Using Security Digital Twin technology to visualize risks to system security and propose optimal countermeasures
Hitachi has developed a Risk Coordination Dashboard that helps customers make fast and effective decisions on cybersecurity countermeasures while maintaining business continuity. This technology, making use of the Security Digital Twin technology*1, 2 developed by Hitachi over the years to date, creates a model of the customer system in cyberspace, and enables quantitative evaluation and visualization of both the business impact of a security incident*3 and the impact on business continuity from cybersecurity countermeasures (Figure 1). This allows top management and security personnel to arrive at a common awareness of risks, enabling fast decision-making. Verification trials have confirmed the ability to replicate in the Security Digital Twin incidents that have actually occurred, and demonstrated that the steps from devising a system model to proposing countermeasures can be completed in around two weeks.*4
Going forward, Hitachi will verify the effectiveness of this technology on systems of customers in diverse industries, aiming to provide a security platform in support of customer peace of mind and trust.
Figure 1. Risk Coordination Dashboard screen
As threats from various kinds of cyberattacks, among them ransomware*5 and zero-day exploits,*6 have increased in recent years, companies are faced with the need for rapid investment in security and strengthening of their risk management. Customers, however, who provide social infrastructure, or those in the manufacturing industry, for example, may find it difficult to shut down their operational systems to institute cybersecurity countermeasures, which has hindered their ability to make quantitative assessments of the business impact of incidents or the impact on their operations from implementing cybersecurity countermeasures; as a result, they have often failed to introduce necessary measures in a timely manner.
Hitachi, making use of the Security Digital Twin technology, has developed a Risk Coordination Dashboard that supports fast decision-making while maintaining business continuity. With this technology, multiple maps and detailed information are aggregated on the dashboard enabling the status of risks and countermeasures to be seen at a glance, so that customers can assess and visualize in one place such matters as the probability of incidents occurring, their business impact, and the effectiveness of cybersecurity countermeasures and their impact on business continuity, along with details of each. While helping top management and security personnel arrive at a common awareness of risks, the Risk Coordination Dashboard supports smooth introduction of effective cybersecurity countermeasures taking into account their business impact.
The risk map quantitatively shows high-probability attack scenarios and their business impact, while the countermeasures map visualizes the risk mitigation efficacy of the cybersecurity countermeasures and their side effects on operations. The details of each are shown at the bottom of the dashboard, enabling the details of attacks and countermeasures to be displayed along with specifics of their impact on operations. Making use of this dashboard, companies and organizations can support fast and effective decision-making and derive suitable cybersecurity countermeasures for ensuring continuity of their operations.
To verify this technology, simulations were run on customer systems (around 50 assets) where incidents had actually occurred in the past, using as inputs the system information and business processes at the time of the incident. These tests confirmed that the technology is capable of replicating actually occurred incidents in the Security Digital Twin and proposing countermeasures for those incidents, without the need for manual input of specific incident information in the model. They also demonstrated that the steps from devising a system model to proposing countermeasures can be completed in around two weeks, supporting fast decision-making regarding the cybersecurity countermeasures for ensuring business continuity.
Hitachi will continue verifying the effectiveness of this technology on a variety of customer systems, and proceed with implementing technology that helps ensure both business continuity and security, with the aim of maximizing the effectiveness of customers’ cybersecurity countermeasures.
*1 Development of Security Digital Twin Technology for Planning Security Countermeasures Ensuring Business Continuity
*2 Development of a Prototype Security Digital Twin System That Assesses Adverse Impacts on Operations from Cyberattacks
*3 Malware infection, unauthorized access, stealing of confidential information, or other incidents that threaten security.
*4 The effectiveness has been confirmed on customer systems comprising around 50 assets.
*5 Malicious software that, upon infecting a personal computer or other system, encrypts the data stored on the system rendering it unusable, followed by demands payment for the decryption of the data.
*6 A cyberattack taking advantage of a software vulnerability that has been discovered but for which no program or patch to fix it has yet been made available.
For more information, use the inquiry form below to contact the Research & Development Group, Hitachi, Ltd. Please make sure to include the title of the article.
https://www8.hitachi.co.jp/inquiry/hitachi-ltd/hqrd/news/en/form.jsp
