- Dagstuhl Materials Page (Use personal credentials as created in DOOR to log in)
Cyber-physical systems (CPSs) may constitute an attractive attack target due to the increased networking of components that yields an expanded attack surface. If their physical control capabilities are compromised, safety implications may arise. Thus, it is vital that the CPSs being engineered are thoroughly tested and that adequate response measures can be realized upon detecting intruders during operation. However, security testing is hard to conduct due to expensive hardware, limited maintenance periods, and safety risks. Furthermore, the increased stealthiness of threat actors requires new intrusion detection and response methods. Interestingly, digital twins have become an important concept in industrial informatics to solve similar problems, yet with a non-security-related focus: Digital twins that virtually replicate the real systems provide cost-efficient modeling, testing, monitoring, and even predictive capabilities. However, until recently, the digital-twin concept has mainly focused on production optimizations or design improvements, without considering its potential for CPS security. The purpose of this Dagstuhl Seminar is therefore to investigate the benefits and challenges of applying this concept to improve the security of CPSs.
In this seminar, we will explore possible digital-twin security use cases, such as security testing, intrusion detection, and response and reconfiguration. We want to leverage a multi-disciplinary perspective to combine approaches from different domains, namely, information security, industrial informatics, production systems engineering, control theory, and data science. The aim of the seminar is to i) bridge the gap between disciplines, ii) reach consensus about the underlying terminology, and iii) investigate the strengths and limits of this novel concept. At the beginning of this 5-day event, we will dedicate an extended session to the discussion of specific vocabularies and terminologies in order to build a common ground. Subsequent seminar activities will address research challenges pertaining to the efficient creation and operation of security-aware digital twins, the implementation of physics-based and behavior-specification-based intrusion detection systems, and proactive and reactive intrusion response mechanisms. Toward this end, the participating academics and industry experts will discuss how specifications, engineering data, physical models, and process knowledge can be utilized to implement digital twins. Current topics of intrusion detection research will also be analyzed to assess how these virtual replicas can accurately identify attacks by detecting deviations in the behavior of the real CPS, which are manifested in the network traffic, control logic, sensor readings, or physical process. Further, we will investigate methods from the self-adaptive, self-healing CPS community to assess how the digital twins can be equipped with the capability to automatically determine suitable countermeasures, virtually test them, evaluate their effects, and finally apply the re-configurations to the corresponding real systems in order to fend off imminent cyber threats or at least mitigate their impact.
The seminar participants will be split into small working groups to foster more detailed discussions and strengthen interdisciplinary exchange. Plenary sessions will include lightning talks given by participants to motivate the group work. In this way, the seminar will serve as an open knowledge-sharing platform for individuals from diverse disciplines, which will ultimately shape this emerging research area.
In the light of the increasing digitization and move toward Industry 4.0 , cyber security becomes more and more important for cyber-physical systems (CPSs). The advanced computation, communication, and control capabilities of CPSs lead to a wider attack surface and greater exposure to security flaws. Furthermore, the added complexity puts a considerable burden on security professionals, who have to ensure that the CPSs are adequately protected against adversaries throughout the entire lifecycle. As a matter of fact, designing holistic security measures is a significant ongoing challenge for academia and industry alike. Thorough security testing during the engineering- and, particularly, the operation phase is often not feasible. The development of custom CPS testbeds is complicated, expensive, and time-consuming due to high hardware costs, space constraints, and complex dependencies between components . Past attempts to conduct penetration tests directly on live systems led to unintended system behavior, putting human workers in significant danger and causing a disruption of production lines . In addition to regular security testing, adequate countermeasures need to be implemented in response to newly discovered vulnerabilities that emerge during operation or if the CPS is already under attack. However, the steadily increasing sophistication of cyberattacks calls for more effective intrusion detection and prevention techniques. On top of that, new mechanisms to test and evaluate attack response strategies in a controlled setting are required.
A digital twin, that is, a virtual replica of a real system, was originally envisioned for similar, yet non-security-related purposes: The life of a spacecraft is virtually mirrored through high-fidelity simulations and sensor updates to detect anomalies and safely test mitigation options such that degradation can be reduced and damages prevented . This idea was picked up by the industrial informatics community, whose members implemented the digital-twin concept in various CPS applications for monitoring, lifecycle management, and decision support [5, 6, 7]. In the past few years, researchers have also shown interest in utilizing digital twins for security-enhancing purposes [8, 9, 10, 11, 12, 13]. Although the definition of what constitutes a digital twin in the context of cybersecurity differs in the literature, its main application areas seem to be clear: Virtually replicated systems by means of emulation, simulation, and modeling technologies, coupled with real-time or historical data flows, might be used to improve security testing, intrusion detection, and attack recovery. However, fundamental research questions and challenges remain before digital twins can be applied for security-enhancing purposes. Furthermore, concerns have been raised about the potential security threats associated with the digital-twin concept .
