Network monitoring for cheese?

Securing the dairy manufacturing process of the future

The Factory of the Future (FoF) concept is something beyond Industry 4.0. According to the Aalto Factory of the Future, the typical enabling technologies for FoF include “Artificial Intelligence, Industry 4.0 architecture, Industrial Internet of Things, wireless communication (5G, Wifi6), edge/fog/cloud computing paradigms, virtual integration, digital twins, remote commissioning, operation and predictive maintenance, human-robot collaboration, simulation, virtual and augmented reality” (source: The FoF concept is evolving as traditional manufacturing companies adopt Industry 4.0 solutions during their digital transformation process. On one hand, this provides new opportunities to the companies, but on the other hand, it also introduces new kinds of risks and threats especially related to the implementation of more complex technology solutions. Increased complexity requires new skills related to, e.g., ICT, cybersecurity and systemic thinking, that are not easy to acquire. Nevertheless, companies must take this leap to the unknown, regardless of their current situation, just to keep up with the competition.

This article is a part of the CyberFactory#1 project with the focus on designing, developing, integrating and demonstrating a set of key enabling capabilities to foster optimization and resilience of the Factories of the Future (FoF). The project consists of 28 partners from seven countries, namely, Canada, Finland, France, Germany, Portugal, Spain, and Turkey.  The work described here relates to the task “FoF resilience” located in the bottom right hand corner of the work package structure shown in the picture below. The task focuses on enabling the autonomous or decision-aided remediation and recovery of factory assets in the worst-case scenario, i.e., when an attack against the FoF or individual system within the factory is successful. The objective is to plan, model, simulate and practice the different ways for recovering the factory assets and selecting the most optimal way in terms of time and resources. This guarantees that when the worst-case scenario occurs, cybersecurity professionals can act immediately instead of losing valuable time while trying to figure out what to do in terms of attack mitigation and possible countermeasures.

Figure 1. Structure of the FoF dynamic risk management and resilience work package

While the factory of the future provides great gains in efficiency as well as new capabilities for the manufacturer, the increased number of connections and increased networking requirements provide new possibilities for a rich collection of malicious cyber actors ranging from cyber criminals to competitors and even state actors. One of the project goals was to analyse and demonstrate the requirements for cybersecurity. The idea of demonstrating malicious activity within a cheese robot platform was initiated by the Finnish project partner High Metal ( and we decided to set it as our attack target.

The network monitoring system demonstrated in the video above was built using the Zeek network security monitor ( and the PreScope network visibility platform ( provided by another Finnish project partner, Rugged Tooling. We combined the results with host logs using ELKstack ( in order to make incident response more efficient. For demonstration implementation, we used the Airbus CyberRange (, which is a cybersecurity research and innovation platform.

Figure 2. High Metal Cheese robot platform

While the current cheese robot technology seems to be safe and secure, meaning that there are no killer cheese robots overthrowing the humanity at least yet, a malicious attacker with administrator access to the configuration could modify the cheese making process in its critical areas, affecting the quality of the product. The potential amount of damaged goods would be enormous, if the spoiled cheese was detected only after the cheese maturing process is over. This is because it might affect weeks or even months of cheese production and perhaps even endangering business continuity. In an organisation with insufficient real-time quality control, potentially hazardous cheese might end up in the market and in the worst case endanger consumer health.

The demonstrator shows that implementing a simple network behaviour monitoring system, a network attack can be detected even before the attacker gains access to the cheese production configuration system. While such systems are not fool proof, the capabilities for automated detection will deter the majority of attackers.

Future development ideas

It is possible to apply the demonstrated network monitoring system to other critical infrastructure target systems, but we are especially interested in the safety of dairy manufacturing and other similar food production processes. Another future development idea is to use artificial intelligence (AI) or machine learning (ML) for the analysis of the data. As the data is already gathered into a database, the infrastructure already exists. This is aimed to lessen the work of human operators in detecting anomalous actions and lessening the cognitive load in monitoring the environment.


