research-article

Integrating digital twin security simulations in the security operations center

Authors:

Marietheres Dietz,

Manfred Vielberth,

Günther PernulAuthors Info & Claims

ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

Article No.: 18, Pages 1 - 9

https://doi.org/10.1145/3407023.3407039

Published: 25 August 2020 Publication History

Abstract

While industrial environments are increasingly equipped with sensors and integrated to enterprise networks, current security strategies are generally not prepared for the growing attack surface that resides from the convergence of their IT infrastructure with the industrial systems. As a result, the organizations responsible for corporate security, the Security Operations Center (SOC), are overwhelmed with the integration of the industrial systems.

To facilitate monitoring the industrial assets, digital twins represent a helpful novel concept. They are the virtual counterparts of such assets and provide valuable insights through collecting asset-centric data, analytic capabilities and simulations. Moreover, digital twins can assist enterprise security by simulating attacks and analyzing the effect on the virtual counterpart. However, the integration of digital twin security simulations into enterprise security strategies, that are mainly controlled by the SOC, is currently neglected.

To close this research gap, this work develops a process-based security framework to incorporate digital twin security simulations in the SOC. In the course of this work, a use case along with a digital twin-based security simulation provides proof of concept. It is demonstrated how a man-in-the-middle attack can be performed in a simulated industry setting and how it affects the systems. Moreover, we show how the resulting system logs can support the SOC by building technical rules to implement in Security Information and Event Management (SIEM) systems.

References

[1]

Daniele Antonioli and Nils Ole Tippenhauer. 2015. MiniCPS: A Toolkit for Security Research on CPS Networks. In Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy (CPS-SPC '15). ACM, New York, NY, USA, 91--100.

Digital Library

[2]

Stefan Boschert, Christoph Heinrich, and Roland Rosen. 2018. Next Generation Digital Twin. In Proceedings of the 12th International Symposium on Tools and Methods of Competitive Engineering (TMCE 2018). 209--217.

[3]

B. Chen, N. Pattanaik, A. Goulart, K. L. Butler-purry, and D. Kundur. 2015. Implementing attacks for modbus/TCP protocol in a real-time cyber physical system test bed. In 2015 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR). 1--6.

[4]

Marcello Cinque, Domenico Cotroneo, and Antonio Pecchia. 2018. Challenges and Directions in Security Information and Event Management (SIEM). In 2018 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). IEEE, 95--99.

[5]

Marietheres Dietz and Günther Pernul. 2020. Digital Twin: Empowering Enterprises Towards a System-of-Systems Approach. Business & Information Systems Engineering 62, 2 (2020), 179--184.

[6]

Marietheres Dietz and Günther Pernul. 2020. Unleashing the Digital Twin's Potential for ICS Security. IEEE Security Privacy (2020).

Digital Library

[7]

Marietheres Dietz, Benedikt Putz, and Günther Pernul. 2019. A Distributed Ledger Approach to Digital Twin Secure Data Sharing. In Data and Applications Security and Privacy XXXIII, Simon N. Foley (Ed.). Springer International Publishing, Cham, 281--300.

Digital Library

[8]

Matthias Eckhart and Andreas Ekelhart. 2018. A Specification-Based State Replication Approach for Digital Twins. In Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC '18). ACM, New York, NY, USA, 36--47.

Digital Library

[9]

Matthias Eckhart and Andreas Ekelhart. 2018. Towards Security-Aware Virtual Environments for Digital Twins. In Proceedings of the 4th ACM Workshop on Cyber-Physical System Security (CPSS '18). 61--72.

Digital Library

[10]

Matthias Eckhart and Andreas Ekelhart. 2019. Digital Twins for Cyber-Physical Systems Security: State of the Art and Outlook. Springer International Publishing, Cham, 383--412.

[11]

B. Ferguson, A. Tall, and D. Olsen. 2014. National Cyber Range Overview. In 2014 IEEE Military Communications Conference. 123--128.

Digital Library

[12]

Michael Grieves and John Vickers. 2017. Digital Twin: Mitigating Unpredictable, Undesirable Emergent Behavior in Complex Systems. Springer International Publishing, Cham, 85--113.

[13]

A. Hahn, A. Ashok, S. Sridhar, and M. Govindarasu. 2013. Cyber-Physical Security Testbeds: Architecture, Application, and Evaluation for Smart Grid. IEEE Transactions on Smart Grid 4, 2 (2013), 847--855.

[14]

Diana Kelley and Ron Moritz. 2006. Best Practices for Building a Security Operations Center. Information Systems Security 14, 6 (2006), 27--32.

