A Security Twin to Defeat Intrusions in Cyber Physical Systems

Cyber risk assessment and management have to face a dynamic risk landscape so that probabilities of interest cannot be estimated using historical data. This paper advocates the adoption of synthetic data generated by combining adversary simulation with digital twin technology. A security twin of a cyber physical system (CPS) extends an inventory of the system with information on current vulnerabilities and attacks. By describing threat agents through other twins, we can supply the twins with a platform that simulates the strategies of threat agents to discover how they exploit vulnerabilities and implement their intrusions. To analyze alternative scenarios, a Monte Carlo approach is adopted that runs multiple independent simulations. This produces an intrusion graph that faithfully can describe rapidly evolving environments and results in more accurate risk management and better resilience of the system in spite of data shift. Initial experimental results support the effectiveness of security twins in accurately modeling intrusions. The synthetic data produced by the simulations can also be used to train AI tools to defend a CPS.

Keywords: Security twin, Adversary simulation, Data shift, Synthetic data, AI in cybersecurity, Monte carlo simulations.