The Misuse of the Use-Cases of CyberFactory#1

A Misuse-Case (MUC), which is derived from a Use-Case (UC)*, describes the steps and scenarios, which a user/actor performs in order to accomplish a malicious act against a system or business process. They are still UCs in the sense that they define the steps that a user performs to achieve a goal, even if the goal is not a positive or a desired one from the perspective of the business process or system designers.

A MUC covers for example:

  • Safety hazards, irrespective of originating from security vulnerabilities or inherent to the novel technologies developed in the project,
  • Security attacks by outsiders,
  • Workers attacks,
  • Insider threats will also be considered in the MUCs, giving the required attention to economical, psychological and societal aspects.

Figure 1: Misuse-Case Task Approach

To be able to document the right MUCs, the project team first worked on selecting the appropriate approach. In the specific case of CyberFactory#1 (CF#1) it was decided that a two-phased approach was the preferred approach: first there was a collecting of generic and independent risks, which were then consolidated into MUCs.

Within CF#1 the risk assessment considered the following aspects

  • Impact Level (categorized in high, medium, low)
  • Probability Level (categorized in high, medium, low)
  • Risk Source, Risk Source Type and Risk Location
  • Attack Vector
  • Vulnerability
  • Target Asset and Target Asset Type
  • Threat Agent and Threat Agent Type
  • If applicable: References (CVE, etc.)
  • Risk Result (Impact Detail), Outcome and Impact Nature

Example risk “Lack of OT capacity in current IT cybersecurity products (mainly SIEM)”

  • High
  • Medium
  • SIEM & other IT based cybersecurity products | Legacy Infrastructure | FoF
  • Technical security attacks against OT solutions
  • Lack of OT interoperability for existing IT based SIEMs and existing cybersecurity products
  • OT Systems | FoF
  • Hackers & hacking software | Hacker
  • N/A
  • Stop of production | loss of safety

After the first stage, a total of 153 risks have been determined. Here are the statistics of those risks by their level and source type:

Figure 2: Risks by Risk Level

Figure 3: Risks by Source Type

As per the selected methodology and the risks, one (or more) misuse-cases were selected and defined further for each use-case within Cyberfactory#1 project. In particular, these risks were connected to the use-cases and their implementation with no risk mitigation available yet. The risks are assessed and listed based of the source type although there are many risks related with the new use cases, legacy infrastructure has also quite number of new risks that will be addressed within the project.

What’s next?

As the project team progresses through the main work packages and tasks, we always have the misuse-cases in mind in order to test, implement, perform our designs and projects while preventing them as a by-product in the scope of a security-by-design approach.

Author: Murat Lostar, CEO & Founder, Lostar Inc.

*To learn more about our use-cases, see our article on it here

The Use-Cases of CyberFactory#1

The key problem addressed by CyberFactory#1 is the need to conciliate the optimization of the supply and manufacturing chain of the Factory of the Future (analyzed by means of Use-Cases) with the need for security, safety and resilience against cyber and cyber-physical threats (analyzed by means of Misuse-Cases).

Therefore, in order to study this key problem, ten pilots have been developed from Aerospace, Automotive, Machinery and Electronic Industries around several use-cases (UC). These UC were then described and matched with Key Capabilities defined by CyberFactory#1 project proposal plan (technical value chain items):

UC1. Airbus Defense & Space (Spain):

At Airbus three sub-use cases are defined for the deployment of Industrial Internet of Things (IIoT) for flexible management and optimization of manufacturing as well assembly lines within the Aerospace Industry.

  • UC1.1 Description – Roboshave (Tablada Site): Connectivity of the Roboshave station to the IIoT to improve traceability, supervision and maintenance of the processes.
  • UC1.2 Description – Autoclave (CBC Site): Real-time monitoring and quality process automation across the IIoT for the process of composite parts curing and forming within Autoclaves area.
  • UC1.3 Description – Gap Gun (San Pablo Sur Site): Automation of the data acquisition using a Gap Gun device (smart tool for gaps and steps measuring) with a centralized data storage and the possibility for further data analysis.



UC2. S21Sec (Spain):

This UC addresses Human/Machine collaboration in manufacturing for quality control.

  • UC Description: The evolution of TRIMEK’s METROLAB solution, which focuses on quality control laboratory services towards a Zero Defect, through its integration with fully automated processes within the auxiliary automotive industry (controlling environmental variables and interconnecting the shop-floor). This means an overall enhancement of Metrolab Scenario (incorporation of several cybersecurity tools/services, including of Cobots)



UC3. Bittium (Finland):

This UC is concerned with a cyber-secure networked supply chain and information architecture.

  • UC Description: The goal is to create a consistent and secure information architecture and develop processes as well as information tools, which are able to support digital partnered manufacturing and deliveries, in order to achieve supply chain optimization.

