Marietheres Dietz
ABSTRACT
While industrial environments are increasingly equipped with sensors and integrated to enterprise networks, current security strategies are generally not prepared for the growing attack surface that resides from the convergence of their IT infrastructure with the industrial systems. As a result, the organizations responsible for corporate security, the Security Operations Center (SOC), are overwhelmed with the integration of the industrial systems.
To facilitate monitoring the industrial assets, digital twins represent a helpful novel concept. They are the virtual counterparts of such assets and provide valuable insights through collecting asset-centric data, analytic capabilities and simulations. Moreover, digital twins can assist enterprise security by simulating attacks and analyzing the effect on the virtual counterpart. However, the integration of digital twin security simulations into enterprise security strategies, that are mainly controlled by the SOC, is currently neglected.
To close this research gap, this work develops a process-based security framework to incorporate digital twin security simulations in the SOC. In the course of this work, a use case along with a digital twin-based security simulation provides proof of concept. It is demonstrated how a man-in-the-middle attack can be performed in a simulated industry setting and how it affects the systems. Moreover, we show how the resulting system logs can support the SOC by building technical rules to implement in Security Information and Event Management (SIEM) systems.
- Daniele Antonioli and Nils Ole Tippenhauer. 2015. MiniCPS: A Toolkit for Security Research on CPS Networks. In Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy (CPS-SPC '15). ACM, New York, NY, USA, 91--100.Google Scholar
Digital Library
- Stefan Boschert, Christoph Heinrich, and Roland Rosen. 2018. Next Generation Digital Twin. In Proceedings of the 12th International Symposium on Tools and Methods of Competitive Engineering (TMCE 2018). 209--217.Google Scholar
- B. Chen, N. Pattanaik, A. Goulart, K. L. Butler-purry, and D. Kundur. 2015. Implementing attacks for modbus/TCP protocol in a real-time cyber physical system test bed. In 2015 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR). 1--6. Google ScholarCross Ref
- Marcello Cinque, Domenico Cotroneo, and Antonio Pecchia. 2018. Challenges and Directions in Security Information and Event Management (SIEM). In 2018 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). IEEE, 95--99. Google ScholarCross Ref
- Marietheres Dietz and Günther Pernul. 2020. Digital Twin: Empowering Enterprises Towards a System-of-Systems Approach. Business & Information Systems Engineering 62, 2 (2020), 179--184. Google ScholarCross Ref
- Marietheres Dietz and Günther Pernul. 2020. Unleashing the Digital Twin's Potential for ICS Security. IEEE Security Privacy (2020). Google ScholarDigital Library
- Marietheres Dietz, Benedikt Putz, and Günther Pernul. 2019. A Distributed Ledger Approach to Digital Twin Secure Data Sharing. In Data and Applications Security and Privacy XXXIII, Simon N. Foley (Ed.). Springer International Publishing, Cham, 281--300. Google ScholarDigital Library
- Matthias Eckhart and Andreas Ekelhart. 2018. A Specification-Based State Replication Approach for Digital Twins. In Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC '18). ACM, New York, NY, USA, 36--47. Google ScholarDigital Library
- Matthias Eckhart and Andreas Ekelhart. 2018. Towards Security-Aware Virtual Environments for Digital Twins. In Proceedings of the 4th ACM Workshop on Cyber-Physical System Security (CPSS '18). 61--72. Google ScholarDigital Library
- Matthias Eckhart and Andreas Ekelhart. 2019. Digital Twins for Cyber-Physical Systems Security: State of the Art and Outlook. Springer International Publishing, Cham, 383--412. Google ScholarCross Ref
- B. Ferguson, A. Tall, and D. Olsen. 2014. National Cyber Range Overview. In 2014 IEEE Military Communications Conference. 123--128. Google ScholarDigital Library
- Michael Grieves and John Vickers. 2017. Digital Twin: Mitigating Unpredictable, Undesirable Emergent Behavior in Complex Systems. Springer International Publishing, Cham, 85--113. Google ScholarCross Ref
- A. Hahn, A. Ashok, S. Sridhar, and M. Govindarasu. 2013. Cyber-Physical Security Testbeds: Architecture, Application, and Evaluation for Smart Grid. IEEE Transactions on Smart Grid 4, 2 (2013), 847--855. Google ScholarCross Ref
- Diana Kelley and Ron Moritz. 2006. Best Practices for Building a Security Operations Center. Information Systems Security 14, 6 (2006), 27--32. Google ScholarCross Ref
- Peter Kieseberg and Edgar Weippl. 2018. Security Challenges in Cyber-Physical Production Systems. In Software Quality: Methods and Tools for Better Software and Systems, Dietmar Winkler, Stefan Biffl, and Johannes Bergsmann (Eds.). Springer International Publishing, Cham, 3--16. Google ScholarCross Ref
- Hung-Jen Liao, Chun-Hung [Richard Lin], Ying-Chih Lin, and Kuang-Yuan Tung. 2013. Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications 36, 1 (2013), 16 -- 24. Google ScholarDigital Library
- Afsaneh Madani, Saed Rezayi, and Hossein Gharaee. 2011. Log management comprehensive architecture in Security Operation Center (SOC). In 2011 International Conference on Computational Aspects of Social Networks (CASoN). IEEE, 284--289. Google ScholarCross Ref
- David Miller, Shon Harris, Allen Harper, Stephen VanDyke, and Chris Blask. 2011. Security information and event management (SIEM) implementation. McGraw-Hill, New York, NY.Google Scholar
- Sparsh Mittal. 2014. OPNET: An Integrated Design Paradigm for Simulations.Google Scholar
- Elisa Negri, Luca Fumagalli, and Marco Macchi. 2017. A Review of the Roles of Digital Twin in CPS-based Production Systems. Procedia Manufacturing 11 (2017), 939--948. Google ScholarCross Ref
- Joakim Nideborn. 2019. Industrial network market shares 2019 according to HMS. https://www.hms-networks.com/news-and-insights/news-from-hms/2019/05/07/industrial-network-market-shares-2019-according-to-hms. [Online; accessed 19-Mar-2020].Google Scholar
- Cuong Pham, Dat Tang, Ken-ichi Chinen, and Razvan Beuran. 2016. CyRIS: A Cyber Range Instantiation System for Facilitating Security Training. In Proceedings of the Seventh Symposium on Information and Communication Technology (SoICT '16). ACM, New York, NY, USA, 251--258. Google ScholarDigital Library
- R. Piggin and I. Buffey. 2016. Active defence using an operational technology honeypot. In 11th International Conference on System Safety and Cyber-Security (SSCS 2016). 1--6. Google ScholarCross Ref
- Juan E. Rubio, Rodrigo Roman, and Javier Lopez. 2018. Analysis of Cyber-security Threats in Industry 4.0: The Case of Intrusion Detection. In Critical Information Infrastructures Security, Gregorio D'Agostino and Antonio Scala (Eds.). Springer International Publishing, Cham, 119--130. Google ScholarCross Ref
- Stef Schinagl, Keith Schoon, and Ronald Paans. 2015. A Framework for Designing a Security Operations Centre (SOC). In 2015 48th Hawaii International Conference on System Sciences (HICSS). IEEE, 2253--2262. Google ScholarDigital Library
- Thomas H.J. Uhlemann, Christian Lehmann, and Rolf Steinhilper. 2017. The Digital Twin: Realizing the Cyber-Physical Production System for Industry 4.0. In Procedia CIRP, Vol. 61. Elsevier B.V., 335--340. Google ScholarCross Ref
- Manfred Vielberth, Florian Menges, and Günther Pernul. 2019. Human-as-a-security-sensor for harvesting threat intelligence. Cybersecurity 2, 23 (2019). Google ScholarCross Ref
- Manfred Vielberth and Günther Pernul. 2018. A Security Information and Event Management Pattern. In 12th Latin American Conference on Pattern Languages of Programs (SugarLoafPLoP). The Hillside Group.Google Scholar
Index Terms
- Integrating digital twin security simulations in the security operations center
Recommendations
Digital Twins for IoT Security Management
Data and Applications Security and Privacy XXXVIIAbstractThe proliferation of Internet of Things (IoT) devices has increased the risk of cyber threats to the confidentiality, integrity, and availability of data processed. In this context, proactive security management has emerged as a critical strategy ...
Security Threats and Possible Countermeasures in IoT Applications Covering Different Industry Domains
ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and SecurityThe world is witnessing the emerging role of Internet of Things (IoT) as a technology that is transforming different industries, global community and its economy. Currently a plethora of interconnected smart devices have been deployed for diverse ...
Performance evaluation of the SRE and SBPG components of the IoT hardware platform security advisor framework
AbstractThe applications of Internet of Things (IoT) and associated technologies have been spreading rapidly across a wide range of domains, including environmental monitoring, home automation, and supply chain, having a significant bearing on ...
Comments