Illinois uses “digital twins” to create more secure advanced manufacturing systems
In cyber-physical control systems, such as those used in manufacturing, cyber-attacks have the potential to harm equipment and people. To detect and thwart these attacks, researchers often utilize virtualized testbeds to simulate attacks, especially those that leverage software flaws.
With the support of both government and industry sources, Illinois’ Information Trust Institute (ITI) has been working on foundational technical issues and unique applications for “digital twins,” which are emulations of real systems that contain simulated communication networks, devices, and other cyber and physical components.
“Real cyber-attack data is rare, and rarely shared,” said ITI Director David M. Nicol, the Franklin W. Woeltge Professor of Electrical and Computer Engineering. “Our ability to synthetically generate data with high fidelity means we can create attack scenarios not yet seen in the wild and train more deeply on them.”
A key issue is keeping the physical and computer simulations tightly synchronized. In reality, a sensor will report a stream of physical measurements to a programmable logic controller (PLC), which in turn issues a stream of control commands to actuators connected to the physical system. The PLC program is written as though the measurement were very recently taken and reacts with a command which affects the physical system.
If a digital twin’s components are executed without explicit temporal synchronization, the physical simulation may exhibit behavior which would not be observed on the factory floor. ITI’s approach is to embed the emulators in virtual time while taking explicit control over the execution of emulation and simulator code.
“We’ve repeatedly demonstrated on models of real systems how badly the digital twin can misbehave if temporal synchronization is neglected,” Nicol said. “We’ve seen that the predicted system behavior can become unstable, because the commands it responds to are too early or too late.”
A temporally synchronized digital twin is a great tool for creating realistic system behavior. In a number of projects, ITI researchers have embedded security monitors and protections within a digital twin, and then introduced cyber-attacks to observe how well the monitors and protection work against the simulated attack.
In other applications, ITI’s digital twins create communication traffic that has high-fidelity simulated measurements of the physical system, carried by actual implementations of the communication protocols used in the industrial system. This ability supports a very active area of research in the use of machine learning to detect intrusions.
Nicol says, “The most effective techniques in machine learning train on a large supply of quality data. Scientifically controlled training and evaluation of machine learning intrusion detection systems is a breakthrough idea.”