Virtual protection of the real world
Imagine that you have a virtual copy of your IT infrastructure. A “clone” allows you to find and fix security vulnerabilities before hackers attack your network. It should be trained on artificial attacks to cope with any kind of hacking. Such overprotection is possible thanks to digital twin technology. Andersen’s cybersecurity experts explain how digital twin software improves IT security services.
Digital twin revolution
The concept of digital twins emerged more than fifty years ago when NASA was carrying out the Apollo space program but caught the attention of IT security professionals much later. Today, when companies are going digital, “clones” are becoming more and more popular in various sectors of the economy, whether it is construction, oil industry, or manufacturing. Experts have calculated that in five years the digital twin market will reach $48.2 billion.
A digital twin is a virtual copy of a physical product or device. It’s not a simple 3D model. All physical processes that can occur with a real product are modeled on a digital twin. All the data that a physical product provides (from paper, ERP, or PLM systems) can be added to a computer image. A set of data about a real product, which is kept in the virtual world, is its computer image.
Digital twins are possible thanks to the Internet of Things (IoT). Every second, specialists receive data from a real object using sensors and information systems.
Any physical object can be a digital twin: a car, engine, oil well, building, and even a city. For example, if a factory wants to improve the process of picking goods, it can collect information from sensors about the speed of objects moving, the number of workers, their productivity, and so on. Based on this information, IT specialists create a digital twin that reproduces all the processes of a real object.
With the help of “clones”, you can set production parameters (for example, the number of workers) and check them under various conditions. This enables engineers to plan products in greater detail, respond to customer requests faster, and predict outcomes more accurately.
For a long time, designers who created models had no idea how accurately they would work in the real world. For them, bringing a product to production was almost like flying into space. With a digital twin, the path of a product from design to production is calculated in minute detail.
We will tell you how this technology is used to eliminate cyber threats.
Digital twin technology in cybersecurity
Cybersecurity experts have discovered the potential to combat hacker attacks in digital twin technology.
Over the past year, the number of Internet threats has grown, and they are becoming more difficult to detect and prevent. This happened because the pace of digitalization has accelerated: the number of connected devices is increasing, applications are collecting more data, and companies are moving assets and infrastructures to the cloud. Statistics tell that data breaches due to cyberattacks cost large organizations an average of $116 million.
Businesses protect the corporate network with cyber threat detection and elimination systems and risk assessment tools, but these methods are no longer enough. Digital twin technology is one of the state-of-the-art approaches to solving this problem.
How does it work?
- Specialists create a virtual copy of any physical device of the company, including IT infrastructure.
- A digital “clone” is exposed to trial cyberattacks. It helps to search for potential security “holes”. It is also taught to detect threats.
- Virtual twins display the data needed to protect intelligent machines and provide a better understanding of the internal processes of the software.
Digital twins are created based on the following data:
- hardware architecture of the device,
- operating system and its versions,
- memory stream,
- compilation mode and other information.
The capacities of digital twins
Let’s consider three cases when digital twin technology improves IT security services.
1. Standardization of firmware options.
Smart machines usually include several programs for different operating systems from different manufacturers. Software is created using various hardware architectures, frameworks, and other technologies. The combination of programs is unique in each company and it is difficult and expensive to find the right protection tools.
Digital twins make it easier to assess the security of intelligent machines across different combinations of programs through CVE scanning, zero-day threat analysis, and privacy violations.
2. Protection of intellectual property.
It is important for developers that the source code of programs remains intact and does not change. Vendors, on the other hand, need the firmware code to provide security, test it, and perform other operations. With digital twins, manufacturers may not share up-to-date firmware with a valuable IP.
Instead, they have the right to provide a virtual copy with all the information necessary for security analysis. This approach provides a new level of transparency throughout the supply chain.
3. More options for security groups.
As we mentioned above, each vendor uses different technologies, which makes it difficult to monitor security. Security assessors should be familiar with each technology.
Digital twins make the work of experts easier: they do not need to spend time analyzing the binary code. Instead, they freely take tests and make assessments without doing work that they do not specialize in.
Digital twin use cases in cybersecurity
To develop digital twin software, you need to know the scenarios when it is used. There are at least six main options:
1. Safe design of cyber-physical systems.
Digital twin companies offer to use such software to evaluate how the system behaves during a simulated attack. This method allows you to predict damage to programs, find weak spots in the architecture, unprotected services, and so on. For example, security analysts are investigating whether a hacker can penetrate a programmable logic controller using a compromised data archiver to endanger the enterprise.
2. Intrusion detection.
A virtual environment makes it possible to simulate the behavior of a system under certain circumstances. For example, the algorithm of an antivirus program can be modeled with replication. Developers create various viruses and thus train the system, programming a counterattack for each cyberattack scenario. This helps to protect business assets from potential attacks.
3. Predicting risks.
Digital twins predict security risks and prioritize fixing vulnerabilities. At the same time, the inaccuracy in the assessment of the impact of threats on business is no more than 5%.
The risk assessment is carried out as follows:
- Specialists receive attack graphs.
These graphs illustrate how hackers move from entry point to target. Experts study the basic processes to determine how experienced a cybercriminal must be to hack the system. The graphs also show how much harm hackers can cause.
- Threat assessment.
Experts compare the findings with the processes in the organization and determine how much the production will suffer.
- Elimination of risks.
The team knows which risks to eliminate first and addresses them.
For example, Cybellum creates virtual versions of car components and mimics the firmware in electronic control units (ECUs). Digital twins use this data to analyze and scan for cyber risks in existing and upcoming car models.
1. Detection of incorrect hardware and software settings.
A digital twin mimics the functionality of a device. If the hardware and software setup changes, any deviation between the physical counterpart and its virtual clone may indicate an attack.
2. Security testing.
The computer image of the system can be used as a testing ground without interfering with the live environment. Quality assurance — Andersen test security virtually without breaking the working system and freeing operators from unnecessary costs.
The Siemens team uses a virtual database for information gathering and testing. Based on it, digital twins build algorithms for protecting chemical production from malicious viruses.
The concept of digital twins can be used to protect the personal data of users collected by smart devices and various applications. Imagine an autonomous car that constantly receives information from onboard sensors. This information is stored in its virtual copy and, according to the General Data Protection Regulation (GDPR), cannot be shared with third parties.
A digital twin can depersonalize this data and share it, for example, with an insurance company and other interested organizations. At the same time, the client’s right to confidentiality is preserved. The insurance company, in its turn, may use the information to offer a more relevant product or service.
Technologies such as data analytics, AI, and IoT will continue to spread, and with them, the need for reliable protection against cyber threats will grow. According to the Forbes IT community, digital twins solve major security problems by reducing costs and time-to-market.
If you’re looking to improve your organization’s security, Andersen’s security experts with 15 years of experience in the field are here to help.