Introduction In the context of growing cyber risks to critical industries, including bakery complexes, this paper proposes a cognitive architecture for early incident detection in the operational technology (OT) network. Methods The architecture integrates User and Entity Behavior Analytics (UEBA), a Security Information and Event Management (SIEM) system, and Zero Trust principles, focusing on hybrid threats: from external attacks on industrial controllers, such as programmable logic controllers (PLCs) to internal operator errors. At the analytics layer, two complementary deep learning pipelines are used: a convolutional neural network (CNN) + long short-term memory (LSTM) (CNN + LSTM) model for detecting low-level network patterns (Byte2Image) and an autoencoder (AE) combined with LSTM (AE + LSTM model) for predicting time-series data and identifying anomalies in equipment telemetry. An adaptive threshold decision procedure is introduced for the first time, optimizing both accuracy and computational resources on edge nodes. The architecture complies with the IEC 62443 and ISO/IEC 27019 standards. Results and discussion High performance metrics, specifically Precision, were demonstrated in the bakery plant’s digital twin scenarios.
Amirkhanova et al. (Mon,) studied this question.