The growth of digital twin applications has been significantly driven by advances in big data and artificial intelligence (AI). They now provide powerful tools for simulating, analysing and optimising real-world systems in virtual/ hybrid environments. In this extract from an article in OpenSpace magazine, we look at how digital twins have evolved and are being used in a range of scenarios and markets, making real-world differences.
You can read the full article and other cybersecurity and space articles in the latest issue of OpenSpace magazine.
What is a digital twin?
The first practical definition of a digital twin originated from NASA in an attempt to improve physical model simulation of spacecraft in 2010 – it believed a digital twin can be defined as a model-based approach with digital implementations.
Today, the definition of a digital twin varies depending on who you are talking to, the market it is used in, what it is created to represent and the intended use. It can be a simulation or emulation of a system that is updated with data from the operation of that system and therefore works as a twin of the real system. In recent years, people have started calling a broader set of models, simulations or emulations “digital twins”, but this is incorrect. A digital twin must be supplied with the relevant data to enable it to represent the full life cycle of a product or system, updating continuously via real-time data feeds.
Jose Pizarro, AI and Data Science Engineer at ESA, comments: “If you look at a cybersecurity operations centre, you model your network of assets and the interactions of all the communications. In the event that one part of the network fails or someone hacks into the system, you can use your digital twin to identify how it affects the rest of the network. You can model the operating system on each asset, detect the vulnerability and patch it without bringing down the whole network. This is a different perspective, but because a lot of the time what we do in cybersecurity is the same as we do in space operations, it’s just called fault diagnostics or fault tolerance and fixing stuff that’s broken. In space operations we fix things that are just broken: in cybersecurity we fix things that have been deliberately broken.”
Emulation vs model-based digital twins
There are two common approaches for digital twins: emulation-based and model-based. Each offers distinct advantages.
Emulation-based digital twins aim to replicate real devices, systems and networks with high fidelity, enabling a true-to-life digital environment. Their ability to interact dynamically with changing conditions makes them ideal for real-time testing, development and operational analysis.
The strength of emulation-based twins lies in their precision and responsiveness. By mirroring actual hardware and network behaviours, they can deliver detailed and accurate results that closely reflect real-world performance. This makes them especially suitable for testing cybersecurity strategies, network configurations and mission-critical systems. However, their reliance on high-fidelity emulation can become a limitation when dealing with components or scenarios that are too abstract, too complex or not feasible to replicate directly.
By contrast, model-based digital twins rely on mathematical models and algorithmic representations of systems. Rather than replicating physical components, they simulate behaviours using rules, formulas and assumptions. This approach is suited to scenarios that require abstraction, such as long-term forecasting, optimisation tasks or systems that cannot be emulated efficiently. While this method often results in lower fidelity and less specificity, it offers scalability and computational efficiency, making it essential in many large-scale or conceptual applications.
The most effective digital twin implementations often combine both approaches. Emulation provides depth and realism where accuracy is critical, while modelling offers flexibility and abstraction where needed. Choosing the right balance depends on the goals of the simulation, the nature of the system and the constraints of the environment. Understanding the distinctions between these two approaches is key to building digital twins that are both reliable and fit for purpose.
Digital twins in cyber
Within cybersecurity, digital twins offer a high-fidelity virtual/hybrid replica that can mirror both a system and the processes it supports, from information technology (IT) networks to operating technology (OT) assets, radio frequency (RF) links and mission flows. This offers a comprehensive system and process emulation, enabling the user to replay real-time telemetry, control logic and business workflows to produce a ‘what if’ analysis for training and testing purposes.
In cybersecurity, digital twins are used in three main ways: to train personnel in an ultra-realistic environment; to test systems safely, so failures don’t compromise data or operations; and to emulate functions and behaviours to support research and development and study behaviour in operational contexts.
Simone Urbano, System Simulation Engineer – Security Services at Nexova, is working on a cybersecurity for space (CSS) project utilising digital twin technology. “The CSS project aims to enhance the resilience of space systems against threats from the space environment using digital twins. Our goal is to develop a simulation for a constellation of CubeSats, through which we can analyse and test potential vulnerabilities. We’re building a library of attack scenarios and designing complex attack simulations to support this work. These efforts allow us to explore and develop innovative mitigation strategies that can be applied to real systems using the same architecture. Examples include a customised on-board intrusion prevention system or a hybrid approach that combines ground-based and space-based data to detect and counter emerging threats.”
“We presented an initial simulation demonstration during the CYSAT 2025 conference in Paris. This project’s environment is hosted on Nexova’s Cyber Integration, Test and Evaluation Field (CITEF) platform. We are also using open-source software and for the satellite we are considering using specific data from a CubeSat mission – STF-1 – which was deorbited in February 2024.”
Protecting ESA’s systems
Matteo Merialdo, Cybersecurity Principal at Nexova, has been working with ESA on several projects, and directly on ESA’s cyber resilience for the past 4 years.
“We are investigating with ESA how to best use digital twin technologies to enhance cybersecurity. This could be to deploy a replica of a security operations centre [SOC] into a digital twin environment: for example, ESA’s Security Cyber Centre of Excellence [SCCoE] cyber-range is based on Nexova’s CITEF. Real data from the SOC is mirrored into the twin; this type of capability helps to predict the behaviours of the original system. It can enable operators to train, test new features and systems, and support effective alert handling and threat investigation without affecting live operations.
“This is the one difference between an emulation and a digital twin. In the cybersecurity sense, using an emulation of Windows, Linux or other platforms, you can perfectly emulate a one-to-one scenario. By enhancing this with the original traffic copied and uploaded into the digital twin, the fidelity and representation of the live system is more realistic. The level of emulation can be tailored based on complexity, cost and schedule, demonstrating that the most important features and characteristics can be performed efficiently, while helping to provide hands-on, real-life testing and training facilities. Our target is to put in place a first proof of concept during 2026.”
Download the PDF to read the full article
Find out more
This is an extract from the latest issue of OpenSpace magazine. Subscribe to read the full version and more, including articles on cybersecurity and defence, and the Cyber Resilience Act.