Network monitoring for cheese?

Securing the dairy manufacturing process of the future

The Factory of the Future (FoF) concept is something beyond Industry 4.0. According to the Aalto Factory of the Future, the typical enabling technologies for FoF include “Artificial Intelligence, Industry 4.0 architecture, Industrial Internet of Things, wireless communication (5G, Wifi6), edge/fog/cloud computing paradigms, virtual integration, digital twins, remote commissioning, operation and predictive maintenance, human-robot collaboration, simulation, virtual and augmented reality” (source: The FoF concept is evolving as traditional manufacturing companies adopt Industry 4.0 solutions during their digital transformation process. On one hand, this provides new opportunities to the companies, but on the other hand, it also introduces new kinds of risks and threats especially related to the implementation of more complex technology solutions. Increased complexity requires new skills related to, e.g., ICT, cybersecurity and systemic thinking, that are not easy to acquire. Nevertheless, companies must take this leap to the unknown, regardless of their current situation, just to keep up with the competition.

This article is a part of the CyberFactory#1 project with the focus on designing, developing, integrating and demonstrating a set of key enabling capabilities to foster optimization and resilience of the Factories of the Future (FoF). The project consists of 28 partners from seven countries, namely, Canada, Finland, France, Germany, Portugal, Spain, and Turkey.  The work described here relates to the task “FoF resilience” located in the bottom right hand corner of the work package structure shown in the picture below. The task focuses on enabling the autonomous or decision-aided remediation and recovery of factory assets in the worst-case scenario, i.e., when an attack against the FoF or individual system within the factory is successful. The objective is to plan, model, simulate and practice the different ways for recovering the factory assets and selecting the most optimal way in terms of time and resources. This guarantees that when the worst-case scenario occurs, cybersecurity professionals can act immediately instead of losing valuable time while trying to figure out what to do in terms of attack mitigation and possible countermeasures.

Figure 1. Structure of the FoF dynamic risk management and resilience work package

While the factory of the future provides great gains in efficiency as well as new capabilities for the manufacturer, the increased number of connections and increased networking requirements provide new possibilities for a rich collection of malicious cyber actors ranging from cyber criminals to competitors and even state actors. One of the project goals was to analyse and demonstrate the requirements for cybersecurity. The idea of demonstrating malicious activity within a cheese robot platform was initiated by the Finnish project partner High Metal ( and we decided to set it as our attack target.

The network monitoring system demonstrated in the video above was built using the Zeek network security monitor ( and the PreScope network visibility platform ( provided by another Finnish project partner, Rugged Tooling. We combined the results with host logs using ELKstack ( in order to make incident response more efficient. For demonstration implementation, we used the Airbus CyberRange (, which is a cybersecurity research and innovation platform.

Figure 2. High Metal Cheese robot platform

While the current cheese robot technology seems to be safe and secure, meaning that there are no killer cheese robots overthrowing the humanity at least yet, a malicious attacker with administrator access to the configuration could modify the cheese making process in its critical areas, affecting the quality of the product. The potential amount of damaged goods would be enormous, if the spoiled cheese was detected only after the cheese maturing process is over. This is because it might affect weeks or even months of cheese production and perhaps even endangering business continuity. In an organisation with insufficient real-time quality control, potentially hazardous cheese might end up in the market and in the worst case endanger consumer health.

The demonstrator shows that implementing a simple network behaviour monitoring system, a network attack can be detected even before the attacker gains access to the cheese production configuration system. While such systems are not fool proof, the capabilities for automated detection will deter the majority of attackers.

Future development ideas

It is possible to apply the demonstrated network monitoring system to other critical infrastructure target systems, but we are especially interested in the safety of dairy manufacturing and other similar food production processes. Another future development idea is to use artificial intelligence (AI) or machine learning (ML) for the analysis of the data. As the data is already gathered into a database, the infrastructure already exists. This is aimed to lessen the work of human operators in detecting anomalous actions and lessening the cognitive load in monitoring the environment.


We wish to thank Lauri Nurminen from High Metal for providing the cheese production platform details for the demonstrator and helping us in defining the most critical threats, and Mikko Karjalainen from Rugged Tooling for providing and assisting with their PreScope product setup.


