informa

Tech News and Analysis

5 min read
article

Unlocking the Cybersecurity Benefits of Digital Twins

Security pros can employ the technology to evaluate vulnerabilities and system capabilities, but they need to watch for the potential risks.

Digital twin technology allows for the creation of a virtual duplicate of a live production system, network environment, or cloud instance in real time — and it promises to be a rapidly growing market and boon to manufacturers and security pros alike, according to a new report from Capgemini. The benefits not only provide fallback during scheduled downtimes and improve performance through optimization, but they also aid organizations through the introduction of new business or operating models, the report, "Digital Twins: Adding Intelligence to the Real World," states.

The industry itself is still in its nascent stages, but investments are increasing. The market size for digital twins, which exceeded $5 billion in 2020, is expected to grow at more than a 35% compound annual growth rate between 2021 and 2027, Capgemini states.

Though cybersecurity is not a top driver of the technology at this time, 62% of respondents said cybersecurity and blockchain are of "importance."

Digital twins mirror a real-world system to let designers and engineers examine in realistic detail how different conditions will affect it, such as how a wind turbine might fare in a hurricane. Aside from the manufacturing and business opportunities, however, security pros can employ the technology to stress-test and otherwise evaluate the vulnerabilities and capabilities of security controls on computing environments. The ability to attack a live twin of a production environment — complete with ongoing updates reflected from the original system or environment — without putting data or productivity at risk potentially allows security teams to be as aggressive as they need to be without compromising operations. But whether data is placed at risk still seems to be a debated issue.

Risking Data

Capgemini cautions that security teams do not have carte blanche with digital twins. 

"An adversary affecting a digital twin or its physical counterpart can introduce divergence in the behaviors or states of the two entities," the report states. "Given the bi-directional link between the two, an attacker may negatively affect both through changes in either."  

"There are multiple areas where we have to be very careful about security with digital twins," cautions Brian Bronson, president of the Americas and APAC for Capgemini Engineering. "One of the main ones is the data capture. Because the digital twin has to do simulations with the 'in service' data, the process of capturing the data must be secure in order to protect it."

While the promise of digital twin technology for security is recognized, it might be too soon to fully implement it, says Ollie Whitehouse, global CTO at NCC Group, a research and consulting firm specializing in assessments, detection and response, compliance, and software resilience. 

"At the theoretical level, the assertion holds true," he says. "However, we are likely many decades off from digital twins being as tightly coupled as the paper implies. It's unclear as to their true value, i.e., what metricated improvement in cyber resilience an organization or product will yield if they employ digital twins."

Lisa O'Connor, cybersecurity research and development global lead at Accenture, concurs with the assertions in the Capgemini report. 

"First, all systems should be secure by design. This is no different whether we are building a production system or a digital twin of some aspect of that system," she says. 

If the digital twin is not secure by design, it could become a vector of attack.

"Changing the digital twin or the physical object's perceived behavior by intercepting and modifying the data is a known attack tactic in critical infrastructure and is common in any operational technology [environment]," she continues. "Such manipulations may affect the human operator or resulting analytics to make decisions on the wrong masked data. In the case where a digital twin is designed to provide direct feedback to or control of operational systems, it could directly affect those systems if not properly secured."

Nevertheless, digital twin technology has proponents who foresee its value as a cybersecurity tool. Dan Isaacs, CTO of the Digital Twin Consortium, says digital twin technology already offers security teams the ability to not only test larger environments, but also to become more granular to test more focused systems and infrastructure.

In fact, one can build a nested digital twin environment to uncover focused details related to risk, vulnerabilities, and training, as well as optimize operations. There are no silver bullets, but this is defense in-depth, Isaacs says.

An Emerging Technology

While Capgemini and the Digital Twin Consortium both promote the applications digital twin technology offer for very large environments, such as protecting power grids, network protection, and manufacturing, NCC's Whitehouse is still skeptical, underscoring the challenges the technology still must overcome.

"There has been some evidence that digital twins are possible in small-scale systems, but they have not been shown to scale to our knowledge," Whitehouse says. "There are numerous variables affecting how one can fully implement cyber-physical, complex business processes, and supply chains in a digital-twinned environment. Digital twins are an emerging concept going through rapid evolution."  

But, he cautions, "they are not prime for mass adoption today outside of the very specialized, and especially when looking at cyber resilience challenges. Often-imperfect data and insight into the physical system today coupled with cost constraints means watered-down realities exist. Digital twins are a vision of what might be — but the reality today is often very different when we look at implementation."

Capgemini's Bronson agrees that digital twin technology is at "the beginning of the journey."

"One of the main attention points is to understand that a digital twin is not a 'photo' at one point in time," he says. "We have to think of the full life cycle of the real object that we want to replicate — from the design to the end of life to recycling."

A digital twin is a database that contains sensitive information, warns Accenture's O'Connor. "Protecting the digital twin itself is as important as protecting the system it analyzes," she says.