Application of Digital Twin Technology for Modelling of Information Security Level of Industrial Plant

. Maintaining the high level of information security at all stages of production is one of the most important tasks of modern industrial plans. In this case, the complex (integrated) approach plays a special role in which information security is realized on maximum number of automated systems and communication channels. The article is devoted to the mechanism of modelling the realization of external and internal information security threats by means of digital twin application. The presented model is a generalized digital copy of all industrial automated systems.


Introduction
Digital twin technology is becoming more popular among industrial enterprises. The main purpose of the technology is creating the model (copy) that is closest to reality. These models should contain the complex of detailed digital copies of physical objects in all automated systems (further AS).
Digital twin technology is at the intersection of technologies "Industry 4.0" and "Industrial Internet of things" [1].
Detailed digital twins could be used for maintaining (and increasing) the level industrial information security. This requires: -creating the detailed digital model of all AS and communication channels of enterprise: a) creating the digital models of computing complexes (further CC); b) creating the digital models of data stores (further DS); c) creating the digital models of local area networks (further LAN); d) creating the digital models of automated workstations (further AW) for employees; -modelling the information security incidents: a) modelling (simulation) employee behavior; b) modelling (simulation) "behavior" of active equipment (technics); c) modelling (simulation) "behavior" of passive equipment (communication channels); d) modelling (simulation) of changes in environment parameters; -integrated modelling of all systems and incidents: a) building incident trees (in particular for the study of avalanche effects); b) using Swiss Cheese Model (from risk theory) [2].

Detailed digital model of all enterprise automated systems
Architecture scheme of interaction between main enterprises AS elements is shown on Figure 1.

Digital Model of CC
Digital model of CC should contain: -the logic of all information processing algorithms; -the logic of interaction between clusters; -technical characteristics of the equipment; -technical characteristics of data transmission channels within CCi and between CC; -data exchange interfaces (e.g. MPI -Message Passing Interface); -features of the operation of RAM (Random Access Memory) and permanent memory; environmental conditions: a) wet; b) temperature; c) electromagnetic compatibility of equipment (including TEMPEST or "Compromising emanation") etc.; -territorial location, etc.

Digital model of DS
Digital model of DS should contain: -feature of applied storage technologies (access mode, backup mode, protocols used, etc.); -technical characteristics of the equipment; -technical characteristics of data transmission channels within DSj and between DS; -territorial location; -environmental conditions, etc.

Digital model of LAN
Digital model of LAN should contain: -network topology; -technical characteristics of data transmission channels; -territorial location of all network parts; -heterogeneity of data transmission medium (on physical level); -environmental conditions, etc.

Modelling the information security incidents
When the complete (detailed) digital copy of AS is created, development of event scenarios is needed. Event scenarios should depend on employees' behavior, equipment condition and the external environment.
If the behavior of equipment and environment could be predicted by changing a relatively small number of parameters, then employees' behavior modelling requires research on psychological, emotional, moral and motivation factors.
Modelling of equipment reliability can be carried out by mean of Monte-Carlo method [6]. For this, the technical characteristics AS equipment should be used as parameters. Also, this method could be used for modelling of external environment parameters.
It is important to note, that Monte-Carlo method assumes the presence of a large amount of computing resources.
When employee's behavior modelling, it is necessary to take into account: -human factor: a) tiredness; b) tensity; c) neuropsychic stability; d) stress level etc.; -psycho-emotional state: a) suffered shocks [7]; b) love etc.; -morals and principles: a) upbringing; b) education; c) origin; d) religiosity etc. Based on the listed characteristics possible "personal portraits" of employees are formed. For correct modelling, "personal portraits" (which saved in database) are discussed and coordinated with expertspsychoanalysts.

Incident tree
While modelling of employee's, equipment and environment behavior the possibility of a series of interrelated events should be taken into accountavalanche effect, in which each of the events does not pose a serious threat, but their combination can lead to a decrease in the enterprise information security level.

Model "Cheese holes" (Swiss Cheese Model)
Model "Cheese holes" (Swiss Cheese Model) assumes that in any system there are vulnerability at different levels. However, the levels of protection ("cheese layers") overlaps, and therefore the general state of system is stable (Figure 2a). However, there is the possibility that "cheese holes" would be overlapped not by cheese layers, but by the "holes" (lined up), which would lead to the global (system) information security threat implementation (Figure 2b).
In order to minimize the likelihood of lowering the information security level, it is necessary to: -reduce the number of cheese "holes"; -reduce in the size of "cheese holes". "Cheese holes" could be any kind of vulnerabilities in any part of enterprise AS in any time. Thereby while creating the model of "Cheese holes" it is necessary to consider both special and temporal aspects of information security [8].

Realization of modelling the digital twin
When using the concept of digital twins to simulate information security incidents and assess the protection level of all enterprise AS it is necessary to describe as accurate as possible all business processes and resources [9].
The cost of realization directly depends on degree of approximation of the digital model to reality. Also, the choice of modelling methods defines the realization cost.

Conclusion
Modelling physical systems using the conception of digital twins is a convenient tool for predicting the behavior of complex technical objects. The article is devoted to the methodology for using digital twins to estimate the information security level of the enterprise's automated systems. The methodology takes into account modelling of complex automated systems, communications, employees' actions, possible security incidents. In addition, methods of creating incident trees and "cheese holes" are presented as tools for integrate modelling. The methodology presented in the article allows to estimate the information security level as accurate as possible, to identify the "bottlenecks" and to take actions to eliminate vulnerabilities on time.