Major digital transformation initiatives over the last decade mean that cyber-physical systems are now intertwined with many manufacturing and industrial processes. These intelligent systems use computing, networking and sensors to help monitor, control and optimize the physical environment. There are also IoT devices that connect IT and OT environments, and smart devices are created and sold to other businesses or customers.
The combination of physical and virtual is key to Industry 4.0, but this blurring of lines between the physical and digital worlds carries cybersecurity risks. Some of the biggest cyber attacks in recent years have targeted critical infrastructure and manufacturing sectors, where cyber-physical systems and IoT devices are heavily represented. This article describes how using digital twins in cybersecurity can help reduce risk in an increasingly connected world.
IT/OT convergence and the expanded attack surface
The convergence of information technology and operational technology is a cornerstone of modern industrial processes that sees increased connectivity and communication between these previously closed environments. There are many benefits to this convergence, including cost savings, more efficient processes, and better agility in responding to changing conditions.
One downside, however, is that this interconnection greatly expands the attack surface and introduces additional security risks in operational environments, such as plant floors. Mismanaged convergence can mean that threat actors use malicious tactics and communications from the IT side to hijack devices that control important industrial processes. The risks here go beyond financial into potential security consequences.
A recent incident that illustrates this risk is the Colonial Pipeline blowout. The ransomware attack on the channel started on the IT side by compromising a legacy VPN account. The operators apparently felt that close coordination between IT and OT guaranteed a complete shutdown of the pipeline. The result was panicked drivers and widespread gas shortages in several states.
Another aspect to consider here is that many (indeed most) OT systems, such as industrial control systems (ICS), are not designed with security in mind. The overarching focus for any ICS design is reliability as any significant downtime in manufacturing, energy or even adjacent sectors such as healthcare is intolerable.
What is a digital twin?
There are many different definitions of a digital twin, but the simplest and most practical is that it is a virtual model that represents a physical object or process. These virtual models, available through dedicated software or platforms, use machine learning and data modeling to create exact digital copies of physical systems and are often fed relevant real-time data from sensors embedded in the actual physical system. You can use digital twins to run simulations, understand performance, and tune the underlying system or process represented in the model.
The origin of digital twin technology is an interesting story in itself. As far back as NASA’s Apollo missions in the 1960s, astronauts and engineers were building physical replicas of spacecraft engines. Engineers digitally fed data reflecting actual flight conditions into these physical replicas to help diagnose problems and run simulations. Modern digital twin technology has advanced the concept further by negating any need for physical replicas, ensuring that the same idea can be realized using only a computer system.
Digital twins emerged in the manufacturing sector around 2013, with use cases including machine health monitoring, systems engineering and forecasting.
Potential uses of digital twins in cyber security
The use of digital twins in cybersecurity potentially empowers security teams to stay ahead of sophisticated threat actors and reduce risks to cyber-physical systems in manufacturing, IoT devices, and consumer smart devices. Here are three exciting use cases of digital twins in cybersecurity
Secure Design
Whether the device you want to secure is a cyber-physical system used within a smart grid, a self-driving car, or an IoT blood pressure device, digital twins allow security professionals to simulate a series of cyber attacks on physical systems to see how they react while under attack.
The results of these simulated attacks can feed back into system design before these key devices ever leave the floors. Analyzing how a system reacts in response to different types of cyber attacks helps create more robust designs with greater built-in fault tolerance.
Digital twins also improve the security of the system design by reducing its attack surface. Leaving aside any attack simulations, a thorough analysis of system architecture, communication protocols, and traffic flows during normal system use can highlight weak points that malicious outsiders could exploit. Unnecessary services could be removed from the design to reduce the attack surface of the system.
Safer penetration testing
Penetration testing in ICS/OT environments is a valuable but risky activity. Keeping in mind the intolerance of system downtime, pen tests on live production systems can cause damage that results in downtime. There is often a trade-off when certain paths, techniques or tools are not used during these tests because of the availability threat they pose.
However, in the real world, hackers don’t care if they crash a key operating system when trying to achieve their goals. In fact, bringing down a system or a bunch of systems can be the main goal of any given cyber attack on an OT/ICS environment.
Digital twins offer the potential to perform comprehensive pencil tests on virtual representations of systems without any likelihood of affecting live systems. This has the double benefit of addressing multiple security risks and ensuring there is no downtime.
Smarter intrusion detection
Intrusion detection capabilities in OT environments are one of the more exciting uses of digital twins in cybersecurity. As cyberattacks targeting these environments increase due to growing interconnectivity, ICS systems—including supervisory control and data acquisition (SCADA) systems—and distributed control systems (DCS) need intrusion detection to accurately monitor malicious activity or breaches of corporate security policy.
One interesting research paper from 2020 describes the use of digital twins for intrusion detection. Because digital twins can be fed real-time data that allows them to reflect the performance and health of the actual physical systems on which they are based, the intrusion detection algorithm can quickly track and detect attacks without any impact or disruption to production systems.
Final thoughts
These use cases represent just a small sample of what is possible with digital twins in cybersecurity. However, while digital twins can empower improved detection of anomalous behavior, preventing attacks only comes from accelerated detection and response.
The post Cybersecurity Digital Twins: De-risking Industry 4.0 appeared first on Nuspire.
*** This is a syndicated blog by the Security Bloggers Network of Nuspire, authored by Nuspire. Read the original post at: https://www.nuspire.com/blog/digital-twins-in-cybersecurity-reducing-industry-4-0-risks/
Comments are closed.