Understanding indicators of compromise against cyber-attacks in industrial control systems: a security perspective

Numerous sophisticated and nation-state attacks on Industrial Control Systems (ICSs) have increased in recent years, exemplified by Stuxnet and Ukrainian Power Grid. Measures to be taken post-incident are crucial to reduce damage, restore control, and identify attack actors involved. By monitoring Indicators of Compromise (IOCs), the incident responder can detect malicious activity triggers and respond quickly to a similar intrusion at an earlier stage. However, in order to implement IOCs in critical infrastructures, we need to understand their contexts and requirements. Unfortunately, there is no survey paper in the literature on IOC in the ICS environment and only limited information is provided in research articles. In this paper, we describe different standards for IOC representation and discuss the associated challenges that restrict security investigators from developing IOCs in the industrial sectors. We also discuss the potential IOCs against cyber-attacks in ICS systems. Furthermore, we conduct a critical analysis of existing works and available tools in this space. We evaluate the effectiveness of identified IOCs’ by mapping these indicators to the most frequently targeted attacks in the ICS environment. Finally we highlight the lessons to be learnt from the literature and the future problems in the domain along with the approaches that might be taken

Digital Twin in the IoT context: a survey on technical features, scenarios and architectural models

Digital Twin is an emerging concept that is gaining attention in various industries. It refers to the ability to clone a physical object into a software counterpart. The softwarized object, termed logical object, reflects all the important properties and characteristics of the original object within a specific application context. To fully determine the expected properties of the Digital Twin, this paper surveys the state of the art starting from the original definition within the manufacturing industry. It takes into account related proposals emerging in other fields, namely, Augmented and Virtual Reality (e.g., avatars), Multi-agent systems, and virtualization. This survey thereby allows for the identification of an extensive set of Digital Twin features that point to the “softwarization” of physical objects. To properly consolidate a shared Digital Twin definition, a set of foundational properties is identified and proposed as a common ground outlining the essential characteristics (must-haves) of a Digital Twin. Once the Digital Twin definition has been consolidated, its technical and business value is discussed in terms of applicability and opportunities. Four application scenarios illustrate how the Digital Twin concept can be used and how some industries are applying it. The scenarios also lead to a generic DT architectural Model. This analysis is then complemented by the identification of software architecture models and guidelines in order to present a general functional framework for the Digital Twin. The paper, eventually, analyses a set of possible evolution paths for the Digital Twin considering its possible usage as a major enabler for the softwarization process