Leveraging Digital Twins and SIEM Integration for Incident Response in OT Environments
- Adei Arias
- Cristobal Arellano
- Aitor Urbieta
- Urko Zurutuza
Verlag: Ángel J. Varela Vaca ; Antonia M. Reina Quintero ; Rafael Ceballos Guerrero
ISBN: 978-84-09-62140-8
Datum der Publikation: 2024
Seiten: 294-301
Kongress: Jornadas Nacionales de Investigación en Ciberseguridad (9. 2024. null)
Art: Konferenz-Beitrag
Ziele für nachhaltige Entwicklung
infoSDG-Ranking mithilfe des Modells für künstliche Intelligenz Aurora SDG.
Projekte im Zusammenhang
Zusammenfassung
The Industrial Internet of Things (IIoT) has digitally transformed industrial processes albeit at the expense of increasing exposure to new security threats. System Information and Event Management (SIEM) systems, typically designed for Information Technology (IT), may struggle with the high data volume, specialized security needs, and real-time response requirements of IIoT environments. Digital Twins (DT), virtual replicas of physical devices, offer a solution to these challenges. By integrating SIEM with DT, incident response can be automated in Operational Technology (OT) environments. This integration enhances real-time threat detection, response coordination and post-incident tasks to ensure the security and continuity of industrial operations. A use case and prototype validate the effectiveness of this approach and highlight its potential to strengthen OT security in the face of evolving threats.