Data to incident conversion and relation to analytical operations (capabilities)
Abstract
Digital Twins map physical artifacts to virtual representations with a pre-defined fidelity and sharpen the bidirectional communication of the physical and virtual world in the Industrial Internet of Things (IIoT). Digital Twins also manage semantics, i.e., ontologies and relations between functional components and data. The Digital Twin is an ideal foundation to perform security analytics in the IIoT. Security Analytics is Big Data analytics from a cybersecurity perspective and aims at protecting devices by analyzing and correlating data from various data sources. These analytical results can be shared among lifecycles participants through Digital Twins to communicate the overall security state of a physical artifact. This paper presents an architecture that integrates security analytics into a Digital Twin, enables the contextualization of data, and thus, converts data to cybersecurity knowledge. The architecture is based on a formal model that results from various pre-defined key requirements. We further evaluated the architecture by a proof-of-concept implementation called TwinSIGHT, which is publicly available.