Cybersecurity Digital Twins: Concept, blueprint, and challenges for multi-ownership digital service chains

The growing level of interconnectedness of digital services and infrastructures creates tight and recursive security inter-dependencies between their providers. However, cybersecurity operations remain highly fragmented, since common tasks like disclosing vulnerabilities, reporting alerts, and suggesting remediation are largely restricted within the boundaries of the administrative domain of each provider, while cooperation is usually limited to paperwork and human interactions. This practice has already demonstrated to be inadequate and risky, because it cannot effectively address multi-step attacks and kill chains that propagate across multiple domains. In this position paper, we elaborate on the concept, blueprint, and usage of a Cyber-security Digital Twin that models and captures the security posture of such interconnected systems. Differently from existing models, our work explicitly addresses the challenges brought by multi-ownership, by focusing on the overall architecture to build cooperative, agile, adaptive and autonomous processes for threat hunting, detection of lateral movements, and eradication of attacks among multiple domains. For this reason, our framework takes into account the necessary federation mechanisms that address trust and confidentiality concerns.