Mirko Sailio (research scientist), Jarno Salonen (senior scientist) and Markku Mikkola (senior scientist), VTT Technical Research Centre of Finland.


CyberFactory#1 Results Webinar in Finland


The webinar provides insights to the research and development work done by the Finnish consortium partners, Bittium, High Metal, Houston Analytics, Netox, Rugged Tooling and VTT during the past three years. We focuse on the ITEA project core themes, namely optimization and cybersecurity. The webinar starts with the host Jarno Salonen (Senior Scientist and the CyberFactory#1 project country coordinator) introducing the project briefly. Then the partners present their key results from the project and the participants may raise questions after each presentation.


Please note: The main language of this event is Finnish.

Jarno Salonen is a Senior Scientist in the Applied cybersecurity research team at VTT. He is the Finnish country coordinator of CyberFactory#1 and also coordinates VTT’s research in three other EU projects, namely SeCoIIA, CyberSec4Europe and Mind4Machines. He has a professional background of over 20 years in making the digital world a better place for ordinary users especially in the areas of cybersecurity, privacy, resilience and development of digital services.

Lauri Nurminen is a Vice President and entrepreneur at family owned company High Metal Oy. At High Metal he is responsible for marketing, sales and project management of CyberFactory#1. He has a professional background of over 15 years in translating the engineers’ ideas to customers. His goal is to transform a traditional manufacturing company to a technology and data-oriented company.

Antti Syväniemi is the  CEO and Founder of Houston Analytics Ltd. Antti possesses over 15 years of experience in the application of analytics to business processes. Prior to founding Houston Analytics, Antti  held executive positions in business development, CRM, customer and market intelligence and category management. Antti’s key focus areas include analytics-based management models and intelligent strategy processes.

Mirko Sailio is a research scientist in VTT Technical Research Centre of Finland with over 10 years of experience, concentrating on network security monitoring in complex networks. He’s interested in technical security, threat actors and in challenges of using AI/ML to increase network security.

Jari Partanen is the Director, Quality, Environment and Technology Management at Bittium. The target for Bittium in the Cyberfactory#1 project has been to create a consistent and secure information architecture, processes and information tools which enable real-time, partnered manufacturing and deliveries including various product support services and related information tools. Jari Partanen has been active researcher for over 20 years with over 20 peer-reviewed publications. Research interests include topics like cybersecurity, agile software development, real-time value delivery methods, innovation exploitation methods as well as mass customization techniques. Jari Partanen is actively engaged with wide number of European or Finnish research projects continuously.

Markku Korkiakoski is the Chief Operating Officer at Netox. He is responsible of Cyberfactory#1 project management at Netox and the task leader of 5.1. in workpackage 5. Markku has more than 20 years of professional experience and is an active member of the cyber security domain, both nationally and internationally. He is in the management board of Finnish Information Security Cluster, working group member in ENISA and chairman of the Industry Advisory Board in SERC (I/UCRC, National Science Foundation program, FIN-USA).

Risto Kauppi is CEO (act.) and major partner of Rugged Tooling. His main task in CyberFactory#1 is to seek for scalable business opportunities based on the research results of the project. Risto is a seasoned business professional with 25 years of experience of international partnerships and negotiations.

If you have any questions regarding the event please contact Jarno Salonen.


Paper presentations at the FPS2021 and ICITST-2021

In december 2021 we had two more conference participations by our partners. Colleagues from ISEP presented a paper on “Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection” at the 14th International Symposium on Foundations & Practice of Security on the 9th of December in Paris. In the same week, during the 16th International Conference for Internet Technology and Secured Transactions, our colleagues from VTT presented a “Review on Cybersecurity Threats Related to Cyber Ranges”.

The conference proceedings will be linked here once they are published.

Title: Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection

Authors: João Vitorino, Rui Andrade, Isabel Praça, Orlando Sousa and Eva Maia

Abstract: The digital transformation faces tremendous security challenges. In particular, the growing number of cyber-attacks targeting Internet of Things (IoT) systems restates the need for a reliable detection of malicious network activity. This paper presents a comparative analysis of supervised, unsupervised and reinforcement learning techniques on nine malware captures of the IoT-23 dataset, considering both binary and multi-class classification scenarios. The developed models consisted of Support Vector Machine (SVM), Extreme Gradient Boosting (XGBoost), Light Gradient Boosting Machine (LightGBM), Isolation Forest (iForest), Local Outlier Factor (LOF) and a Deep Reinforcement Learning (DRL) model based on a Double Deep Q-Network (DDQN), adapted to the intrusion detection context. The best performance was achieved by LightGBM, closely fol- lowed by SVM. Nonetheless, iForest displayed good results against unknown at- tacks and the DRL model demonstrated the possible benefits of employing this methodology to continuously improve the detection. Overall, the obtained results indicate that the analyzed techniques are well suited for IoT intrusion detection.

