Cyber Security of Human Digital Twins

Who or What Are Human Digital Twins?

A digital twin is, essentially, an exact digital copy of a physical entity, which could be living or non-living. While digital twins have many pros and cons, their main advantage is that they take (computer) simulations to a new level; as they can be used to completely replicate conditions of a physical system and then, through the use of different scenarios test how these systems perform under stress or limited capacity.

Digital twins have recently become an established concept in data science and artificial intelligence (AI) delivering and facilitating the adoption of disruptive technologies across many different sectors and domains including but not limited to fintech, smart cities (check out this amazing digital twin of Singapore – it is just fab!), transportation, automotive, architecture, energy, farming. Most recently digital twins made their entry into healthcare and are actively used in hospital design as well as many advances are made towards using them in patient care.

The concept of human digital twins (or human digitwins) stems from two separate streams of disruptive technology: attempts to create an artificial intellect as well as attempts to improve healthcare. At this point, it is important to note that digital humans, human-like algorithms, humanoid robots and deep fakes are not human digital twins (I will discuss them in separate posts).

Human Digital Twins in Practice

Human digital twins healthcare application is probably one of the most promising use of this technology as digital twins may be used to unlock potential in delivering personalized medication. Imagine that a patient’s genomics, physiology and lifestyle could be fully replicated to develop medicine, which will deliver necessary help to this patient when it is needed and where it is needed.

On the one hand, the benefits are limitless – in many cases, patients’ data are collected anew in each hospital, practice, or medical consultancy they visit. These procedures are expensive and, more importantly, time-consuming; and as we know, in some life-threatening situations every second matters. This approach to patient care is also mass-customizable (i.e., different solutions can be created for many patients at the same time), which is superior to the current precision medicine approaches, where sample target groups are approached for randomized controlled trials.

Yet, on the other hand, there are obvious limitations and serious problems with healthcare human digitwins. On the technical side, a complete copy of human body is very difficult to generate, especially considering how dynamic this environment actually is. For example, if there already exist commercial attempts to replicate human heart, replicating blood circulation system, digestive system or human brain are tasks, which require completely different technological and intellectual investments. We only start to make first baby steps in developing cognition in the digital twins technology and we are far from being successful in replicating even well-researched brain functions using artificial intelligence.

What Cyber Risks Are Associated with the Development of Human Digital Twins?

Probably the most important problem associated with human digital twins is that of data, its security and privacy. Imagine the number of data points required to completely replicate a human, especially if the end goal is to create personalized medication! While "complete replication" might be a highly unlikely outcome of the digital twin technology development, it is highly likely that some of the human health systems will be replicated fully. What risks do we face if and when this happens?

One obvious risk is, of course, biometrics hijacking. Since human digital twins contain multiple measurements of the human body, there is also significant risk that, in the wrong hands, such data could be used for identity theft and different kinds of fraudulent activities. Human biometrics usually consists of physiological and behavioural measurements. Physiological measurements include morphological data such as fingerprints, eye scans (mainly, data on iris and retina), shapes of a face, a hand, a finger, etc; as well as biological measurements, which usually refer to blood characteristics, DNA, urine analysis, etc. Behavioural measurements include signature dynamics (speed of pen movement, acceleration, pressure, inclination); voice data; gesture data, etc. Considering that many countries around the globe use biometrics to confirm citizens' identity (the majority of us have biometric passports) as well as keeping in mind that biological measurements are widely used by many people as identification keys on multiple digital platforms; if such data is not properly collected, encrypted and stored, it may pose a serious risk to an individual.

Another important risk to consider is attacks on the personal wellbeing. Imagine that adversaries gain access to a particular patient's data and disrupt or, what is even more probable, threaten to disrupt the digital twin personal data of this patient demanding ransoms. This would completely destroy the potential positive effect of the personalized medication delivery.

Human digital twins raise a whole array of ethical and legal questions as well, such as: Who owns the data of the human digital twin? Should the data be collected from people who, for various reasons, are not able to give consent? What are the ethical and legal implications of completely replicating a human?

The Next Defence Frontier

The human digital twin technology is currently being developed by many research institutions and companies around the globe. While human digital wins create fantastic possibilities, cyber security aspect of their development is rarely taken into consideration. Even if human digital twins will never mature to an advanced stage as a technology, we would need to understand how to better defend our own wellbeing in the future. Considering that many devices for enhancing well-being are already battery-powered and remote-controlled, there is a high chance that those devices might be susceptible to a large number of cyber threats. Imagine that someone can temper with an implantable cardioverter defibrillator or artificial pacemaker of an individual in order to either remotely disrupt its function or make it look “as if” the heart is not working properly ... Unfortunately, modern health-related devices are really vulnerable to such threats and could be exploited by adversaries for ransom or other criminal benefits. Therefore, we need to be mindful of these potential threats and create mechanisms to make sure that benefits of new technologies outweigh drawbacks.

#cybersecurity #informationsecurity #datasecurity #infosec #cyberrisks #cyberthreats #behaviouralscience #humanbehavior #regulation #governance #responsibility #digitaltwins #humandigitwins #privacy #biometrics