How to stop digital twins from being used against you

Digital twins are growing in leaps and bounds. These virtual representations of real-world devices are essentially digital proxies for enterprises -- delivering insights into an asset’s data, processes, operation states, and lifecycle. This is particularly beneficial in achieving better visibility in smart factories, or accurately predicting how devices might perform in connected healthcare.

In creating digital twin simulations and running models, however, there’s a problem. Doubling the data and doubling the digital assets of any company is, in effect, doubling the cybersecurity surface area. This increases the chances of exposure and sensitive company information falling into the wrong hands. Without proper safeguards, the risk is that digital twins can be turned against their owners. Amidst a landscape of record growth in the Internet of Things (IoT), let’s look at how to safely leverage the power of digital twins.

The Digital Twin and IoT

Digital twins are exactly how they sound -- virtual replications of physical assets. These twins leverage real data to represent the current state of a device and simulate how it might act under certain conditions. Running these simulations online is far more efficient and affordable than possible in the real world and, done right, unlocks valuable insights.

By tracking wear and tear in manufacturing, for example, digital twins can anticipate potential part failures, allowing for predictive maintenance and preventing costly downtimes.

In this sense, it’s easy to see why digital twins are an enticing business proposition. After all, with appropriate guardrails, they can help to increase device efficiencies, cut costs, and boost profits. The worldwide digital twin market notched a valuation of $11 billion last year and is projected to grow more than 37 percent annually until 2030. Therefore, with increased investments in digital transformation and the global adoption of cloud-based platforms, the market will likely be worth more than $150 billion by the decade’s end.

The Danger of Digital Twins

Beyond device optimization and prolonged lifecycles, however, there’s a dark side of digital twins that warrants careful consideration and mitigation strategies.

First and foremost, digital twins offer hackers another chance at sensitive company information, particularly when the device data is stored in plain text in the cloud. Providing these models with up-to-date data means providing sensitive information. This goes beyond mere device information, it can sometimes include the personally identifiable data of employees and customers.

Meanwhile, the use of international servers to run digital twin operations further complicates things. Different jurisdictions count different privacy requirements, meaning that cross-border data exchanges to run these simulations can bring regulatory and compliance headaches.

Additionally, the connected devices themselves can cause security issues. For example, IoT sensors sometimes operate on outdated and vulnerable operating systems. Additionally, cheap devices are well-known for default credentials and unencrypted communications, an important concern as more than two billion devices come online next year. In securing digital twins, therefore, cybersecurity leaders also must work harder to secure their connected devices.

How To Safely Onboard Digital Twins

It’s helpful to think about the digital twin as another internet-connected application. It, too, requires strong defenses and data protections.

One good way to protect communications is by leveraging a peer-to-peer IoT platform. This ensures data only flows from end-to-end. More generally, for connected devices, follow cyber hygienic practices like strong passwords, multifactor authentication, and, as I recently wrote for BetaNews, zero trust.

Also, think long and hard about the sensitive data sent to digital twins. Study the implications of international data transfers, especially concerning Europe’s General Data Protection Regulation and California’s Consumer Privacy Act. Further, minimize the use of employee and customer information in digital twin simulations as much as possible.

It’s worth noting that researchers are investigating ways to enable end-to-end encrypted data manipulation and simulation in the cloud, enabling the digital twin to perform operations on data it can’t directly view. However, this concept is still in its early stages of development.

Keep in mind that digital twins aren’t all bad. In manufacturing and service industries, employing digital twins proves invaluable for onboarding new personnel, ensuring their training occurs without adverse effects on the real systems. Also, when properly funded and implemented, these tools can serve as an early warning system for potential attacks. Since they simulate real systems, they can help organizations identify and address vulnerabilities through proactive testing.

The onus is on cybersecurity leaders, therefore, to ensure digital twins are used for good and not evil. The truth is that digital twins offer a sophisticated way to replicate devices and dynamically test for improvements. However, security and privacy must be at their heart. This calls for the strategic employment of encryption, secure communication, and vigilant data management to safeguard their promise amid the flourishing IoT landscape.

Image credit: design36/depositphotos.com

Carsten Rhod Gregersen is Founder and CEO of Nabto.