Communications of the ACM
The Perils of Leveraging Evil Digital Twins as Security-Enhancing Enablers
Credit: Andrij Borys Associates, Shutterstock
Industry 4.0 is enabled through the convergence of information technology (IT) and operational technology (OT) in industrial control systems (ICSs).2 At the core of Industry 4.0 are the cyber-physical systems (CPSs), such as power grids, manufacturing industries, autonomous vehicles, smart healthcare, and so forth connecting physical (OT) and cyber (IT) components through computational and networking capabilities.2 While CPSs facilitate automation and resource optimization, they introduce an expanded attack surface that spans both the cyber and physical domains.1 The evolution of tradecraft, from Stuxnet to Industroyer, on energy and utility infrastructure has shown the repercussions of such attacks on economic, business, and social sectors.5 Securing an operational CPS against potential attack vectors involves evaluating the system's operational behavior and assessing security posture. To take security measures effectively, such assessments must occur without negatively affecting the ongoing operations, be reproducible for further investigation, and cover the system's life cycle.2
Digital Twins: Security-Enhancing Enabler for CPS
A digital twin (DT) is a virtual (digital) representation of the physical object or process that can replicate every facet of the underlying system along with its attributes, services, and interconnections throughout the system life cycle. With a continuous synchronized feedback loop between the physical counterpart (including CPS) and DT, the data flows from CPS to the DT, whereas decisions on the data including assessments, predictions, optimization, and calibration-related insights flow from the DT to the physical counterpart. DTs have gained significant attention in CPS as reconfigurable, reproducible, and economical non-disruptive simulation environments for security evaluation.2 Consequently, DTs have been realized as a complementary security-enhancing enabler in various cybersecurity solutions to reinforce the cybersecurity landscape, as shown in Figure 1. For instance, DTs can serve as intrusion-detection systems by continuously monitoring and analyzing data from the physical system against established behavioral baselines, promptly identifying deviations that could indicate intrusion attempts, and by enabling rapid response measures to mitigate potential threats.2 However, leveraging DTs without ensuring their trustworthiness could lead to abuse cases, making the concept of utilizing malicious DTs as a security-enhancing solution questionable.
No entries found