To ensure digital twin utility, the model used to construct it must satisfy the following requirements:

• Fidelity: The network digital twin must capture the specific configuration, topology, traffic load and dynamics of the systems-of-systems infrastructure at sufficient fidelity such that the model can accurately reproduce the behavior of the physical network infrastructure. In particular, packet-level network emulations that can accurately capture network dynamics are critical to providing the needed fidelity. Examples include competition for link bandwidth and buffer space among traffic at the different quality of service (e.g. ship control commands and mechanical system parameter logging) or impact of denial of service attack packets on system controllers. Changes to any of the devices’ configuration files must result in measurable changes in the digital twin’s behavior, just as they would in the physical twin. Using an abstract model of a switch or router may not be sufficient for cybersecurity — virtualization of the device and its firmware may be needed so that vulnerabilities and patches will affect the security of the network.
• Scalability: As the software, the model must scale to be able to accurately model the entire systems-of-systems network, it is essential that the modeling tool has a demonstrated ability to scale up to a large number of network and infrastructure devices as well as have the ability to simulate end-to-end traffic transmission.
• Comprehensive device and cyber physical model library: The emulator used to construct the software model must provide a rich set of pre-constructed device models such that the system model(s) can be configured rapidly, preferably using automated or semi-automated tools to parameterize the individual models. The emulator must also support the capability to both models and launch a variety of cyber-physical attacks to assess cyber resiliency of the systems-of-systems in a variety of operating conditions.
• Ease of use: Creation and maintenance of high-fidelity software models can be a resource-intensive process. The modeling software must include the ability to create a representative model of systems-of-systems using intermediate representations of the network topology and configuration, that is preferably generated in an automated manner (e.g. by network management software) using standardized formats (e.g. Visio).
• Ease of integration: The ability to integrate with live software (e.g. network manager or physical component controller) and/or traffic traces will allow the systems-of-systems model to be used to assess realistic operational scenarios. Similarly, the ability to include a subset of the live network and cyber-physical defense components used in the system-of-systems will significantly improve fidelity and greatly facilitate model verification & validation.

Integration with live operators/maintainers: To accurately measure the benefits and risks of people and processes on the systems-of-systems cyber resiliency, the software model must enable interaction with live system operators and maintainers whose actions (keystrokes, clicks, screenshots, voice communications) are recorded. Controlled experimentation with properly trained operators, including logging of attack progression, actual data exchange among systems and their timing, packet drop or modification, and system service availability will enable the specific contributions of each cyber resiliency factor (defense technologies, procedures, human actions) to be accurately quantified, thus creating systems-of-system metrics that can be leveraged for informed planning decisions.