AI Manipulation and Security – Who should be interested

Artificial Intelligence is supporting business by producing knowledge for decision-making and enabling predictive actions in some cases. Yet, usage of AI comes not only with merits, but it also includes some notable threats: like any other connected IT system it is a lucrative target for potential malicious attackers. AI can be misled through manipulation to faulty decisions, or it can be used for spying a company’s confidential information. The best potential impact of AI can be achieved through tight co-operation throughout the organization where also the board and C-level comprehend the balance between the threats and opportunities it poses.


I have personally long-lasting interest into the opportunities of AI ranging from my studies during the previous century all the way to my current board roles in AI focused companies like Houston Analytics. With this perspective it is quite clear to me that applications of AI go through similar development paths as any other radically industry shaking innovation: it will transform from a separate technology cherished by technocrats into an integral part of business. Timing is critical to deliver the best possible impact for targeted change.

Companies often start their exploration into the AI landscape as separate proof of concepts without clear or even any connection to actual business needs. If the desired result and connection to business environment are not defined, these exercises will remain separate and die with fugitive interest. Acquisition of needed talent is sometimes a reason for this isolation of AI related activities. Talent can be acquired outside and thus results are felt to be separate from the company. If talent can be recruited into the company, the mistake could be isolation of the team too far away from the business stakeholders and again end results seem too academic and benefits remain low. I see these as growth pains of AI in its path towards maturity, but also as evolution of the thinking of decision makers while they try to understand AI’s potential as a driver for change and a tool to increase corporate intelligence. The role of AI must be understood at the strategic level, to set the direction of activities correctly. It is a fundamental change in a company’s modus operandi, and the way data assets are utilized. Changes of this magnitudes cannot be carried out only by individual efforts of in-depth experts or even by individual organizational units. It requires involvement and commitment of the top management with a common understanding of the desired direction and result.

AI is a common object of academic research projects, and it is also the main theme of many corporate innovation activities. In Cyberfactory#1 for example is exploring AI’s opportunities and threats related to the future factory environments. The project recently held a webinar on threats related to AI manipulation.


AI transforms the way decisions are made

AI is already embedded into many daily operations of companies. It will change the way decisions are made in a very fundamental way: the classifications made by AI models are decisions, which will give the control to the AI. Decision-making is getting faster and naturally the quality of decisions is getting more uniform. This establishes an interesting new target for potential attackers seeking ways to interfere with decision-making.

AI enables the utilization of passive data assets in a whole new way. Data can be converted into intelligence by using it as training material for AI model. Features embedded into data will become available for organizations by utilizing learning to increase efficiency and foresight. In many companies AI is already on the front line as a customer facing solution. Its behaviour forms the appearance of company’s capabilities to address customer’s needs and expectations. In this role its performance becomes as critical as capabilities of traditional customer service to maintain the company’s image. This makes AI a pervasive strategic element, which impacts processes in multiple locations throughout the organization. Even though AI is not responsible, all possible decisions, classifications and predictions made by it can steer several critical processes, which in turn have wide impact into how a company operates.


The weak spots of an AI solution emerge in the interfaces

AI as a solution is part of a company’s normal infrastructure. As with all other integrated IT solutions, when analysing the security of the AI solution, you need to focus on the spots where external influence is possible. AI solutions are especially interesting targets for influence due to their nature as an integral part of the decision-making process. AI lives and develops on the data feed it receives. Data and its sources are a natural vulnerability spot where attackers can try to influence process behaviour. It is impossible to prohibit all possible forms of influence in advance. Therefore, companies need active measures to act and react while the process is running. Basically, attack patterns can be divided into four main categories: poisoning, interference, extraction, and evasion.

Poisoning of the model will lead to incorrect learning. In this scenario the attacker knows the sources of training data and has means for poisoning it with falsified material. The goal is to change the model already during the learning phase and impact indirectly how the AI model will later, while in production, steer the process. The developer of the model is responsible for understanding the data that is used for training: it has to be clean and reliable. It is important to comprehend the structure of data, what are the characteristics of it and what are the forces potentially impacting the content. Another important part is to have clear vision of the main characteristics of unmanipulated data and the allowed variation ranges of the values.

