Cybersecurity Digital Twins for Industrial Systems: From Literature Synthesis to Framework Design

Digital Twins (DTs) are increasingly recognized as a strategic technology for enhancing cybersecurity in industrial environments, particularly in the face of rising threats targeting Operational Technology (OT). After comparatively examining closely related DT–cybersecurity frameworks to position the contribution within the existing research landscape, this paper presents a systematic literature review and comparative analysis of 19 recent DT-based cybersecurity studies, focusing on their relevance to incident detection and response in sectors such as Industrial Internet of Things (IIoT), manufacturing, and energy. The analysis evaluates each study across multiple dimensions, including attack types, detection and response mechanisms, DT integration, and technology stacks. From this review, we derive a consolidated set of requirements, categorized as functional, non-functional, security-specific, and domain-specific. These requirements serve as the foundation for a novel, cybersecurity-focused, ISO 23247-based framework. The proposed architecture formalizes a DT-enabled incident detection and response lifecycle aligned with ISO 23247. It is explicitly mapped to the derived requirements and detailed with practical implementation considerations. This work contributes a structured, evidence-based approach to DT-based security engineering and offers a reference design for researchers and practitioners aiming to build resilient, adaptive cybersecurity solutions in industrial settings.