Harnessing Digital Twin Security Simulations for systematic Cyber Threat Intelligence

Understanding cybersecurity threats, attacks, and incidents is crucial for organizations to perform preventive or reactive measures. Nevertheless, detailed Cyber Threat Intelligence (CTI) is reluctantly shared. Digital twins, the virtual counterparts of real-world assets, offer security simulation capabilities. The simulation of attack scenarios on industrial control systems (ICS) with digital twins yields valuable threat information. In our work, we outline the systematic steps towards a structured threat report starting with digital twin security simulations: We first present the course of action and define formal requirements for framework deployment. We then conduct an attack simulation with a prototypical digital twin application to evaluate our framework. Using the STIX2.1 standard, we assist CTI generation by providing utility tools guiding through the process steps. Our experimental results show that a STIX2.1 CTI report can be systematically constructed with the opportunity to customize according to the use case at hand. Adding digital twin security simulations to the list of CTI sources can provide shareable CTI and help organizations improve their security posture.