Figure 1: The promise of the digital twin is not without its dangers.Figure 1: The promise of the digital twin is not without its dangers.By now, anyone who follows manufacturing technology news has almost certainly heard about digital twins. As virtual models of physical products and processes, digital twins are often described as living simulations; demonstrations, like this one from GE Digital, offer an awe-inspiring illustration of progress toward a world in which machines can offer self-assessments and recommendations for optimization to their human counterparts.

The technology also can be used for “testing before investing” for systems and services, remote operations monitoring and predictive maintenance. Nor do the possibilities end there, and there is a broad range of industries in which it has already begun to make inroads. From a look at some of the ample media coverage on digital twins, one might easily get the impression that there is nothing they cannot do.

Yet this promise is not without its dangers. Chief among the risks of employing digital twin technology is the potential for security breaches.

One of the reasons for this is the nature of the technological innovation beast. The enthusiastic rush to adopt new technologies, especially those that are well-hyped, can easily overshadow the need to move more carefully in the interest of cybersecurity. When that same technology is based on connectivity, moreover, this dynamic can be amplified exponentially: each point of connection represents a potential attack surface for hackers.

Another security shortcoming is presented by the limitations of the virtual world. Although a digital twin is designed to replicate its physical counterpart as closely as possible, it may not be possible to protect the computing platform upon which it runs with the same types of physical security features that can be employed in the real world. Simply put, the rules in cyberspace are different.

Yet there is no shortage of potential for damage if security is breached. Gaining access to the twin, after all, is essentially gaining access to whatever component, process or system it mirrors. As one Dutch engineering consultancy firm points out, the twin represents a blueprint that could be used by an outside force to reverse engineer IP secrets. Or, as the Boston-area business alliance Industrial Internet Consortium (IIC) notes, hacking the twin offers an internal system view that could be used to identify additional vulnerabilities. The twin’s testing ability could even be exploited to fine-tune a more wide-reaching attack.

Managing the digital thread

While scenarios like these might prompt one to back away from the concept of the digital twin altogether, a closer look may offer a better perspective. Successful operation of a twin is wholly dependent on another concept — the digital thread.

Digital threads are made from interrelated data sets; a thread may be built around key points within the product lifecycle management (PLM) landscape, for instance. The thread provides a common language for components that may otherwise be unable to communicate with one another, as this video from the NIST (National Institute of Standards and Technology) illustrates. Enabling the digital thread with real-time data synchronization, moreover, creates a unified information source accessible to all stakeholders — both human and machine. Digital twins are capable of revealing insights because they serve as intelligent interpreters for digital threads.

Instead of approaching digital twin security by attempting to replicate physical safeguards, then, one can approach it purely from a data angle. NIST recently published a reference model for using blockchain, the basis of cryptocurrency, as a data management technology for addressing security concerns in smart manufacturing. Just as the records, or blocks, in a blockchain can be used as a tamper-resistant records of financial transactions, so too can they be used to protect transactions of product data.

Because blockchain employs a decentralized design, it also addresses another common, if ironic, vulnerability of digital twins: In the interest of keeping data secure, companies employing digital twins may rely upon a centralized platform to limit access. Yet if this one platform is breached, all data is exposed. The “distributed ledger” approach of blockchain eliminates central administration, relying instead upon consensus among distributed nodes to ensure data integrity.

NIST is not alone in its recommendation; proposals advocating for the use of blockchain technology in this context have emerged from various corners of industry and academia, as well. Leading industrial automation provider Siemens discusses integration of blockchain in its Identify3D offering, which is aimed at data protection for the digital thread. And an article in IEEE Access, authored by faculty from Khalifa University in Abu Dhabi along with members of the Arizona State University Blockchain Research Laboratory, outlines a blockchain-based creation process for digital twins that uses “smart contracts” to govern and track data transactions. The paper even goes so far as to make its smart contract code available on GitHub.

Of course, the integration of blockchain is not the only way to bolster digital thread protection. A commitment to sound cybersecurity principles throughout one’s corporate culture is even more fundamental, as it represents a perspective for guiding smart choices at every level. Practices such as defining user roles and access privileges, addressing known vulnerabilities, and conducting routine security audits are small steps that can have a tremendous impact. It is also possible to perform numerous types of system hardening, as outlined in this guide compiled by an American security and compliance auditing firm.

Considering the possibilities

Driven both by its genuine utility and its overinflated hype, digital twin technology has claimed a place at the forefront of the Industry 4.0 revolution; its realization involves both risks and benefits. Along with focusing on protection for the digital threads that drive its operation, manufacturers incorporating elements of the IIoT into their workflow should give careful consideration to both the shortcomings and the possibilities that digital twins offer. And the emphasis, it should be stressed, belongs on the word “careful.”