Louis Zezeran
18. dets. 2025
In this episode of CyberCast, host Ronnie sits down with Allan Puusepp, a seasoned software architect at Ericsson, to explore what smart manufacturing really looks like in practice—and what it takes to secure it. Allan works on global smart manufacturing architecture and future strategy, helping define how factories should evolve over the coming years. The conversation moves from the big Industry 4.0 picture to concrete approaches you can apply today—especially if you’re dealing with the realities of legacy OT (operational technology), long equipment lifecycles, and systems that were never designed to be internet-adjacent.
Why Industry 4.0 changes the cybersecurity conversation
A useful way to understand the cybersecurity challenge is to first understand what makes Industry 4.0 different. Allan describes modern manufacturing environments as “hyper-connected.” Devices that used to be isolated now have networking capabilities—even tiny sensors. The factory floor is no longer a closed world. Data flows continuously from machines to systems that analyze performance, quality, and throughput. Architectures commonly span private networks, edge devices, private cloud, public cloud, and AI/ML pipelines.
This is the moment when cybersecurity becomes unavoidable. In earlier industrial eras, you might have been able to treat security as a perimeter problem—build a wall between the factory and the outside world. But Industry 4.0 expands the number of endpoints, increases integration points, and blurs the line between IT and OT. A single “big firewall” approach becomes less effective when the environment is made up of many interconnected components and rapid data exchange.
Allan also highlights that not all threats look like obvious disruptions. A DDoS attack is loud: you know you’re under attack, and you can respond. But industrial environments also face stealthier risks—like industrial espionage—where the attacker’s goal is to quietly penetrate systems and exfiltrate sensitive data without being detected. These are the incidents that don’t announce themselves until the damage is done. That’s why visibility and detection matter as much as prevention.
Smart manufacturing architecture: familiar principles, new constraints
If you come from a software architecture background, part of the conversation will feel surprisingly familiar. Allan emphasizes that core principles—separation of concerns, single responsibility, well-defined interfaces—still apply. The difference is the environment you’re applying them to.
One example he shares is how to think about production lines. Instead of treating the entire line as one monolithic system, you can view it as composed of smaller “cells,” each with a specific function. Allan likens these cells to microservices or “mini-services”: each cell is a piece of hardware paired with the software that controls it, designed around a single purpose. This framing helps teams design more resilient systems, isolate issues, and evolve components without constantly risking the entire line.
But manufacturing introduces constraints you don’t typically face in standard enterprise IT. A robot running a real-time OS isn’t like a laptop. You can’t always install endpoint tools. You can’t always patch freely. Some devices may be vendor-locked or so sensitive that an update could disrupt production.
The lifecycle problem: “you can’t touch those machines”
Ronnie raises a challenge that many OT teams know well: long lifecycles. In manufacturing, medical environments, and energy systems, devices can run for years—or decades. Some machines can’t be patched. Some have no patches available. Some might stop working if you change anything. That reality makes security planning fundamentally different than in a typical corporate environment where you can roll out updates quickly.
Allan’s answer isn’t to pretend these constraints don’t exist—it’s to design around them with layered thinking.
He uses a relatable analogy: a home thermostat. The physical device can last 10–20 years, but you can still modernize what it does by building an integration layer that pulls data into a platform (like a cloud system or “home assistant”-style controller). Once the data is available, you can iterate quickly: optimize for electricity market price, weather forecasts, scheduling, and more. The key isn’t replacing every piece of hardware—it’s designing the interfaces and layers so you can innovate without breaking what already works.
Factories work the same way. Motors, conveyors, and physical components can last decades. But the digital layers above them—data streaming, analytics, anomaly detection, AI optimization—can evolve far faster.
The key takeaway: put “antivirus on the network”
One of the most actionable insights in the episode is Allan’s practical approach to securing environments where you can’t install endpoint agents.
If you can’t put security controls on the device, put them around the device.
Allan describes mirroring network traffic from core or distribution switches and analyzing it to extract signals—hundreds of attributes from the traffic—then applying machine learning to detect anomalies in near real time. In simple terms: you gain “eyes on the network” and look for behavior that doesn’t match the baseline. That can include unusual communication patterns, unexpected protocols, or suspicious data flows.
Ronnie summarizes it as a non-intrusive approach: you don’t interfere with production equipment, but you still gain detection capability. Allan agrees—this is often the easiest and fastest step to improve security posture on the factory floor, especially when legacy systems are involved.
This also reframes the security conversation from “how do we patch every device?” to “how do we detect and contain abnormal behavior?” Detection becomes the bridge between old equipment and modern threat realities.
Zero trust and micro-segmentation: moving past the “big firewall”
Another core theme is segmentation—specifically micro-segmentation aligned with zero trust concepts. Allan explains why the old model (“one big firewall and everything is trusted inside”) breaks down. If an attacker penetrates the perimeter, they can move laterally and cause real harm.
Micro-segmentation limits blast radius. With device profiling, templates, and fingerprinting, you can control what each device is allowed to talk to and how. That’s critical in hyper-connected factories, where devices may be numerous, specialized, and difficult to secure individually.
This isn’t presented as a single magic solution. It’s part of a layered defense model: segmentation reduces risk; visibility detects what slips through; and strong operational hygiene keeps the basics tight.
Security still starts with hygiene (and people)
Even with advanced architecture and machine learning-based detection, Allan doesn’t downplay fundamentals. He emphasizes “normal hygiene” as the foundation: patching where possible, segmenting networks, ensuring firewalls are correctly placed, and applying secure coding principles in the systems you do control.
And then there’s the human factor. Allan bluntly notes what many security leaders have learned the hard way: people are often the weakest link. Even in highly technical environments, the organization’s security posture depends on behavior, discipline, and consistent practices—not only technology.
Why this episode matters
If you’re responsible for manufacturing systems, OT security, enterprise security that touches operational environments, or even IT architecture in industrial settings, this episode offers a realistic lens on what’s changing—and what you can do about it.
It doesn’t rely on buzzwords. Instead, it connects Industry 4.0’s promise—automation, real-time data, and smarter decision-making—with the operational constraints that make industrial security hard. The most valuable part is the practicality: you get a clear “first move” that many teams can take without disrupting production (network visibility and traffic analysis), while also understanding the longer-term direction (micro-segmentation, layered integration architectures, and closing the loop from analytics back to operations).
And yes—there’s even a memorable moment about why movie robots “turn red” when they go bad. (Apparently, that’s one for a future episode.)
If you’re exploring smart manufacturing, private 5G use cases, or OT security strategy—or you’re simply trying to make legacy environments safer without breaking production—this is an episode worth hearing.
Listen now, and if you found it useful, subscribe to CyberCast for more conversations at the intersection of cybersecurity, architecture, and emerging technology.