Title: Review on Cybersecurity Threats Related to Cyber Ranges

Authors: Sami Noponen, Juha Pärssinen and Jarno Salonen

Abstract: Cyber ranges are often used to enhance the cybersecurity posture of a company by training relevant skills. These environments are traditionally used to host exercises that simulate cybersecurity scenarios, improve the cybersecurity skills of employees and enhance the security of networks and processes. By using digital twins, it is possible to organise cyber range trainings also to the critical infrastructure sector. However, in the aforementioned sector it is important to consider the cybersecurity of these environments themselves as they often may handle company-specific confidential information. This study presents several cybersecurity related threats and challenges that cyber ranges may face during different phases of use. Cyber threats may be exposed to the actual systems that the ranges are meant to protect if these issues are not taken into consideration and mitigated. Malicious attackers may use the information in the cyber range to learn the weaknesses in the actual system. We approach the subject by reviewing the relevant literature, which is currently very limited especially when looking at the cybersecurity issues of cyber ranges. We divide the subject into the different phases of cyber range development and use, and also discuss relevant cloud security issues. Finally, we present actions to mitigate the identified cybersecurity threats and issues in cyber ranges when using them for training and awareness activities. 

CyberFactory#1 will join the Cyber Security & Cloud Expo!

Taking place on November 23rd-24th at the RAI Amsterdam, the Expo will cover top-level content and thought leadership discussions looking at the Cyber Security & Cloud ecosystem. For those who are unable to attend in-person, the event will also be held virtually a week later, from the 30th of November to 1st of December. Next to the exhibition booths, visitors to the Expo will be able to attend a number of top-level keynotes, interactive panel discussions and solution-based case studies. Some of the topics adressed at the conference include: Cloud security | SASE | Awareness & Culture | Vulnerability Management | AI in cyber | Application Security & DevSecOps | Cloud Security | Zero Trust | IoT.

The CyberFactory#1 consortium will participate in the Expo via a dedicated space in the ITEA booth, prominently located opposite the entrance. Three of our consortium members, Airbus Cybersecurity, Eneo and ISEP will be present at the booth to pitch the (intermediate) project results and answer your questions.

Free registration is possible for the exhibition and networking!

Presentation and Podcast: The Underestimated Risk of Cyber Supply Chain Attacks


The Brandenburg Institute for Society and Security in Potsdam, Germany regularly organises so-called PizzaSeminars, which offer participants the opportunity to discuss an interesting presentation on a current issue while enjoying a slice of pizza. Esther Kern and Alexander Szanto used the first in-person seminar of the year to present their research from the Cyberfactory#1 project: Cyberattacks on supply chains and their financial impact. The PizzaSeminar took place on the 19th of August 2021 in Berlin.

Click here to access the slides (in German).


The discussion from the presentation has been turned into a podcast moderated by Dr. Tim Stuchtey to be made available to those who were unable to attend the PizzaSeminar. The episode is part of the series “Sicher das? – Der BIGS-Podcast zur Sicherheitsforschung” published by the Brandenburg Institute for Society and Security.

Click here to access the podcast (in German).


Despite the fact that there are still some serious security gaps, many companies perceive IT and cyber security now as part of their risk management. However, the quality of the technical and organizational measures and the available budget vary considerably. This is partly due to a lack of awareness of certain security issues at the decision-making levels and an assessment of the cost-benefit calculation. IT and cyber security is often not recognized in everyday work, and if it is, then only as an additional workload. What companies do perceive, however, is the damage that occurs when their own company is affected.

Dealing with supply chain attacks is not a new issue, but one that is still often underestimated. Supply chain attacks are often not taken into account in risk assessments and thus the opportunity to identify dependencies, build up suitable redundancies and better protect both interfaces and vulnerabilities of suppliers is missed.

