The Adoption of Digital Twin Technology Comes with Cybersecurity Concerns 

Updated on May 15, 2024

The global digital twin market is expected to grow to $110 billion by 2028 at a CAGR of nearly 61 percent, showing immense interest in this sector.  While the technology itself isn’t new (the concept of a digital twin has been used for years, mostly for product design and simulation by utilizing a data-driven 3D digital companion), most recently, data and advanced analytics have enabled digital twin technology to do more than simply mirror key processes within physical assets. Now a digital twin strategy connects the digital simulations to the physical environments and further enables the use of machine learning to predict outcomes based on historical data and algorithms specific to parts and/or whole systems. This has led to the technology’s rapid proliferation into various markets, including healthcare.

Digital Twin Definition and Examples

A digital twin is a virtual model of a process, product, production asset or service. Sensor-enabled and IoT-connected machines and devices, combined with machine learning and advanced analytics can be used to view the “twin’s” state in real time and test how various external factors will affect the real-world model. Digital twin technology is extremely valuable as it enables organizations to not only monitor the health of their systems but also simulate the effects of potential changes, leading to improved decision-making, proactive fault detection and innovative problem-solving strategies.

As one example, a team of researchers from Johns Hopkins University has developed a “genotype-specific digital-twin” strategy, nicknamed Geno-DT, to create a virtual replica of a patient’s heart, providing crucial insights into cardiac health for the diagnosis and treatment of arrhythmogenic right ventricular cardiomyopathy (ARVC). This virtual heart tool is used to “test” various procedures tailored to the individual patient by integrating two types of clinical data: how the patient’s heart structure may have been remodeled by the disease, and the genetic cause of the patient’s ARVC. Physicians can examine the twin’s behavior to determine where to place the catheter for optimal treatment. 

Where There is Data There is Vulnerability

As the market grows, however, security concerns must be taken into consideration. Where two or more vectors of data meet, so does a “window” for bad actors in search of said valuable data. To be successful, a digital twin must be intelligent, collaborative, interactive, immersive, and fully contextual within the Original Equipment Manufacturer’s (OEM) enterprise – which means feeding it live data (as in the Johns Hopkins example). Live data – and its possible leakage – is a real security vulnerability, particularly in healthcare. I’m sure I don’t need to remind readers of the major cyberattacks on Change Healthcare and United Health just in the past few months. 

As digital twin technology becomes increasingly integrated with critical systems and infrastructure across the healthcare universe, the data connection between these physical and digital counterparts creates a considerable opportunity for threat actors and can pose significant risk to organizations and the public. Typically, these types of data connections are easily intercepted and their integrity vulnerable to actual modification by bad actors. 

Cybersecurity Considerations

Healthcare organizations implementing digital twin technology — whether it’s on the patient, the hospital itself, or local communities (the Cleveland Clinic uses digital twins to better understand how patients’ neighborhoods influence their health, and, therefore, what health interventions can be implemented to improve health equity)– need to enact some clear cybersecurity protocols to keep bad actors out. 

These external sensors used in digital twins are commonly found in small computer devices that have network connectivity (e.g. wireless, ethernet, etc.). However, these IoT devices are ‘lightweight,’ relatively cheap, and such purpose-built devices typically sacrifice security for mobility, such as encryption or monitoring. 

Based on the environments in which they are deployed and their inherent vulnerabilities, there are three key cybersecurity considerations to keep in mind when utilizing digital twins:

  1. Understanding and managing the risks of OT/IoT devices. IoT devices are resource constrained and purpose-built for a specific function such as monitoring temperature, motion, video, etc. The main resource constraint is power, such that they can be easily manufactured to be cheap, reliable and efficient to their specific utility. However, unlike personal computers which have much more computing power and perform a myriad of security functions in the background (e.g. antivirus, encryption, monitoring, etc.), many of these security functions get stripped away for OT/IoT devices so that they can dedicate their computations to their specific function. Of course, this opens up several security vulnerabilities within the devices and, in most cases, “backdoor access” to the broader network on which attackers can transverse their access. Additionally, the small form size of these devices, their cheap cost and disposable nature makes them more susceptible to being mis-managed from a physical asset perspective (e.g. being lost, untracked in change management, not disposed of properly, etc.). Understanding these issues and implementing security controls that mitigate these risks, without greatly diminishing the benefits of digital twins is of critical importance when assessing the security concerns.
  2. PII and Data Protection. As mentioned, these lightweight devices sacrifice security measures so that sensors that support digital twins can be deployed en masse and send their data over the network. Depending on the environment in which they are deployed, an attractive solution for data transfer is to use a wireless communication protocol (e.g. wifi, bluetooth, etc.). It is well known, however, that these protocols are overtly susceptible to interception and manipulation. Understanding the vulnerabilities when using these methods for data transfer is essential for security, especially when dealing with sensitive data such as PHI.
  3. Vulnerabilities of Legacy Systems. Many OT legacy systems were not designed for open, interconnected communication, including many of the existing sensors, actuators, and devices in the OT ecosystem. Connecting these devices directly or via an IoT device to a broader network has many operational advantages such as improved monitoring, remote access control, and fault detection, especially within the realm of digital twins. However, this interface between legacy systems and IoT devices presents several security challenges (e.g. network infiltration via the legacy system, DDoS on the sensor or IoT device, etc.) and may even introduce new vulnerabilities. Assessing the cyber risks associated with retrofitting such systems against their opportunity costs is an important consideration to manage the security concerns. 

Manage, Detection, and Response (MDR) Adaptation

With the unique security environment that comes with the promise of digital twin technology, adaptations need to be made to a healthcare organization’s cybersecurity plan. A proactive approach to cybersecurity includes integrating security at every stage of a digital twin’s lifecycle. This includes a zero-trust security architecture, which grants minimal access to the data and verification of every request before granting use privileges. 

The best providers of Managed Detection and Response (MDR) services offer advanced detection, 24/7 threat hunting, deep investigation, and reliable, swift response. In other words, you should trust your MDR provider to detect attacks on your sensitive data and stop threats on your behalf before they disrupt your business – full stop. By addressing these challenges head-on, healthcare can unlock the full potential of digital twins while ensuring they remain secure and resilient in the face of evolving threats.

Jeff Schwartzentruber
Jeff Schwartzentruber
Sr. Machine Learning Scientist at eSentire

Dr. Jeff Schwartzentruber holds the position of Sr. Machine Learning Scientist at eSentire – a Canadian cyber-security company specializing in Managed Detection and Response (MDR). Dr. Schwartzentruber’s primary academic and industry research has been concentrated in solving problems at the intersection of cyber-security and machine learning (ML). Over his 10-year career, Dr. Schwartzentruber has been involved in applying ML for threat detection and security analytics for several large Canadian financial institutions, public sector organizations (federal) and SME’s. In addition to his private sector work, Dr. Schwartzentruber is also an Adjunct Faculty at Dalhousie University in the Department of Computer Science, a Special Graduate Faculty member with the School of Computer Science at the University of Guelph, and a Research Fellow at the Rogers Cybersecure Catalysts.