We wish to thank Lauri Nurminen from High Metal for providing the cheese production platform details for the demonstrator and helping us in defining the most critical threats, and Mikko Karjalainen from Rugged Tooling for providing and assisting with their PreScope product setup.


Mirko Sailio (research scientist), Jarno Salonen (senior scientist) and Markku Mikkola (senior scientist), VTT Technical Research Centre of Finland.


New State of the Art Document

The new State of the Art document provides an overview on factories of the future (FoF) resilience. It is structured along the four key enabling capabilities related to the resilience of the factory of the future that are considered to be vital, namely:

  • Human/machine access & trust management
  • Robust machine learning ability
  • Human/machine behaviour watch
  • Cyber resilience capability

Resilience in the factory of the future is significant due to the nature of modern manufacturing that is increasingly based on large supply chain networks with real-time information exchange as well as other Industry 4.0 characteristics such as the Industrial Internet of Things, cloud repositories and machine learning. As the ever-increasing digitalisation introduces new cyber threats, FoF operators need to identify and mitigate these threats, taking into account not only their own operations, but also all the other potential vulnerable parts of the entire manufacturing supply chain. By identifying the threats and vulnerabilities within the supply chain, they can strengthen the weakest links which can be production machines, connections, network devices or even employees. Strengthening the weakest links consists among other things of assigning the necessary security policies and access rights and restrictions to users and devices, designing and developing protective measures to factory assets and its supporting technologies such as machine learning (ML) and artificial intelligence (AI), monitoring anomalies and other irregularities, training personnel to detect and perform mitigation actions, but also planning and practicing the remediation and recovery of factory assets in case of a cyber-attack. After all, it is not about whether a cyber-attack will happen, but when and especially how fast are we able to detect it.


Download: State of the Art – Factory of the Future Resilience

Other State of the Art Documents:

Factorys of the Future: State of the Art in Modelling and Simulation

State of the Art – Factory of the Future Optimization


Call for papers for our second CyberFactory#1 Workshop at the ESM2021!

Call for Papers to be presented at the 35th European Simulation and Modelling Conference

October 27 – October 29, 2021, Rome, Italy

2. Workshop: CyberFactory – Optimization & Resilience of Factories of the Future

This workshop focuses on the development and application of methods for modeling and simulation of CPS for the factory of the future (FoF). With the advent of Industry 4.0, digitalization and automation processes have moved into the focus of industry. The primary goal is not the optimization of a single production plant, but of the factory as a whole by the marriage of physical assets and advanced digital technologies, such as the internet of things (IoT), artificial intelligence (AI) and robots. From a modeling perspective, the individual components of the factory thus become cyber-physical systems (CPS) that communicate, analyze, and act upon information, enabling more flexible and responsive production. This track focuses on the development and application of methods for modeling and simulation of CPS for the factory of the future (FoF).

The organizers invite contributions with a focus towards CPS in the FoF that describe problem statements, trends, and emerging ideas in the engineering and application of CPS in industrial production.

Topics include, but are not limited to:

  • Requirements on CPS modeling for optimization and resilience of the FoF
  • Architectures for the FoF
  • Application of existing CPS models to industry: benefits and gaps
  • Usage of digital twins for optimization and resilience in the FoF
  • Data lake exploitation for the FoF
  • Models & Simulations for the identification of threats on safety and security in the FoF
  • Tool support for modeling & simulation of the FoF
  • Uncertainties and predictions in the FoF models
  • Modeling of human-machine-interaction in the FoF
  • Distributed manufacturing
  • Cyber resilience modeling for the FoF

Paper format:

Participants may submit a 5 page full paper or an 8 page extended paper (single spaced, double column) in PDF format. Paper formatting guidelines and templates can be found at All accepted papers will be published in the ESM’2020 Conference Proceedings.

