Abstract
The digitisation leveraging technologies in the Internet of Things (IoT) and Cyber-Physical Systems (CPS) has been largely adopted together with the Digital Twin (DT) paradigm. However, the distributed and heterogeneous nature of IoT or CPS poses significant challenges in safeguarding against diverse attack surfaces, including physical devices, network infrastructures, and third-party integration. Furthermore, the evolving security threats and potential cascading effects from cyber attacks add another layer of complexity to the security landscape. Therefore, in this paper, we propose a digital twin-based security orchestration automation and response framework, striving for the business continuity (SOAR4BC). Leveraging system contexts from the DT in combination with security intelligence from the security tools gives us a holistic context for SOAR, which has not been seen in the existing approaches. By subjecting tampered data and distributed denial of service (DDoS) detection to rigorous experimental evaluation, we substantiate the efficacy and reliability of the SOAR4BC framework in detecting and responding to security policy violations within simulated digital twin environments. This validation serves as a compelling proof of concept, highlighting the SOAR4BC framework’s robustness in addressing cyber threats. Our work offers novel insights into the convergence of digital twin technology and cybersecurity, illuminating the unique challenges and opportunities inherent in DT-based IoT and CPS systems.