UC4. High Metal (Finland):

This UC will develop a highly automated food production line of the future (in this particular case for cheese making).

  • UC Description: The High Metal UC introduces a new integrated platform-based concept for cheese manufacturing that enables: better flexibility for product quality changes, scalability for production increases, shorter installation as well as production start-up time and better efficiency and easier maintenance compared to traditional dairy production lines.

UC5. IDEPA (Portugal):

This UC will digitalize a textile production line (legacy machines) for the automotive industry.

  • UC Description: The goal is to increase efficiency (and also security, safety and resilience) focusing on the development of a new generation of ERP tools, considering Security Awareness and providing Data & Knowledge as a service. This should be achieved along with IDEPA business transformation (connectivity of legacy machines).

UC6. VESTEL (Turkey):

This UC is concerned with the optimization of material handling in PCB assembly lines.

  • UC Description: The objective is to pass from conventional material handling managed by operators and without data gathered from machines (no traceability) to a new situation oriented to the integration of machines in the electronic board assembly line with ERP system, warehouse and carrier robots in order to achieve optimization of the production and improving the traceability, and also considering cybersecurity aspects.



UC7. Bombardier Transporter (Germany):

This UC aims to optimize the material supply for the rail vehicle production.

  • UC Description: The main objective of this UC is the optimization of material supply for railway vehicle production by building an automatic supply system from the warehouse directly to the workstations, in order to have a safe and automated provision of the material within its various physical levels (many different customer projects are carried out in parallel at the Bautzen Plant in Germany).


UC8. InSystems (Germany):

This UC addresses the optimization of an autonomous transport robot fleet (ProANT).

  • UC Description: This UC is focused on the collection of data from normal operations of a transport robot fleet that can be used for detecting individual patterns via ML and predictive systems. This information can be also used for logistics optimization, and in a dynamical way for adaptation to continuous changes.


What is the general purpose of the use cases with the project of CyberFactory#1?

These use cases are contributing to the creation of the Factory of the Future (FoF) concept, which is the key goal of the Cyberfactory#1 project. The main objectives addressed by the different use cases developments, that may help to create this FoF concept, can be summarized as the following ones:

  • Automation of E2E processes across M2B & B2M communications.
  • Real time (or near real time) situational awareness and factory systems monitoring.
  • Enhanced visibility and traceability of the activity within the Factory.
  • Optimization and secure communications for Supply Chain (Distributed Manufacturing).
  • Advanced data analytics and Machine Learning for processes improvement.
  • Connectivity and integration of the Factory systems (Factory as a System of Systems).
  • Communications security and global security management.

Author: José Antonio Rivero Martinez, Automation for Industrial Means, Industrial Means Dpt. – Manufacturing Engineering, Airbus Defence and Space

PS: If you are interested in more depth in one or more of the UC(s), we are happy to get you in touch with the relevant UC owner(s). Please use for all inquiries the following email address:


New Business Models for the Creation of Value in the Factory of the Future

One of the main objectives of CyberFactory#1 is to devise innovative ways of delivering value to the several industry sectors involved in the project through the enhancement of optimization and resilience of the production environments. The project has recently delivered a set of new business models featuring value proposition that go beyond traditional approaches, based on the intelligent product servitization (i.e. transforming product sales into services provision), the knowledge extraction from data and the focus on intellectual property (i.e. enhancing the exploitation and protection of the industrial intellectual property).

Innovative business models for eight industry sectors

The project maps eight paradigmatic sectors and actors in the Factory of the Future (FoF) value chain, divided into two main value chain stages: users (i.e. industrial sectors which represent the end users of the new technologies and approaches developed in CyberFactory#1 – Figure 1) and suppliers (i.e. industrial sectors which provide enabling technologies to be applied in the end user activities – Figure 2).

Figure 1 – CyberFactory#1 FOF Value Chain – Users

Figure 2 – CyberFactory#1 FOF Value Chain – Suppliers

For each one of these sectors, the CyberFactory#1 developed a business model. The work, coordinated by each leading industry partner in the project, started with a rigorous analysis of the internal and external environments (including competition and market player analysis) and consolidated into a business model canvas. The business model canvas was then extended to a full-fledged business model. During this process the Cyberfactory#1 partners provided their input.

The business models were presented at the ICTurkey event in Istanbul (July 5th 2019) by the project coordinator, further raising the interest in the project of potential external partners, in particular concerning the application and exploitation of the project technologies.

Data, as a base for services

The “factory of the future” paradigm envisions a production environment in which massive amounts of data flow bottom-up from the shop floor to the highest levels of the management. This data yields a great value since it contains useful information that can be used to increase efficiency and performance as well as to enhance decision-making. However, this amount of data flow needs to be secure from unintended use and has to be trustable.

