For the past few weeks, I have been enjoying re-watching every season of Stranger Things, the popular Netflix sci-fi horror drama series set in the 1980s that’s been running since 2016. It got me thinking about my life back when I was a 12-year-old geek at secondary school in 1982, just one year before season one of the series starts.
We had a lesson in school back then simply called Q, which stood for “Enquiry” and was a wide-ranging lesson that encouraged us to take an interest in the world around us, the context it developed from and to explore where it might go in the future. It was a fantastic subject, and my most abiding memory of it was Mr. Butler, our teacher, telling us: “There are lessons everywhere outside this classroom, you just need to know where to look.”
For those who are unfamiliar with the cultural hit Stranger Things, then I won’t post any spoilers. Suffice to say that central to the Stranger Things story is “Upside Down,” a figurative other side of the Dungeons and Dragons diorama of the central characters. The Upside Down exists as a decaying, overgrown, alternate dimension that represents an accurate, but dangerous reflection of the real world, where creatures and phenomena not readily apparent in our dimension are both visible and visceral. It struck me as I watched: there’s the lesson.
The Upside Down maps to the current challenges and future opportunities in the world of cybersecurity. It very effectively represents what U.S. military doctrine refers to as “The fifth dimension of warfare.” In his 2014 book, Fifth Dimensional Operations: Space-Time-Cyber Dimensionality in Conflict and War, military theorist Robert J. Bunker could just as easily be describing Stranger Things when he writes of “terrorists that hide in a virtual domain that adversaries cannot reach, utilizing organic camouflage, sympathetic social spaces, or aspects of cyberspace to mask their activities until the last moment.” This idea of a digital Upside Down is useful not only to conceptualize military and criminal operations in cyberspace, but defenders can also leverage it in protecting data.
When Will Byers, one of the main characters, was rescued from the Upside Down world in Stranger Things, he returned with “true sight” described by Dustin, another central character, as “the power to see into the ethereal plane.” We can use detailed visibility of our enterprise environments to gain our own advantages over the adversary, using the power of true observability. Observability differs from visibility in that it offers rich contextual data to the continuous discovery of assets within an environment. Will could sense not only the networks of tunnels that radiated out from Hawkins National Laboratory, the epic center of the “evil” but also what was taking place within them, by accessing his “now-memories.”
We can think of the digital twin as a real-world technological analogy to the Upside Down. The concept of a digital twin was first introduced in 2002 at a Society of Manufacturing Engineers conference. Conceived as a digital representation of a physical counterpart, such as a wind turbine or jet engine, data gets fed in real time from the physical to the digital product, for the purposes of continuous testing and modelling. The “unavoidable acceleration of everything,” a phrase I coined almost 10 years ago, has seen the capabilities of the digital twin increase exponentially. In fact, Singapore has become the first country to begin building its own complete digital twin. While it’s still nascent technology, particularly the requirement for real-time data capture on such a wide scale, the rollout of 5G promises to change that. Bringing together people, machines, objects, and services, 5G promises a wealth of benefits, such as much greater bandwidth and faster connectivity with lower latency over a wider geographic area to many more devices.
Now’s the time for enterprises to begin planning for their own Upside Down. Combining existing network infrastructure with the low-latency, high reliability, mobility, throughput, and device density offered by 5G, empowers operational intelligence. With real-time asset condition and maintenance tracking and connection of hard-to-reach equipment, it’s now possible to create a true representative digital twin of an entire enterprise from IT to OT to IoE.
In an enterprise environment, easily replicable cloud-based digital twins let their operators test proposed new production or changes to existing operations or cybersecurity strategies, before rolling them out into the physical environment. Truly active red and blue teaming exercises can test not only the relative readiness of attack and defense, but also the real-world impact of successful attacks and the effectiveness of mitigations, disaster recovery, and business continuity planning.
The challenges in adopting this new infrastructure are considerable. Enterprises will need to identify and manage an exponential growth in attack surface. Organizations will store and access proprietary and PII data from more systems than ever before, and through more interfaces. Unauthorized access to digital twins may also allow attackers to conduct advanced reconnaissance of an organization's network and services and even facilitate development-stage testing of malicious activity. Data encryption, privileged access management, least privilege, and need-to-know principles, and effective security audits are all areas for detailed focus and planning before even the first digital brick gets laid.
Visibility functions as the cornerstone to all of this. We’re talking about continuous discovery of assets across an entire enterprise that gets transformed into observability. The picture gets enriched with accurately-modeled data flows, continuous compliance monitoring, as well as real-time threat and anomaly detection and response, and operational intelligence. The digital twin, the real-world Upside Down, promises those who embrace this new concept a very exciting journey.
Rik Ferguson, vice president of security intelligence, Forescout