How to Protect Digital Twin Systems and Critical Infrastructure in Steel Manufacturing

As demand for intricate steel manufacturing continues to evolve and change in pace, so do technological supports that manufacturers can rely on. One of the most important emerging technologies of recent years has been that of “digital twinning”, which refers to virtual representations of physical assets and systems.

Digital twins allow steel manufacturers to simulate, monitor, and optimize production in real-time, enabling them to safely experiment and account for potential failures that would otherwise result in costly downtime and production failures.

However, with new technology, unfortunately, arrives new risks. Digital twin systems are closely connected to physical assets and sensitive data, for example, through devices that fall under the Internet of Things (IoT). Hackers that gain access to critical infrastructure through cybersecurity gaps could cause serious problems related to data integrity, manufacturing safety, and even financial loss.

Cybersecurity Risks and Threats

In the steel industry, digital twins are connected far and wide, through sensors, control systems, asset management, analytics, and sensitive project data. Digital twinning is a massive business both in our industry and beyond, with reports suggesting a market worth around $379 billion by 2034.

However, if poorly managed and planned for, twin systems can pose a range of devastating risks to manufacturing firms, their supply chain partners, and end customers. Research aggregated by Digi suggests that IoT cyberattacks are increasing year by year, and that the majority of devices used channel unencrypted traffic reflecting broader gaps in security hygiene and user behavior across industries. Common oversights like weak authentication and poor device management continue to expose organizations to unnecessary risk.

Typical risks associated with digital twinning in manufacturing include failing to update legacy hardware and patch firmware, running poor access controls, and broadening attack surfaces by adding increasing numbers of access points for hackers.

Threats that steel manufacturers face through simply deploying and relying on digital twin connectivity, therefore, include:

• Ransomware, which can lock down operations and production until fees are paid
• Supply chain hacking, where malware can spread to connected parties in your production line
• Data theft, for example, sensitive designs and processes that could be beneficial to competitors
• Denial of Service or DoS attacks, which can effectively shut down digital twinning, IoT devices, and potentially entire areas of manufacturing

Without a proactive, effective cybersecurity strategy in place, steel manufacturers may easily find digital twinning poses more problems than it solves.

Key Strategies to Protect Digital Twin Systems

In the first instance, many steel manufacturers and associated businesses with robust cybersecurity recommend regular penetration testing, which entails analyzing the entirety of your infrastructure for hidden weaknesses. That, hypothetically, could include any IoT terminals or sensors used as part of a digital twinning strategy.

Other key strategies manufacturers may use to help protect digital twin systems include:

• Carefully assessing the default security of hardware and software used as part of IoT and twinning data sharing
• Ensuring stringent access controls across all devices and platforms used within twinning and IoT
• Carefully training personnel who use digital twinning processes on best security practices and how to manage sensitive data
• Additionally, training personnel on how to avoid phishing and confidence tricks that may allow hackers access into sensitive systems
• Applying “zero trust” models to infrastructure layout and adding new connections (eight in ten organizations plan to take zero trust seriously within the next year)
• Updating and patching systems and software used as soon as new versions are made available
• Segmenting tools and digital twinning resources away from centralized data silos to avoid the potential spread of malware and to avoid allowing hacker access
• Encrypting data and traffic, and monitoring flows carefully for suspicious activity

Regulatory and Compliance Considerations

The regulations and compliance expectations that fall upon steel manufacturers will vary depending on the type of data they handle and how it is processed. There are also specific laws within the US that all manufacturers must follow to ensure their cybersecurity practices are robust and protective of the sensitive information they process.

For example, the Cyber Incident Reporting for Critical Infrastructure Act of 2022, or CIRCIA, establishes that any businesses operating in critical infrastructure must report cybersecurity incidents within 72 hours of them emerging.

What’s more, steel manufacturers must also consider the individual data rights of their clients and end users. For example, any work undertaken with operatives in the European Union must be safeguarded as per the General Data Protection Regulation, or GDPR. The GDPR stipulates that failing to safeguard data effectively may result in extensive fines. As of January 2025, GDPR fines worldwide had topped €5.88 billion.

It is all the more reason, therefore, for steel manufacturers to carefully tighten up their cybersecurity with the help of a world-recognized framework that offers suggestions on how to keep assets and infrastructure (such as that relating to digital twinning) safe at all times. The NIST Cybersecurity Framework, for example, is broadly relied upon as a highly effective template.

Future Trends in Cybersecurity

Technology is always evolving, and although that means threat sophistication and proliferation will increase likewise, manufacturers should be ready to meet attacks before they take hold.

For example, businesses are increasingly deploying artificial intelligence and machine learning to spot security anomalies and to help tighten up network assets in case of vulnerabilities that hackers can exploit.

With IoT still a target for many hackers worldwide, there is increased movement towards segmentation and zero-trust architectures, meaning manufacturers and other businesses are finally catching up to the idea that they cannot assume attacks simply won’t happen by default.

And there are worrying potentials on the horizon, too. If manufacturers fail to protect their assets and networks adequately enough, hackers could hypothetically take over IoT devices to create physical security incidents and even system malfunctions. That not only means slowing down production and supply, but also putting people at risk.

Thankfully, there are things that businesses can do to start protecting themselves better against ever-evolving cyber threats. However, simply spotting weaknesses isn’t enough – manufacturers need robust, reactive action plans in place to be prepared for any eventuality. There’s no way of knowing when or how an attack may happen, however, it certainly pays to be prepared for the worst.