Dual Digital Twins For Enhanced Cybersecurity Posture

The exponential growth of the internet has also been the growth of vulnerabilities and attack surfaces(CSIS, 2024). The world economic forum estimated the cost of cybercrime in 2023 was 11.5 trillion USD and forecast it to grow to 23.82 trillion by 2027(Charlton, 2024). This poses a significant problem for organizations around the world, in a recent survey conducted by Cisco (2024) about 54% of companies reported being the target of a successful attack, a little more than half (52%) of the compromised companies reported that the incident cost the company at least $300,000 USD, with 12% saying that their impact was over a million USD. 73% of companies believe that within the next 24 months they will suffer a significant disruption due to a cyberattack (Cisco, 2024). The threat of a costly attack prompts companies to ask themselves how they can predict future attacks and minimize their impact. Current techniques for forecasting cyber defense are more reactive than proactive, and research into using Machine Learning has demonstrated that while it is able to forecast with roughly 70% accuracy at best. An answer may lie in a set of Digital Twins emulating the attack and defense of the company. In 2003, Grieves learned of the idea of a Digital Twin (DT) from NASA’s John Vickers and later used it in his University of Michigan Executive Course on Product Lifecycle Management, in it he defined the potential to simulate the manufacturing process as well as optimize the product life (Grieves, 2014). He discussed that a DT is composed of three key parts; physical products in physical space, virtual products in virtual space and a data link between the two. Luzzi et al (2024) conducted a systematic literature review that identifies the majority of existing literature focused on a Cyber-Cyber System(CCS), as opposed to a Cyber-Physical System(CPS). They also discuss the current prevailing strategies for predicting cyberattacks; what the current uses of DTs in the field of cybersecurity are; and what role DTs can play in enhancing the prediction of an attack. Almahmoud et al. discuss the use of machine learning for a proactive approach to forecasting cyber threats as a opposed to a traditional reactive approach (2023) and offer both a novel dataset constructed of big unstructured data and outline how their approach can predict threat trends up to three years in advance with up to 70% accuracy across a wide range of attacks including univariate and multivariate analysis for 42 different cyber attacks. This offers an attractive benchmark that can be used to validate future DT testing and applications The research regarding DTs and their application in a CCS is sparse compared to research with a more AI and ML centric view, however Dietz et al.(2022) demonstrate the ability of DT to engage in security by design system testing and show how DTs can be used in an industrial control system to prevent a pressure tank from exploding. Somma et al. (2020) introduce a potential framework for their DT implementation in cybersecurity utilizing five layers consisting of the Physical Twin(PT) layer representing the CPS, the PT-DT layer manages the data generated from the PT, the DT layer that replicates the network using Mininet, specifically MiniCPS(Antonioli and Tippenhauer, 2017), the DT-Serv layer which manages the data generated by the DT and last the Service layer where different security services are hosted. Suhail et al. (2023) highlight the potential that a DT may pose due to their interconnected nature with the CPS and propose a method of gamification that aims to secure the CPS through the use of AI/ML adversarial testing showing how their framework can be utilized to strengthen and introduce an explainable element for validation and verification. Hadar et al. (2020) show that DTs can be used to analyze and gather requirements for necessary security controls as well as to optimize and identify current or missing controls, outlining how DTs can be utilized within the design process to identify and rectify missing security controls. Current literature identifies the threat actor and defensive component of a given CCS DT as being one system and interacting as one system (Hader et al, 2020; Somma et al, 2020; Suhail et al, 2023, Luzzi et al, 2024). We propose that the separation of these two aspects, attack and defense, will allow for a greater degree of fidelity by allowing for greater control of the data incorporated into each twin. Somma et al, (2020) outline their five layers to implementing a proof of concept DT in a simulated network, representing the different devices in the network and by utilizing the forecasting benchmark and dataset outlined by Almahmoud et al, (2023) we can establish a baseline for future twin sets to be measured against for efficacy.