An Interference attack can reveal a company’s confidential information. If the model is trained with a combination of private and public data, attackers could use their own classifier on public data and in this way deduce characteristics of company’s internal data. This approach is based on the assumption of correlation created between internal and external data. If, as in many cases the volume of available external data exceeds the volume of internal data, the correlation gets even stronger revealing an even better view into the internal data. Interference attacks could be made more difficult by minimizing the usage of external data and by breaking the statistical correlation between data sets.

Extraction provides attackers with knowledge about the model that has been utilized. The goal of attackers is to understand the behaviour of the model and with that knowledge either to reproduce a copy of the model for their own use or to create a view into the content of training data that was used to build the original model. A copy of the model allows attackers to view to company’s business model or process which is controlled by the model. These attacks are usually accomplished through interfaces that have been left open. Mitigation action for attack pattern would be strict access right management and observation of utilization of the available interfaces.

Evasion attacks make AI models delusional. The model is confused by the input, which is poised with characteristics that make classifications fail. This is possible when a model is interacting with external input. Added or embedded characteristics are often outside of human’s observation capabilities like high frequency sounds added in the background or added confusing patterns in pictures. In order to defend against this, you need to understand the characteristics of the input and its normal variations. You might also want to understand how the model behaves while receiving extreme inputs. Good mitigation practice is to pre-process input with another model trained to recognize anomalies and filter out data that is outside of desired boundaries.


The journey to build smarter businesses continues

Awareness of the strategic importance of AI is gradually rising among companies. Although, at the same time during this transitional phase one still hears comments that AI is yet another fancy technology among others. It is hard to argue against that as AI is a technology. Yet, it has a special feature: the capability to transform the data assets of a company into knowledge capable to steer processes and with continuous learning to produce a cumulative competitive advantage for the company. If isolated from the business and processes, AI can stay a series of trials or a separate technical approach to implement single steps in traditional processes. But, if used more broadly it can become a strategic asset producing cumulative benefit.

This thought about AI as an integral part of strategy inspired me and my colleague Colin Shearer to start a series of articles together with the goal to finally form a book. On our progress in this part and other articles you can follow-up on our LinkedIn-group: “Building Smarter Businesses: Guidance for company leaders on adopting and succeeding with AI”. Our goal is to shed light on the strategic role of AI from the point of view of top management and give an understanding of the opportunities and challenges related to it, while aiming to make businesses smarter.


Author: Seppo Heikura, Senior Advisor at Houston Analytics Ltd


Learn more:

Resilience Capabilities for the Factory of the Future Webinar

Join the LinkedIn Group: “Building Smarter Businesses: Guidance for company leaders on adopting and succeeding with AI”

New Business Models for the Creation of Value in the Factory of the Future

One of the main objectives of CyberFactory#1 is to devise innovative ways of delivering value to the several industry sectors involved in the project through the enhancement of optimization and resilience of the production environments. The project has recently delivered a set of new business models featuring value proposition that go beyond traditional approaches, based on the intelligent product servitization (i.e. transforming product sales into services provision), the knowledge extraction from data and the focus on intellectual property (i.e. enhancing the exploitation and protection of the industrial intellectual property).

Innovative business models for eight industry sectors

The project maps eight paradigmatic sectors and actors in the Factory of the Future (FoF) value chain, divided into two main value chain stages: users (i.e. industrial sectors which represent the end users of the new technologies and approaches developed in CyberFactory#1 – Figure 1) and suppliers (i.e. industrial sectors which provide enabling technologies to be applied in the end user activities – Figure 2).

Figure 1 – CyberFactory#1 FOF Value Chain – Users

Figure 2 – CyberFactory#1 FOF Value Chain – Suppliers

For each one of these sectors, the CyberFactory#1 developed a business model. The work, coordinated by each leading industry partner in the project, started with a rigorous analysis of the internal and external environments (including competition and market player analysis) and consolidated into a business model canvas. The business model canvas was then extended to a full-fledged business model. During this process the Cyberfactory#1 partners provided their input.

The business models were presented at the ICTurkey event in Istanbul (July 5th 2019) by the project coordinator, further raising the interest in the project of potential external partners, in particular concerning the application and exploitation of the project technologies.

Data, as a base for services

The “factory of the future” paradigm envisions a production environment in which massive amounts of data flow bottom-up from the shop floor to the highest levels of the management. This data yields a great value since it contains useful information that can be used to increase efficiency and performance as well as to enhance decision-making. However, this amount of data flow needs to be secure from unintended use and has to be trustable.

