Digital twins (DTs) help improve real-time monitoring and decision-making in water distribution systems. However, their connectivity makes them easy targets for cyberattacks such as scanning, denial-of-service (DoS), and unauthorized access. Small and medium-sized enterprises (SMEs) that manage these systems often do not have enough budget or staff to build strong cybersecurity teams. To solve this problem, we present a Virtual Cybersecurity Department (VCD), an affordable and automated framework designed for SMEs. The VCD uses open-source tools like Zabbix for real-time monitoring, Suricata for network intrusion detection, Fail2Ban to block repeated login attempts, and simple firewall settings. To improve threat detection, we also add a machine-learning-based IDS trained on the OD-IDS2022 dataset using an improved ensemble model. This model detects cyber threats such as brute-force attacks, remote code execution (RCE), and network flooding, with 92\% accuracy and fewer false alarms. Our solution gives SMEs a practical and efficient way to secure water systems using low-cost and easy-to-manage tools.
View on arXiv@article{homaei2025_2504.20266,
title={ A Virtual Cybersecurity Department for Securing Digital Twins in Water Distribution Systems },
author={ Mohammadhossein Homaei and Agustin Di Bartolo and Oscar Mogollon-Gutierrez and Fernando Broncano Morgado and Pablo Garcia Rodriguez },
journal={arXiv preprint arXiv:2504.20266},
year={ 2025 }
}