Cybersecurity Considerations for Digital Twin Implementations
Steps to Securing a Digital Twin
Implementation
secure software development lifecycle
(SDLC) management process that includes all
aspects of the lifecycle, from inception to
system retirement. Once in place, the SDLC
must become a key part of product
development.
Earlier, we discussed the increased amount
of digital twin development in Industry 4.0
activities. This, combined with the identified
availability of general-purpose twin
development environments, is a major
reason for the growth in digital twin usage,
and the providers of these environments
also have a vested interest in ensuring
security. For example, Microsoft publishes a
variety of best practice tips for digital twins
based on Azure. 8
As there is no prescriptive SDLC formula, this
paper will discuss security concepts from a
general, secure product development
viewpoint. A clear set of high-level
requirements or goals is essential to begin
any project. They need to be specific and
measurable. Once the security requirements
are understood and committed, it is
imperative that attention be given to the
software design process. This step is often
rushed and can lead to severe problems later
in the process. Good software design must
take security and testing into account at the
earliest point as these items often impact
solution design. The design phase should
only be considered as complete when the
design, test plan and security requirements
are met.
To minimize the risk associated with the
development and operation of a digital twin
or any system within the organization, the
involved parties must consider some basic
guidelines
during
design
and
implementation.
The first place to start may sound odd, but
security only flourishes when the
organizational culture actively enables it in
an ongoing manner. Clearly there is a
difficult and delicate economic balance to be
found in a competitive marketplace where
time to market, solution features and profit
compete with quality and security. In the
modern world, it is imperative that
corporate leadership enables and empowers
healthy ecosystems—and that must include
secure design as part of regular operations.
The software development phase then seeks
to implement the agreed design, test and
security specifications. Ideally, security
testing should be included in regular product
testing and automated to allow for iterative
testing through the software life cycle.
To achieve good quality and security of the
software source code, it is helpful if one
institutes automated processes to scan
source code for language conformance,
style, flaws and known vulnerabilities, as
well as open source compliance to company
Organizations must look to implement
security in their systems from the ground up,
fully understanding and planning for the
security measures which are put in place.
This begins with a clear and well-defined
8
Microsoft, Security best practices, August 2019, https://docs.microsoft.com/en-us/azure/digital-twins/security-best-practices
IIC Journal of Innovation
- 111 -