Cybersecurity Considerations for Digital Twin Implementations
Digital Twin Threats
new innovations for the purposes of best
matching the functionality and performance
of the real system the twin is mirroring.
However, the original security models such
as hardware security, air gapping, etc. used
to protect software in the real system may
not be applicable on the twin itself, as the
twin is often deployed on standard
platforms such as an industrialized PC. This
article focuses on the criticality of securing
the digital twin’s platform and hardening its
software—both for the safety of the digital
twin and for the real system it is monitoring.
There are a multitude of use cases for digital
twins in industrial and manufacturing
environments
for
everything
from
production to safety purposes. While the
definition of a digital twin may refer to a
critical data model in one context or
software containing IP in another (or even
both), in all cases, digital twins touch
production assets that may be business
critical—and herein lies the risk of digital
twins that must be considered and
mitigated. A Wall Street Journal article from
Deloitte cites an example of an industrial
manufacturer using a digital twin to bring
down liabilities and maintenance costs in the
field. 4 When it comes to IoT and IIoT, digital
twins could actually be used for security, as
outlined by Gerald Glocker on the Bosch
ConnectedWorld blog in 2018. 5 However, as
Michal Cobb of SearchSecurity points out,
“While digital twins can improve the security
of IoT devices and processes, it is critical to
consider the security of the twins
themselves when implementing one.” 6
Indeed, the security threats associated with
the digital twin may be a risk to the physical
systems they represent. The key for any
digital twin is that to effectively assist the
ecosystem, it must be as accurate a
representation of a real system (or selected
aspects of a real system, depending on the
purpose of the digital twin) as possible.
However, inevitably in the design process,
gaps between the digital twin and the actual
system will likely exist. This is not a problem
if the gaps are fully understood and
considered in the security strategy.
Unfortunately, we have seen that the
security gaps between the twin and the
physical system can often be poorly
understood. For example, physical hardware
may frequently have advanced security
While the definition and implementations of
digital twin vary, this article focuses on
software implementations, particularly in
cases where the digital twin implementation
uses both existing intellectual property and
4
Mussomeli, Parrott and Warshaw, Meet Manufacturing’s Digital Twin, Deloitte & Wall Street Journal, September 2017,
https://deloitte.wsj.com/cio/2017/08/09/meet-manufacturings-digital-twin/
5
Glocker, A primer on digital twins in the IoT, Bosch Connected World Blog, October 2018, https://blog.bosch-si.com/bosch-iot-
suite/a-primer-on-digital-twins-in-the-iot/
6
Cobb, With an IoT digital twin, security cannot be forgotten, Internet of Things Agenda, February 2019,
https://internetofthingsagenda.techtarget.com/tip/With-an-IoT-digital-twin-security-cannot-be-forgotten
IIC Journal of Innovation
- 109 -