Attar ... leveraging cyber digital twin for improving security

Managing risk with a cyber digital twin approach means proactively identifying and mitigating cyber risks to assets and systems by simulating an asset or system's cyber-physical interactions and vulnerabilities, Yair Attar, CTO and Co-Founder of Otorio, tells OGN

The oil and gas industry increasingly relies on technology and interconnected systems. However, this dependence on technology has also made them vulnerable to cyber threats and attacks due to their large, complex, and interconnected environment of devices and systems in the exploration, production, and refining operational processes, which can impact their physical assets and systems.

In addition, it can have severe consequences for human and environmental safety.

To protect against these threats, midstream and downstream companies must proactively monitor and protect their systems.

Using a cyber digital twin can help them achieve this goal by providing visibility into all of their connected assets, such as pipeline network, LNG terminal, distributed control systems (DCS), and operational controls.

This approach allows these organisations to understand more about gaps and vulnerabilities faced by their operational environment through the process of pipeline systems, transportation, refining, retailing, and trading, pinpointing the exact location of potential risk and calculating the likelihood of risk, guiding security practitioners through the process of mitigating these risks and closing gaps in security posture. Greater insight into operational processes and data insights, allowing for more efficient decision-making.

Implementing a cyber digital twin answers five key challenges faced by oil and gas companies:

• Limited visibility and partial data have resulted in an unclear asset inventory.

• Which vulnerabilities are exploitable and should be dealt with first.

• It's difficult to assess an organisation's operational technology (OT) security posture comprehensively.

• Traditional mitigation actions are ineffective for OT environments.

• Unable to prioritise security findings based on impact leaves companies exposed.


A digital twin is a virtual replica of the operational environment. And a cyber digital twin is a specialised type of digital twin that focuses specifically on the cybersecurity aspects of a physical asset or system.

It models and simulates cyber-physical interactions and vulnerabilities, including cybersecurity considerations and capabilities, such as threat modeling and vulnerability analysis.

Utilising a cyber digital twin technology enables midstream and downstream organisations to proactively identify and mitigate cyber risks and enhance overall security posture throughout the organisation.


Due to the increased likelihood of attack, more security practitioners are adopting a proactive risk management approach to ensure operational resilience and availability.

As rapid digitisation continues, the oil and gas industry will find leveraging cyber digital twin technology increasingly important for companies looking to:

• Proactively improve your security posture.

• Reduce the risk of cyber threats and attacks.

• Ensure the reliability and safety of your assets and systems, down to level 0.

• Optimise cyber operations in the generation, refining, retailing, and trading processes.


Managing risk with a cyber digital twin approach means proactively identifying and mitigating cyber risks to assets and systems by simulating an asset or system's cyber-physical interactions and vulnerabilities.

To manage risk effectively, security practitioners need to address the following questions:

• What is present in my network?

• How well are my security controls configured?

• What vulnerabilities and security gaps exist?

• How can I mitigate these potential risks?

• Which actions should I prioritise?

• How are my assets connected to one another?

Answering these questions is difficult and highlights additional challenges faced by the industry. Many organisations use incumbent Network-based IDS systems for asset visibility and threat detection.

They do not have the ability to gather all the data needed to construct a contextualised physical and logical network connectivity map based on three main CDT entities: assets, network segregation and connections, and operational processes.

Without identifying the relationship between these entities, Cyber Digital Twins cannot accurately simulate the pathway to risk.

Once all artifacts are collected, an attack graph algorithm runs to understand what is possible from an attacker's standpoint, enabling security teams to focus on risks that matter and on exploitation vectors rather than vulnerabilities themselves.

Otorio’s attack graph engine uses the cyber digital twin to simulate, in a sandbox, potential attacks, and detect potential breaches between operational processes, between the OT and the IT, and between the OT and the Internet.

The attack graph analysis provides visibility into the exposure of vulnerable and business-critical assets in energy, oil and gas operational environments.

It empowers security practitioners to efficiently improve security posture based on actionable guidance for hardening relevant assets and configurations in the exploration, production, and refining of operational processes.

Meeting the highest safety requirements in a large, complex, and interconnected environment requires cutting-edge technologies such as cyber digital twin technology.

Otorio provides safe, reliable, and resilient solutions for every stream (Downstream, Midstream, and Upstream) using context-based insights to improve operational effectiveness and reduce the risk associated with day-to-day exploration, production, and refining operational processes.

Otorio's extensive experience in OT Security, together with its proprietary industrial native Cyber Digital Twin Technology, enables data-driven decision-making within oil and gas companies.

By Abdulaziz Khattak

Related Stories