For being here on site and also ones who join virtually. My name is Eck Nitel.
In fact, I started my career as an identity engineer. Now I am director at PWC and cyber privacy practice and focus on securing enterprise architecture. It's keeping course 15th university cotton. Congratulations. Also from my side, I'm happy to be here and be able to talk here again, especially as part of the woman and identity community, as I'm also driving inclusion diversity at PWC 2013 was my first presentation at a EIC about identity management and extended enterprises. Like for example, with cloud environments today, we see a lot of talks and presentations around cloud and Federation.
My talk today in fact, was inspired by last years, women and identity session, where I was moderating a session about the future of identity. And we had a really excellent discussion about the future of identity there.
And the digital twin was mentioned by one of the participant ladies. I'm not sure if she's here today, maybe online from Finland, talking about research about twin. And I think also from the security architecture perspective, this is quite an important topic and twin as a person interacting with real lives.
So we have seen advertising videos of twins or assistance who shadow, for example, our haircut on behalf of me as a scenarios could be interacting with public administration. And I really see love to see my digital twin preparing my tax declaration. Unfortunately in Germany, we are not yet there. I'm not sure about other countries. So I'm going to talk about digital twin. What's the history, where does it come from? What are the use cases, a high level, few ones architecture, but also what are the misuse cases? So what kind of threats arise? This digital twin?
What kind of cases there are.
But I would like also to end with some kind of chances and opportunities that lay for the digital twin ecosystem. So on twin, for me, it has some kind of sci-fi science fiction flavor infected was already started from an conceptual point of view and the 1960s. Whereas the NASA was attempting to improve the physical model simulation of spacecrafts, the term digital twin wasn't yet invented. It came later. So David Gill, it's an American computer scientist writer professor at Yale university. He wrote a, a book in the 90 nineties about mirror worlds, and I have to read what he wrote.
Mirror worlds are software modelers of some chunk of reality, some piece of surreal world going on outside your window, oceans of information, put endlessly into the model. So much information set. The model can mimic the realities every move moment by moment.
And later on, it was, for example, one example gave a hospital world has a software version of every patient doctor bed and through permanent sensors and ordinary record keeping the mirror world reflect serial one. So patients would have software of the ness.
So that was a idea was with David Gallant in the 1990s, grievers of the university of Michigan, proposed it for also twin application in manufacturing and using it for product life cycle management. And once again in NAZA John, because in 2010, now he called as a concept also and digital twin where this term digital twin arises. So commonly today's a common understanding of digital twin is a virtual model designed to accurately reflect physical objects.
And so if you look on the conceptional piece of the architectures, starting from the left hand side, where we are today and the digital model, you see the dotted lines indicating some kind of manual data flow between the physical object and the digital object.
Examples could be for example, for city or urban planning. So in COVID times, there was a request for having more bicycle lanes. So questions for city planners could be, how can we change traffic behavior? How could cycle lanes could help?
So in the traditional way of the digital model, so some kind of plannings and you have some kind of digital representation and then CD computer, a design programming, you have a map of your city. Then you ask for money, build a bicycle line and months and years later, you'll see if it would have worked out.
I think we are already in the time of digital schedule, where also in urban planning, city planning, they're gathering information about behavior moving condition of assets like cars, cyclists, pedestrians, maybe also from cultural events or like here, we have some kind of conference, how it would this impact traffic situation and use the kind of information.
And here you see that between the physical object and object, at least there some kind of automation which could be used for this kind of planning expect for bicycle lanes, for example.
And once again you did the simulation ask for some money, build it and have some kind of more insight how good it was or not. So with the digital twin, now we have, if we look at the cycle of the automatic data flow between you have a constant flow between physical and digital objects, and now you're able to have some kind of simulation real life simulation to see how potential building of cycle lines could already improve your traffic situation.
So what's used from the technol technology point, you use simulation data modeling, augmented, or virtual reality, artificial intelligence, machine learning, and to help to predict the future. And I was working in a data center.
We had some kind of virtual reality lab where you sensor have some kind of glasses and city around it. And then by drop of some hours, you can change. The buildings can change the structure of your city's infrastructure and could see how this could impact it. So that's the idea of having digital twins using and different kind of scenario.
Of course, today we are also looking at the use cases, but also on the misuse cases, how, what would happen if digital twins, misbehave, just a few examples of good use cases, what's their intended for? So typical twins are used for better decision making and also prediction. So for example, if you look at the power generation use cases, if you look at wind turbines, they're built offshores in the ocean somewhere, it's not easily accessible for maintenance.
So it's some kind of idea set, wind farm operators, do some kind of monitoring, use the parameters of the wind Turpin to achieve some kind of optimal settings for maintenance processes.
Now, if you look at if such kind of digital twins where optimize your maintenance process are hacked. So what could happen that the maintenance is carried out too late, which could lead to some kind of failures or outages, or even destruction of such kind of wind farms, other youth cases and physical structures, how to build and design.
For example, if you want to have some kind of, yeah, offshore drilling platforms, once again, offshore you have a huge amount of invest in money. Digital twins, again, could help you support to find some kind of optimization and borrow hose in kind in cases. If such digital twins are misused, some misbehavior could be that you have in the worst case on environmental disasters, as we've seen this horizon, other cases, good cases to use the twin for product life cycle management. What MIRI was writing about, look at production, processes of cars, for example, say, are quite complex.
