Digital twins and their potential for OT security

A digital twin is a virtual representation of a real system or device. It accompanies its physical counterpart during its entire life cycle. Tests, optimization procedures and bug hunting can be carried out on the twin first without involving the real device (that may not even exist at that moment). In this article, I want to give you some recommendations on how to harness that potential for improving upon the state of OT security (Operational Technology Security), e.g., within manufacturing or building automation.

A new hope for better and more secure OT systems

Ensuring security often means running security tests or rolling-out new security controls on a system. Maintaining a high or even sufficient level of security is challenging, especially when the protected system is required to operate in the field for a long period of time, for example up to 25 and more years in manufacturing. A digital twin may very well be the solution: It allows you to do a lot of security testing before even touching the real system [1]. This security testing can include automatic, periodical testing or penetration and system testing. A system can be checked for hardware and software misconfigurations. Running these tests on the digital twin gives you the benefit of a more realistic estimation on how the system might behave in real life. Furthermore, damage done to the digital twin does not affect operation as the twin can be easily reset. Another prominent use case for digital twins in OT security are intrusion detection and prevention systems that monitor networks for malicious activity. As large amounts of data are required for training their detection mechanisms, digital twins can produce that data and help in training the intrusion detection systems before deployment.

True digital twins are hard to find

Admittedly, the application of digital twins for improving security (and for general purposes) is currently limited. A proper digital twin requires a continuous stream of high-resolution data. This stream of data comes from multiple sources and is changing during the life cycle of the system. Initially, the data may stem from engineering and development tools; later, it may come from the deployed system during its operation in the field. Data of sufficiently high resolution and in adequate quantity (speaking of big data) is key for many use cases in digital twinning. In research, there are many testing environments that use simulation techniques to mimic a real-life counterpart [2]. However, it is hard to find an evaluation that really shows how closely they mimic their real-life counterpart [3]. Finding a method to achieve a sufficiently high level of data resolution (known as fidelity) is a research question that remains to be solved –  at least for the moment. This should be kept in mind when considering possible applications of digital twins for OT security. It appears to be a computer or network engineering challenge as well as an organizational challenge that needs to be tackled before talking about security in greater detail [4].

Fig. 1: Simulation of our production line at Fraunhofer AISEC used to study digital twins.

Future research directions - a step-by-step approach

Since digital twins are rare at this time, different methods can be considered when developing digital twins [5]. Our goal are developments towards digital twins that are beneficial to OT security. With this in mind, we outline a possible development roadmap.

As not all parts of a complex system, e.g., as seen in Figure 1, are equally relevant for studying a given use case, different levels of data resolution can be applied to different system components. An example for this is penetration testing of programmable logic controllers (PLCs) as seen in Figure 2. The twins of PLCs need to mimic the real device more accurately than device twins that are not directly the target of the test. This varying level of realism can be realized with a variety of techniques such as emulation or virtualization. Given further improvements in big data acquisition from industrial environments, digital twins can emerge from that in the future.

Fig. 2: OT equipment of our production line at Fraunhofer AISEC.

[1] Eckhart, M., & Ekelhart, A. (2019). Digital twins for cyber-physical systems security: State of the art and outlook. Security and Quality in Cyber-Physical Systems Engineering, 383-412.

[2] Ani, U. P. D., Watson, J. M., Green, B., Craggs, B., & Nurse, J. R. (2021). Design Considerations for Building Credible Security Testbeds: Perspectives from Industrial Control System Use Cases. Journal of Cyber Security Technology,5(2), 71-119.

[3] Kayan, H., Nunes, M., Rana, O., Burnap, P., & Perera, C. (2022). Cybersecurity of industrial cyber-physical systems: a review. ACM Computing Surveys (CSUR), 54(11s), 1-35.

[4] Giehl, A., Wiedermann, N., Gholamzadeh, M. T., & Eckert, C. (2020, August). Integrating security evaluations into virtual commissioning. In2020 IEEE 16th International Conference on Automation Science and Engineering (CASE)(pp. 1193-1200). IEEE.

[5] Jones, D., Snider, C., Nassehi, A., Yon, J., & Hicks, B. (2020). Characterisingthe Digital Twin: A systematic literature review.CIRP Journal of Manufacturing Science and Technology,29, 36-52.

Additional Information
Author
Autorenfoto_Giehl
Alexander Giehl

Alexander Giehl has worked at Fraunhofer AISEC since 2013, where he specializes in improving cybersecurity via modelling and simulation. He focuses on secure embedded systems, security in manufacturing and automotive, digital twins, as well as general cybersecurity and management systems. In addition, he supervised the research project »IUNO Insec« developing cybersecurity solutions for SMEs funded by the German Federal Ministry of Education and Research (BMBF).

Most Popular

Never want to miss a post?

Please submit your e-mail address to be notified about new blog posts.
 
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.

* Mandatory

* Mandatory

By filling out the form you accept our privacy policy.

Leave a Reply

Your email address will not be published. Required fields are marked *

Other Articles

So you want to play with Wi-Fi? It’s dangerous to make frames alone. Take this.

While Wi-Fi communication encryption faces much scrutiny, programming errors in drivers and firmware of embedded devices lack third-party pentesting. In this blog article, our Embedded Security expert Katharina Bogad provides insights in automatic (fuzz) testing of 802.11 firmware and drivers, explains why it is necessary to arbitrarily alter a wireless connection and explores the hardware and software requirements to do so. Further she discusses how to use the monitor mode for passive listening and frame injection and closes with a section of assorted pitfalls.

Read More »

AI – All that a machine learns is not gold

Machine learning is being hailed as the new savior. As the hype around artificial intelligence (AI) increases, trust is being placed in it to solve even the most complex of problems. Results from the lab back up these expectations. Detecting a Covid-19 infection using X-ray images or even speech, autonomous driving, automatic deepfake recognition — all of this is possible using AI under laboratory conditions. Yet when these models are applied in real life, the results are often less than adequate. Why is that? If machine learning is viable in the lab, why is it such a challenge to transfer it to real-life scenarios? And how can we build models that are more robust in the real world? This blog article scrutinizes scientific machine learning models and outlines possible ways of increasing the accuracy of AI in practice.

Read More »

Digital twins and their potential for OT security

A digital twin is a virtual representation of a real system or device. It accompanies its physical counterpart during its entire life cycle. Tests, optimization procedures and bug hunting can be carried out on the twin first without involving the real device (that may not even exist at that moment). In this article, I want to give you some recommendations on how to harness that potential for improving upon the state of OT security (Operational Technology Security), e.g., within manufacturing or building automation.

Read More »

Post-quantum cryptography in practice

The threat posed by quantum computers to the asymmetric cryptography in use today has been well known in the scientific community for more than 25 years, since Peter Shor published a polynomial algorithm for prime factorization to solve the discrete logarithm on a quantum computer. In recent years, crypto experts have increasingly been warning of the progress that is being made in quantum computing and its relevance for cryptography.

Research on post-quantum cryptography (PQC) at the Fraunhofer Institute for Applied and Integrated Security AISEC aims to enable businesses, government bodies and citizens to continue to have access to usable cryptography that will remain secure in the long term so they can keep their data secure. This blog article provides a brief overview of four ongoing projects.

Read More »