1. Virtual Protection of the Real World
Imagine you have a virtual copy of your IT infrastructure. "Clone" allows you to find and fix security holes before hackers attack your network. It should be trained with human attacks to deal with any kind of hacking. This overprotection is made possible thanks to digital twin technology. Andersen's cybersecurity experts explain how digital twin software can improve IT security services.
2. The digital twin revolution
The concept of a digital twin emerged more than 50 years ago during NASA's Apollo space program, but has since caught the attention of IT security professionals. Today, as companies go digital, "cloning" is gaining popularity across all sectors of the economy, whether it's construction, the oil industry or manufacturing. According to expert calculations, the digital twin market will reach $48.2 billion in five years.
A digital twin is a virtual copy of a physical product or device. This is not a simple 3D model. All physical processes that may occur on a real product are modeled on the digital twin. All data provided by the physical product (from paper, ERP or PLM systems) can be added to the computer image. A set of data about the real product stored in the virtual world is its computer image.
Digital twins are possible thanks to the Internet of Things (IoT). Every second, experts receive data from real objects using sensors and information systems.
Any physical object can be a digital twin: cars, engines, oil wells, buildings, even cities. For example, if a factory wants to improve its picking process, it can gather information from sensors about how fast objects are moving, the number of workers, their productivity, and more. Based on this information, IT specialists create a digital twin that can reproduce all the processes of the real object.
With the help of "Clone", you can set production parameters (for example, the number of workers) and check them under various conditions. This enables engineers to plan products in greater detail, respond to customer requests more quickly and predict outcomes more accurately.
For a long time, designers who created models had no idea how accurate they would work in the real world. For them, launching a product into production is almost like flying into space. With the help of digital twins, the path of a product from design to production can be calculated in detail.
How this technology can be used to eliminate cyber threats is worth exploring.
3. Digital twin technology in network security
Cybersecurity experts see the potential of digital twins to fight hackers.
Over the past year, the number of Internet threats has increased and become more difficult to detect and prevent. This is happening because the pace of digitization is accelerating: the number of connected devices is increasing, applications are collecting more data, and companies are moving assets and infrastructure to the cloud. Statistics show that data breaches due to cyber attacks cost large organizations an average of $116 million.
Organizations use cyber threat detection and mitigation systems and risk assessment tools to protect corporate networks, but these methods are no longer sufficient. Digital twin technology is one of the most advanced ways to solve this problem.
How does it work?
1. Experts create a virtual copy of any physical device in the company, including IT infrastructure.
2. Digital "clones" exposed to experimental cyber attacks. It helps to search for potential security "holes". It is also taught to detect threats.
3. The virtual twin displays the data needed to protect intelligent machines and provides a better understanding of the internal processes of the software.
A digital twin is created based on the following data:
- the hardware architecture of the device,
- operating system and its version,
- memory stream,
- Compilation mode and other information.
4. Capabilities of digital twins
Let us consider three cases where digital twin technology improves IT security services.
1. Standardization of firmware options.
Smart machines often include multiple programs for different operating systems from different manufacturers. Software is created using various hardware architectures, frameworks, and other technologies. Every company's program mix is unique, and finding the right protection tools can be difficult and expensive.
With CVE scanning, zero-day threat analysis, and privacy violations, digital twins make it easier to assess the security of intelligent machines across different combinations of programs.
2. Intellectual property protection.
It is important for developers that the source code of the program remains intact and does not change. Vendors, on the other hand, need firmware code to provide security, test it, and perform other operations. With digital twins, manufacturers may not share the latest firmware with valuable IP.
Instead, they are empowered to provide a virtual copy containing all the information needed for security analysis. This approach provides a new level of transparency throughout the supply chain.
3. More security group options.
As we mentioned above, each vendor uses different technologies, which makes monitoring security difficult. Security assessors should be familiar with each technology.
Digital twins make the job of experts easier: they don't need to spend time analyzing binary code. Instead, they don't do work they are not good at, but are free to test and evaluate.
5. Digital twin use cases in cybersecurity
To develop digital twin software, you need to know its usage scenarios. There are at least six main options:
1. Security design of cyber-physical systems.
Digital twin companies offer the use of such software to assess how systems behave during simulated attacks. This approach allows you to predict program corruption, find weaknesses in the architecture, unprotected services, etc. For example, security analysts are investigating whether hackers could use compromised data archivers to infiltrate programmable logic controllers to compromise businesses.
2. Intrusion detection.
A virtual environment can simulate the behavior of a system in a specific situation. For example, the algorithm of an antivirus program can be modeled by replication. Developers create various viruses to train the system to program counterattacks for each cyber attack scenario. This helps protect corporate assets from potential attacks.
3. Anticipate risk.
Digital twins predict security risks and prioritize remediation of vulnerabilities. At the same time, the error in the assessment of the threat's impact on the business does not exceed 5%.
The risk assessment is carried out as follows:
- Experts receive attack graphs.
These diagrams illustrate how hackers move from entry points to target points. Experts study the basic processes to determine how experienced a cybercriminal must be to break into a system. The charts also show the level of harm hackers can cause.
- Threat assessment.
Experts compare the findings to processes in the organization and determine how much production will be affected.
- Eliminate risk.
The team knew which risks to eliminate first and addressed them.
For example, create virtual versions of automotive components and simulate firmware in electronic control units (ECUs). Digital twins use this data to analyze and scan for cyber risks in existing and upcoming vehicle models.
1. Incorrect hardware and software settings detected.
A digital twin mimics the functionality of a device. Any deviation between the physical counterpart and its virtual clone could indicate an attack if hardware and software settings change.
2. Security testing.
A computer image of the system can be used as a testing ground without disturbing the live environment. Quality Assurance - Andersen minimizes disruption to working systems and saves operators from unnecessary cost to test for safety.
The Siemens team used virtual databases for information gathering and testing. On this basis, the digital twin builds algorithms that protect chemical production from malicious viruses.
3. Privacy.
The concept of a digital twin can be used to protect users' personal data collected by smart devices and various applications. Imagine a self-driving car that is constantly receiving information from on-board sensors. This information is stored in its virtual copy and cannot be shared with third parties in accordance with the General Data Protection Regulation (GDPR).
Digital twins can depersonalize this data and share it with insurance companies and other interested organizations. At the same time, the customer's right to confidentiality is protected. Insurers in turn can use this information to offer more relevant products or services.
6 Conclusion
Technologies such as data analytics, artificial intelligence, and the Internet of Things will continue to spread, and with it, the need for reliable cyberthreat protection will grow as well. According to Forbes IT Community, digital twins address major security concerns by reducing costs and time-to-market.