Insider threats and real-time cyberattacks in Operational Technology (OT) and Information Technology (IT) systems remain inadequately addressed by current detection frameworks that lack simulation, adaptive learning, and auditability. This limitation leaves interconnected systems within the national critical infrastructure (NCI) vulnerable to both internal and external exploits. To bridge this gap, this study proposes a Digital Twin Security Framework Architecture (DTSFA) that integrates Digital Twin simulation, Blockchain, an adaptive classifier, and a novel “Grey Team” concept. The Grey Team supplements the traditional red/blue team methodology by simulating realistic insider attack scenarios, providing deeper insights into complex threat dynamics. The proposed framework enhances training, evaluation, and real-time response to diverse cyber threats. Experimental results demonstrate a 92.14% detection accuracy, a 1.47-s latency, and measurable performance gains, including 14.06% delay reduction and 13.03% improvement in security response time, validating the framework’s ability to strengthen resilience and safeguard critical infrastructure against evolving cyberattacks.
Khdhir et al. (Thu,) studied this question.