The new business models focus on the exploitation of data to extract valuable information and insights in order to make it an integral part of the transformation of products into services. Thereby they are providing increased value to industrial organizations and their customers. The exploitation of data lakes is at the core of the CyberFactory#1 business models.

Data exploitation is the key to more profitable business models based on service provision, which relies on continuous flow of value to customers instead of discrete product sale transactions (i.e. sales of distinct items). The continuous flow of value is provided through the “as-a-service” paradigm, meaning that high value services can be provided in a continuous way. Intelligence “as-a-service” can be provided through on-demand knowledge discovery from data, as well as Artificial Intelligence as-a-service (for example, provision of on-demand insight reports regarding production optimization). Management applications such as Enterprise-Resource-Planning (ERPs) and security platforms can benefit from the enhanced data value exploitation and themselves can also be provided “as-a-service” (for example, manufacturing management-as-a-service).

Lower adoption costs, greater flexibility, higher value

Servitization supports new revenue streams as it also empowers per-mile or plafond billing, flat rates or “per call” billing. This lowers the adoption costs, decreases risks both for producers and consumers and grants higher flexibility as well as scalability. This means that organizations become more capable and efficient of reacting to changes in markets.

Enhanced security also empowers service-based paradigms, as they rely on more frequent exchanges of data flows between value chain actors. Ensuring security and trust between actors makes the value chain more resilient and capable of delivering value even in the advent of internal or external cyberattacks, as well as protecting intellectual property and business-crucial information. This is especially important to enhance the protection against counterfeiting goods, to strengthen brand and to protect IP-driven competitive advantages.

Higher flexibility also opens the door for customization services (“mass customization”), allowing both industrial suppliers and users to lower production costs while being able to satisfy ever-changing customer requirements. Intelligent servitization based on data exploitation, higher flexibility, enhanced security and trust leverage the value creation in the next-generation industrial organizations, specifically in key sectors of the European industry.

Bringing benefits to European Industry

By focusing on core sectors of the European Industry, the CyberFactory#1 project also aims to build a community of manufacturing companies which can partner up with the project consortium and get involved.  This is an excellent way of strengthening ties, sharing knowledge and raise awareness regarding the benefits of the several developments, including being part of enhanced value chains and considering new approaches to market and value creation.

Authors: João Mourinho, Innovation Manager, Sistrade Software Consulting & Américo Nascimento, Research/Consultant, Sistrade Software Consulting


The Project DNA of CyberFactory#1

Achieving efficient and resilient Factories of the Future (FoF)

This is the aim of CyberFactory#1 in its three-year project duration. The project is the outcome of a user-driven investigation on security implications concerning the digital transformation of aerospace manufacturing lines. This investigation was carried out in 2017-2018 in scope of an eponym multifunctional working group within Airbus, including manufacturing and security professionals from Airbus Commercial Aircraft and Airbus Defence and Space divisions. The project idea was drafted by mid-2017 and a proposal was brought to the ITEA cluster for extension to broader industrial sectors facing similar digital transition challenges such as the rail systems, automotive, machine manufacturing or textile industry.

A consortium of a total of 31 partners from France, Canada, Finland, Germany, Portugal, Spain and Turkey was established, involving a balanced set of industrial pilots, technology providers and research organizations. It came to the definition of a large set of use-cases and misuse cases targeted to the convergence of industrial process optimization and manufacturing system resilience challenges. The consortium managed by Airbus Cybersecurity came to the definition of a set of twelve key capabilities that are necessary in order to achieve efficient and resilient FoF. These capabilities belong to three capacities: 1) FoF modeling and simulation, 2) FoF monitoring, control and optimization, 3) FoF security and resilience. For each of these three capacities, a set of four capabilities address respectively technical, economical,  human and societal dimensions of digital transition.

This equal consideration for technological and non-technological aspects of digital transition makes our project original and most applicable in the operational environment compared to the many techno-centric projects which currently bloom in the area of the Industry 4.0 topic. The equal consideration to both optimization and resilience challenges as well ensures adequate cost/benefit rationale in the selection of organizational and technological set-ups for industrial transformation.

The project was kicked-off on 18th December 2018 with support from the Spanish funding Authority. Finland, Canada, Germany, Portugal and Turkey later confirmed their support, while the UK and France remain with self-funded participations at this stage. Close to one year from project start, CyberFactory#1 has already successfully delivered a set of ten detailed pilot use-cases and as many misuse-cases, covering topics such as remote asset monitoring, statistical process control, robot fleet optimization, real time inventory or predictive maintenance and threats such as rogue device insertion, industrial data spoofing, distributed denial of service or adversarial machine learning. Upcoming is the definition of generic secure and optimized architectures for Factories of the Future.


Author: Adrien Bécue, Project Coordinator, Head of Innovation and R&T, Airbus CyberSecurity