The Industry IoT Consortium (IIC) and Digital Twin Consortium have developed a series of guidelines to address the security of digital twins.
Many organizations are adopting digital twins to simulate activity and predict events across their physical infrastructure. However, as with many technology projects, security is often an afterthought. Yet, digital twins could be subject to massive forms malicious activity or data leakage.
To meet the growing requirements associated with digital twins, the Industry IoT Consortium (IIC) and Digital Twin Consortium have developed a series of guidelines to address digital twin security. “Risks must be considered to all aspects of the system, including various technologies, governance and operations,” the co-developers of the guidelines state. The result of their effort is the IIC’s “IoT Security Maturity Model (SMM),” intended to help organize and manage security concerns arising with digital twins.
The SMM recognizes that not all IoT systems require the same strength of protection mechanisms and the same procedures to be deemed “secure enough.” Instead, it is intended to help “an organization decide what their security target state should be and what their current state is. Repeatedly comparing the target and current states identifies where further improvement can be made.”
See also: Report: Demand for Digital Twins Growing
The SMM’s co-authors identify four levels of readiness to address digital twin security:
Level 1, Minimum: “There are no assurance activities for the security practice implementation. Threat models are static. Twins and assets have different threat modeling. Organization uses off-the-shelf security practices, not customized for its own needs, systems, or organization.”
Level 2, Ad hoc: “The requirements for the practice cover main use cases and well-known
security incidents in similar environments. The requirements increase accuracy and level of granularity for the environment under consideration. The assurance measures support ad hoc reviews of the practice implementation to ensure baseline mitigations for known risks. For this assurance, application of measures learned through successful references may be applied. Threat models incorporate the impact of twin on asset, and vice versa. Organization considers its own risks in using digital twin models and considered asset operational technology and digital twin IT security but separately.”
Level 3, Consistent: The requirements consider best practices, standards, regulations,
classifications, software and other tools. Using such tools helps to establish a consistent
approach to practice deployment. The assurance of the implementation validates the
implementation against security patterns, design with security in mind from the
beginning and known protection approaches and mechanisms. This includes creating a
system with the security design considered in the architecture and design as well as
definition defaults. Threat models incorporate both physical and virtual at the same time.
That is, they include threat models that attack vulnerabilities that cross the physical
and virtual.”
“Organization considers data risk to other organizations when using their data and
manages access control across organizations. Organizations consider the interrelationships of
different twins, and different vendor implementations.”
Level 4, Formalized: “A well-established process forms the basis for practice implementation, providing continuous support and security enhancements. The assurance on the implementation focuses on the coverage of security needs and timely addressing of issues that appear to threaten the system of interest. For this assurance, a more complex approach is applied that uses semi-formal to formal methods. Threat models include multiple industries (i.e., from both physical and virtual), or from other industries using virtual twin systems.”
“Organization continually considers impact on other organizations’ security compliance when designing their policies and procedures. Organization continually updates security compliance with regard to environment. Organization regularly reviews security policy and procedures with regard to own assets, other organizations, and their environments.”
Notably, the more advanced cybersecurity gets, the more it addressing the complexities of entities and teams interacting with one another, crossing organizational boundaries. “Twins can be considered a system of systems, whether as a single twin and asset or several interconnected twins and corresponding assets, a federation of twins,” the SMM co-authors state. “With twins, especially with multiple interacting twins (systems of twins, including their associated assets), data sovereignty may play a role when twins are in different countries or even if they fall under the regulatory scope of different industries. The role of local laws and regulations can be of especial concern when physical assets are involved, bringing into consideration safety and other concerns. The issues of multiple organizations, different administrative boundaries, variation in governance, and different technologies may also play a role in evaluating security maturity when multiple organization twins are used together.”