Wissen Sie, was in Ihrer Software steckt?

Security First: Why Digital Twins Need a Trusted Foundation

March 24, 2026 in Blog

feature-image

Security First: Why Digital Twins Need a Trusted Foundation

Digital twins are widely regarded as a key technology of Industry 4.0. This was clearly evident at this year’s embedded world in Nuremberg. We also had the opportunity to contribute to the discussion—more specifically, our co-founder did. The insights Sebastian shared during his talk as part of the Digital Twin Track, led by Prof. Tim Fischer, shouldn’t be limited to conference attendees alone. So here’s a summary of the key takeaways from our track, which also featured presentations by Pablo Antonio (Fraunhofer ISE) on “Physical AI Co-Simulation” and Christopher Schwager (CarBytes) on “Virtual Prototypes for Embedded Systems,” followed by a panel discussion.

Digital Twins – Between Vision and Reality

For years, digital twins have been considered a core technology for industrial transformation. They promise more efficient production processes, predictive maintenance, and deeper insights into industrial operations. The idea is simple: machines, components, or even entire production lines are digitally replicated, allowing their behavior to be analyzed, simulated, and optimized. The result is greater transparency and traceability in production.

In reality, however, things are more complex. Industrial structures have often evolved over time. A wide range of systems prevents a holistic view. Data quality is frequently inconsistent, with multiple formats in use. Fragmented interfaces and high integration efforts often cause teams to abandon optimization initiatives early on. This fragmented data landscape significantly limits the full potential of digital twins. Both Chris and Pablo addressed this from different perspectives. In particular, the concept of the Asset Administration Shell and its “nested” structure—from individual components to complete machines—was discussed repeatedly.

These challenges are not only operational but also create real security vulnerabilities. As connectivity increases, so does the attack surface, making it easier for cybercriminals to exploit weaknesses. This leads to a clear principle: once machines, platforms, and IT systems start communicating, new security requirements become essential.

Chris also emphasized that simulating new developments in virtual environments using digital twins can significantly accelerate time-to-market while reducing testing efforts throughout the product lifecycle—not only for functional testing, but also for software and its security configurations.

At the same time, other tracks repeatedly highlighted the use of (Docker) containers, their internal dependencies, and the Software Bill of Materials (SBOM) — which, of course, is music to the ears of a provider of the Application Supply Guard, especially since the Cyber Resilience Act (CRA) and NIS2 were also on everyone’s radar.

Rethinking Digital Twins Critically

Digital twins rely on a wide range of data sources and connect physical assets with digital platforms. At the same time, they are increasingly used beyond company boundaries—for example, across supply chains or within partner ecosystems. Without clear security structures, this creates new risks. Security must therefore be a top priority in any digital twin initiative.

Pablo illustrated this with the example of Formula 1, which likely uses some of the most advanced digital models available. Yet even there, unexpected issues can arise—for instance, at ambient temperatures above 40°C—despite simulations suggesting otherwise. Our virtual models often lack a true representation of physical reality—such as gravity or thermodynamics. And reality tends to push back.

The following aspects should therefore be considered:

  • Protection of sensitive production and operational data
  • Secure communication between systems
  • Long-term security, including crypto-agility
  • Clear identification of components and users
  • Protection of identities against duplication and tampering
  • Controlled access to data and functions

Only when data integrity, access controls, and trust mechanisms are in place can such systems operate reliably across organizations in the long term. Companies do themselves no favors by rushing into implementation and adopting technology for technology’s sake. Vulnerabilities must be identified and addressed proactively.

The Asset Administration Shell as a Unifying Standard

This naturally raises the question: what is the required technical foundation? One answer is the Asset Administration Shell (AAS). Designed as a standardized framework, it serves a clear purpose: to connect machines, components, and IT systems in a way that is not only interoperable, but also transparent and controllable.

Through this digital layer, information, functions, and state data can be described consistently and exchanged across systems throughout the entire lifecycle. This enables a structured digital representation of production—based on a shared semantic model. Because data is standardized, versioned, and controlled, the AAS provides a reliable foundation for data exchange between production, IT, suppliers, and customers.

The AAS also introduces structural elements that support trust. These include clearly defined role models, versioning concepts, identity management, and access control mechanisms. As a standard, it also makes it much easier to integrate new machines, systems, and partners into existing digital twin architectures—eliminating the need for complex point-to-point integrations.

Here, too, there were clear overlaps with Chris’s simulation environment for testing and Antonio’s deliberately constrained FERAL environment. The concept of “nesting” came up again: meaningful simulation and testing only work when considered as part of an overall system—not in isolation.

Driving Efficiency and Security Forward

Many companies already use digital twins locally. However, their full potential often remains untapped. On the one hand, inefficiencies arise when data sources, interfaces, and systems are not properly integrated. On the other hand, security gaps emerge as increased connectivity expands the attack surface without corresponding protective measures.

This is exactly why digital twins require a standardized and trustworthy foundation—and this is where the Asset Administration Shell comes into play.

Curious what else we experienced at embedded world 2026? You can find a second blog post with additional insights on the Umbrella Security Operations website.

Already using digital twins and looking to make them more efficient and secure? We’d be happy to show you the benefits of the Asset Administration Shell.


Book a meeting now

umbrella.associates

  • Mergenthalerallee 73-75
    65760 Eschborn/Frankfurt
  • +49 (0) 6196 204 8237

Navigation

We take your security to the next level

...and boldly go, where new identities need protection. Be it your employees or customers, your partners or admins or even your devices and machinery. We create the management plane that covers YOUR identity needs!

© 2026 umbrella.associates