Hitachi Taps New Technology in Digital Twin Security

Hitachi, Ltd. has developed Security Digital Twin (SDT) technology that facilitates the planning of security countermeasures ensuring business continuity*1. Particularly, it capitalizes on the security expertise amassed by Hitachi in operational technology (OT) systems*2.

Moreover, this technology reproduces digital twins in cyber space comprising actor, asset, and process models to simulate OT systems in physical space. Customers can identify high-risk vulnerabilities and propose multiple effective security countermeasures to evaluate the impact each has on business continuity (side effects) before implementing any of those security countermeasures in an OT system.

In addition, customers can then properly plan security countermeasures based on the assessment results of these side effects so that they can align with their key performance indicators (KPI).

Hitachi will use this technology in the future to help optimize and drive the efficiency of security countermeasures for IoT devices as well as connected cars, medical equipment systems and other social infrastructure, such as power plants.

Hitachi announced some aspects of security digital twins at last year’s The SICE Annual Conference 2022 on September 7. This technology also received the Achievement Prize for Industrial Applications from the 2022 Society of Instrument and Control Engineers (SICE) Annual Conference Award on November 15, 2022.

Fig. 1. Conceptual diagram of the security digital twin technology

Technology Details

Recently, cyber attacks against OT systems are rapidly increasing. Hence, there is an urgent need for the improvement of cyber security in OT systems as well as IT systems.

However, vulnerabilities of OT systems remain for a long time compared to IT system. This as security countermeasures, such as patching and changing firewall rules, could result in unexpected downtime.

For that reason, Hitachi has developed the SDT in a bid to address the issue. Most importantly, the SDT can plan security countermeasures that can reduce the risk of cyber attacks. Furthermore, to also evaluate side effects caused by each security countermeasure, such as system halt. Below outlines further the technological features of the SDT.

Technology to build digital twins of OT systems with three-layer models

OT systems in physical space can be seen by three-layer models consisting of the actor, asset, and process models in cyber space to evaluate side effects on business continuity (Fig. 2).

Fig. 2. Technology to configure digital twins of OT systems using three-layer models

The actor model reproduces the behavior of operators involved in daily operations, attackers who make negative impacts on the system, and defenders who implement security countermeasures. The asset model represents the information of computers in OT systems, including software vulnerabilities and network dependencies.

Meanwhile, the process model reproduces the conduct of critical business processes. By dividing the digital twin into three layers, experts in each field can quickly and accurately construct models independently. In addition, integrate them using common interfaces. Finally, a state transition program that links three-layer models is used to reproduce the behavior of each model in time series.

For example, the program works as follows: Users can activate an attacker model to attack the asset model and then identify high-risk vulnerabilities. Next, users activate a defender model to apply multiple plans of security countermeasures that mitigate the risk of cyber attacks. Finally, the user evaluates side effects, i.e., the level of degradation in the business performance, of each plan.

Productivity calculation models for IoT environments at factories

To apply this technology in a factory environment, Hitachi set forth “maintaining the production rate of lines” as a KPI. At the same tim,e developed a model calculating the impact of security countermeasures on productivity.

Fig. 3 shows a digital twin of the production process built using Petri nets*3. The model shows the state of products represented in cyber space by tokens (black circle) after a number of manufacturing steps. Furthermore, it calculates the production rate from the number of tokens that have completed all manufacturing steps.

Fig. 3. Model to calculate the impact of security countermeasures on production rate in a factory environment

Moreover, such technology to automatically generate production models from operational logs accumulated by the production management system enables customers to quickly build the SDT for different factory environments.

The use of Petri nets also enables modeling of other business operations, for example production, quality assurance, or remote monitoring, shown in Fig. 4. If the SDT identifies high-risk vulnerabilities and multiple security countermeasure patterns, optimal mitigations can be planned based on the customer’s KPI and side effects for each countermeasure.

Fig. 4. Example of security options taking into account side effects

The example shown in Fig. 4 illustrates a customer prioritizing production and quality assurance processes as KPIs, while tolerating outage of remote monitoring services. Selection of security countermeasure no. 2 most closely matches the customer’s requirements, enabling a rapid deployment in the OT system.

Reference: Past news releases and research topics

  • 96th Computer Security Research Conference, Information Processing Society of Japan, Computer Security Special Interest Group (CSEC), March 10-11, 2022
  • 2022 IEICE General Conference, Institute of Electronics, Information and Communication Engineers (IEICE), March 15-18, 2022
  • The SICE Annual Conference 2022, September 6-9, 2022
  • Recipient of the Encouragement Prize 2022 for Industrial Applications Division from The Society of Instrument and Control Engineers (SICE)


*1 Business continuity: In regards to system operations, the capability to continue important business operations while satisfying certain pre-defined criteria.

*2 OT system: A system to control and operate industrial equipment, such as plants and social infrastructure. It is often referred to as a control system or industrial control system.

*3 Petri net: A modeling language comprising places and transitions, represented by circles and rectangles.