Digital Twin for Cyber Testing Michael J. OConnor Chief - PowerPoint PPT Presentation

Digital Twin for Cyber Testing Michael J. O’Connor Chief Technologist Trideum Huntsville, Alabama United States

Agenda • Introduction • Approach • Conduct Cyber Table Top • Develop Digital Twin • Develop Operational Wraparound • Testing • Conclusions

Introduction • Performing cyber testing on complex systems presents a number of challenges. • Access to the systems to perform potentially destructive cyber testing. • Providing the operationally relevant wrap around environment to the system under test (SUT) without compromising any of the systems with a cyber threat. • One approach for this is to create a digital twin of the system. • This is the only approach for single copy national systems, but is also useful for weapon systems.

Approach to Development • There are 3 elements to the development of an operationally relevant Digital Twin for cyber testing • Perform the Cyber Table Top • Develop the Digital Twin • Develop the Operational Wraparound • This will allow the performance of cyber testing in an operationally realistic environment without exposing an operational system to risk.

Approach Overview Cyber Threats Simulated Simulated SUT Data Customers Inputs to Outputs Digital Twin Cyber Test Instrumentation, Cyber Data Collection, & Cyber Threat Visualization

Cyber Table Top • The Cyber Table Top (CTT) brings system stakeholders and threat teams together • The system stakeholders include the developers of the system and the operators of the system • The developers bring knowledge of the system and can determine if threat vectors could effect the system • The system operators bring the operational knowledge of how the systems is used which allows them to determine the impact on mission of the threat effect

CTT Conduct • The three teams prepare information based on their role in the CTT • This information is shared with the other teams and reviewed • An in person discussion of the potential threats is conducted • Analysis is performed to complete the risk matrixes and determine the threat vectors that cause mission impacts

CTT Discussion • The Threat team proposes a potential cyber threat to the SUT • The Developer team responds with how they believe the system will respond to the threat • If the Developer team believes there will be a threat effect, the Operator team will provide the potential mission impact • Some cyber threats may produce an effect in the system, but the effect does not result in a mission impact • Group attempts to reach consensus on the risk matrixes for each threat • After the discussion, further analysis is conducted to refine the risk matrixes

Digital Twin Rational • It seems obvious the best test environment would always include the actual system in an operational environment and this is true for certain types of tests. • Some tests cannot be performed on the actual system for: • Human safety reasons • Performing cyber on an aircraft in-flight is not possible because of the risk to the pilot • The inability to create the operational environment. • Creating all of the live communications links for a command and control (C2) system is not practical • In these cases, a digital twin becomes the solution to testing.

Digital Twin Considerations • For a digital twin to be a solution its development must be cost efficient and developable in a limited timeline • If the cost for the digital twin becomes too high, it may be more cost efficient to risk destroying an actual system. • If the development takes too long, it will not be ready for testing in time to support the deployment or sustainment of the system under test • The results of the CTT are critical in driving the development of the digital twin to address the issues of cost and time

Digital Twin Scope • The scope for developing a digital twin varies greatly based on the nature of the system under test • A large enterprise Information Technology (IT) system could be composed of hundreds of networking devices and computers • A vehicle will have many fewer networking devices and computers, but large number of computer controlled mechanical systems • The results of the CTT will determine the level of fidelity of each of the components in the digital twin.

Digital Twin Development • Determine how to represent all of the elements of the system • Use real software on real Hardware • Use real software on commodity hardware • Use emulated software on commodity hardware • The results of the CTT drives the decision for each element of the system • Considerations include: • Surfaces required for the threat • Required inputs • Required outputs

Testing • Test plans should be developed to provide the correct conditions for the cyber threat vectors that were developed in the CTT • The exact number of tests will depend on the threat vectors • Systems should be in place to collect data provided to the SUT as part of the operational wrap-around • Systems should be in place to collect all of the data produced by the SUT • Based on the type of threat vectors, additional collection methods maybe required to collect threat actor actions.

Conclusions • The goal of using a digital twin for cyber testing is to determine the mission impacts that result from the cyber threat • Providing the full operational wrap-around to the SUT will show the mission impacts to the cyber threats • This is critical to provide actionable information to the system owners to address the impacts of the cyber threat • Experience in applying the digital twin approach with synthetic environments has provided lessons learned in cyber weapon testing • The importance of the CCT • Selection of components for the digital twin • How to provide the synthetic environment wrap around