Digital twins for cybersecurity
  • linkedin icon
  • twitter icon
  • facebook icon
  • youtube icon
  • instagram icon


The six-day Colonial Pipeline shutdown was the most disruptive cyberattack on record. The incident highlighted the vulnerability of the energy industry to such attacks.

But what can companies actively do about it?

Digitisation can bring its own risks, as converting production on running facilities is complex, and new cybersecurity risks present a real and growing threat. In today’s world of cyber-vulnerable control systems, we need to ask the right questions, including:

How can I recognise signs that my control system may have been compromised?

How should I respond?

Be prepared

In most cases, avoiding catastrophic outcomes has been more good luck rather than the result of actual training and preparedness. In the Ukrainian power facility attack, operators noticed that their control system computers were being manipulated without their input. More recently, in the Oldsmar Florida water treatment attack, an operator noticed that his control system operational display was having setpoint changes made without his input. Fortunately, the operator was able to mitigate the impact of the changes being made on the control system.

Three pillars of cybersecurity


Cybersecurity can be broken down into three main pillars: people, processes, and technology. You may have the technology to prevent and detect a compromise, but if you do not have proper processes and procedures in place and your staff – your front-line defence – are not adequately trained to use this technology, you create vulnerabilities.

Modern facilities in the digital age are critically dependent on computer-based systems to operate and protect equipment and processes. Yet, how often do we stop and consider the following question: How do I safely shut down the facility if I cannot use the computer-based control system to do so?

Get ahead with a digital twin

Presentation of digital twin

This is where a digital twin may be helpful as a training tool to equip operators and engineers to recognise symptoms of a compromise of the control system and respond accordingly. Digital twins are currently being used to augment the cyber-resilience of facilities by companies using operating training simulators.

A digital twin may be used to simulate a security breach and develop decision-making and mitigative responses to the simulated cyberattack. Developers can incorporate several scenarios to test and refine operator recognition of system compromises and their response to secure the process safely.

However, while common live attacks and malware with overt symptoms such as remote access trojans, cryptolocker, and denial of service trojans can be developed in a digital twin, highly engineered covert attacks such as Stuxnet cannot.

A digital twin can provide a real-time, responsive environment to simulate various types of control system compromises. It can also train and test operators on the diagnostic process to identify the extent of the compromise, level of availability and integrity of the control and safety systems and take appropriate actions to respond to a loss of control.

A digital twin is a valuable tool in developing decision-making trees to determine the extent of the threat and the appropriate response. This approach mimics the aerospace industry’s use of simulators to simulate systemic failures enabling the development, evaluation and application of viable troubleshooting and decision-making procedures in real-time virtual environments. The objective is to train front-line operational personnel to recognise a control system compromise, declare an emergency, initiate the safe shutdown of decision-making criteria to determine the salient extent of compromise and control, implement actions to secure the facility and correspond with the level of compromise.

The exciting new possibilities...

Digital twins are enabling exciting new possibilities across the entire value chain. At Wood, we are empowering clients to reduce and effectively manage the multiple risks they must address. Talk to a member of our team to find out more on how we are improving our client’s digital safety using virtual twin simulations, while speeding up time to market.

Brad Bonnette
Technical Director, Applied Intelligence
Be in the know
Get in touch
United by our common purpose to unlock solutions to the world’s most critical challenges, we are future ready, now.