Digital Twin for Cyber Testing Michael J. OConnor Chief - - PowerPoint PPT Presentation

Digital Twin for Cyber Testing

Michael J. O’Connor Chief Technologist Trideum Huntsville, Alabama United States

Agenda

• Introduction
• Approach
• Conduct Cyber Table Top
• Develop Digital Twin
• Develop Operational Wraparound
• Testing
• Conclusions

Introduction

• Performing cyber testing on complex systems presents a number of

challenges.

• Access to the systems to perform potentially destructive cyber testing.
• Providing the operationally relevant wrap around environment to the system

under test (SUT) without compromising any of the systems with a cyber threat.

• One approach for this is to create a digital twin of the system.
• This is the only approach for single copy national systems, but is also

useful for weapon systems.

Approach to Development

• There are 3 elements to the development of an operationally relevant

Digital Twin for cyber testing

• Perform the Cyber Table Top
• Develop the Digital Twin
• Develop the Operational Wraparound
• This will allow the performance of cyber testing in an operationally

realistic environment without exposing an operational system to risk.

Approach Overview

SUT Digital Twin

Cyber Threats Cyber Test Instrumentation, Cyber Data Collection, & Cyber Threat Visualization Simulated Data Inputs to Simulated Customers Outputs

Cyber Table Top

• The Cyber Table Top (CTT) brings system stakeholders and threat

teams together

• The system stakeholders include the developers of the system and the
• perators of the system
• The developers bring knowledge of the system and can determine if threat

vectors could effect the system

• The system operators bring the operational knowledge of how the systems is

used which allows them to determine the impact on mission of the threat effect

CTT Conduct

• The three teams prepare information based on their role in the CTT
• This information is shared with the other teams and reviewed
• An in person discussion of the potential threats is conducted
• Analysis is performed to complete the risk matrixes and determine

the threat vectors that cause mission impacts

CTT Discussion

• The Threat team proposes a potential cyber threat to the SUT
• The Developer team responds with how they believe the system will

respond to the threat

• If the Developer team believes there will be a threat effect, the

Operator team will provide the potential mission impact

• Some cyber threats may produce an effect in the system, but the effect does

not result in a mission impact

• Group attempts to reach consensus on the risk matrixes for each

threat

• After the discussion, further analysis is conducted to refine the risk

matrixes

Digital Twin Rational

• It seems obvious the best test environment would always include the

actual system in an operational environment and this is true for certain types of tests.

• Some tests cannot be performed on the actual system for:
• Human safety reasons
• Performing cyber on an aircraft in-flight is not possible because of the risk to the pilot
• The inability to create the operational environment.
• Creating all of the live communications links for a command and control (C2) system is

not practical

• In these cases, a digital twin becomes the solution to testing.

Digital Twin Considerations

• For a digital twin to be a solution its development must be cost

efficient and developable in a limited timeline

• If the cost for the digital twin becomes too high, it may be more cost

efficient to risk destroying an actual system.

• If the development takes too long, it will not be ready for testing in

time to support the deployment or sustainment of the system under test

• The results of the CTT are critical in driving the development of the

digital twin to address the issues of cost and time

Digital Twin Scope

• The scope for developing a digital twin varies greatly based on the

nature of the system under test

• A large enterprise Information Technology (IT) system could be

composed of hundreds of networking devices and computers

• A vehicle will have many fewer networking devices and computers,

but large number of computer controlled mechanical systems

• The results of the CTT will determine the level of fidelity of each of

the components in the digital twin.

Digital Twin Development

• Determine how to represent all of the elements of the system
• Use real software on real Hardware
• Use real software on commodity hardware
• Use emulated software on commodity hardware
• The results of the CTT drives the decision for each element of the

system

• Considerations include:
• Surfaces required for the threat
• Required inputs
• Required outputs

Testing

• Test plans should be developed to provide the correct conditions for

the cyber threat vectors that were developed in the CTT

• The exact number of tests will depend on the threat vectors
• Systems should be in place to collect data provided to the SUT as part
• f the operational wrap-around
• Systems should be in place to collect all of the data produced by the

SUT

• Based on the type of threat vectors, additional collection methods

maybe required to collect threat actor actions.

Conclusions

• The goal of using a digital twin for cyber testing is to determine the mission

impacts that result from the cyber threat

• Providing the full operational wrap-around to the SUT will show the

mission impacts to the cyber threats

• This is critical to provide actionable information to the system owners to

address the impacts of the cyber threat

• Experience in applying the digital twin approach with synthetic

environments has provided lessons learned in cyber weapon testing

• The importance of the CCT
• Selection of components for the digital twin
• How to provide the synthetic environment wrap around