In cyber supply chain attacks, attackers target vulnerabilities in supply chains for their malicious purposes. On December 13, 2020, FireEye reported the discovery of a widespread supply chain attack in which SolarWind’s Orion business software updates were trojanized to spread malware. ORION is an IT monitoring and management software used by the vast majority of Fortune 500 companies, as well as many government agencies. Affected entities include government agencies as well as organizations in the consulting, technology, telecommunications, healthcare and oil and gas industries on four continents. According to SolarWinds, the vulnerability is likely the result of a sophisticated, targeted and manual supply chain attack by an unknown nation-state.

Symantec reported a 78% increase in supply chain attacks in 2018 in its 2019 Internet Security Threat Report, with the top 20 observed groups being particularly active. Well-known groups such as Dragonfly have been using targeted suppliers to gain access to specific companies since 2011, with the targets in this case primarily located in the energy sector.

Against this background, BIGS, in cooperation with VTT Finland, has taken a closer look at the ecosystem of supply chains and considered the financial impact of attacks on them.

Call for Papers: Symposium on Security and Privacy in Speech Communication

Call for papers to be presented at the

1st Symposium on Security and Privacy in Speech Communication

Virtual, November 10-12, 2021


The first edition of the SPSC Symposium aims at laying the first building blocks required to address the question how researchers and practitioners might bridge the gap between social perceptions and their technical counterparts with respect to what it means for our voices and speech to be secure and private.

The symposium brings together researchers and practitioners across multiple disciplines – more specifically: signal processing, cryptography, security, human-computer interaction, law, and anthropology. By integrating different disciplinary perspectives on speech-enabled technology and applications, the SPSC Symposium opens opportunities to collect and merge input regarding technical and social practices, as well as a deeper understanding of the situated ethics at play.The SPSC Symposium addresses interdisciplinary topics.

For more details, see CFP.

Topics of Interest:
Topics regarding the technical perspective include but are not limited to:
  • Speech Communication
  • Cyber security
  • Machine Learning
  • Natural Language Processing
Topics regarding the societal view include but are not limited to:
  • Human-Computer Interfaces (Speech as Medium)
  • Ethics & Law
  • Digital Humanities
We welcome contributions on related topics, as well as progress reports, project disseminations, or theoretical discussions and “work in progress”.  There also is a dedicated PhD track. In addition, guests from academia, industry and public institutions as well as interested students are welcome to attend the conference without having to make their own contribution. All accepted submissions will appear in the conference proceedings published in ISCA Archive.

Papers intended for the SPSC Symposium should be up to four pages of text. An optional fifth page can be used for references only. Paper submissions must conform to the format defined in the paper preparation guidelines and as detailed in the author’s kit. Papers must be submitted via the online paper submission system. The working language of the conference is English, and papers must be written in English.

All submissions share the same registration deadline (with one week of submission updates afterwards). At least three single-blind reviews are provided, we aim to get feedback from interdisciplinary experts for each submission.

Important dates:
Paper submission opens:           April 10, 2021
Paper submission deadline:     June 30, 2021
Author notification:                      September 5, 2021
Final paper submission:              October 5, 2021
SPSC Symposium:                          November 10-12, 2021

For further details contact!

Webinar: Resilience Capabilities for the Factory of the Future


The webinar will provide insights to one of the key capabilities of CyberFactory#1: Resilience. The keynote speech is given by Sauli Eloranta, Professor of Practice at VTT, on “Industry challenge to resilience in the factory of the future”. Afterwards, experts from a number of project partners will discuss the different aspects that need to be considered for a resilient Factory of the Future. The first half focuses on access management approaches and protection of AIs. After a short Q&A, presentations are given on monitoring of the FoF and dealing with cyberattacks, followed by another Q&A.




