Skip to main content
SpringerLink
Log in

A Cyber Security Digital Twin for Critical Infrastructure Protection: The Intelligent Transport System Use Case

  • Conference paper
  • First Online:
The Practice of Enterprise Modeling (PoEM 2021)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 432))

Included in the following conference series:

Abstract

The problem of performing cybersecurity tests over existing industrial control systems is well-known. Once it is deployed, a critical system cannot be made unavailable for the purpose of simulating a cyber attack and thus it is hard to introduce corrective measures based on actual test outcomes. On the other hand, a high security posture is required for critical infrastructure and security by design is mandatory for new projects. Such requirements call for an architectural approach to introduce security straight from the early development phases. However, the adoption of a systematic design approach does not guarantee the cost-effectiveness of security countermeasures analysis, which is an extremely cumbersome task as the creation of a physical model is often costly or impossible.

To address these issues, we propose the introduction of a specific view in the system’s architectural blueprint, called the Cybersecurity Digital Twin. It is an Enterprise Architecture model of the system specifically targeted at providing a sound base for simulations in order to devise proper countermeasures without any outage of the physical infrastructure. To provide a proof of concept and demonstrate the practical viability of the proposed solution, we apply the methodology to a Cooperative Intelligent Transport System use case, evaluating the system security of the obtained solution.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Following IEC 62443-3-3.

  2. 2.

    SecuriCAD is a tool that adopts a probabilistic approach to threat modeling, based on the definition of Attack Trees, which are the set of steps that the attacker is likely to perform in order to reach our assets.

  3. 3.

    See, e.g., NIST cybersecurity framework for the protection of critical infrastructure [25] that has a specific control (ID.AM-3) requiring that organizational communication and data flows are mapped in order to segment and segregate network traffic, and identify firewall rules (the zone and conduit principle of IEC 62443).

  4. 4.

    Decentralized Environmental Notification Message.

  5. 5.

    See https://www.dropbox.com/s/0exeadyz6t2yzin/ModelForCRITIS.sCAD?dl=0.

  6. 6.

    See https://owasp.org/www-community/Application_Threat_Modeling.

References

  1. Apache kafka. https://kafka.apache.org. Accessed 6 Oct 2021

  2. Augustine, P.: The industry use cases for the digital twin idea, Chap. 4. In: Raj, P., Evangeline, P. (eds.) The Digital Twin Paradigm for Smarter Systems and Environments: The Industry Use Cases. Advances in Computers, vol. 117, pp. 79–105. Elsevier (2020)

    Google Scholar 

  3. Bécue, A., et al.: Cyberfactory1 - securing the industry 4.0 with cyber-ranges and digital twins. In: 2018 14th IEEE International Workshop on Factory Communication Systems (WFCS), pp. 1–4 (2018)

    Google Scholar 

  4. Damjanovic-Behrendt, V.: A digital twin-based privacy enhancement mechanism for the automotive industry. In: 2018 International Conference on Intelligent Systems (IS), pp. 272–279 (2018)

    Google Scholar 

  5. Dietz, M., Vielberth, M., Pernul, G.: Integrating digital twin security simulations in the security operations center. In: Proceedings of the 15th International Conference on Availability, Reliability and Security, ARES 2020. Association for Computing Machinery, New York (2020)

    Google Scholar 

  6. Eckhart, M., Ekelhart, A.: Towards security-aware virtual environments for digital twins. In: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security, CPSS 2018, pp. 61–72. Association for Computing Machinery, New York (2018)

    Google Scholar 

  7. Eckhart, M., Ekelhart, A.: Digital twins for cyber-physical systems security: state of the art and outlook. In: Security and Quality in Cyber-Physical Systems Engineering, pp. 383–412. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25312-7_14

    Chapter  Google Scholar 

  8. Energy Shield: Developing the cyber toolkit that protects your energy grid (2021)

    Google Scholar 

  9. ETSI. EN 302 637-3: Intelligent Transport Systems (ITS); vehicular communications; basic set of applications; part 3: specifications of decentralized environmental notification basic service (2014)

    Google Scholar 

  10. ETSI. Intelligent Transport Systems (ITS): Mitigation techniques to avoid interference between European CEN Dedicated Short Range Communication (CEN DSRC) equipment and Intelligent Transport Systems (ITS) operating in the 5 GHz frequency range (2015)

    Google Scholar 

  11. European Commission: Cooperative, connected and automated mobility (CCAM) (2021)

    Google Scholar 

  12. European Parliament and the Council: Directive EU 2016/1148 (2016)

    Google Scholar 

  13. Grieves, M.: Digital twin: manufacturing excellence through virtual factory replication (March 2015)

    Google Scholar 

  14. The Open Group. Togaf 9.2 (2019)

    Google Scholar 

  15. ICT4CART: A connected future for automated driving (2021)

    Google Scholar 

  16. Intelligent Transport Systems Australia. ITS Australia (2021)

    Google Scholar 

  17. ISO. ISO/IEC 20922:2016: Information technology - Message Queuing Telemetry Transport (MQTT) v3.1.1 (2016)

    Google Scholar 

  18. Johnson, P., Lagerström, R., Ekstedt, M.: A meta language for threat modeling and attack simulations. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES 2018. Association for Computing Machinery, New York (2018)

