Motivations
The interconnectedness of physical and digital systems (e.g., in Smart City and other business sectors) facilitates the propagation of threats, due to loose security controls between the involved providers.
The prevailing fragmentation of cybersecurity operations in such multi-ownership systems hinders visibility of the different domains, hence jeopardizing coordinated and timely detection and response to attacks.
Improving the security of service chains requires DSPs to jointly anticipate attacks and react as soon as they materialize, by building a collective response capacity that is greater and more effective than the plain sum of its parts.
Cybersecurity Digital Twin
A tools that can operationalize awareness and remediation controls for Digital Service Chains.
Multiple bidirectional models are federated to abstract the composition, topology, and security properties of interconnected systems; these models are continuously kept in sync with the real world by feeding them with security events and known vulnerabilities.
The Cybersecurity Digital Twin is used to model and predict the evolution of cyber-attacks, based on shared threat intelligence. It improves existing detection, analysis, protection, and response processes, so to avoid threats to materialize and propagate across the systems.
Monitor
The CDT leverages a bidirectional flow of information with security agents, including both monitoring and enforcement capabilities, which keeps synchronized the states of the two twins.
Model
The CDT maps threat intelligence to the real system, to make hypothesis, perform analysis, and draw predictions of what could happen in the real system in a proactive yet not invasive way.
Predict
The CDT improves security operations modeling and prediction of the evolution of cyber-attacks and the risk that potential threats materialize in the current or an hypothetical context in which the system operates.