14.00:             Welcome

Jarno Salonen, VTT

Keynote: Industry challenge to resilience in the factory of the future

Sauli Eloranta, VTT

14.20:             How to create trust with comprehensive identity and access management

Markku Korkiakoski, Netox

Don’t make me think: an intuitive access management approach

Diogo Santos, Sistrade

14.40:             How to protect AI from manipulation attempts

Ching-Yu Kao, Fraunhofer AISEC

Aspects of preventing AI manipulation

Seppo Heikura, Houston Analytics

15.00:              Q&A

15.10:             How to enhance resilience by monitoring the FoF

Mario Brauer, Airbus CyberSecurity Germany

Monitoring different aspects of human behaviour on the shop-floor

Jorge Oliveira, ISEP

15.30:             Architectural approach to effectively detect cyberattacks

Murat Lostar, Lostar

How to remediate and recover from a cyberattack

Jari Partanen, Bittium

15.50:              Q&A

16.00              Wrap Up

Jarno Salonen, VTT


Keynote Speaker:

Sauli Eloranta (Professor of Practice at VTT Technical Research Centre of Finland)

Sauli Eloranta, M. Sc. (Tech.), began working as Professor of Practice at VTT on 1 January 2020. Eloranta, elected the CTO of the Year in Finland in 2019, came to VTT with a long experience of promoting technology and digitisation in industry and maritime transport.

Before VTT, Eloranta acted as Head of Innovation and Technology at Rolls-Royce Marine, later Kongsberg Maritime. Eloranta earned the CTO of the Year title granted by the Federation of Finnish Technology Industries for his merits as an active influencer in the Finnish innovation scene and promotor of autonomous marine traffic. He chaired the One Sea Autonomous Maritime Ecosystem in 2016-2019. Sauli has chaired the Business Finland digital advisory board and is a member of the transport sector growth programme. In addition, he has been involved in supporting the collaboration of the private sector and societal actors.

In his role as Professor of Practice, Eloranta focuses on the overall resilience of the Finnish society. His area also covers cyber security, autonomous systems and smart transport & mobility. Recently, Sauli has given program management support to Finland´s Ministry of Economics & Employment (TEM) in establishing domestic production of face masks for public health care.

CyberFactory#1 Welcomes LISA to the Team


We are proud to announce that the CyberFactory#1 Consortium was joined by LISA Deutschland GmbH in February 2021. LISA Group is an internationally known company for Intelligent Systems and learning algorithms, and has extensive experinece in developing Systems for Aircraft and Space Operations.

Within the project LISA will provide an autonomous anomaly bot aimed at detecting cybersecurity anomalies to enhance production and manufacturing in the factory of the future. The bot will be used within the use cases of Airbus Defense and Space (Spain) but it can be applied to detect cybersecurity anomalies in any environment. You can read more about their addition to the project here.



Paper presentations at four conferences

We congratulate our colleagues from Fraunhofer AISEC for four paper presentations at academic conferences within the past months! Click on the titles below for more information on each paper.

This paper was presented at the DYNAMICS workshop on the 7th of December 2020 at the Annual Computer Security Applications Conference (ACSAC). The paper proposes a novel method to make deep learning models robust, which can be applied on different data sets, such as images, audios, languages. The results show this method is comparable to adversarial training method.

The paper is available to download here.

Authors: Philip Sperl and Konstantin Böttinger

Abstract: Neural Networks (NNs) are vulnerable to adversarial examples. Such inputs differ only slightly from their benign counterparts yet provoke misclassifications of the attacked NNs. The required perturbations to craft the examples are often negligible and even human imperceptible. To protect deep learning-based systems from such attacks, several countermeasures have been proposed with adversarial training still being considered the most effective. Here, NNs are iteratively retrained using adversarial examples forming a computational expensive and time consuming process often leading to a performance decrease. To overcome the downsides of adversarial training while still providing a high level of security, we present a new training approach we call \textit{entropic retraining}. Based on an information-theoretic-inspired analysis, entropic retraining mimics the effects of adversarial training without the need of the laborious generation of adversarial examples. We empirically show that entropic retraining leads to a significant increase in NNs’ security and robustness while only relying on the given original data. With our prototype implementation we validate and show the effectiveness of our approach for various NN architectures and data sets.

The second paper was also presented at the Annual Computer Security Applications Conference (ACSAC) 2020. The authors apply two visualization techniques to the ASR system Deepspeech and show significant visual differences between benign data and adversarial examples.

Authors: Karla Markert, Romain Parracone, Philip Sperl and Konstantin Böttinger.

