As IoT devices become hyper-connected and software driven, there's a growing risk that cyber vulnerabilities introduced through accidental errors, lack of secure-coding practices, or insecure open source software, may be exploited by malicious entities.
This is where Cyber Digital Twins come into play, helping product security teams keep their products and customers safe and secure.
What’s the definition of Cyber Digital Twins?
A Cyber Digital Twin is a detailed representation of a software component’s make-up and characteristics including the software bill-of-material (also known as SBOM or C-SBOM), underlying hardware architecture, OS’s configurations, encryption mechanisms and keys, hardening mechanisms, full control flow, used API calls and more. It provides insights into the composition, inner workings and context in which device software operates.
As the name suggests, Cyber Digital Twins are inspired by Digital Twins - digital replicas of physical systems used for product development and assessment purposes. Like their inspirational counterparts, Cyber Digital Twins relate to machines - vehicles, medical devices, consumer IoT appliances and more - but focus on the software that powers them and the security thereof.
While they could be manually created, in practice, they are generated via binary analysis solutions and made available to relevant parties.
They enable the development and maintenance of secure products in “little trust and limited visibility” ecosystems, for example when multiple parties are involved in product development (e.g. 3rd party vendors, in-house developers, external inspectors) and there is minimal or no access to the source-code driving these products.
Key use-cases & benefits
The wealth of information and metadata encapsulated within Cyber Digital Twins enables product security assessment during design and development and security operations and maintenance post-production. They benefit the entire product development ecosystem, primarily in the following areas:
Even the simplest of products is woven out of several software components, running on one or more hardware architectures, supporting different operating systems, and produced by different vendors. When it comes to complex products such as connected vehicles or medical devices, the technology mix increases dramatically and it becomes extremely difficult to perform proper security analysis and source the right tools in support of such work.
Cyber Digital Twins provide normalized, highly detailed representations of device firmware, facilitating analysis by product security experts via multiple tools, for numerous use cases such as CVE exposure, zero-day analysis and detecting privacy and compliance violations.
Today’s connected products are powered by diverse software components, of open-source or commercial nature, created by multiple vendors and contributors. In fact, there is often a complex supply chain supporting the OEM’s development efforts, which in-effect commits code to the final product for which the OEM is responsible.
But while the onus is with OEMs, they are effectively blind to the software powering their products and to vulnerabilities lurking within, as they are often provided with just binary code.
Cyber Digital Twins provide the much needed visibility into the software driving devices, exposing not only their make-up but also the characteristics and context in which they operate - from an accurate list of packages, versions and licenses, to underlying architectures and OSs, all the way to exposed interfaces, configurations, control flow and more.
The entire supply chain becomes transparent to all parties involved - OEMs, suppliers, 3rd party auditors and even regulators.
The complex development ecosystem mentioned above has a dramatic impact on the ability of manufacturers to understand which internal or external party should address security gaps and vulnerabilities. This becomes ever more important when devices are already in-service and security incidents must be dealt with quickly and efficiently.
Cyber Digital Twins can also capture historical data related to a software component e.g. versions, patches, TARA requirements, fixes etc.
Manufacturers, which are usually legally liable for the safety and security of their products, can thus validate the security posture of their multi-source products, pin-point cyber risks and trace their origin, pre and post development.
IP protection & Collaboration
It’s no surprise that unless cybersecurity information is standardized, and there is traceability and transparency amongst the supply chain participants, it is impossible for all parties involved to collaborate efficiently.
But for proper collaboration, parties also need ways to safeguard their intellectual property (IP). This stands in contrast to the need to obtain detailed information to validate software integrity and compliance with requirements (ranging from security and privacy validation to adherence with industry regulations and standards).
With cyber digital twins, there's no need for vendors to share the actual firmware that contains their valuable IP. Instead, they can share the Cyber Digital Twins that include all of the information security experts require to perform their analysis.
Cyber Digital Twins enable collaboration and form the de facto “token” that players involved in product design, development, manufacturing and certification can use to create and maintain secure products.
Security Team Empowerment
Every piece of software must undergo rigorous testing and assessment for security and regulatory compliance. As already mentioned, the extensive use of so many different technologies by each vendor complicates matters.
Performing the required research and assessment calls for highly skilled cybersecurity professionals - be those Testing, Inspection & Certification (TIC) organizations, 3rd party security contractors or an internal workforce - who understand each of the different technologies, how they are applied within the product and the impact of certain flaws on security. This means that the number of experts needed to perform the work grows in proportion to the number of components in use.
Cyber Digital Twins do the heavy lifting for the security analysts and researchers. Instead of spending extensive and expensive time analyzing binary code to get the info they need, they can focus on their actual work - running tests, validating adherence to policies, and detecting security gaps. This way, they can streamline and scale the product security assessment process, minimizing time and cost to discovery, compliance and recovery, as the case requires.
A call to action
Cyber Digital Twins are fundamental building blocks of a secure product development ecosystem that is harmonized, transparent and collaborative.
OEMs and their suppliers should utilize these to secure their products and customers, otherwise they risk exposure to liability claims, brand equity erosion and regulatory violations.
Talk to one of our experts to learn how you can make the most from Cyber Digital Twins and leverage them to strengthen the security posture of your products.
About the Author
Guy is Head of Product Marketing at Cybellum. He enjoys cultivating the connection between innovation and market value, aided by 15 years of product management and marketing experience at start-ups and tech giants, in domains ranging from cyber security to TV services to IoT platforms.