1471-2000), 1–46 (2011). https://doi.org/10.1109/IEEESTD.2011.6129467
The Open Group: ArchiMate 3.1 Specification. The Open Group Series. Van Haren Publishing, Amersfoort (2019)
Pavleska, T.: In: Hudson, F.D. (ed.) Architecting and Evaluating Cybersecurity in Clinical IoT, pp. 21–47. Springer, Cham (2022)
Schweichhart, K.: Reference Architectural Model Industrie 4.0 (RAMI 4.0) (2015). https://ec.europa.eu/futurium/en/system/files/ged/a2-schweichhart-reference_architectural_model_industrie_4.0_rami_4.0.pdf
Grieves, M.: Digital twin: manufacturing excellence through virtual factory replication (2015)
Bécue, A., Fourastier, Y., Praça, I., Savarit, A., Baron, C., Gradussofs, B., Pouille, E., Thomas, C.: Cyberfactory1—securing the industry 4.0 with cyber-ranges and digital twins. In: 2018 14th IEEE International Workshop on Factory Communication Systems (WFCS), pp. 1–4 (2018). https://doi.org/10.1109/WFCS.2018.8402377
Hanka, T., Niedermaier, M., Fischer, F., Kießling, S., Knauer, P., Merli, D.: Impact of Active Scanning Tools for Device Discovery in Industrial Networks, pp. 557–572 (2021)
Pavleska, T., Aranha, H., Masi, M., Sellitto, G.P.: Drafting a cybersecurity framework profile for smart grids in EU: a goal-based methodology. In: Bernardi, S., Vittorini, V., Flammini, F., Nardone, R., Marrone, S., Adler, R., Schneider, D., Schleiß, P., Nostro, N., Olsen, R.L., Salle, A.D., Masci, P. (eds.) Dependable Computing—EDCC 2020 Workshops—AI4RAILS, DREAMS, DSOGRI, SERENE 2020, Munich, Germany, September 7, 2020, Proceedings. Communications in Computer and Information Science, vol. 1279, pp. 143–155. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58462-7_12
Lim, K.Y.H., Zheng, P., Chen, C.-H.: A state-of-the-art survey of digital twin: techniques, engineering product lifecycle management and business innovation perspectives. J. Intell. Manuf. (2020). https://doi.org/10.1007/s10845-019-01512-w
Johnson, P., Lagerström, R., Ekstedt, M.: A meta language for threat modeling and attack simulations. In: Proceedings of the 13th International Conference on Availability, Reliability and Security. ARES 2018. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3230833.3232799
IEC: IEC 62443-2-1—Industrial communication networks—Network and system security—Part 2-1: Establishing an industrial automation and control system security program. Standard, International Electrotechnical Committee, Geneva (2010)
ETSI: TS 102 165-1 v5.2.3, CYBER; Methods and Protocols; Method and Pro Forma for Threat, Vulnerability, and Risk Analysis (TVRA) (2017)
MITRE: ATT &CK for ICS. https://collaborate.mitre.org/attackics/index.php/Main_Page (2022)
ETSI: TS 102 792 V1.2.1, Intelligent Transport Systems (ITS); Mitigation techniques to avoid interference between European CEN Dedicated Short Range Communication (CEN DSRC) equipment and Intelligent Transport Systems (ITS) operating in the 5 GHz frequency range (2015). https://www.etsi.org/deliver/etsi_ts/102700_102799/102792/01.02.01_60/ts_102792v010201p.pdf
OASIS: Advanced Message Queuing Protocol (AMQP) Version 1.0 (2012). http://docs.oasis-open.org/amqp/core/v1.0/amqp-core-complete-v1.0.pdf
ISO: ISO/IEC 20922:2016 Information technology—Message Queuing Telemetry Transport (MQTT) v3.1.1 (2016)
ETSI: EN 302 637-3, Intelligent Transport Systems (ITS); Vehicular Communications; Basic Set of Applications; Part 3: Specifications of Decentralized Environmental Notification Basic Service (2014)
Mao, X., Ekstedt, M., Ling, E., Ringdahl, E., Lagerström, R.: Conceptual abstraction of attack graphs—a use case of securicad. In: Albanese, M., Horne, R., Probst, C.W. (eds.) Graphical Models for Security—6th International Workshop, GraMSec@CSF 2019, Hoboken, June 24, 2019, Revised Papers. Lecture Notes in Computer Science, vol. 11720, pp. 186–202. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36537-0_9
The European Parliament and the Council of European Union: Directive (EU) 2004/54/EC on minimum safety requirements for tunnels in the trans-European road network (2004). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:02004L0054-20090807 &from=PL
Bergmeister, K., Francesconi, S.: Causes and frequency of incidents in tunnels. Deliverable of the UPTUN project (2004)
Ådne, N., Kvaløy, J.T., Njå, O.: Modelling fire occurrences in heavy goods vehicles in road tunnels. Fire Saf. J. 127, 103508 (2022). https://doi.org/10.1016/j.firesaf.2021.103508
PIARC—Technical committee 5 road tunnels: fire and smoke control in road tunnels. Technical Report, PIARC (1999). https://www.piarc.org/ressources/publications/1/3860,05-05-B.pdf
Borghetti, F., Cerean, P., Derudi, M., Frassoldati, A.: Road Tunnels: An Analytical Model for Risk Analysis. SpringerBriegs in Applied Sciences and Technology, Springer, Cham (2019)
Aranha, H., Masi, M., Pavleska, T., Sellitto, G.P.: Securing the metrological chain in IoT environments: an architectural framework. In: IEEE International Workshop on Metrology for Industry 4.0 & IoT, MetroInd4.0 & IoT 2021, Rome, Italy, June 7–9, 2021, pp. 704–709. IEEE, New York (2021). https://doi.org/10.1109/MetroInd4.0IoT51437.2021.9488526
Dix, A.: A comparative analysis of the Mont-Blanc, Tauern and Gotthard tunnel fires. PIARC (2004)
Andersen, C.A., Joergensen, K.C., Laritzen, E.K.: Cost-effectiveness of Protection Measures to Mitigate Terrorist Attacks on Bridges and Tunnels, vol. 134, pp. 341–351. WIT Press (2003)
Anderson, K.: A risk-based approach to supporting the operator role in complex monitoring systems. In: Proceedings of the Twelfth Australian Workshop on Safety Critical Systems and Software and Safety-Related Programmable Systems—Volume 86. SCS’07, pp. 3–11. Australian Computer Society, Inc., AUS (2007)
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by E. Serral Asensio, J. Stirna, J. Ralyté, and J. Grabis.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Masi, M., Sellitto, G.P., Aranha, H. et al. Securing critical infrastructures with a cybersecurity digital twin. Softw Syst Model 22, 689–707 (2023). https://doi.org/10.1007/s10270-022-01075-0
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10270-022-01075-0