Digital Twin does more than designing, analysing and processing; It’s the cyber attack combatant!: Ian Elsby (004)

16 Oct 2019

Digital Twin does more than designing, analysing and processing; It’s the cyber attack combatant!

Ian Elsby, Siemens Digital Industries Head of Chemical Industry UK & Ireland

Digital Twin technology has revolutionised the manufacturing sector over the last decade, this trend continues, and we see a lot more industries embracing the benefits of designing, analysing, and processing to realize a go-to-market product.

Whilst the digital twin in the chemical industry has made an impact on the product lifecycle to simulate, predict, and optimize the product and production systems at a plant. It has also prompted linking of physical infrastructures to digital networks and there are ongoing efforts to intensify this inter-connectivity. These technological advances, such as Industrial Internet of Things (IIoT) have in the process brought in some serious challenges. As these systems are vulnerable to attacks and hackings, every industry is challenged to put in place multiple measures for ensuring cybersecurity.

So how can a digital twin help combat cyber-attacks? Just as processes are simulated and data gathered to detect non-performance of assets a simulated cyber-attack can also be detected by the digital twin. A cyber security algorithm of anti-virus software can be activated to detect the virus and its implications allowing engineers to act swiftly and put defence mechanisms in place. In many cases where the virus is severe like ransomware IT engineers can activate a counterattack to stop the cyber breach from happening.

Simply put, the more information and testing activity is captured by the virtual database, the digital twin can tackle complex data to create competent cyber security protection algorithm defending data of business against any malicious virus activity.

Cyber security is an inclusive process that complies with globally accepted security standards, so the digital twin becomes an effective tool. Protection against cyber-attacks cannot be achieved through one-time implementation of measures; it is rather an ongoing process. The risks may vary depending on individual plant’s systems that are not connected to each other and are having two or three different machines or processes running simultaneously.

At the Siemens’ Digital Talks conference held in Liverpool earlier this year, there was a healthy debate exploring the challenges and opportunity that digitalisation brings to the sector. These conversations with industry peers only helped underline the sector’s need for adopting robust cybersecurity systems. Digitalisation and IoT have been identified by the UK’s Chemistry Council as two of the key strategy levers to accelerate innovation-led growth in the chemical industry.

Cyber threats fall into the bracket of risks and vulnerabilities. They come in various forms, such as viruses, malware, ransomware and hackings. Hackers are employed by rogue companies to infect with either a worm or ransom ware. They identify the weaknesses in any system and if you have a legacy plant with older Windows operating systems that are not patched or updated, the hackers find routes to break into the network. What chemical companies are doing today is something called airgap, which effectively means they remove the ability of a process to remain fixed to the internet, which solves part of the problem. It just means that there is no physical connection between the asset and the internet.

But this is not enough. There is much more that needs to be done by plant owners. What is highly recommended is an advanced in-depth approach by conducting a cybersecurity gap analysis survey. This involves a thorough infrastructure assessment of the different technology layers. Based on the outcome of the report, a list of vulnerabilities is then identified. It is a step in the direction to nullify the risks by installing latest technologies, firewalls and managed cybersecurity services. The digital twin can make this whole process a lot easier and much more achievable.

Global industry standards, such as the IEC 62443, then come into play. This should be implemented both at hardware and software levels. Additionally, complying with the UK’s ISO standard 27001 is equally important.

The industry takes cyber security very seriously and in line with this, Siemens initiated the Charter of Trust at the 2018 Munich Security Conference. This was created with eight other partners and called for greater cybersecurity, as it stands now it has grown to 16 members with the first Asian company, Mitsubishi Heavy Industries (MHI) signed up in February 2019. Signatories include AES, Airbus, Allianz, Atos, Cisco, Daimler, Dell Technologies, Deutsche Telekom, IBM, NXP, SGS, Total and TÜV Süd. 

In addition, the charter has attracted the German Federal Office for Information Security, the CCN National Cryptologic Center of Spain and the Graz University of Technology in Austria as associate members.

The digital twin can pinpoint any plant’s requirements, including installation of multiple levels of security, firewalls, managed security and latest technology. This process is called defence-in-depth approach to cybersecurity, rather than a single solution.

As cloud based IoT control systems become an industry norm adoption of cyber security is critical for any digitalised organisation.

Whilst the advanced cloud-based solutions are excellent tools for analytical investigation and monitoring. The digital twin can help with both, monitoring performance of assets and the algorithms can give the customer insights into any failure, leading to preventive maintenance and most importantly cyber-attacks which can be averted on detection.

Prevention, as everyone knows, is the best form of defence. In cybersecurity, installing the best technology to monitor and asses any external inference is the most critical step. Digital twin allows seamless integration of hardware and software allows teams to work both online and offline on a plant.

Cybersecurity forms the key element of digitalisation. It is a comprehensive process that affects all parts of the plant and requires continuous auditing and monitoring. The plant owner is always responsible for IT security. Even if the operation is outsourced in whole or in part, the plant owner is the one who finally remains accountable. Therefore, ensuring cyber security by adopting advanced technology is in the best interests of all stakeholders.

Downloads and media

Contact information

About Siemens