Augmented Digital Twin for Identification of Most Critical Cyberattacks in Industrial Systems

This work presents a novel methodology for identification of the most critical cyberattacks that may disrupt the operation of an industrial system. Application of the proposed framework can enable the design and development of advanced cybersecurity functionality for a wide range of industrial applications. The attacks are assessed taking into direct consideration how they impact the system operation as measured by a defined Key Performance Indicator (KPI). A simulation, or Digital Twin (DT), of the industrial process is employed for calculation of the KPI based on operating conditions. Such DT is augmented with a layer of information describing the computer network topology, connected devices, and potential actions an adversary can take associated to each device or network link. Each possible action is associated with an abstract measure of effort, which is interpreted as a cost. It is assumed that the adversary has a corresponding budget that constrains the selection of the sequence of actions defining the progression of the attack. A dynamical system comprising a set of states associated to the cyberattack (cyber states) and transition logic for updating their values is also proposed. The resulting Augmented Digital Twin (ADT) is then employed in a sequential decision-making optimization formulated to yield the most critical attack scenarios as measured by the defined KPI. The methodology is successfully tested based on an electrical power distribution system simulation.