As part of our ongoing series, we have been following the progress of the CP-Sens project, which aims to make digital twin technology accessible to SMEs. These virtual replicas of physical structures enable real-time monitoring, analysis and optimisation of operations.
In this edition, the team discuss the critical cybersecurity challenges faced by companies looking to implement digital twin technology and how the CP-Sens project seeks to help them. Aarhus University is at the forefront of developing robust solutions to protect sensitive data and ensure system integrity. Among the project’s commercial partners, Vestas Aircoil document their security requirements on behalf of their customers, to ensure that security measures meet their client’s expectations. In turn, this provides real-world use cases to inform the work of the team at Aarhus University.
We spoke with Prasad Talasila, Software Engineer and Researcher at Aarhus University, and the team at Vestas Aircoil to learn more about their collaborative approach to cybersecurity. Their insights underscore the vital role of strong security in making digital twin technology a viable solution for businesses, from SMEs to larger organisations like Vestas Aircoil.
Data is the new oil
At the heart of digital twin technology is data. Prasad offers an insightful analogy: “A digital twin exchanges data with its physical product in real-time. The digital twin cannot work without this exchanged data. The data feeding into a digital twin is like oil. It’s not just about having data—it must be refined and of high quality to be useful.”
Elaborating on the long-term importance of data, Prasad added: “When you develop a product that’s expected to last for 10 years, the measurements collected in the first year might still need to be used seven or eight years later for product improvement. To achieve this, you must ensure that the data is labelled and stored in a way that makes it understandable even when the original team is no longer involved.”
Three pillars of cybersecurity focus
The reliance on data as the backbone of digital twin technology brings with it significant cybersecurity challenges. Ensuring that this data remains secure, trustworthy and private is critical for fostering adoption, especially in collaborative environments. Prasad outlined three core areas where the CP-Sens project is focusing its cybersecurity efforts: protecting intellectual property, ensuring secure sharing and safeguarding network interactions.
1. Protecting intellectual property
“The first area is the commercial side of cybersecurity, where the focus is on protecting intellectual property,” Prasad explained. “This involves safeguarding proprietary designs, sensing platforms and software that manufacturers bring into collaborative projects. For instance, we have partners who have very clear requirements to ensure that their materials stay confined to their systems. This means maintaining strict commercial silos where sensitive data and proprietary product models do not cross into unintended hands. It’s crucial to keep these assets secure across projects and collaborators.”
Lasse Christensen, R&D Heat Exchanger Engineer at Vestas Aircoil, reinforced this: “Our customers want guarantees that only the agreed data is shared and that their systems remain secure. They need to feel confident that the digital twin won’t become a gateway to unauthorised access or information leaks.”
Prasad elaborated: “Beyond just keeping data confined, there are risks associated with direct and indirect insights we derive from the data that is collected. Direct insights come from data like temperature readings, while indirect insights might reveal operational characteristics of the system in which a digital twin is operating in. For instance, competitors could infer performance metrics, which are often closely guarded trade secrets. This is especially relevant in industries like wind energy, where such data could reveal valuable intelligence about competitor products.”
2. Ensuring secure sharing and data integrity
“And then the traditional cybersecurity concern: ensuring that when we use the software platforms we’re developing, we can be confident that data is being shared only with the intended partners.” Prasad continued. “With multiple partners working across different areas of the project, there’s a need to ensure that data visibility is limited to the relevant parties. Customers want assurance that their systems are not being exposed unnecessarily and that the information being collected is strictly what’s agreed upon.”
He added the importance of maintaining data quality: “If the data isn’t reliable, the entire digital twin system falls apart.”
Accurate and secure data plays a critical role in enabling digital twin systems to address real-world challenges. Prasad offered a concrete example involving warranty claims: “Imagine a customer makes a warranty call claiming a product has failed prematurely. Without secure data, manufacturers often have to take the customer’s word for it and replace the part, even if the failure wasn’t due to a defect. But if you have a digital twin streaming data continuously, you can verify how the product was used and under what conditions it failed.”
3. Safeguarding network interactions
“The third area of focus is about securing network interactions,” Prasad explained. “Most of the time, these platforms operate over the Internet or other networks—whether it’s through browser-based systems or other types of interaction. The challenge is ensuring secure interactions between users and remotely hosted digital twins.”