Thus, the primary goal of this Dagstuhl Seminar was to lay the foundation for future interdisciplinary collaboration on digital-twin research for CPS security. The interdisciplinary character of this novel research area is reflected in its origin. As already indicated, the notion of using “twins” originally emerged from the space industry , gained wider adoption by the industrial informatics community [5, 6, 7], and was eventually applied with the objective of attaining security improvements [8, 9, 10, 11, 12, 13]. For this reason, the seminar has brought together 20 researchers with backgrounds in computer security, control theory, automation engineering, and data science. Inspired by the concept’s promised security improvement potential, the seminar was structured along three different themes:
Foundations of Security-focused Digital Twins. This theme was motivated by the lack of clarity around the digital-twin concept. Therefore, the purpose of this theme was to develop a common understanding of what a digital twin in the context of security is, how it can be defined, and how it relates to existing concepts, such as cyber ranges, data-driven models, and honeypots. Closely tied to this theme were discussions on methods for digitaltwin implementation, including (i) emulating systems and simulating physical processes, (ii) knowledge retrieval for digital-twin generation in greenfield and brownfield environments, and (iii) synchronizing digital twins with their physical counterparts.
Intrusion Detection. The objective of this theme was to explore intrusion detection as a potential use case for digital twins. Assuming that the digital twin is built from a benign specification such that legitimate behavior is exhibited when executed in sync with its counterpart, any deviations observed on the logic, network, and physics layers could indicate malicious activity. Building on this idea, participants discussed how digital twins can serve as a foundation for such behavior-specification-based intrusion detection systems (IDSs) that possess physics- and process-aware capabilities. Moreover, discussions touched on how digital twins can be used for data generation purposes to improve the training phase of (semi-)supervised learning approaches that are employed in behavior-based IDSs.
Attack Response Mechanisms. The last theme was associated with research questions on implementing proactive and reactive attack response strategies, which may represent another use case of digital twins. Proactive security measures can prevent cyber-physical attacks in the face of imminent threats when new vulnerabilities in the CPS are discovered. On the other hand, reactive responses to an attack can be initiated to control damage by ensuring that the physical system maintains a safe state. In this context, questions were raised about how the digital-twin concept can help in designing attack-resilient CPS architectures and response strategies for control systems. This theme highlighted the benefits and challenges of using digital twins to test countermeasures in a simulated environment and assess their effects.
The program started with a welcome session that provided an opportunity for participants to get to know one another. Furthermore, the organizers used this session to share information about the seminar program and explain key terms to participants who were not au fait with the terminologies used by different communities. Over the five days, 14 participants gave lightning talks that focused on the following topics:
- building blocks for digital-twin construction, including emulating and simulating CPS components, data-driven approaches and semantic technologies, synchronization mechanisms,
- reverse engineering programmable logic controllers, deception technology (e.g., honeypots), security testbeds,
- attack detection in CPSs, featuring physics-based, data-driven, and process-aware techniques,
- attack-resilient control using different tools for risk mitigation (viz., prevention, detection, and treatment),
- various aspects of dataset availability in CPS research (e.g., attack simulation, data collection, evaluation, and validation), and
- digital-twin use cases for the safety-related system development lifecycle.
The lightning talk sessions offered each speaker 15 minutes to present new perspectives and talk about current challenges in CPS security. The highly interdisciplinary setting and stimulating presentations given by participants resulted in active discussions, which were carried on in the breakout sessions.
The afternoons of Monday, Tuesday, and Wednesday were used for breakout sessions to give participants the opportunity to work together on research issues of common interest. Based on the discussions that took place on Monday after the session on bridging the disciplinary gap, we identified the following topics of interest to be explored by working groups: (i) conceptualization of the digital twin for cyber-physical systems security, and (ii) attack recovery for control systems. Participants who worked on the former topic discussed haracteristics that digital twins need to have to be useful for security applications, while those who focused on the latter topic investigated strategies in the context of control theory to respond to attacks in a reactive manner.
The seminar received very positive feedback from participants, who also expressed strong interest in future editions. In addition, several invitees, who were forced to cancel their participation at short notice due to the SARS-CoV-2 pandemic, have shown great interest in follow-up events. Thus, we believe that this Dagstuhl Seminar should be repeated in the future. A second edition would be worthwhile to investigate open problems concerning system emulation. These issues could be addressed in a future follow-up seminar if more participation from the embedded systems and systems security communities is achieved.
As the organizers, we would like to thank everyone who attended this seminar for their interesting talks, the thought-provoking questions, and the fruitful contributions that led to a highly collaborative atmosphere for scientific discussions. We also would like to express our sincere gratitude to the scientific and administrative staff of Schloss Dagstuhl for their outstanding support that made this seminar possible.
- Henning Kagermann, Johannes Helbig, Ariane Hellinger, and Wolfgang Wahlster. Recommendations for implementing the strategic initiative INDUSTRIE 4.0 – securing the future of german manufacturing industry. Final report of the Industrie 4.0 working group, acatech – National Academy of Science and Engineering, München, April 2013.