Workshop format:

The workshop will be held as part of the European Simulation and Modeling Conference (ESM) 2021 to take place in Rome, Italy on October 27-29, 2021. It will feature peer-reviewed paper presentations organized according to the topics defined above. Papers not exceeding 8 pages must be submitted electronically via email in PDF format and must be conform to the submission guidelines.

Each submission will be reviewed by at least three members of the Program Committee and will be evaluated on the basis of originality, importance of contribution, soundness, evaluation, quality of presentation and appropriate comparison to related work. The program committee as a whole will make final decisions about which submissions to accept for presentation at the conference.

Important Dates:

Paper Submission deadline:                           Jun 25th, 2021
Notification of acceptance/rejection:      Aug 21th, 2021
Camera ready paper:                                          Sep 27th, 2021
Workshop:                                                                Oct 27th-29th, 2021


Adrien Bécue (Airbus Cybersecurity)
Frank Oppenheimer (OFFIS e.V.)
Ilhan Kaya (Vestel)
Ingo Stierand (OFFIS e.V.)
Isabel Praça (Instituto Superior de Engenharia do Porto)
Jarno Salonen (VTT Technical Research Centre of Finland Ltd)
Linda Feeken (OFFIS e.V.)

Linda Feeken,

Webinar: Resilience Capabilities for the Factory of the Future


The webinar will provide insights to one of the key capabilities of CyberFactory#1: Resilience. The keynote speech is given by Sauli Eloranta, Professor of Practice at VTT, on “Industry challenge to resilience in the factory of the future”. Afterwards, experts from a number of project partners will discuss the different aspects that need to be considered for a resilient Factory of the Future. The first half focuses on access management approaches and protection of AIs. After a short Q&A, presentations are given on monitoring of the FoF and dealing with cyberattacks, followed by another Q&A.




14.00:             Welcome

Jarno Salonen, VTT

Keynote: Industry challenge to resilience in the factory of the future

Sauli Eloranta, VTT

14.20:             How to create trust with comprehensive identity and access management

Markku Korkiakoski, Netox

Don’t make me think: an intuitive access management approach

Diogo Santos, Sistrade

14.40:             How to protect AI from manipulation attempts

Ching-Yu Kao, Fraunhofer AISEC

Aspects of preventing AI manipulation

Seppo Heikura, Houston Analytics

15.00:              Q&A

15.10:             How to enhance resilience by monitoring the FoF

Mario Brauer, Airbus CyberSecurity Germany

Monitoring different aspects of human behaviour on the shop-floor

Jorge Oliveira, ISEP

15.30:             Architectural approach to effectively detect cyberattacks

Murat Lostar, Lostar

How to remediate and recover from a cyberattack

Jari Partanen, Bittium

15.50:              Q&A

16.00              Wrap Up

Jarno Salonen, VTT


Keynote Speaker:

Sauli Eloranta (Professor of Practice at VTT Technical Research Centre of Finland)

Sauli Eloranta, M. Sc. (Tech.), began working as Professor of Practice at VTT on 1 January 2020. Eloranta, elected the CTO of the Year in Finland in 2019, came to VTT with a long experience of promoting technology and digitisation in industry and maritime transport.

Before VTT, Eloranta acted as Head of Innovation and Technology at Rolls-Royce Marine, later Kongsberg Maritime. Eloranta earned the CTO of the Year title granted by the Federation of Finnish Technology Industries for his merits as an active influencer in the Finnish innovation scene and promotor of autonomous marine traffic. He chaired the One Sea Autonomous Maritime Ecosystem in 2016-2019. Sauli has chaired the Business Finland digital advisory board and is a member of the transport sector growth programme. In addition, he has been involved in supporting the collaboration of the private sector and societal actors.

In his role as Professor of Practice, Eloranta focuses on the overall resilience of the Finnish society. His area also covers cyber security, autonomous systems and smart transport & mobility. Recently, Sauli has given program management support to Finland´s Ministry of Economics & Employment (TEM) in establishing domestic production of face masks for public health care.