A pragmatic approach to developing secure and privacy-conscious digital twins
You’ve no doubt heard a lot about the numerous advantages of digital twins. In fact, we’ve talked about them ourselves; about how they can help organisations and even wider society reduce costs, operate more sustainably, predict problems, create business value and mitigate risk.
However, there’s also an element of risk involved – especially with regards to data security and privacy.
In this blog we’ll take a look at the potential challenges a digital twin can expose you to from a security and privacy perspective. We’ll also look at a pragmatic approach for adopting and implementing secure and privacy-conscious digital twins.
A fourfold risk
When we talk about the security risks of digital twins, there are four main areas of concern:
1. System access
If someone can gain access to your digital twin, they could not only get insights into the system or asset it replicates but also, more dangerously, get control of those physical assets. This can result in uncontrollable behaviours.
2. IP theft
If your digital twin is a blueprint of an intellectual property specific to your organisation, then hackers may be able to reverse engineer and reproduce that property, bypassing the need for research and development of their own. There is currently a huge market for this kind of hacking activity.
Stricter regulations regarding privacy, like Europe’s recently introduced GDPR, has placed more pressure on organisations to ensure data compliance. If your digital twin was to jeopardise this, it could lead to huge financial and reputational damage.
4. Information integrity
Information integrity is vital to having your digital twins operate successfully. However, information can lose its integrity when people are able to access your data and make unauthorised change. To make sure your information maintains its integrity, you need to ensure you collect the right information, interpret it correctly, and have authentication and security measures in place that prevent unwanted modifications.
How to protect your digital twin
With the help of connected devices, networks and supporting infrastructure, digital twins enable true two-way communication between the physical and the digital world.
This presents a unique challenge for teams, who have to realise that traditional protective measures won’t be enough to keep systems and data safe. Instead, security efforts must expand to cover hardware andsoftware – and, most importantly, the information that passes between the two. This means encrypting the connection between the digital twin and the physical asset it replicates, and taking a more holistic approach to ensuring data privacy from the outset of all your projects.
The good news is, there are lots of tools and technologies available to help ensure the security and privacy of your data. The most difficult decision you might have to make is which you choose – a complete stack suite or a mix of customised solutions.
The overall approach you take to the security of your digital twin is vital, too. With that in mind, here are three things you can do to make sure you stay on top of things:
1. Identify a purpose with risks assessed
Your security requirements will initially be dictated by the needs of your digital twin, so it’s important to start with specific use cases in mind and gain an understanding of the information and control your end-users require.
By collaborating closely with your people, you can define what level of digital twin should be developed – whether it’s for an asset, process, or system – and the capabilities it needs. For instance, is it necessary to have real-time two-way communication? What should the maximal latency of your network be? And what risks, data security and privacy issues could be involved?
Once you have answers to these big questions, it’s easier to define a data governance and management strategy that will keep your twin, your asset and your data secure.
2. Set data profiling parameters
The next step is to identify and categorise your data sources, which will include both your legacy systems and new sources, like connected IoT sensors.
As part of this data profiling exercise, you should assign critical parameters and legal requirements to each dataset. This requires asking some key questions, like ‘is this dataset publicly or privately owned?’, ‘which license does it fall under?’, ‘which part of the dataset needs to be anonymised?’,‘if no data is available how can we generate it?’, and ‘how do we transfer data between different systems in a secure way?’.
3. Ensure data governance
These parameters and policies can then be combined with user-specific data governance policies, to ensure the highest possible level of privacy and the lowest level of risk.
To make sure these policies are appropriately implemented, a strong data management strategy needs to be in place. This will dictate who is responsible for data at different parts of its lifecycle, like data engineers, data analysts, data stewards, or business analysts.
For each dataset, you must then ask what identity access management, data reaction, and data residency requirements there are. These requirements must be met throughout the entire lifecycle of the data, while it’s being ingested, while it’s at rest, and during computation.
It sounds like a lot to think about. But as we said, there are numerous products available to help you apply important data governance processes, like masking, redaction, differential privacy, encryption, and lifecycle management.
There are also principles and frameworks under development for ensuring data is shared securely, openly and, with adequate quality to deliver true value and insight.
The important thing is to have a holistic overview of your needs before deciding which technology to opt for and which principles to follow.
How we can help
Digital twin technology can be a source of huge competitive advantage for your organisation. But to reap the rewards, you need to make sure your systems, assets and data are properly protected.
At Royal HaskoningDHV, we specialise in co-creating digital twins with our clients, combining our extensive knowledge of physical assets with the latest digital technologies and security measures.
By helping to identify the most valuable use cases, any potential risk involved and the relevant regulations (AVG, ISO 27001, GDPR 2016/679 etc), we can define the most appropriate technologies and policies to secure your digital twin and your data.
One example of our pragmatic approach can be seen in our work in Amsterdam, where we recently co-created the Crowd Monitoring System Amsterdam (CMSA) to help alleviate the pressure of crowds in and around key areas of the city.
Using mobile phone and Wi-Fi signals, smart cameras and open-source data, city leaders now have visibility into levels of overcrowding in different areas of the city and, when necessary, can re-route pedestrians away from busy areas.
We also recently became a signatory to the Tada open data programme, which aims to ensure Amsterdam becomes a responsible digital city. Using truncated Media Access Control (MAC)* addresses, which are encrypted and hashed to prevent tracing, we developed a system with privacy and data security at its very core to help meet this goal.
To see how we can help you safely and securely get your digital twin up and running, get in touch.
*A MAC address is a hardware identification number that uniquely identifies each device on a network.
Got a question or business enquiry? We are delighted to hear from youContact us