The new business models focus on the exploitation of data to extract valuable information and insights in order to make it an integral part of the transformation of products into services. Thereby they are providing increased value to industrial organizations and their customers. The exploitation of data lakes is at the core of the CyberFactory#1 business models.

Data exploitation is the key to more profitable business models based on service provision, which relies on continuous flow of value to customers instead of discrete product sale transactions (i.e. sales of distinct items). The continuous flow of value is provided through the “as-a-service” paradigm, meaning that high value services can be provided in a continuous way. Intelligence “as-a-service” can be provided through on-demand knowledge discovery from data, as well as Artificial Intelligence as-a-service (for example, provision of on-demand insight reports regarding production optimization). Management applications such as Enterprise-Resource-Planning (ERPs) and security platforms can benefit from the enhanced data value exploitation and themselves can also be provided “as-a-service” (for example, manufacturing management-as-a-service).

Lower adoption costs, greater flexibility, higher value

Servitization supports new revenue streams as it also empowers per-mile or plafond billing, flat rates or “per call” billing. This lowers the adoption costs, decreases risks both for producers and consumers and grants higher flexibility as well as scalability. This means that organizations become more capable and efficient of reacting to changes in markets.

Enhanced security also empowers service-based paradigms, as they rely on more frequent exchanges of data flows between value chain actors. Ensuring security and trust between actors makes the value chain more resilient and capable of delivering value even in the advent of internal or external cyberattacks, as well as protecting intellectual property and business-crucial information. This is especially important to enhance the protection against counterfeiting goods, to strengthen brand and to protect IP-driven competitive advantages.

Higher flexibility also opens the door for customization services (“mass customization”), allowing both industrial suppliers and users to lower production costs while being able to satisfy ever-changing customer requirements. Intelligent servitization based on data exploitation, higher flexibility, enhanced security and trust leverage the value creation in the next-generation industrial organizations, specifically in key sectors of the European industry.

Bringing benefits to European Industry

By focusing on core sectors of the European Industry, the CyberFactory#1 project also aims to build a community of manufacturing companies which can partner up with the project consortium and get involved.  This is an excellent way of strengthening ties, sharing knowledge and raise awareness regarding the benefits of the several developments, including being part of enhanced value chains and considering new approaches to market and value creation.

Authors: João Mourinho, Innovation Manager, Sistrade Software Consulting & Américo Nascimento, Research/Consultant, Sistrade Software Consulting


Management of Cyber Security Threats in the Factories of the Future Supply Chains


Today there are numerous Factories of the Future initiatives delivering different Industry 4.0 applications to manufacturing industry supply chains. However, in the future, Factory of the Future is not going to be a simple manufacturing asset, nor a sum of isolated assets. Instead, it will comprise a network of factories, which is considered in a System of Systems approach. The current challenge is to propose novel architectures, technologies and methodologies to optimize the level of efficiency and security of this System of Systems in a context where every step towards digitization exposes the manufacturing process to a widening array of cyber threats. This paper discusses about the management of cyber threats in System of Systems operations and supply chains. The next generation System of Systems are using different technologies with the combination of human aspects from workers, managers, entrepreneurs and decision makers. In addition, economically there are limitations on how much to invest on different technologies and human aspects. In addition, monetary and financial flows are under the burden of cyber risks. This study will therefore embrace the technical, economic and human dimensions at once. This study is based on a European-wide multi-national research project, the aim of which is to define – through different use-cases – the preventive and reactive capabilities to address cyber and physical threats and safety concerns in System of Systems. The study indicates different cyber challenges related to the future manufacturing business and operational models, with a special attention on “as-a-service” business model. The paper also indicates initial managerial and practical views on the management of cyber threats in future business models.

Access to Document



Jukka Hemilä (VTT), Markku Mikkola (VTT), Jarno Salonen (VTT)


9th International Conference on Operations and Supply Chain Management, OSCM 2019 – RMIT University, Ho Chi Minh City, Vietnam
Duration: 15 Dec 2019 → 18 Dec 2019
Conference number: 9

ISBN (Electronic)


Cite this

Hemilä, J., Mikkola, M., & Salonen, J. (2019).
Management of Cyber Security Threats in the Factories of the Future Supply Chains. In Proceedings of the 9th International Conference on Operations and Supply Chain Management, Vietnam, 2019 Vietnam.