- Benjamin Green, Anhtuan Lee, Rob Antrobus, Utz Roedig, David Hutchison, and Awais Rashid. Pains, gains and PLCs: Ten lessons from building an industrial control systems testbed for security research. In 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET 17), Vancouver, BC, 2017. USENIX Association.
- David Duggan, Michael Berg, John Dillinger, and Jason Stamp. Penetration testing of industrial control systems. Sandia National Laboratories, 2005.
- Mike Shafto, Mike Conroy, Rich Doyle, Ed Glaessgen, Chris Kemp, Jacqueline LeMoigne, and Lui Wang. Draft modeling, simulation, information technology & processing roadmap. Technology Area, 11, 2010.
- Elisa Negri, Luca Fumagalli, and Marco Macchi. A review of the roles of digital twin in CPS-based production systems. Procedia Manufacturing, 11:939 – 948, 2017. 27th International Conference on Flexible Automation and Intelligent Manufacturing, FAIM2017, 27-30 June 2017, Modena, Italy.
- Roland Rosen, Georg von Wichert, George Lo, and Kurt D. Bettenhausen. About the importance of autonomy and digital twins for the future of manufacturing. IFAC-PapersOnLine, 48(3):567 – 572, 2015. 15th IFAC Symposium on Information Control Problems in Manufacturing INCOM 2015.
- Werner Kritzinger, Matthias Karner, Georg Traar, Jan Henjes, and Wilfried Sihn. Digital twin in manufacturing: A categorical literature review and classification. IFACPapersOnLine, 51(11):1016 – 1022, 2018. 16th IFAC Symposium on Information Control Problems in Manufacturing INCOM 2018
- Matthias Eckhart and Andreas Ekelhart. Digital Twins for Cyber-Physical Systems Security: State of the Art and Outlook, chapter 14, pages 383–412. Springer International Publishing, Cham, 2019.
- Mariana Segovia and Joaquin Garcia-Alfaro. Design, modeling and implementation of digital twins. Sensors, 22(14), 2022.
- Marietheres Dietz and Gunther Pernul. Unleashing the digital twin’s potential for ICS security. IEEE Security & Privacy, 18(4):20–27, July 2020.
- Nepal, and Helge Janicke. Digital twins and cyber security – solution or challenge? In 2021 6th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM), pages 1–8, September 2021.
- Rajiv Faleiro, Lei Pan, Shiva Raj Pokhrel, and Robin Doss. Digital twin for cybersecurity: Towards enhancing cyber resilience. In Wei Xiang, Fengling Han, and Tran Khoa Phan, editors, Broadband Communications, Networks, and Systems, pages 57–76, Cham, 2022. Springer International Publishing.
- Abhishek Pokhrel, Vikash Katta, and Ricardo Colomo-Palacios. Digital twin for cybersecurity incident prediction: A multivocal literature review. In Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops, pages 671–678, New York, NY, USA, 2020. Association for Computing Machinery.
- Cristina Alcaraz and Javier Lopez. Digital twin: A comprehensive survey of security threats. IEEE Communications Surveys & Tutorials, 2022.
- Ali Abbasi (Ruhr-Universität Bochum, DE) [dblp]
- David Allison (AIT - Austrian Institute of Technology - Wien, AT)
- Magnus Almgren (Chalmers University of Technology - Göteborg, SE) [dblp]
- Alvaro Cárdenas Mora (University of California - Santa Cruz, US) [dblp]
- Katharina Ceesay-Seitz (CERN Openlab - Meyrin, CH)
- Matthias Eckhart (SBA Research - Wien, AT) [dblp]
- Andreas Ekelhart (SBA Research - Wien, AT) [dblp]
- Helge Janicke (Cyber Security CRS - Joondalup, AU) [dblp]
- Marina Krotofil (Maersk - Aarhus, DK) [dblp]
- Martina Maggio (Universität des Saarlandes - Saarbrücken, DE) [dblp]
- Simin Nadjm-Tehrani (Linköping University, SE) [dblp]
- Miroslav Pajic (Duke University - Durham, US) [dblp]
- Awais Rashid (University of Bristol, GB) [dblp]
- Francesco Regazzoni (University of Amsterdam, NL & Università della Svizzera italiana, CH) [dblp]
- Anne Remke (Universität Münster, DE) [dblp]
- Henrik Sandberg (KTH Royal Institute of Technology - Stockholm, SE) [dblp]
- Anne-Kathrin Schmuck (MPI-SWS - Kaiserslautern, DE) [dblp]
- Nils Ole Tippenhauer (CISPA - Saarbrücken, DE)
- Edgar Weippl (Universität Wien, AT) [dblp]
- Mark Yampolskiy (Auburn University, US)
- Artificial Intelligence
- Cryptography and Security
- Systems and Control
- Digital Twins
- Cyber-Physical Systems
- Information Security
- SCADA & Industrial Control Systems
- Production Systems Engineering