You have word by supply chains. And so business model have some kind of uncertainty regarding the sustainability and resilience. So in COVID time, we've seen lockdown in China ports cause some kind of interruption in supply chain. So with digital twin modeling of your overall ecosystem, you could react on such kind of overall supply chain cases. Once again, if you look at what kind of misuse could help or queer, sir, so hackers could find off the weakest link of your supply chain.
Maybe that's only small pieces, but if you don't have small pieces to assemble your car, then it could cause production stuff or damage. So there are always good and good use cases to have to twins, but be aware all this rely on the data, rely on the data flow and that could be misused. So other use cases, Galler wrote also about the digital patient.
Having a digital twin of humans could be used for testing medicine, testing operations on beforehand, on beforehand. They are cool. And here we women in identity is a chance here, especially for women.
If we look today, medicine is tested, but women are underrepresented in medical testing, but here with some kind of virtual representation twin, you could also have some kind of studies around to have a broader and diverse view about how your medicine looks help. So digital written here could improve also of gender medicine, same question. And for urban planning, I used to already have some bicycle lane example for the furniture of the city, which is also called. And if we look at, for example, what could help the children there?
So many good examples that I'm going to hurry on say are the misuse cases ones? Well, single of, yeah. So city example how to put in street lights, for example, in some areas, for example, in term it's known angst thrower for women because they're too dark.
So on here, twin and simulation could also support you to place better traffic lights. Yeah. Street lights that you have also the environment more comfortable for women now coming to the threat factors. It's all based on data, the data between the physical entities between the virtual entities and the services around it.
So, and you see here on the slide also connections that you have connection between physical entities and the virtual models between the physical entities and the services between the services and the virtual Mo and on, and all this kind of connection could be also misused for attackers. So your up tech surface is getting bigger.
And so, and if you look at this manufacturing use case, you can't steal or hack a whole production plant, but if it's simulated and build it in a virtual model, in a digital twin, so the hackers could gain more information from hacking the twin as they would have, if they have the old fashioned way of misusing data or information and, and the production case, the virtual model, the twin reflects the processes, the entities, the behavior around it, the response mechanism and the control models, and also decisions in the rule around it.
So this kind of information that is incorporated in a literature bin is quite huge amount of information and such could be quite interesting well to misuse it and to hack it. But yeah, and we see oops, some more cases of misbehavior where point out just a few, this kind of user modeling could be also used for some kind of data leakage threats. And if you look at the current situation, we are having a lot of virtual meetings. So if you have some kind of virtual digital twin from me, I invite you quite often or Angelica for women in identity. We have meetups virtual meetups.
So imagine I have some kind of digital twin having a meetup with her, with the whole digital twin surrounding my office surrounding. And this is an evil digital twin of me and could cause some kind of, yeah, whatever we might sing about it, what a evil digital twin might cause.
So deep fakes, for example, in the case of digital twins would be some kind of scenario of misbehavior, but also identity theft and social engineering.
If you think of all the HES that have been occurred, where data surname, social security number, drive license, number four, number, et cetera, have been stoned in Sur past. And all this information could be misused to create evil, digital twins of real person. So we should be aware that this kind of threat is already out there. And I've mentioned machine piece is a production scenarios of digital twin and misbehavior and here as well. It could cause in case of some attacks, production stops and damages, and it's all relying on machine learning, artificial intelligence.
And already today, we have some kind of attack pattern, which is called poison attack, which means poisoning the data where machine learning is relying. So those kind of attacks are already out there.
And with some kind of digital twin, it's some kind of attack service that I propose will we see there as well, but I do not want to end this talk with all the bad news about misbehavior attack, what could happen with digital twin. Of course also from a cyber perspective, there is some kind of opportunities you stitch twin for cyber security, for example.
So also dig twin capture virtual models of an organization to have speed up your strategy and could also speed up your cyber strategy, which means identifies implementation of your workflows detect bottlenecks or unconsidered possibilities. And the idea behind is an assessment to simulate all the lenses in real time.
And the lenses that we have here end up from an architecture point is the organizational view, how efficient are you with your strategy and cyber strategy culture behavior, especially with tech service, use the digital twin to incorporate this the workflow, but also cost planning and structure.
So those are the opportunities while using digital twins for cyber security and adding up with my, to that even more opportunities for cyber.
I haven't put in all the use cases that I could think of as a security attack, look at the structure, stability and security like use digital twin for some kind of insight modeling rather than having some pen test are doing pen testing. Your organization have some kind of digital models, digital twins for pest, for example. And it could be even more cheaper cause effective than having some kind of heck around with a real ecosystem.
And also if you look at getting some kind of insights of behavior, some modern, the security infrastructure, quite often, I'm doing some kind of process description and, and controls around it. So with a digital twin model of your organization, of your behavior, of your user behavior, and you use a digital to twin, maybe it's quite easier to test and have it all on a paper and see maybe it works or not. So those are the kind of chances that lay also in cybersecurity while using digital twins for cybersecurity security. So thank you all for being here.
I see twin also as a good chance for building up trust betweens of different entities, and it's an investment in the prevention side, but I think it's much more cheaper as you have to care and cure about the cyber disaster has happened in a business critical situation.
