IIC, DTC publish guidelines for achieving security maturity for digital twin systems

The Industry IoT Consortium (IIC) and the Digital Twin Consortium (DTC) have published the IoT Security Maturity Model (SMM) Digital Twin Profile. The SMM Digital Twin Profile adds to the previously published IoT Security Maturity Model (SMM): Practitioner’s Guide for digital twin systems. The document enables those who design and deploy digital twins to understand how to better evaluate and achieve appropriate security maturity for their systems.

“Digital twins are not simply software as they can be connected and synchronized with real critical assets,” said Ron Zahavi, IoT SMM co-author and DTC executive director. “This work is the result of collaboration between the IIC and DTC and explores what is unique to digital twins in the context of IoT security maturity.”

Digital twins are a virtual representation of real-world processes and entities synchronized in frequency and fidelity, explains IIC. This raises unique security maturity concerns beyond the general considerations. The digital twin profile emphasizes the need to understand the nature of the digital twin system, including one or multiple digital twins and how they relate to assets and organizational boundaries, and the scope and function of the frequency and fidelity of synchronization.

“Digital twin technology is becoming central to digital transformation, so it is important to understand how to achieve security maturity when using it,”  said Frederick Hirsch, co-author of the IoT Security Maturity Model and co-chair of the IIC Trustworthiness Task Group. “This profile will enable a better and faster understanding of the issues related to security maturity for digital twin systems.”

The profile highlights that maturity for the SMM security practices can range from considering twins and assets separately to pro-active considerations of the complete systems. The document guides the eighteen SMM practices ranging from security program management to data protection, remediation and recovery related to this need range.

Organizations can combine the Digital Twin Profile with SMM mappings such as the industrial manufacturing 62443 mappings to relate concrete security controls requirements with maturity comprehensiveness levels for practices. They can also combine it with other SMM vertical industry profiles to provide digital twin guidance that is useful for various industries. In conjunction with the general guidance in the SMM practitioner’s guide, these guides can help practitioners achieve an appropriate level of security maturity for digital twin systems.