Digital Twins promise to revolutionise military training, testing, concept development, decision support and more. But the technology is not without risk. In his thought-provoking 12-page paper ‘In Through the Out Door’, Simon Skinner examines the inherent dangers of Digital Twins and proposes a versatile solution. Here are the highlights.

A digital twin is a virtual representation of part of the real world. Data is exchanged between the real world and the virtual world, and each can affect the other in real time. Today, Digital Twins are used to monitor, manage and optimise all sorts of real world processes, drawing on immense volumes of data from multiple proprietary and public sources.

The civilian sector has a head start with Digital Twins. They can be found driving a wide range of applications including design, production and support in the automotive, aerospace, transport, consumer goods, agriculture, energy, the utilities sectors and any endeavour which can benefit from big data and artificial intelligence. And they are of increasing interest to the military.

At a time when the UK, USA and allied governments within NATO are moving to new models of conflict in which traditional kinetic activity warfare is replaced by cyber activity warfare, and where data – in the whole and in the detail – is everything. 

Unfortunately, Digital Twins are certain to be regarded as a choice target for adversaries.

So, can Digital Twins be compromised? It’s certainly a concern. Because if you can’t trust the data, the models that use it and the analysis which follows, what can you trust? It is the worrying potential for cyber-attacks against the military as well as civilian enterprises which prompted Simon Skinner to write ‘In Through the Out Door’– Security and Identity Concerns for Military Digital Twins.’

The need for a new security model

Traditionally, military applications use the ‘System High’ approach in which dedicated classified networks are used to protect against the risk presented by unsecured public data sources and networks. But this lacks the agility to support large scale Digital Twins.

With System High the digital twin’s entire network, physical assets and all of the data will be operating at a predetermined security level, decided by the security level of the most highly classified asset. Also known as a Perimeter-Based Architected Network, all computer resources and data storage are protected by the security protocols associated with that network and access is strictly controlled. 

On a small scale, that’s fine. But it becomes increasingly difficult to sustain when applied to defence applications which may, for example, be operating across the multinational NATO alliance.

Problems also arise because these extraordinarily complex systems will source and access sensors, environmental and performance data, models and computing resources from many places and authors, with differing levels of fidelity, accuracy, and security classification both within and outside secure environments.

The unhappy consequence of all this is a digital environment in which a variety of significant and disruptive threats can be propagated, not least of which are the risks of exposing operational capability and opening attack channels through the virtual systems. And the bigger and more capable the digital twin, the greater the risk.

The shorthand for all this is the Digital Twins are versatile but can be porous. System High is a powerful solution but can be cumbersome and is very expensive. There is a mismatch. Something needs to change.

A different approach

If you’re considering implementing a Digital Twin, you need to put security right at the top of your agenda and keep it there. Fortunately, there is a new and different approach which provides high-assurance security. It’s called ‘Information Based Security Architecture’ (IBSA), or ‘Zero Trust Architecture’ (ZTA) and it secures all of your information and every transaction, rather than the networks or architectures on which they reside.

The USA National Institute of Standards and Technology (NIST) tells us that an IBSA/ZTA is designed and deployed with seven zero trust principles, namely:

• All data sources and computing services are considered resources.
• All communication is secured regardless of network location.
• Access to individual enterprise resources is granted on a per-session basis.
• Access to resources is determined by dynamic policy - including the observable state of client identity, application/service, and the requesting asset. It can also include other behavioural and environmental attributes.
• The enterprise monitors and measures the integrity and security posture of all owned and associated assets.
• All resource authentication and authorisation are dynamic and strictly enforced before access is allowed.
• The enterprise collects as much information as possible about the current state of assets, network infrastructure and communications and uses it to continually improve its security posture.

This approach has several advantages over conventional methods. There is no requirement that assets be locally based: they have the same level of protection wherever they are. Because all data is encrypted at rest and in transit, even unsecured networks and cloud storage can be used as sources of data.

Access to any object is only granted based on enterprise policy and requestor’s identity. And the network can dynamically react to threats whether internal or external.

A Policy Decision Point (PDP), which communicates with several policy enforcement points within the Digital Twin architecture, manages data access and encryption. The PDP can take real time input from sources like threat intelligence and security event logs to react swiftly to emerging events. It also ensures a coherent approach across the enterprise in terms of access for individuals. 

Getting ready for Digital Twins

The unavoidable reality is that Digital Twins are here to stay and their use by military and civilian organisations alike will increase in number and complexity. Without an innovative approach to security they will soon become even more attractive to those intent on disruption and destruction.

Although a System High approach has been relied upon for decades it is too cumbersome and too expensive if we are to realise anything like the full potential of Digital Twins. It’s time to think again.

The good news is that Information Based Security Architecture/Zero Trust Architecture approach offers a potential solution to these issues. It also has the advantage of also being aligned to the increasingly popular and cost-efficient Modelling and Simulation as a Service (MSaaS) paradigm.

Military Digital Twins have enormous potential for saving money and improving capability and operational effectiveness. But they have to be secure. IBSA/ZTA will enable the speed, security and versatility that we need for decades to come. 

About the author

Simon Skinner is the Product Line Manager for Simulation Capabilities for the worldwide Thales Training & Simulation business. He has 30 years of experience in the training and simulation industry, including 11 years the CEO of XPI Simulation Ltd (now a Thales group company). 

Simon has an honours degree in Electronic Engineering, is a Chartered Engineer and is a Fellow of the UK Institution of Engineering Technology (FIET). As well as being an I/ITSEC subcommittee member, he also serves on the Simulation Interoperability Standards Organization (SISO) Standards Activity Committee (SAC) and is appointed by UK Ministry of Defence (MOD) as a national member of the NATO Modelling and Simulation Group (NMSG). He is the chair of the NMSG exploratory team on Digital Twins (ET-053).

He is a recipient of the MOD Chief Scientific Adviser’s commendation for research in military driver training and is the author and presenter of several papers at previous I/ITSEC conferences; including one presented at an I/ITSEC ‘Best papers from around the world’ special session.