By Gábor Pék, CrySyS Lab, Budapest University of Technology and Economics
On November 27, 2025, seven vendors from various industries (e.g., car, networking, software) came together to see how the Digital Cybersecurity Twin (DCT) module of the DOSS project works. The meeting was held at the Budapest University of Technology and Economics (BME). After a short introduction the presentation started unfolding explaining the overall objective of DCT as well as its main components.
The presentation furthermore elaborated on the DCT operation via the running example of a Hydropower Plant system. This digital twin pilot, entirely designed and built by the BME team (CrySyS and FTSRG labs), comprises SCADA and Enterprise networks and several hosts running mission critical software measuring, for example, the water level of the dam or the electricity generated. What would happen if a malicious actor discovered weaknesses that unravel pathways to cause real damage in such a system? What would be the most impactful targets of miscreants? Questions like this formulated the vision of the impact assessment module of the DCT that finds impactful attack goals that the DCT utilises to build corresponding attack trees, a “set” of preconditions to satisfy before reaching the goals represented by the root nodes.
Such trees help answer these questions by either using a first-order logic designed by BME called FORGE-A-TREE or by executing penetration testing tools pertaining to custom-tailored test cases. When a given test case completes, the DCT saves the output results, reverts the digital twin to its original state and restarts the execution for a new test case. Finally, an AI chatbot helps navigate to give an in-depth insight into the execution results.
After the presentation finished, the BME team launched a live demo showcasing how the DCT works allowing for unleashing an intriguing discussion among the participants. The industrial partners were mainly interested how the initial obstacles of creating digital twins from their systems could be simplified. According to their view, in certain cases there are highly specific solutions that cannot be easily emulated by traditional means (e.g., QEMU) as well as it could be challenging to find the right granularity of such representation. Furthermore, creating a digital twin can multiply the costs of existing licences delaying the smooth adaptability of our solution.
Considering the first concern, we concluded that a hardware-in-the-loop like approach could resolve various conflicts that stem from the extra effort of putting software into emulators. The second concern of increased investment costs of creating digital twins is real but could be alleviated by modelling only the most critical parts of the live system.
At the same time, one of the participants underlined that even a 30% of true positive rate in DCT’s findings could be a huge advantage over current solutions that involve large manual effort from human experts to find weaknesses. They also highlighted the promising features of attack tree generation and the AI-based recommendation that give a detailed understanding about one’s system.
The overall event spanned 2 full hours giving enough space for the demonstration of DCT’s current capabilities as well as for insightful discussions. We can firmly say that the industry demo was a great success sparking honest interest from various vendors: two of them contacted us right after the event to continue the discussion we started earlier.
All in all, we are glad and thankful for all the participants who actively contributed to make this event happen, and helped create and shape the present and future DCT.
