Cyber Digital Twins, a double edged sword
Web 3.0 is all the rage right now, but fewer is heard about Industry 4.0. This revolution in the sector entails a large number of innovations, solutions and mutations. “Simulation”, “Internet of Things”, “Big Data”, “Cybersecurity” are some of the pillars of this new industry. Neat!
In order to set this Industry 4.0 revolution into motion, new innovations rise to tackle the challenges of one or several pillars at a time. Today, we will dive into Digital Twins (DT), especially Cyber Digital Twins (CDT). We will see how they can drastically improve security and simulations capabilities, but also increase attack surface and entry points for attackers.
Before anything, let’s look at some definitions.
A digital twin is a model used to mimic an instance, a system or a process in a digital format. If that is not clear, you can imagine a light detector that transmits the brightness to a control center every minute. A digital twin of such a detector would possess the same characteristics, the same configuration, the same protocols implemented… It would almost be the same, except all of this information would not be stored locally on a physical device, but as a digital model on some computers.
When it comes to interaction with the physical counterpart of a digital twin, it should be automated, bi-directional and real-time. This means actions should be taken without the need for manual activation or authorisation (like doing a configuration comparaison), that the physical and cyber devices should converse (data is transferred in both directions) and that the DT should try to always depict the physical device, as fast as possible.
A Cyber Digital Twin (CDT) is, unsurprisingly, a DT with a specific focus on security.
Cyber Digital Twins to the rescue!
Secured IoT systems are hard to come by. The requirements of IoT usually limits the memory and computation capabilities of sensors and connected objects, which too often translates into bare minimal security considerations. If the cardiac rhythm given by a smart watch of some random population is tampered with, cardiologists will be booked for a month and that’s pretty much it (while that is not great, the threat is minimal). If the temperature sensor of a nuclear plant is tampered with… Well this could be quite bad. IoT security is mainly problematic for industries and critical infrastructures.
Attacks on IoT devices increased by more than 300% in the first half of 2019, while the rate of detection is as low as 0.05% in the U.S. (a country that cannot be described as late in this aspect) [1]. The trend is very clear: if security is not improved for IoT, this will become the greatest point of failure of a lot of indutries.
CDT could be a very efficient way to reduce the risk of attacks on IoT systems, to detect intrusions and to monitor a large number of devices. But how?
First of all, CDT can help discover security vulnerabilities. By mimicking the physical device, they can scan their own status and flag issues that should be investigated. This implies efficient scans being developed.
Second of all, CDT can be used to do tests that would be impossible or dangerous to create in the physical environment. This means being able to test configurations and updates, simulate intrusion scenarios, go through trial and error to acquire insights on the reaction of the overall system to specific changes. These insights can then be translated to the physical system and its security.
Next is the potential for automation, with regular updates tracking for an improved patch management, test automation and analysis, and active cyberdefence. This could translate into CDT taking steps to detect and respond to incidents in real-time, like isolating a rogue device that is compromised.
Creating an almost autonomous system often implies A.I., which requires huge amount of data to train. Not a problem for a model that produces more logs and reports than any human could ever go through. This means that big data and A.I. could be intertwined into CDT configurations to increase adaptability.
Overall, the biggest contribution of CDT is to create a digital environment that can be used to produce smart and volatile configurations to keep up with a sector in constant evolution.
But at what cost?
Like all good things the world, there are some drawbacks to CDT, especially when it comes to surface attack. We will look at the challenges caused by CDT through the lens of the cybersecurity triad : availability, integrity and confidentiality.
A digital twin should improve the availability of the physical twin by allowing better maintainability over time, as well as by monitoring the longevity of the piece. These efforts could be easily broken if the DT is used as a way to access and deactivate the physical object. Any change of the DT could potentially impact severely the counterpart, effectively lowering availability.
When it comes to integrity, the main concern is data tampering or deletion. And under “data” lies different types of communications: the actual data sent from the physical device to the DT, the commands from the DT to the physical device, the data sent from the DT to the operation center, and likewise the commands from the operation center to the DT.
领英推荐
This is a lot of telecommunications to secure. But if the integrity of the data is not respected, how could we trust the results? If you send command A, that command Z is run and the result of Z is tampered as well, nothing will come out of the DT system. And that is the best case scenario. An attacker could choose to intercept your trafic and modify the data at his will, green lighting all the tests and leading to a false sense of security.
Another point that needs to be addressed when it comes to integrity : the similarity of the DT and the physical device. Even if your communications are perfectly secured (which is impossible), what good comes out of a model that does not accurately depicts the features of its twin? Not much, unless the goal was to create a bunch of useless data.
A DT system also requires a particular attention to confidentiality. It is effectively easier for attackers to access data, sometimes sensible informations. Strong authorisations methods must be implemented to restrict who can access which data. As more data travels on the network, the chance of outside parties gaining access to secret information increases.
Most of the data is either trade secrets or intellectual property that should be treated with extreme care. Even security configurations can be considered proprietary information and should be kept private. A leak of all or some of this data could lead to massive economic impact. Especially the data used in the DT, as it has both a practical use (used to find out attack vectors for cybercriminals) and financial use (configurations are costly to engineer).
For example, a copy of the DT can fasten the process of reverse engineering then re-engineering a device. Industrial espionnage is not new and quite hard to fight off, but broadcasting intellectual property and trade secrets is certainly not the right way to go about reducing it.
Man-in-the-middle attacks are a great example of how someone might acquire a lot of information, simply by sitting in the middle of the network and forwarding the messages as intended after creating a copy of each one of them.
We saw how DT and CDT could be used to increase the cyberdefense of IoT deployments. By creating an environment close to reality to test configurations, patches and attacks, this technology could be the best way to assist in large-scale projects where security is a primary concern.
But DT also increase the attack surface, leading to concerns for the integrity and confidentiality of the data. It should be implemented with care and in a controlled environment.
Some solutions are already being explored. One of them is to create a complex digital deployment with several DT for each physical device. Some would be restrained in how they can impact the physical device in order to limit the impact of a successful cyberattack. This is unfortunately also a great way to expand even further the attack surface, while creating new problems when it comes to interactions between DTs.
Another interesting idea is to use blockchain. Blockchain is secured by design, and has been used for financial transactions for quite some time. Blockchain induces private, peer to peer encrypted transactions that also produces digital records. It would certainly be a great fit for application on DT systems.
At last, the final point to consider is ethics. Digital Twins is a technology deeply intertwined with A.I., IoT, Robotics, Big Data, and much more. DT generate a lot of logs, their use should be addressed from an ethical standpoint, especially when the data is related to humans, like with healthcare or connected homes.
The internet is a hostile environment
Noé Motte Awesome! Thanks for Sharing! ?