Page tree
Skip to end of metadata
Go to start of metadata

Definition of a "Smart Factory"


Definition of "Connected Machines"



  • IoT cyber strategy
  • Integrity of software updates
  • Integrity of online connection to cloud
  • Monitoring connected machines for cyber attacks
  • Operator and service personnel secure logging
  • Firewalls between intelligent machine connections.
  • Completeness of data modelling
  • Product liability
  • Wireless connectivity (denial of service)
  • DOS attacks in WSNs (wireless sensor networks)


What is more interesting? Small vs. big?


  • Provide knowledge, increase awareness especially for SME sector
  • Point is to increase knowledge about the appropriateness of CyberSec to companies
  • Security by design
  • Identity and its management
  • Focus area: Detection of attacks
  • Risk management → cost efficiency
  • Trust in the Manufacturing Supply Chain (i.e parts from different manufacturers, assembly, warehousing, logistics, distribution and deployment)
    • Identification of potential cybersecurity threats and mitigation techniques
    • Verification of the integrity, and trustworthiness, of the overall supply chain, manufactured components as well as data flows
    • Devising methods to develop resilient systems out of potentially insecure parts of the supply chain, based both on trust as well as evidence
  • Operational Security in connected factories, IT Systems and machines
    • Performing local and remote attestation of autonomously operating/executing machine components
    • Conducting the secure deployment, orchestration and trustworthy execution of components, lightweight containers and VMs, particularly for edge computing
    • Enabling stakeholders to perform real-time and near real-time monitoring and anomaly detection, based on traffic observation and attested (as well as encrypted) data in a privacy-preserving manner
    • Designing dynamic data visualisations of the real-time security state in smart factory and connected machines as well as user interfaces supporting context-specific comprehension and security management
    • Deploying PKI and AAA infrastructure enabling certificate-based access control and revocation policies
  • Information Sharing for Collaborative Security Management
    • Usage of modern encryption schemes such as Attribute-based encryption, which facilitates efficient data sharing, collaboration and even revocation, among multiple stakeholders based on a common attributes for fine-grained role-based access control, without the need for traditional username/password-based schemes

    • Delivery of cybersecurity events and incident data among stakeholders, using standardized incident exchange formats such as IODEF, STIX and VERIS used by Cybersecurity Incident Response Teams (CSIRTs) for collaborative incident handling and automated responses to prevent propagation of vulnerabilities.


  • CyberSec in industrial companies
  • CyberSec assessment
  • Digital identity
  • ability to control increasing intelligence
  • IoT ecosystem solutions
  • Cyber security of a whole value network
  • Business cases?
  • Risk vs business?
  • How to ensure accessibility of data also from remote sites and from machines of subcontractors and suppliers?
  • International dimension!
  • Monitored and controlled mobile equipments with wireless communication (automated and remote contolled)

Research questions

Industrial partners

OrganizationContact personRole & contribution
(AIKO cluster)




(Insta Defsec)

Missing Link

(Satron Instruments)

(Ponsse / EPEC)



Research partners

OrganizationContact personRole & contribution

Tampere University/ITC/Computing Sciences

Bill Silverajan,

Antonis Michalas

  • Lightweight Authentication, Encryption and Key Exchange
  • Software and Software/Hardware Hybrid Attestation 
  • Secure Onboarding, Provisioning and Firmware Updating
  • Secure Management of Virtualisation Technologies (VMs and Containers)
  • ML-based Anomaly Detection in Remote/Edge Networks
  • Advanced UIs for Security Data Visualisation


  1. Anonymous

    Cybersecurity of IoT

    There are three main phases of a cyber-attacks, namely

    1. Before cyber-attack: Preparedness. Building capabilities:

    • planning
      • avoiding dangerous job combinations (vaaralliset työyhdistelmät)
    • processes
      • Information Governance incl. evidence management
      • incl. MIM (Major Incident Management) process
    • deception (incl. honey potting)
    • training
    • building
    • testing
    • auditing

    2. During cyber-attack: 

    • incident management process incl. MIM
    • keep chain-of-custody (katkeamaton dokumentoitu käsittelyketju)
    • keeping evidence intact (=authentic evidence)
    • undisputed process 
    • sandboxing & deception
    • visualization incl. AI
    • analysis
      • incl. is this a smoke-screen attack?

    3.  After cyber-attack

    • root-cause analysis and forensic
      • incl. post-attack analysis
      • post-mortem forensic and reporting (lessons learned)
    • authentic evidence
      • pre-trial investigation (esitutkintaan saattaminen)
  2. Anonymous

    TAMK has a new FieldLab which can be used as a testbed and capability creator for Industry 4.0. Laboratory is equipped for tests. Following list includes potential cases relevant to this topic. Other cases can also be considered during Co-Creation.

    Mapping threat vectors relevant for Industry 4.0 activities

    Modeling / testing DoS

    Digital trust (defining concepts, data-in-transit interfaces etc.)

    Development of Industry 4.0 concept and facilities further to enhance teaching and demos based on industry requirements

    Guidelines for best practices

    Industry 4.0 process mapping + testing

  3. Anonymous

    Unfortunately Pyroll is not able to participate on the workshop on 28.11. - below our comments / input to this theme.

    Basically there are two areas, that could be of interest for Pyroll as a co-creation / co-research program:

    1. Increasing the awareness related to Cyber in industrial SME companies, as the "smartness" of factories is increasing either intentionally or unintentionally
      1. Outcome could be e.g. learning framework & tool (not only to support learning but also to track if awareness is increasing or not)
    2. "Monitoring the Smart factory"
      1. How could we support industrial SMEs to build capabilities in monitoring the "Smart factories"? Perhaps a tool that can visualize a factory & all connection points that could be used to attack, some "traffic lights" to show if those connection points are in normal state or if there are any anomalies, etc.
      2. How can we make sure, that the production machines are taking commands only from trusted sources? 

    Markus Hänninen / Pyroll Group 

Write a comment…