Digital twins for cybersecurity

This is where a digital twin may be helpful as a training tool to equip operators and engineers to recognise symptoms of a compromise of the control system and respond accordingly. Digital twins are currently being used to augment the cyber-resilience of facilities by companies using operating training simulators.

A digital twin may be used to simulate a security breach and develop decision-making and mitigative responses to the simulated cyberattack. Developers can incorporate several scenarios to test and refine operator recognition of system compromises and their response to secure the process safely.

However, while common live attacks and malware with overt symptoms such as remote access trojans, cryptolocker, and denial of service trojans can be developed in a digital twin, highly engineered covert attacks such as Stuxnet cannot.

A digital twin can provide a real-time, responsive environment to simulate various types of control system compromises. It can also train and test operators on the diagnostic process to identify the extent of the compromise, level of availability and integrity of the control and safety systems and take appropriate actions to respond to a loss of control.

A digital twin is a valuable tool in developing decision-making trees to determine the extent of the threat and the appropriate response. This approach mimics the aerospace industry’s use of simulators to simulate systemic failures enabling the development, evaluation and application of viable troubleshooting and decision-making procedures in real-time virtual environments. The objective is to train front-line operational personnel to recognise a control system compromise, declare an emergency, initiate the safe shutdown of decision-making criteria to determine the salient extent of compromise and control, implement actions to secure the facility and correspond with the level of compromise.