By Phu Nguyen and Adela Nedisan Videsjorden, SINTEF

Digital systems today are more complex and critical than ever. They are built from many interconnected components, often combining third-party hardware and software. At the same time, rapid development cycles and evolving cyber threats—especially with Generative AI—make security increasingly difficult.

SECASSURED envisions Digital Twins-based Assurance-driven AI-empowered SecDevOps for continuously securing Digital Infrastructures.

• “Security assurance”as the foundational driver: Assurance-driven security solutions are central in developing and operating trustworthy certifiable hardware and software in the software supply chain.
• Federated digital twins-based virtual, closed, and secure environmentsfor assurance-driven security engineering/testing across SecDevOps: An assurance-driven security development twin (SecDevTwin) in tandem with a security operations twin (SecOpsTwin) as virtual, closed, and secure environments enabling data-intensive security services and testing for (AI-powered) certifiable hardware and software, considering multiple stakeholders in the software supply chain.
• A holistic catalogue of assurance-driven AI-based security services: Enabling security services deployed, provisioned and customised inside the data-intensive twins serve complex workflows and tasks addressing assurance-driven security engineering.

An assurance-driven data platform across digital twins offers a promising path forward, bringing together visibility, flexibility, and scalability in a way that aligns with the realities of modern software ecosystems.

The SecDevTwin maintains a virtual representation of system architecture, software components, dependencies, infrastructure models. It maps these elements to assurance-related artifacts generated during both standard development activities and dedicated assurance-driven practices. This representation enables both the human users, such as developers and security analysts, and existing automated tools to evaluate security properties before deployment. By shifting assurance left, SecDevTwin reduces downstream risk and accelerates secure innovation and deployment readiness.

The SecOpsTwin represents the “live” operational and runtime state of deployed systems and infrastructures. It continuously maintains a synchronised security-aware representation of the live environment using telemetry streams, monitoring data, events, alerts, and operational knowledge. The twin supports continuous runtime assurance by integrating monitoring, anomaly detection, attack simulation, forecasting, and automated response capabilities into a unified operational security environment. Unlike traditional monitoring platforms, the SecOpsTwin is not limited to observing operational states. It also consumes assurance evidence and contextual knowledge produced by the SecDevTwin to improve the quality of runtime analysis and decision-making.

Operations-to-Development Flow: Operational findings generated by the SecOpsTwin can be fed back into the SecDevTwin. Runtime anomalies, attack traces, incident patterns, infrastructure changes, and observed weaknesses can therefore influence future development, security validation, and assurance activities.

Through the Development-to-Operational flow, SecDevTwin provides the SecOpsTwin with security-relevant architectural context such as topologies (dependencies), assurance cases, compliance evidence, simulation outcomes and development-time assessments. This enables the operational twin to perform informed monitoring, simulation, anomaly detection, and automated response activities.

Similarly, the SecOpsTwin continuously feeds relevant operational insights back into the SecDevTwin, including runtime anomalies, detected behaviours, risks, threat intelligence and changes that have to do with infrastructure updates (e.g. new components or software updates). This feedback allows future system iterations, simulations, and assurance evaluations to be grounded in real operational behaviour and observed threats.

Together, SecDevTwin and SecOpsTwin establish a unified knowledge-driven security lifecycle where (AI-empowered) assurance activities are continuously refined using both simulated and real operational evidence. (AI-empowered) assurance activities on top of the SecDevTwin and SecOpsTwin will be detailed in our next blog posts!