Digital Twin-Enabled Incident Detection and Response: A Systematic Review of Critical Infrastructures Applications

Digital Twin-Enabled Incident Detection and Response: A Systematic Review of Critical Infrastructures Applications

연구 분야: Infrastructure

학회: International Journal of Information Security

The escalating digital interconnectivity of Critical Infrastructure (CI) necessitates robust cybersecurity solutions, particularly for effective incident detection and response. This systematic literature review explores the promising role of Digital Twins (DTs) in enhancing these critical functions across diverse CI sectors, including smart cities, healthcare, and energy. Covering research from 2019 onwards, we conduct an in-depth analysis of 27 curated articles, examining attacks, detection methods, response techniques, and emerging trends specifically related to incident handling within this domain. Our review reveals DTs as a powerful tool for CI cybersecurity, enabling proactive threat simulation and improved incident management capabilities. However, challenges persist, including scalability, interoperability with legacy systems, and the need for rigorous real-world validation of incident response effectiveness. Furthermore, we identify common shortcomings in existing research, such as algorithmic flaws, inadequate validation, poor metric reporting, and insufficient threat modeling, all of which impact incident-handling capabilities. Despite these limitations, our systematic analysis underscores that DTs can significantly bolster CI security for incident detection and response when these challenges are addressed. To our knowledge, this work provides the first full-fledged survey uniquely and specifically focused on DT-enabled cybersecurity incident detection and response within CI contexts, addressing a critical gap not comprehensively covered by prior reviews and serving as a foundational resource for stakeholders.