Leveraging Digital Twins and SIEM Integration for Incident Response in OT Environments

Zurutuza, Urko

View/Open

Leveraging Digital Twins and SIEM Integration for Incident Response in OT Environments.pdf (1.109Mb)

Full record

Impact

xmlui.dri2xhtml.METS-1.0.item-share

Save the reference

Title

Leveraging Digital Twins and SIEM Integration for Incident Response in OT Environments

xmlui.dri2xhtml.METS-1.0.item-contributorOtherinstitution

https://ror.org/03hp1m080

Version

http://purl.org/coar/version/c_970fb48d4fbd8a85

Rights

Access

http://purl.org/coar/access_right/c_abf2

URI

https://hdl.handle.net/20.500.11984/6649

xmlui.dri2xhtml.METS-1.0.item-identifier

https://hdl.handle.net/11441/160432

Published at

IX Jornadas Nacionales de Investigación en Ciberseguridad (JNIC) Pp. 294-301. Sevilla, 27-29 de Mayo, 2024

Publisher

Universidad de Sevilla

Keywords

IIoT
digital twins
threat detection
incident response ... [+]

IIoT
digital twins
threat detection
incident response
attack detection [-]

Abstract

The Industrial Internet of Things (IIoT) has digitally transformed industrial processes albeit at the expense of increasing exposure to new security threats. System Information and Event Management (SIEM) systems, typically designed for Information Technology (IT), may struggle with the high data volume, specialized security needs, and real-time response requirements of IIoT environments. Digital Twins (DT), virtual replicas of physical devices, offer a solution to these challenges. By integrating SIEM with DT, incident response can be automated in Operational Technology (OT) environments. This integration enhances real-time threat detection, response coordination and post-incident tasks to ensure the security and continuity of industrial operations. A use case and prototype validate the effectiveness of this approach and highlight its potential to strengthen OT security in the face of evolving threats. [-]