| Title | Enhancing Cyber Situational Awareness for Cyber-Physical Systems through Digital Twins |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Eckhart, Matthias, Ekelhart, Andreas, Weippl, Edgar |
| Conference Name | 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA) |
| Keywords | composability, CPSS, Cyber Attacks, cyber defense, cyber situation, cyber situational awareness, cyber situational awareness framework, Cyber-physical systems, Data collection, digital twins, Information security, Metrics, Monitoring, pubcrawl, resilience, Resiliency, security, security of data, situational awareness, Topology, visualization |
| Abstract | Operators of cyber-physical systems (CPSs) need to maintain awareness of the cyber situation in order to be able to adequately address potential issues in a timely manner. For instance, detecting early symptoms of cyber attacks may speed up the incident response process and mitigate consequences of attacks (e.g., business interruption, safety hazards). However, attaining a full understanding of the cyber situation may be challenging, given the complexity of CPSs and the ever-changing threat landscape. In particular, CPSs typically need to be continuously operational, may be sensitive to active scanning, and often provide only limited in-depth analysis capabilities. To address these challenges, we propose to utilize the concept of digital twins for enhancing cyber situational awareness. Digital twins, i.e., virtual replicas of systems, can run in parallel to their physical counterparts and allow deep inspection of their behavior without the risk of disrupting operational technology services. This paper reports our work in progress to develop a cyber situational awareness framework based on digital twins that provides a profound, holistic, and current view on the cyber situation that CPSs are in. More specifically, we present a prototype that provides real-time visualization features (i.e., system topology, program variables of devices) and enables a thorough, repeatable investigation process on a logic and network level. A brief explanation of technological use cases and outlook on future development efforts completes this work. |
| DOI | 10.1109/ETFA.2019.8869197 |
| Citation Key | eckhart_enhancing_2019 |
Enhancing Cyber Situational Awareness for Cyber-Physical Systems through Digital Twins