[15]

Peter Kieseberg and Edgar Weippl. 2018. Security Challenges in Cyber-Physical Production Systems. In Software Quality: Methods and Tools for Better Software and Systems, Dietmar Winkler, Stefan Biffl, and Johannes Bergsmann (Eds.). Springer International Publishing, Cham, 3--16.

[16]

Hung-Jen Liao, Chun-Hung [Richard Lin], Ying-Chih Lin, and Kuang-Yuan Tung. 2013. Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications 36, 1 (2013), 16 -- 24.

Digital Library

[17]

Afsaneh Madani, Saed Rezayi, and Hossein Gharaee. 2011. Log management comprehensive architecture in Security Operation Center (SOC). In 2011 International Conference on Computational Aspects of Social Networks (CASoN). IEEE, 284--289.

[18]

David Miller, Shon Harris, Allen Harper, Stephen VanDyke, and Chris Blask. 2011. Security information and event management (SIEM) implementation. McGraw-Hill, New York, NY.

[19]

Sparsh Mittal. 2014. OPNET: An Integrated Design Paradigm for Simulations.

[20]

Elisa Negri, Luca Fumagalli, and Marco Macchi. 2017. A Review of the Roles of Digital Twin in CPS-based Production Systems. Procedia Manufacturing 11 (2017), 939--948.

[21]

Joakim Nideborn. 2019. Industrial network market shares 2019 according to HMS. https://www.hms-networks.com/news-and-insights/news-from-hms/2019/05/07/industrial-network-market-shares-2019-according-to-hms. [Online; accessed 19-Mar-2020].

[22]

Cuong Pham, Dat Tang, Ken-ichi Chinen, and Razvan Beuran. 2016. CyRIS: A Cyber Range Instantiation System for Facilitating Security Training. In Proceedings of the Seventh Symposium on Information and Communication Technology (SoICT '16). ACM, New York, NY, USA, 251--258.

Digital Library

[23]

R. Piggin and I. Buffey. 2016. Active defence using an operational technology honeypot. In 11th International Conference on System Safety and Cyber-Security (SSCS 2016). 1--6.

[24]

Juan E. Rubio, Rodrigo Roman, and Javier Lopez. 2018. Analysis of Cyber-security Threats in Industry 4.0: The Case of Intrusion Detection. In Critical Information Infrastructures Security, Gregorio D'Agostino and Antonio Scala (Eds.). Springer International Publishing, Cham, 119--130.

[25]

Stef Schinagl, Keith Schoon, and Ronald Paans. 2015. A Framework for Designing a Security Operations Centre (SOC). In 2015 48th Hawaii International Conference on System Sciences (HICSS). IEEE, 2253--2262.

Digital Library

[26]

Thomas H.J. Uhlemann, Christian Lehmann, and Rolf Steinhilper. 2017. The Digital Twin: Realizing the Cyber-Physical Production System for Industry 4.0. In Procedia CIRP, Vol. 61. Elsevier B.V., 335--340.

[27]

Manfred Vielberth, Florian Menges, and Günther Pernul. 2019. Human-as-a-security-sensor for harvesting threat intelligence. Cybersecurity 2, 23 (2019).

[28]

Manfred Vielberth and Günther Pernul. 2018. A Security Information and Event Management Pattern. In 12th Latin American Conference on Pattern Languages of Programs (SugarLoafPLoP). The Hillside Group.

Cited By

Khayat MBarka EAdel Serhani MSallabi FShuaib KKhater H(2025)Empowering Security Operation Center With Artificial Intelligence and Machine Learning—A Systematic Literature ReviewIEEE Access10.1109/ACCESS.2025.353295113(19162-19197)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2025.3532951
Infante SRobles JMartín CRubio BDíaz M(2025)Distributed digital twins on the open-source OpenTwins frameworkAdvanced Engineering Informatics10.1016/j.aei.2024.10297064(102970)Online publication date: Mar-2025
https://doi.org/10.1016/j.aei.2024.102970
Vielberth M(2025)Security Operations Center (SOC)Encyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1680(2331-2333)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1680
Show More Cited By

Index Terms

Integrating digital twin security simulations in the security operations center
1. Computer systems organization
  1. Embedded and cyber-physical systems

Recommendations

Employing Digital Twins for Security-by-Design System Testing
Sat-CPS '22: Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems

Ever since cyber attacks focused on industrial and critical infrastructure settings, the awareness of the security issues of these systems has increased. These industrial control systems (ICS) mainly focus on operation and availability -- instead of ...
Digital Twins for IoT Security Management
Data and Applications Security and Privacy XXXVII
Abstract
The proliferation of Internet of Things (IoT) devices has increased the risk of cyber threats to the confidentiality, integrity, and availability of data processed. In this context, proactive security management has emerged as a critical strategy ...
Security Threats and Possible Countermeasures in IoT Applications Covering Different Industry Domains
ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and Security

The world is witnessing the emerging role of Internet of Things (IoT) as a technology that is transforming different industries, global community and its economy. Currently a plethora of interconnected smart devices have been deployed for diverse ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

August 2020

1073 pages

ISBN:9781450388337

DOI:10.1145/3407023

Program Chairs:
Melanie Volkamer
Karlsruhe Institute of Technologie (KIT), Competence Center for Applied Security Technology (KASTEL)
,
Christian Wressnegger
Karlsruhe Institute of Technologie (KIT), Competence Center for Applied Security Technology (KASTEL)

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 August 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ARES 2020

ARES 2020: The 15th International Conference on Availability, Reliability and Security

August 25 - 28, 2020

Virtual Event, Ireland

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

47
Total Citations
View Citations
1,344
Total Downloads

Downloads (Last 12 months)214
Downloads (Last 6 weeks)28

Reflects downloads up to 27 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Khayat MBarka EAdel Serhani MSallabi FShuaib KKhater H(2025)Empowering Security Operation Center With Artificial Intelligence and Machine Learning—A Systematic Literature ReviewIEEE Access10.1109/ACCESS.2025.353295113(19162-19197)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2025.3532951
Infante SRobles JMartín CRubio BDíaz M(2025)Distributed digital twins on the open-source OpenTwins frameworkAdvanced Engineering Informatics10.1016/j.aei.2024.10297064(102970)Online publication date: Mar-2025
https://doi.org/10.1016/j.aei.2024.102970
Vielberth M(2025)Security Operations Center (SOC)Encyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1680(2331-2333)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1680
Maiwada UDanyaro KSarlan ALiew MTaiwo AAudi U(2024)Energy efficiency in 5G systemsInternational Journal of Knowledge-based and Intelligent Engineering Systems10.3233/KES-23006128:1(93-132)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.3233/KES-230061
Erba AMurillo ATaormina RGalelli STippenhauer NSun RZhang M(2024)On Practical Realization of Evasion Attacks for Industrial Control SystemsProceedings of the 2024 Workshop on Re-design Industrial Control Systems with Security10.1145/3689930.3695213(9-25)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3689930.3695213
Heluany JAmro AGkioulos VKatsikas S(2024)Interplay of Digital Twins and Cyber Deception: Unraveling Paths for Technological AdvancementsProceedings of the 2024 ACM/IEEE 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) and 2024 IEEE/ACM Second International Workshop on Software Vulnerability10.1145/3643662.3643955(20-28)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643662.3643955
Luzzi JNaha RArulappan AMahanti A(2024)SoK: A Holistic View of Cyberattacks Prediction with Digital Twins2024 Second International Conference on Emerging Trends in Information Technology and Engineering (ICETITE)10.1109/ic-ETITE58242.2024.10493514(1-7)Online publication date: 22-Feb-2024
https://doi.org/10.1109/ic-ETITE58242.2024.10493514
Ma JGuo YFang CZhang Q(2024)Digital-Twin-Based CPS Anomaly Diagnosis and Security Defense Countermeasure RecommendationIEEE Internet of Things Journal10.1109/JIOT.2024.336690411:10(18726-18738)Online publication date: 15-May-2024
https://doi.org/10.1109/JIOT.2024.3366904
Lo CWin TRezaeifar ZKhan ZLegg P(2024)Digital Twins of Cyber Physical Systems in Smart Manufacturing for Threat Simulation and Detection with Deep Learning for Time Series Classification2024 29th International Conference on Automation and Computing (ICAC)10.1109/ICAC61394.2024.10718749(1-6)Online publication date: 28-Aug-2024
https://doi.org/10.1109/ICAC61394.2024.10718749
Stefanidou ACani JPapadopoulos TRadoglou-Grammatikis PSarigiannidis PVarlamis IPapadopoulos G(2024)Leveraging Digital Twin Technologies for Public Space Protection and Vulnerability Assessment2024 IEEE International Conference on Big Data (BigData)10.1109/BigData62323.2024.10825359(2836-2845)Online publication date: 15-Dec-2024
https://doi.org/10.1109/BigData62323.2024.10825359
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten