GUEST ESSAY: How to secure ‘Digital Twins’ to optimize asset use, while reducing exposures
Our technological world is advancing at dizzying speeds.
Related: The coming of a ‘bio digital twin”
Over the last decade, we have seen the introduction of 4G and 5G telecommunication service, the iPad, Instagram, and the introduction, acceptance, and adoption of cloud services from Microsoft, Google, and Amazon, as well as cloud computing.
Add in an increasing focus on data becoming a crucial enterprise asset—as well as the introduction of countless database and analytical tools, digital twins, artificial intelligence, and machine learning—and we are dealing with unprecedented technical complexities and risk.
Digital twins are just one example of a complex system, but they expose companies to a lot of risk if they are not properly implemented with a cybersecurity plan in place. Digital twins are a digital representation of reality, either in physical or process form. For example, think of digital cities, or digital infrastructure assets.
Leveraging digital twins
One might operate a plant and then use the digital twin of that plant to plan maintenance and optimization and see what would happen before they execute in reality. Another example is a city using a digital twin so that they can model floods or earthquakes. Digital twins are incredibly useful.
But think of the risks. For example, what if a bad actor accesses a digital twin of a major dam or some other critical piece of infrastructure? They might be able to find the most vulnerable spots in the physical structure to stage a terrorist attack.
Rutkowski
Or what if a competitor got the digital twin of some complex machinery that a company invented? They would have that company’s IP in hand. Clearly, it is crucial that any digital twins (or other complex systems) are secured at the highest level.
The biggest challenge is that because digital twins are central to planning, operations, maintenance, and modeling, they cannot simply be locked up with high walls built around them. That would result in a digital twin that was once perfect but is now outdated.
Access security challenges
To gain maximum value, the digital twin must be used and kept evergreen, with constant updates, for planning, operations, maintenance, and modeling. Therefore, we must keep the digital twin as open as is needed.
The first step is to determine who needs to access the digital twin. Will they need to simply look at it, or download it, or update it?
Access needs to be provided to only those who need it, in the areas of the digital twin that they need, and at the appropriate level. These levels of access will ensure that everyone can do their jobs, but not so widely that they can even accidentally edit data that they should not have access to in the first place.
Another consideration is understanding what happens if a bad actor does get into the digital twin. What will happen? Will they steal IP? Can they access industrial control systems? Will they be able to get into the SCADA systems perhaps tied to the digital twin? Will they be able to gain control of all the monitors or other remote devices (in our Internet of Things world) tied to the digital twin?
Let’s hope not, but if so, it’s essential that companies understand the risks and have a plan to address them. They need a comprehensive cybersecurity plan. Depending on their security maturity, they may also decide to outsource the risk by having a managed service host their digital twin.
Managing scenarios
Whatever the solution, it is key to develop and practice response plans to various attacks. It is far too late to figure out who to call when a digital twin has been breached and a hacker has all the company’s IP or is in the digital twin changing things.
Instead, companies should create a list of scenarios that would pose a threat to their organization and then walk through each one with key stakeholders to identify who will need to be called, how the issue will be communicated, what cyber insurance will cover, and what next steps will be followed. Each scenario then needs practice, to ensure everyone is ready should a situation arise.
While it may all sound risky, we should not shy away from adopting and leveraging complex technology like digital twins. Preparation and planning are key. The payoff and return on investment are too great to just ignore.
However, we do need to carefully consider and address the cybersecurity risks and deploy responsibly so that everyone has the trust in the technology that they need to achieve full utilization.
About the essayist: Claire Rutkowski, is the chief information officer for Bentley Systems, a supplier of software solutions to accelerate project delivery and improve asset performance.
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-how-to-secure-digital-twins-to-optimize-asset-use-while-reducing-exposures/
