Risk mitigation in digital twins

You’ve no doubt heard a lot about the numerous advantages of digital twins. In fact, we’ve talked about them ourselves; about how they can help organisations and even wider society reduce costs, operate more sustainably, predict problems, and create business value.

However, there’s also an element of risk involved.

In this blog we’ll take a look at the potential challenges a digital twin can expose you to from a security and privacy perspective. We’ll also look at a pragmatic approach for adopting and implementing secure and privacy-conscious digital twins.

A fourfold risk

When we talk about the security risks of digital twins, there are four main areas of concern:

1. System access

If someone can gain access to your digital twin, they could not only get insights into the system or asset it replicates but also, more dangerously, get control of those physical assets. This can result in uncontrollable behaviours.

2. IP theft

If your digital twin is a blueprint of an intellectual property, then hackers may be able to reverse engineer and reproduce that property, bypassing the need for research and development of their own. There is currently a huge market for this kind of hacking activity.

3. Non-compliance

Stricter regulations regarding privacy, like Europe’s recently introduced GDPR, have placed more pressure on organisations to ensure data compliance. If your digital twin was to jeopardise this, it could lead to huge financial and reputational damage.

4. Information integrity

Information can lose its integrity when people are able to access your data and make unauthorised changes. To ensure your information maintains its integrity, you need to collect the right information, interpret it correctly, and have authentication and security measures in place that prevent unwanted modifications.

Protecting your digital twin

With the help of connected devices, networks and supporting infrastructure, digital twins enable true two-way communication between the physical and the digital world.

This presents a unique challenge for security teams, who have to realise that traditional protective measures won’t be enough to keep systems and data safe.

Instead, security efforts must expand to cover hardware and software – and the information that passes between the two. This means encrypting the connection between the digital twin and the physical asset it replicates, and taking a more holistic approach to ensuring data privacy from the outset of all your projects.

The good news is, there are lots of tools and technologies available to help ensure the security and privacy of your data. The most difficult decision you might have to make is which you choose – a complete stack suite or a mix of customised solutions.

The overall approach you take to the security of your digital twin is vital, too. With that in mind, here are three things you can do to make sure you stay on top of things:

1. Identify a purpose with risks assessed

Your security requirements will initially be dictated by the needs of your digital twin, so it’s important to start with specific use cases in mind and gain an understanding of the information and control your end-users require.

By collaborating closely with your people, you can define what level of digital twin should be developed – whether it’s for an asset, process, or system – and the capabilities it needs.

For instance, is it necessary to have real-time two-way communication? What should the maximal latency of your network be? And what risks, data security and privacy issues could be involved?

Once you have answers to these big questions, it’s easier to define a data governance and management strategy that will keep your twin, your asset and your data secure.

2.Set data profiling parameters

The next step is to identify and categorise your data sources, which will include both your legacy systems and new sources, like connected IoT sensors.

As part of this data profiling exercise, you should assign critical parameters and legal requirements to each dataset.

This requires asking some key questions, like ‘is this dataset publicly or privately owned?’, ‘which license does it fall under?’, ‘which part of the dataset needs to be anonymised?’, ‘if data isn’t available how can we generate it?’, and ‘how do we transfer data between systems in a secure way?’

3. Ensure data governance

These parameters and policies can then be combined with user-specific data governance policies, to ensure the highest possible level of privacy and the lowest level of risk.

To make sure these policies are appropriately implemented, a strong data management strategy needs to be in place. This will dictate who is responsible for data at different parts of its lifecycle, like data engineers, data analysts, data stewards, or business analysts.

For each dataset, you must then ask what identity access management, data reaction, and data residency requirements there are. These requirements must be met throughout the entire lifecycle of the data, while it’s being ingested, while it’s at rest, and during computation.

It sounds like a lot to think about. But as we said, there are numerous products available to help you apply important data governance processes, like masking, redaction, differential privacy, encryption, and lifecycle management.

There are also principles and frameworks under development for ensuring data is shared securely, openly and, with adequate quality to deliver true value and insight.

The important thing is to have a holistic overview of your needs before deciding which technology to opt for and which principles to follow.

How we can help

Digital twin technology can be a source of huge competitive advantage for your organisation. But to reap the rewards, you need to make sure your systems, assets and data are properly protected.

At Royal HaskoningDHV Digital, we specialise in co-creating digital twins with our clients, combining our extensive knowledge of physical assets with the latest digital technologies and security measures.

By helping to identify the most valuable use cases, any potential risk involved and the relevant regulations (AVG, ISO 27001, GDPR 2016/679 etc), we can define the most appropriate technologies and policies to secure your digital twin and your data.

One example of our pragmatic approach can be seen in our work in Amsterdam, where we recently co-created the Crowd Monitoring System Amsterdam (CMSA) to help alleviate the pressure of crowds in and around key areas of the city.

Using mobile phone and Wi-Fi signals, smart cameras and open-source data, city leaders now have visibility into levels of overcrowding in different areas of the city. And, when necessary, can re-route pedestrians away from busy areas.

We’re also a signatory to the Tada open data programme, aiming to ensure the city’s responsible use of technology. Using truncated Media Access Control (MAC)* addresses, which are encrypted and hashed to prevent tracing, we developed a system with data security at its very heart to help meet this goal.

To see how we can help you safely and securely get your digital twin up and running, get in touch.

*A MAC address is a hardware identification number that uniquely identifies each device on a network.