Any cyberattack can be disastrous for a manufacturing business, but an attack on a robot could be fatal. Here’s how to assess if your robot is secure.
Imagine the situation…
You have programmed your robot to do a machining task. It uses a routing tool to cut the shape of a metal part. The robot produces hundreds of parts per day, which are later assembled into the final product.
But one day, workers at the assembly cell start complaining. The parts produced by the robot are faulty. Some of them are too big, some are too small, and nobody can understand why.
Is the robot broken? Not necessarily.
Your robot could have fallen victim to a cyberattack.
Why Robot Cybersecurity Is Essential
We have all heard how important cybersecurity is, haven’t we? In business, we’re constantly told that we need to keep our computer systems secure, update our passwords, and ensure that sensitive data isn’t leaked.
Of course, cybersecurity is important in all areas of a manufacturing business. However, with robots, it’s especially important.
The Risks of a Robot Cyberattack
According to cybersecurity company Trend Micro, there are various actions that an attacker could take on your robot.
For example, a hacker can:
- Sabotage production by making small, imperceptible changes to the robot’s programming. As in our example, this can lead to compromised products and can be very difficult to debug.
- Damage itself or surrounding equipment by instructing the robot to move erratically and collide with objects.
- Physically harm workers by instructing the robot to move when people are close to it and overriding safety limits.
- Install ransomware to block access to the robot and demand money from the business.
- Extract sensitive data from the robot controller or software, such as product designs and other industry secrets.
Usually, the latter two risks are the biggest concern when businesses are talking about cybersecurity.
However, the first three risks are especially dangerous when it comes to robot security. Robots have the potential to cause real physical harm if their programming is compromised.
The 5 Step Cybersecurity Assessment Tool for Manufacturers
How can you tell whether or not your manufacturing business is secure from cyberattacks?
Recently, the Manufacturing Extension Partnershp (MEP) introduced a Cybersecurity Assessment Tool for manufacturing businesses. This tool is based on the 5-part Cybersecurity Framework from the National Institute for Standards and Technology (NIST). It has become a standard for cybersecurity across industries.
You can use the framework to assess how vulnerable your business is to cyberattacks and to prepare yourself better.
The 5 steps are outlined below, along with how they relate specifically to the cybersecurity of robotic systems.
The first step is to identify who has access to the robot system and who doesn’t. Can the robot be programmed by anyone or only those with a specific login? It is better to have individual accounts for each employee rather than a single account for everyone.
Identify which confidential data is stored on the robot’s controller and its programming software. Delete any programs or data which are no longer necessary and contain sensitive information.
Create policies for cybersecurity which follow the legal requirements.
Put mechanisms and safeguards in place to protect the robot from potential attacks. For example, limit the number of employees who can operate the robot only to those who need to use it.
Train employees to recognize the signs that a robot might have been compromised. You should also train them in attacks which can allow hackers to gain access to your computer network (e.g. phishing scams).
Install software and hardware firewalls, as well as other security measures. Examples include automatic timeouts, data encryption, and remote access restrictions.
Even when you implement all the measures in the first two steps, it is still likely that you will experience a cybersecurity attack at some point. When this happens, you need to make sure you can detect the attack as soon as possible.
Install anti-virus and anti-malware protection on all devices and keep them up to date. If you program your robot offline, ensure that the computer you use is well secured.
Check the log files of your robot controller often. Track cybersecurity events and try to correlate them with the robot’s log files. This is to ensure that you detect any changes a hacker makes to the robot programming.
When a cyberattack does happen, you need to have a plan already in place. This will allow you to respond quickly and effectively in the heat of the moment. If you wait until an attack happens, you and your team will risk making bad decisions; you are trying to solve problems when everyone is stressed.
Develop a plan for what you will do in the case of cyberattacks and other security incidents.
You need to be able to recover quickly when a cyberattack hits your manufacturing business. This means preparing for recovery long before it actually happens.
Make full backups of all the robot’s programs and schedule incremental backups so that these stay up-to-date. Continually make improvements to the robot’s programming and update to the latest version of your programming software.
If you already have cyber insurance, check that it covers incidents related to a robot cyberattack. If you are not insured, seriously consider getting insurance as the cost of a cyberattack can be huge.
How to Ensure Cybersecurity Incidents Don’t Cause Harm
For many of us, cybersecurity is a relatively new concept. We aren’t sure exactly what we need to do to keep ourselves protected. Robots add an extra layer of complexity given that they have the potential to cause real harm.
Following a framework such as these 5 steps from NIST is a good way to get your business up to speed. However, the most important thing is to keep cybersecurity at the top of your mind.
You wouldn’t leave a door unlocked when everyone had left the building for the day, would you? Cybersecurity requires a similar level of vigilance.