The CP-Sens team is addressing these challenges by incorporating recognised network security standards. Prasad elaborated: “We are incorporating standards like FIPS and Zero Trust frameworks such as NIST SP 800-207.
“Zero Trust systems operate under the assumption that no part of the software or hardware inherently trusts another. We treat every component as untrustworthy and enforce strict verification at every interaction.”
Protecting customer systems and confidentiality: a supplier perspective
The CP-Sens project acknowledges that safeguarding customer systems is as critical as protecting proprietary data. Bilal Ali Qadri, R&D Vibration engineer and project manager at Vestas Aircoil, explained: “When we measure operational data from equipment like a charge air cooler, the insights we gain could inadvertently reveal sensitive details about the engine’s performance. For instance, if the engine isn’t running within expected norms, this data could be used to highlight regulatory non-compliance or even operational weaknesses. This kind of information could result in significant financial or reputational risks if it were leaked.”
Lasse added: “The data collected on our coolers isn’t particularly sensitive on its own, but it’s vital to ensure that it doesn’t serve as a backdoor to our customers’ broader systems. The priority is to avoid any scenario where we could unintentionally expose details about how the customer’s system operates.”
Prasad emphasised the need for robust controls to address these concerns: “This is why maintaining strict boundaries around data access and implementing strong anonymisation techniques is critical. We need to ensure that any insights extracted from the data do not compromise the integrity or confidentiality of our customers’ systems.
“In one of our collaborations with a manufacturer in Turkey, anonymisation allowed us to extract valuable operational data without exposing sensitive customer details. Using tokenisation and aggregation techniques, we ensured the data remained useful for analysis while safeguarding proprietary information. This balance allows manufacturers to collaborate confidently without risking trade secrets.”
Future challenges and opportunities
As the CP-Sens project progresses, the team is actively addressing both current challenges and emerging demands for cybersecurity in digital twin systems. While the current focus is on achieving industry-standard security, there is a recognition of the need for scalability and adaptability as the technology evolves.
Prasad outlined the project’s current state: “We are at the beginning stage of implementing robust security measures, but we are making steady progress. By the end of this project, we foresee having a mature system. Our goal is to satisfy the commercial interests of the companies involved while implementing industry-standard security practices.”
Looking to the future, Prasad explained the need to adapt to evolving security threats: “Cybersecurity is not static; the threats and requirements keep changing. That’s why we’ve planned to dedicate additional resources, including a PhD researcher and significant development time, to strengthen the platform over the coming year.”
Lasse emphasised the need to be proactive: “We are still at the early stages of considering cybersecurity in sensor installations, but it’s something we know will become increasingly important as we scale up these systems. Our customers expect assurance that their data and systems remain secure, even as we expand our capabilities.”
Prasad added that the scalability of these solutions will play a crucial role in ensuring long-term success: “Our systems must be flexible enough to handle new use cases and resilient enough to incorporate future innovations without compromising security. This means designing for the long term, even as we address immediate challenges.”
PROJECT NAME
CP-Sens – Cyber-Physical Sensing
for Machinery and Structures
PROJECT SUMMARY
CP-Sens is working to make digital twin technology accessible to small and mediumsized enterprises (SMEs) in the mechanical and structural engineering sectors. The project is creating a user-friendly platform that combines sensors, simulation models and real-time data to create virtual replicas of physical systems. This technology allows
SMEs to monitor, analyse and optimise their products and processes, leading to cost savings, faster innovation and improved efficiency.
PROJECT PARTNERS
Aarhus University
Hottinger Brüel & Kjær (HBK)
Vestas Aircoil
Vienna Consulting Engineers (VCE)
FORCE Technology
PROJECT LEAD PROFILE
CP-Sens is led by researchers at Aarhus
University, specifically in the: Department
of Electrical and Computer Engineering;
Department of Civil and Architectural
Engineering; and Department of Mechanical
and Production Engineering.
PROJECT CONTACT
Bilal Ali Qadri
R&D Vibration Engineer, MSc(Eng) PhD.
Vestas Aircoil
Smed Hansens Vej 13, 6940 Lem, Denmark
+45 3138 6978
baq@vestas-aircoil.com