Abstract: Security of automatic speech recognition (ASR) is becoming ever more important as such systems increasingly influence our daily life, notably through virtual assistants. Most of today’s ASR systems are based on neural networks and their vulnerability to adversarial examples has become a great matter of research interest. In parallel, the research for neural networks in the image domain has progressed, including methods for explaining their predictions. New concepts, referred to as attribution methods, have been developed to visualize regions in the input domain that strongly influence the image’s classification.  In this paper, we apply two visualization techniques to the ASR system Deepspeech and show significant visual differences between benign data and adversarial examples. With our approach we make first steps towards explaining ASR systems, enabling the understanding of their decision process.

The third paper was presented at the 4th ACM Computer Science in Cars Symposium (ACM CSCS 2020). This paper provides a short overview on recent literature to discuss the language bias towards English in current research. The preliminary findings underline that there are differences in the vulnerability of a German and an English ASR system.

Authors: Karla Markert, Donika Mirdita and Konstantin Böttinger

Abstract: Voice control systems in vehicles offer great advantages for drivers, in particular more comfort and increased safety while driving.  Being continuously enhanced, they are planned to comfortably allow access to the networked home via external interfaces. At the same time, this far-reaching control enables new attack vectors and opens doors for cyber criminals. Any attacks on the voice control systems concern the safety of the car as well as the confidentiality and integrity of the user’s private data. For this reason, the analysis of targeted attacks on automatic speech recognition (ASR) systems, which extract the information necessary for voice control systems, is of great interest. The literature so far has only dealt with attacks on English ASR systems. Since most drivers interact with the voice control system in their mother tongue, it is important to study language-specific characteristics in the generation of so-called adversarial examples: manipulated audio data that trick ASR systems. In this paper, we provide a short overview on recent literature to discuss the language bias towards English in current research. Our preliminary findings underline that there are differences in the vulnerability of a German and an English ASR system.

This paper was already presented at the IEEE European Symposium on Security and Privacy 2020 in September. It proposes an adversarial example detector by analysing dense layer activations of deep learning models.

The paper is available to download here.

Authors: Philip Sperl, Ching-Yu Kao, Peng Chen, Xiao Lei, and Konstantin Boettinger

Abstract: In this paper, we present a novel end-to-end framework to detect such attacks during classification without influencing the target model’s performance. Inspired by recent research in neuron-coverage guided testing we show that dense layers of DNNs carry security-sensitive information. With a secondary DNN we analyze the activation patterns of the dense layers during classification runtime, which enables effective and real-time detection of adversarial examples. This approach has the advantage of leaving the already trained target model and its classification accuracy unchanged. Protecting vulnerable DNNs with such detection capabilities significantly improves robustness against state-of-the-art attacks.Our prototype implementation successfully detects adversarial examples in image, natural language, and audio processing. Thereby, we cover a variety of target DNNs, including Long Short Term Memory (LSTM) architectures. In addition to effectively defend against state-of-the-art attacks, our approach generalizes between different sets of adversarial examples. Thus, our method most likely enables us to detect even future, yet unknown attacks.

Virtual Panel – CyberFactory: How to make the Factory of the Future efficient and secure?

On the 9th of December we held our virtual panel on “CyberFactory#1: How to make the factory of the future efficient and secure”. Our speakers, Adrien Bécue, İrem Hilavin and Jari Partanen, presented the project, the use-case of Vestel and aspects of FoF resilience before answering questions such as on human-machine relations or what the benefits of this project might be for companies that are not directly involved. Below you can find the presentation slides. We look forward to many more events in the new year!




As factories digitalise and adopt automation technologies, they unlock new business models, manufacturing processes and logistics methods – as well as alternative roles for the people and machines that work in the factory. At the same time, these processes result in more complex IT and OT systems, presenting novel cyber security challenges and potentially leading to dangerous new interdependencies.

Based on early results from the European research project CyberFactory#1, our panel discussed both the opportunities and challenges represented by the digitalisation and automation of factories, including what the transition towards a new factory system of systems may look like – but also the new threats that organisations may face if security and resilience are not prioritised early in the process.



Adrien Bécue, Project Leader CyberFactory#1, Head of Innovation, Airbus CyberSecurity, France

Jari Partanen, Task Leader CyberResilience, Head of Quality, Environment and Technology Management, Bittium, Finland

İrem Hilavin, Work Package Leader Integration & Validation, SW Design Architect, Vestel, Turkey