A new and improved strategy for detecting cyberattacks on manufacturing systems involves using AI to monitor a digital twin that mimics and is fed real-time data from the physical system.
Cybersecurity has long been a cat-and-mouse game between enterprises and hackers — or, more benignly, between enterprises and the mistakes their own people tend to make. Now, there is potential for essential operations and data to be separated from vulnerable surfaces, through digital twins technology.
That’s the word from the National Institute of Standards, which highlights a paper published in IEEE Transactions on Automation Science and Engineering, in which NIST and University of Michigan researchers demonstrated the feasibility of a digital-twin cybersecurity strategy by detecting cyberattacks aimed at a 3D printer in their lab. This is a framework that is applicable to could be applied to a broad range of commercial settings, and invokes new analytic capabilities. “A new and improved strategy for detecting cyberattacks on manufacturing systems, such as 3D printers, involves using AI to monitor a digital twin that mimics and is fed real-time data from the physical system,” according to the NIST authors.
Employing digital twin technology to sense abnormalities or intrusions has long been hampred by the impact that detecting cyberattacks has had the impact on system performance. Systems may need to be shut down to enable tools or administrators to probe for security information. “Operational data describing what is occurring within machines — sensor data, error signals, digital commands being issued or executed, for instance — could support cyberattack detection.,” according to the NIST paper. “However, directly accessing this kind of data in near real time from operational technology devices, such as a 3D printer, could put the performance and safety of the process on the factory floor at risk.”
Security data is inherent within digital twin platforms. Typically, they incorporate “an abundance of operational data, helping them accomplish a variety of feats without impacting performance or safety, including predicting when parts will start to break down and require maintenance,” the NIST authors relate. “In addition to spotting routine indicators of wear and tear, digital twins could help find something more within manufacturing data.”
“Because manufacturing processes produce such rich data sets — temperature, voltage, current — and they are so repetitive, there are opportunities to detect anomalies that stick out, including cyberattacks,” said Dawn Tilbury, a professor of mechanical engineering at the University of Michigan and study co-author.
In Tilbury’s demonstration project, the models incorporated into the digital twin “were adept at recognizing what the printer looked like under normal conditions, also meaning they could tell when things were out of the ordinary. If these models detected an irregularity, they passed the baton off to other computer models that checked whether the strange signals were consistent with anything in a library of known issues, such as the printer’s fan cooling its printing head more than expected. Then the system categorized the irregularity as an expected anomaly or a potential cyber threat.” A human expert made the final call as to whether the security threat was valid.
“If the framework hasn’t seen a certain anomaly before, a subject matter expert can analyze the collected data to provide further insights to be integrated into and improve the system,” said lead-author Efe Balta, a postdoctoral researcher at ETH Zurich. In the process, the model would learn what constitutes potential cybersecurity threats.