Digital Twin and Cybersecurity: What are the Implications?
2020-01-30 Marcellus Buchheit
Since the research firm Gartner described it in 2017 as a “disruptive trend that will have increasingly broad and deep impact over the next five years and beyond,” and again as one of its “Top 10 Strategic Technology Trends for 2019”, the concept of digital twins has risen in popularity across a wide range of market segments, particularly in the IoT and the Industrial IoT.
Before delving into the concept further, let’s first present a basic definition. In the most simplest of terms, Wikipedia defines a digital twin as a digital replica of a living or non-living physical entity. The most cited early application of digital twins was demonstrated by NASA: Because they were not able see and monitor their systems physically while in space, they created digital models on the ground to simulate and analyze their systems. A most dramatic example of use was Apollo 13 for which a digital twin was developed to assess and simulate conditions on board the troubled space capsule to gather critical data needed to bring it home safely.
In the modern, connected world, digital twins integrate IoT, artificial intelligence, machine learning and software analytics to create living digital simulation models that update and change as their physical counter parts change. A digital twin continuously learns and updates itself from multiple sources using sensor data to represent its near real-time status, working condition or position. A digital twin also integrates historical data from past machine usage to factor into its digital model.
Use cases for digital twins are many and can be found in healthcare, utilities, disaster management, insurance, and smart cities; essentially in any industry where data can be collected from digitally connected sensors, as is the case in the Industrial Internet of Things (IIoT) and Industry 4.0. The Industrial Internet Consortium (IIC) is actively working on practical guidance on the use and application of digital twins including frameworks for digital twin architecture, security interoperability and user experience. In fact, the most recent edition of the IIC’s Journal of Innovation (November 2019) is dedicated solely to digital twins and the technologies and use cases surrounding it.
Of course, as is the case with any emerging technology, we at Wibu-Systems are most concerned with the implications on security. As such, we were very interested in the article by Mark Hearn and Simon Rix of Irdeto, entitled Cybersecurity Considerations for Digital Twin Implementations. The authors note that the rise of digital twins is part of a wider smart technology revolution in the industrial and manufacturing sectors and the benefits are clear. However, they also point out that the widespread use of digital twins, as is the case with any technological advancement based on connectivity, increases the number of vulnerabilities (or attack surfaces) for software, risk of Intellectual Property (IP) theft and exposure of critical processes, and even pose security threats to the physical systems they represent.
The article points out that while the digital twin must be an accurate representation of the real system to be effective, there will inevitably be gaps between the digital twin and the actual system, and therein lies the security vulnerabilities to the system if those gaps are not clearly understood. Another security concern noted that if the twin is obtained by a hacker, it can then serve as a blueprint to the real system, identifying components, their behaviors and their interfaces, giving the hacker an internal view of the system and vulnerable attack points. If a digital twin is compromised by a hacker, it also has the potential to expose the organization to backend system attacks.
This article further focuses on the criticality of securing the digital twin’s platform and hardening its software—both for the safety of the digital twin and for the real system it is monitoring. If you are involved with investigating and working with digital twin technology, I recommend you take a closer look at this article and the others presented in the JOI magazine.
Also, if you happen to be attending the IoT Evolution Expo in Ft. Lauderdale, FL, you will be interested in the panel discussion, Digital Twin: Uses, Advantages and Implications, on Thursday, February 13 at 4 pm. Ken Briodagh, Editorial Director of IoT Evolution World, Eric Thompson, Industrial IoT Consultant Tech Data, and I will discuss use cases and concerns about a digital twin, and how it can follow the physical reality of assets and products to produce an image of IoT systems.
Furthermore, you might be interested to learn about Wibu-Systems contribution to the DigiFab4KMU initiative, a collaborative effort to re-engineer established approaches in the construction industry. In conjunction with ARNOLD IT Systems GmbH, archis Architekten + Ingenieure GmbH, and Karlsruhe Institute of Technology (KIT), the group intends to enable a meaningful integration of all construction phases and the underlying data in a single system by developing an innovative integrated virtualization system or IVS. Wibu-Systems is actively contributing to the design of an innovative service model that will ultimately provide the IVS to small and medium-sized businesses with added protection for the application and its data.
Contributor
Marcellus Buchheit
Co-founder of WIBU-SYSTEMS AG, President and CEO of WIBU-SYSTEMS USA
Marcellus Buchheit earned a master's degree in computer science from the University of Karlsruhe, Germany, in 1989, the same year he co-founded Wibu-Systems. He is known for designing innovative techniques to protect software from reverse-engineering, tampering and debugging. He frequently speaks at industry events and is co-author of the IIC's Industry IoT Security Framework publication. He is currently president and CEO of Wibu-Systems USA, Inc. based in Edmonds, Washington State.