The Industry IoT Consortium (IIC) and the Digital Twin Consortium (DTC) announced the IoT Security Maturity Model (SMM) Digital Twin Profile. The SMM Digital Twin Profile extends guidance from the previously published IoT Security Maturity Model: Practitioner’s Guide for digital twin systems. It enables those who design and deploy digital twins to understand how to better evaluate and achieve appropriate security maturity for their systems.
Digital twins are a virtual representation of real-world processes and entities synchronized in frequency and fidelity, thus raising unique security maturity concerns beyond the general considerations. The digital twin profile emphasizes the need to understand the nature of the digital twin system, including one or multiple digital twins and how they relate to assets and organizational boundaries, and the scope and function of the frequency and fidelity of synchronization.
The profile highlights that maturity for the SMM security practices can range from considering twins and assets separately to pro-active considerations of the complete systems. The document guides the eighteen SMM practices ranging from security program management to data protection, remediation, and recovery related to this need range.
Organizations can combine the Digital Twin Profile with SMM mappings such as the industrial manufacturing 62443 mappings to relate concrete security controls requirements with maturity comprehensiveness levels for practices. They can also combine it with other SMM vertical industry profiles to provide digital twin guidance that is useful for various industries. In conjunction with the general guidance in the SMM practitioner’s guide, these guides can help practitioners achieve an appropriate level of security maturity for digital twin systems.