Cybersecurity: Digital Twins in Automotive Industry : The Road Ahead – An Exploratory Study

Abstract: The digital twin is a concept that has attracted the attention of both industry and academia in the last decade with the advent of Industry 4.0 and the adoption of future technologies. Previous research has shown that the automotive industry is facing significant challenges as demand for advanced, connected systems increases, and with it, cybersecurity risks. As the automotive industry has evolved, this concept has become prevalent in many areas and is now applied to products and systems throughout their lifecycle, which also means that the digital twin plays a key role in many development processes. Therefore, it is important to investigate what the cybersecurity stands in terms of cybersecurity. This study takes an exploratory approach that primarily aims to investigate and gain a broader perspective on a relatively unexplored topic, namely cybersecurity for digital twins in the automotive industry. The application of digital twins in the automotive industry was explored to determine what security challenges exist and whether these challenges can be solved using existing security paradigms. Industrial use cases were developed to illustrate the digital twins that exist in the automotive industry. In addition, at an overall level, a threat analysis and risk assessment (TARA) is conducted, again using STRIDE, one of the most commonly used threat models, to identify potential risks and attacks that exist and how they might be addressed in each case. Semi-structured interviews were also conducted with four experts working with digital twins and future innovations in the automotive industry to gain insight into how the experts view the digital twin in the context of cybersecurity, risks and threats of digital information. The results of the TARA analysis and the interviews showed that there are many different risks for digital twins that may vary between digital twins, and that there is a common denominator for all of them that can be defined as the biggest challenge for the digital twin, which is data and its related risks. Thus, it can be said that the security paradigms for solving the digital twin are based on the threats and risks of the individual digital twin.