Digital twins have revolutionised industry. Can they do the same for cybersecurity?

One of the more imaginative ways to think about the digital twin is like a stunt double. Film makers rely on stunt men and women to fall down, take hits and even get hospitalised to protect precious resources (actors) from harm.

Digital twins do the same. They link to data gathered from a target environment, and use it to create a perfect digital representation of a real object or process. This allows organisations to run simulations – even disastrous ones – in order to make better decisions.

The concept is many decades old, dating back to the ‘Houston, we have a problem” Apollo 13 spaceflight rescue of 1970. The term ‘digital twin’ itself was first coined in 2011. But in more recent years the practice has been transformed by advances in artificial intelligence (AI), Internet of Things (IoT), drones and cloud computing. Together these elements have radically boosted the volume of data available to engineers and the ability to understand it.

As a result, digital twins have swept across many industrial sectors such as manufacturing, energy, mining, automotive, healthcare and retail. To take one high profile example, Rolls-Royce uses digital twins for its "IntelligentEngine" programme. It monitors a jet engine's performance in real-time during flights to predict maintenance needs and reduce downtime.

Now, the digital twin market is set for rapid growth. Gartner expects it to reach $379 billion by 2034, up from $35 billion in 2024. Meanwhile a 2024 study of 660 C-suite executives found that 72 percent plan to increase their investments in this area over the next twelve months.

This optimism springs from the ability of digital twins to transform new areas. And one of the most promising of these is cybersecurity.

Cybersecurity’s new weapon: the exact digital replica

Cybercrime is now so widespread it is threatening a global economic crisis. New threats such as AI-driven deepfake technology and cheap ‘hacking as a service’ offerings are pushing the problem to new levels. Experts say cybercrime could cost $10.5 trillion in the coming years. Meanwhile IBM’s Cost of a Data Breach Report says  70 percent of organisations have been hit by security breaches, with an average dwell time of 199 days before detection.

Given these stats, it’s hardly surprising that organisations are now exploring the protective and proactive power of digital twins. They are deploying the tech to simulate multiple scenarios such as:

•    Simulating future threats
Security teams can model ransomware outbreaks, DDoS floods, and insider attacks in a sandboxed environment without risking downtime or data loss.

•    Improving red/blue team exercises
The digital twin is a huge improvement on ‘table top’ offensive and defensive engagements.

•    Using AI models to find existing vulnerabilities
Teams can feed continuous telemetry into an AI-enabled twin to reveal anomalies. They can then anticipate and patch weaknesses before attackers exploit them.

•    Enabling ongoing audits
Many cybersecurity audits happen months or even years apart. Digital twins let security teams do continuous assessments. They can see the impact of policy or tech changes immediately.

•    Bolstering physical security
Sometimes the physical environment is part of the cybersecurity mix. A digital twin of buildings can use sensors and camera data to reveal vulnerabilities.

The above benefits are helping to transform the activities of the Security Operation Centre, the unit that provides a holistic view of a company’s security operations. Digital twins help SOC analysts learn about – and prepare for – threats on Information Systems (IT), Operational Technology (OT) and Integrated Control Systems (ICS). SOC staff can use digital models to receive alerts, pivot through logs and take defensive action in a risk-free setting.

SOC specialists such as Thales, which offer partner SOC services, believe that digital twin tech brings value to the four axes of cybersecurity:

•    Awareness – understanding vulnerabilities and risks
•    Enactment – updating controls, procedures and policies
•    Resilience – regular testing
•    Vigilance – monitoring for intrusions

In fact, research suggests that automation-based cybersecurity is already having an impact on SOCs. CapGemini research says more than 60 percent of organisations believe Gen AI will strengthen cybersecurity in the long term.

Getting started. From pilot to scale

While multiple organisations are now running digital twin simulations, many more are new to the tech. So how should security teams get started?

The first stage is to get board buy-in by showing how digital twins can be part of company-wide digital transformation. One option is to start with a pilot, then pick a single environment (physical, network or SOC) for testing. Teams can run analyses to see the impact on cost, time and risk reduction. They should take care to factor in both information technology (IT and operational technology (OT).

The good news is that digital twin specialists are making it easier for enterprises to explore the tech. For example, Thales launched a dedicated digital twin research and innovation centre that reduces the barriers of time and cost. One of its projects uses real drone flight data to replicate drone behaviour and model airborne threats to civilian flights, maritime traffic and satellite fleets.

The digital twin can unlock a new way of thinking

The digital twin is evolving. The traditional application of these systems was to physical objects and buildings. Now, thanks to improvements in sensors and modelling, the tech can generate detailed virtual models of complex networks and processes. This has important implications for SOC teams. They can use the tech to improve staff training, threat detection and incident response.

To make the most of this opportunity, they must consider the digital twin as more than a tool. Instead, they should see it driving a profound shift in cybersecurity thinking – from fragmented and reactive to holistic and pre-emptive.

Seven flavours of digital twin

Engineers apply digital twin tech in multiple ways. Here are seven broad categories.

•    Physical twin
This is an exact replica of a physical object such as a building, machine or product.

•    Process twin
Represents a real-world process or workflow to identify inefficiencies, bottlenecks, and potential risks.

•    System twin 
A twin that represents a network of physical and process twins. It reveals how different components interact with each other.

•    Predictive twin
Uses analytics and machine learning algorithms to predict future behaviour based on real-time data. 

•    Virtual prototype twin
A 3D model that simulates a product or system before it is even built. 

•    Remote monitoring twin
Enables real-time tracking of assets using cloud-connect sensors. 

•    Mixed reality twin
Gives engineers an immersive VR/AR experience to improve training and maintenance.