Digital twins in cyber effects modelling of IoT/CPS points of low resilience

The exponential increase of data volume and velocity have necessitated a tighter linkage of physical and cyber components in modern Cyber–physical systems (CPS) to achieve faster response times and autonomous component reconfiguration. To attain this degree of efficiency, the integration of virtual and physical components reinforced by artificial intelligence also promises to improve the resilience of these systems against organised and often skillful adversaries. The ability to visualise, validate, and illustrate the benefits of this integration, while taking into account improvements in cyber modelling and simulation tools and procedures, is critical to that adoption. Using Cyber Modelling and Simulation (M&S) this study evaluates the scale and complexity required to achieve an acceptable level of cyber resilience testing in an IoT-enabled critical national infrastructure (CNI). This research focuses on the benefits and challenges of integrating cyber modelling and simulation (M&S) with digital twins and threat source characterisation methodologies towards a cost-effective security and resilience assessment. Using our dedicated DT environment, we show how adversaries can utilise cyber–physical systems as a point of entry to a broader network in a scenario where they are trying to attack a port

Towards Optimization of Anomaly Detection Using Autonomous Monitors in DevOps

Continuous practices including continuous integration, continuous testing, and continuous deployment are foundations of many software development initiatives. Another very popular industrial concept, DevOps, promotes automation, collaboration, and monitoring, to even more empower development processes. The scope of this thesis is on continuous monitoring and the data collected through continuous measurement in operations as it may carry very valuable details on the health of the software system. Aim: We aim to explore and improve existing solutions for managing monitoring data in operations, instantiated in the specific industry context. Specifically, we collaborated with a Swedish company responsible for ticket management and sales in public transportation to identify challenges in the information flow from operations to development and explore approaches for improved data management inspired by state-of-the-art machine learning (ML) solutions.Research approach: Our research activities span from practice to theory and from problem to solution domain, including problem conceptualization, solution design, instantiation, and empirical validation. This complies with the main principles of the design science paradigm mainly used to frame problem-driven studies aiming to improve specific areas of practice. Results: We present identified problem instances in the case company considering the general goal of better incorporating feedback from operations to development and corresponding solution design for reducing information overflow, e.g. alert flooding, by introducing a new element, a smart filter, in the feedback loop. Therefore, we propose a simpler version of the solution design based on ML decision rules as well as a more advanced deep learning (DL) alternative. We have implemented and partially evaluated the former solution design while we present the plan for implementation and optimization of the DL version of the smart filter, as a kind of autonomous monitor. Conclusion: We propose using a smart filter to tighten and improve feedback from operations to development. The smart filter utilizes operations data to discover anomalies and timely report alerts on strange and unusual system's behavior. Full-scale implementation and empirical evaluation of the smart filter based on the DL solution will be carried out in future work

Secure Information Sharing with Distributed Ledgers

In 2009, blockchain technology was first introduced as the supporting database technology for digital currencies. Since then, more advanced derivations of the technology have been developed under the broader term Distributed Ledgers, with improved scalability and support for general-purpose application logic. As a distributed database, they are able to support interorganizational information sharing while assuring desirable information security attributes like non-repudiation, auditability and transparency. Based on these characteristics, researchers and practitioners alike have begun to identify a plethora of disruptive use cases for Distributed Ledgers in existing application domains. While these use cases are promising significant efficiency improvements and cost reductions, practical adoption has been slow in the past years. This dissertation focuses on improving three aspects contributing to slow adoption. First, it attempts to identify application areas and substantiated use cases where Distributed Ledgers can considerably advance the security of information sharing. Second, it considers the security aspects of the technology itself, identifying threats to practical applications and detection approaches for these threats. And third, it investigates success factors for successful interorganizational collaborations using Distributed Ledgers

Customizing the Product Life Cycle and its Management for the Optimal Handling of Digital-Physical Products within the Railway Industry

Competitive products are considered as an essential source of corporate success, which is why their continuous development plays a decisive role. Thereby, diverse product innovation results from the integration of digital solutions in physical products. Such so-called "digital-physical" products are hybrid products, meaning neither purely physical nor purely digital, in which information technology is an integral component and plays a significant role in determining the functionality of the product. Digital-physical products enable companies to use new sales strategies, services and business models along the product life cycle to ultimately increase the product's sales. This creates various opportunities outside of product development, especially for sectors such as the railway industry, whose products are required to have a long service life. At the same time, this affects the management of the product along the life cycle and leads to a change in company-specific processes, concepts and models. Particular attention is paid to product management, which is responsible for controlling and planning the activities of a product. Despite the obvious changes caused by digital-physical products, many companies still use their previous concepts and models like the life cycle model in product management and only adapt them inadequately to the new circumstances. This can result in ineffective and inefficient management of products. Researchers have recognized this importance and are therefore focusing on adapting life cycle concepts for the purely digital world. However, little is known about the discussions around adapting life cycle concepts for the transition between physical and digital worlds, especially outside of product development. Therefore, the aim of this study was to explore the influence of digital-physical products on the market phase of the classic product life cycle model and the product management as well as product managers. Specifically, the product life cycle model within Siemens Mobility GmbH (Business Unit Rail Infrastructure) and its product management were to be adapted to digital-physical products. In this study, the inductive-qualitative research approach was used, and the case study served as the research strategy. The case study was well-suited for this study as it was necessary to delve deep into the subject matter to gain an understanding of the benefits of digital-physical products and to identify and analyze the impact on the traditional product life cycle and product management. Expert interviews and focus groups were used as data collection methods to benefit from the personal experiences of the experts, most of whom work with digital-physical products, and thus generate knowledge together. With the help of these methods, the perspectives and experiences of the experts in this field could be revealed and understood in order to achieve the objectives of the study. As a result, the research has shown that digital-physical products have a significant influence on the classic product life cycle and that a change in the way these products have been handled so far is necessary. In this context, considering the boundary conditions of the railway industry and the aforementioned company, the product life cycle model was expanded to include an integrated digital cycle within the product life cycle and a new role, the digital product manager, was introduced. Furthermore, as a result, the previous product management was organizationally supplemented by a digital portfolio in order to be able to optimally manage digital-physical products. The study thus provides a scientific contribution on the correlation between digital-physical products and the theory of the product life cycle model. The previously missing understanding of how digital-physical products interact within the framework of the product life cycle model as well as its impact on product management was addressed in this thesis. In this way, a contribution was made to the product life cycle theory by mirroring and integrating the nature and characteristics of digital-physical products. The findings and changes resulted in a product life cycle model and product management adapted for digital-physical products. In practice, the study helps to better structure the often-reactive behaviour of a product manager in relation to these products. The orientation towards a second cycle that focuses on the digital part of a product helps with strategic decision-making and roadmap planning in practice