Threat Modeling for Digital Twins
1 INTRODUCTION
The digital twin is characterized by its ability to simulate and synchronize data between the virtual representation or acting model and the real world. This ability may become a specific threat vector. The complete system integration which makes us consider the acting model, application of platform as digital twin system may have an unrecognized impact on the real-world systems, especially in the case of cybersecurity attack. We’ ll consider the approach on threat analysis and assessment of risks to improve the assurance on proper digital twin implementation and use.
The proposed approach to threat analysis and cybersecurity risk assessment is aimed to improve trustworthiness of digital twins which is the benefit for business. The analysis is based on the known methods of risk assessment but also considers the specific purpose and capabilities of the digital twin system.
1.1 DIGITAL TWIN TRUSTWORTHINESS AND SECURITY
A digital twin is an integrated data-driven virtual representation of real-world entities and processes, with synchronized interaction at a specified frequency and fidelity. In terms of system engineering 1 approach, the digital twin is an engineered system 2 which comprises a part of more complex system with emergent properties. 3 These properties may contribute to the trustworthiness of the whole system or its parts, or, conversely, may pose threats.
Trustworthiness in the context of the Internet of Things vocabulary is defined as the“ ability to meet stakeholders’ expectations in a verifiable way” [ 1 ]. Depending on the context or sector, and on the specific product or service, data, technology and process used, different characteristics apply and need verification to ensure that stakeholders’ expectations are met. Characteristics of trustworthiness include, for instance, accountability, accuracy, authenticity, availability, controllability, integrity, privacy, quality, reliability, resilience, robustness, safety, security, transparency and usability. Further use of the term“ trustworthiness” in this article means“ trustworthiness of digital twins” since this is the subject of our discussion. Trustworthiness of digital twins assumes the proper implementation of the intended digital twin purpose and the absence of harm to the environment, both digital and physical, even under cyberattack.
Security in the context of trustworthiness is the assurance that a protective measure is effective relative to an actual or perceived cyber threat. Among the consequences of threat, the impact on safety may be considered, and maintaining safety may be one of security objectives. Generally, security objectives usually reflect the system purpose and scenarios of its intended use. The Internet of Things document [ 2 ] mentions maintaining privacy while working online,
1 https:// sebokwiki. org / wiki / Systems _ Engineering _ Overview
2 https:// sebokwiki. org / wiki / Engineered _ System _( glossary)
3 https:// sebokwiki. org / wiki / Emergent _ Property _( glossary)
18 May 2025