    Google Scholar 

  19. Jones, D., Snider, C., Nassehi, A., Yon, J., Hicks, B.: Characterising the digital twin: a systematic literature review. CIRP J. Manuf. Sci. Technol. 29, 36–52 (2020)

    Article  Google Scholar 

  20. Korman, M., Välja, M., Björkman, G., Ekstedt, M., Vernotte, A., Lagerström, R.: Analyzing the effectiveness of attack countermeasures in a SCADA system. In: Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, SPSR-SG@CPSWeek 2017, Pittsburgh, PA, USA, 21 April 2017, pp. 73–78. ACM (2017)

    Google Scholar 

  21. Koschnick, G.: Industrie 4.0: the industrie 4.0 component (2015)

    Google Scholar 

  22. Lim, K.Y.H., Zheng, P., Chen, C.-H.: A state-of-the-art survey of Digital Twin: techniques, engineering product lifecycle management and business innovation perspectives. J. Intell. Manuf. 31(6), 1313–1337 (2019). https://doi.org/10.1007/s10845-019-01512-w

    Article  Google Scholar 

  23. Lu, Q., Xie, X., Heaton, J., Parlikad, A.K., Schooling, J.: From BIM towards digital twin: strategy and future development for smart asset management. In: Borangiu, T., Trentesaux, D., Leitão, P., Giret Boggino, A., Botti, V. (eds.) SOHOMA 2019. SCI, vol. 853, pp. 392–404. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-27477-1_30

    Chapter  Google Scholar 

  24. Mao, X., Ekstedt, M., Ling, E., Ringdahl, E., Lagerström, R.: Conceptual abstraction of attack graphs - a use case of securiCAD. In: Albanese, M., Horne, R., Probst, C.W. (eds.) GraMSec 2019. LNCS, vol. 11720, pp. 186–202. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36537-0_9

    Chapter  Google Scholar 

  25. NIST: Cybersecurity framework (2021)

    Google Scholar 

  26. OASIS: Advanced message queuing protocol (AMQP) version 1.0 (2012)

    Google Scholar 

  27. Paskevicius, P., Damasevicius, R., Štuikys, V.: Change impact analysis of feature models. In: Skersys, T., Butleris, R., Butkiene, R. (eds.) ICIST 2012. CCIS, vol. 319, pp. 108–122. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33308-8_10

    Chapter  Google Scholar 

  28. Talkhestani, B.A., Jazdi, N., Schloegl, W., Weyrich, M.: Consistency check to synchronize the digital twin of manufacturing automation based on anchor points. Procedia CIRP 72, 159–164 (2018). 51st CIRP Conference on Manufacturing Systems

    Google Scholar 

  29. The Open Group: Reference Architectures and Open Group Standards for the Internet of Things - Four Internet of Things Reference Architectures (2021)

    Google Scholar 

  30. United States Department of Transportation. Intelligent Transportation Systems, Joint Program Office (2021)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Independent Scholar, Rome, Italy

    Giovanni Paolo Sellitto

  2. Autostrade Per L’Italia SpA, Rome, Italy

    Massimiliano Masi

  3. Jozef Stefan Institute, Ljubljana, Slovenia

    Tanja Pavleska

  4. Independent Scholar, Lisbon, Portugal

    Helder Aranha

Authors
  1. Giovanni Paolo Sellitto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Massimiliano Masi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tanja Pavleska
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Helder Aranha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Massimiliano Masi .

Editor information

Editors and Affiliations

  1. KU Leuven, LIRIS, Leuven, Belgium

    Estefanía Serral

  2. Stockholm University, Kista, Sweden

    Janis Stirna

  3. University of Geneva, Carouge, Switzerland

    Jolita Ralyté

  4. Riga Technical University, Riga, Latvia

    Jānis Grabis

Rights and permissions

Reprints and permissions

Copyright information

© 2021 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sellitto, G.P., Masi, M., Pavleska, T., Aranha, H. (2021). A Cyber Security Digital Twin for Critical Infrastructure Protection: The Intelligent Transport System Use Case. In: Serral, E., Stirna, J., Ralyté, J., Grabis, J. (eds) The Practice of Enterprise Modeling. PoEM 2021. Lecture Notes in Business Information Processing, vol 432. Springer, Cham. https://doi.org/10.1007/978-3-030-91279-6_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-91279-6_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-91278-9

  • Online ISBN: 978-3-030-91279-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation