15 Apr 2024
by Balaji V

Leveraging digital twins in cyber defense

Guest blog by Balaji V, Niche Security CoE at Tata Consultancy Services Limited #techUKOTSecurity

Embracing Industry 4.0 with Digital Twin Technology

Industry 4.0 has today been positively received and widely adopted across all industrial sectors.  We witness erstwhile conservative sectors like Manufacturing, Utilities, Energy and Critical Infrastructure employing Smart Manufacturing practices for both production and processes. With the rapid adoption of cyber-physical systems, the convergence of Information Technology (IT) and Operational Technology (OT) systems to enable intelligent decision making is becoming imperative. The resultant endgame is a highly efficient & lean industrial operations process with enhanced product quality and an overall improvement in the bottom-line of the enterprise.

Digital Twin technologies, are essentially virtual replicas of physical systems, processes or products developed with an aim to aid their physical twins by analysis engines, predictive modelling and optimizing operations by utilizing run-time and historical data. The application of Digital Twins as a cornerstone force multiplier in Industry 4.0 is seeing widespread acceptance and adoption across all industries.

Digital Twins as a Cyber Defense Mechanism

Detecting cyber-attacks on Cyber Physical Systems through traditional IT-based attack detection technologies can sometimes adversely impact OT performance or safety. Resultantly, new, and effective methods to monitor cyber physical systems and detect cyberattacks will assist in early warning and detection of maliciously or mistakenly induced instances and potential events that can hamper operations.

Intrinsically, Digital Twin offers a unique opportunity to be leveraged for early attack detection and provide a viable platform for early detection of cyber-attacks and preventing a major incident. This approach of a “Cyber Digital Twin” can augment some of the current technology approaches to monitoring and detecting threats on Cyber Physical Systems.

Cyber Digital Twins for Predictive Analysis

A predictive analysis-based system must be capable of discerning between expected or “normally occurring” anomalies and physical degradation from targeted malicious attacks. A pattern analysis reveals that these attacks mimic expected anomalous behavior to deceive the detection system logic and decision support system. As part of attack obfuscation, run-time process controllers are updated with new firmware to undo changes to setpoints and resource control inputs. Additionally, there are instances where a miscalibration, malfunction or a version vulnerability has resulted in the facilitation of cyber-attacks. Such instances are extremely difficult to discern. The constraints on availability of skilled cyber security analysts on a 24x7 basis and the sheer analytical ability required only makes this task easier said than done. Optimization is achieved by the application algorithm-based analytical models, and the experience of industry experts to produce viable solutions for plant floor decision points. The impact areas may include rolling out of firmware upgrades/ predictive maintenance, repairs, production scheduling and dispatch, and anomaly detection. To minimize disruptions to the complex schedules in manufacturing, these resultant solutions are mostly applied in run-time, minimizing system downtime and production.

The Risks of using Digital Twins for Cyber-physical Systems

An important aspect of Cyber-physical systems is its inherent vulnerability to exploitation by threat actors. Digital Twins mirroring actual physical environments are not only potential sources of data leaks, but also present threats at multiple levels. Owing to the intimate mapping of the physical process and control system hardwired to the cyber-physical system, the threat actor can influence the Digital Twin into a malicious state. With the automatic feedback loop mirrored into the actual physical system, it can potentially manipulate the physical systems, resulting in hampering operations or even in the loss of human life. The exploitation of digital twins may also result in severe consequences within the digital networks that link data across existing Digital Twin instances or multiple cyber-physical system instances that will be existing in the environment. In fact, the Digital Twin can serve as a blueprint for the threat actor to identify vulnerabilities in the physical system and potential attack points. It also enables the attacker to have the attack script mapped, enabling the mounting of a well-prepared attack.

Mitigating the Risks

Though there is no perfect solution for the security of Digital Twins, certain measures have proven to be extremely effective in mitigating the inherent vulnerabilities that exist in Digital Twins. Ranging from a ground-up incorporation of security, software hardening, and mandatory security testing of all components of the Digital Twin, a strict rules-based order & privilege-based access management combined with a two-stage approval for rolling out any changes to the physical system needs to be in place. Other novel approaches could involve establishing blockchain-based digital twins, establishing, and maintaining provenance, storing, securing, and analyzing historical data and incorporation of smart contracts for monitoring change management.


techUK’s Operational Technology Security Impact Day 2024 #techUKOTSecurity

techUK’s Cyber Programme is delighted to be holding our first securing Operational Technology (OT) security impact day to showcase how cyber companies are helping organisations to secure their OT and navigate the convergence of IT/OT systems.

Find all the insights here!

Cyber Security Programme

The Cyber Security Programme provides a channel for our industry to engage with commercial and government partners to support growth in this vital sector, which underpins and enables all organisations. The programme brings together industry and government to overcome the joint challenges the sector faces and to pursue key opportunities to ensure the UK remains a leading cyber nation, including on issues such as the developing threat, bridging the skills gap and secure-by-design.

Learn more

Join techUK's Cyber Security SME Forum

Our new group will keep techUK members updated on the latest news and views from across the Cyber security landscape. The group will also spotlight events and engagement opportunities for members to get involved in.

Join here

Upcoming Cyber Security events

Cyber Security updates

Sign-up to get the latest updates and opportunities from our Cyber Security programme.

 

 

 

 

Related topics

Authors

Balaji V

Balaji V

Niche Security CoE, Tata Consultancy Services Limited