Is Your Robot Vulnerable to Cyberattacks? A Tool for Manufacturers

Any cyberattack can be disastrous for a manufacturing business, but an attack on a robot could be fatal. Here’s how to assess if your robot is secure.

Imagine the situation…

You have programmed your robot to do a machining task. It uses a routing tool to cut the shape of a metal part. The robot produces hundreds of parts per day, which are later assembled into the final product.

But one day, workers at the assembly cell start complaining. The parts produced by the robot are faulty. Some of them are too big, some are too small, and nobody can understand why.

Is the robot broken? Not necessarily.

Your robot could have fallen victim to a cyberattack.

Why Robot Cybersecurity Is Essential

We have all heard how important cybersecurity is, haven’t we? In business, we’re constantly told that we need to keep our computer systems secure, update our passwords, and ensure that sensitive data isn’t leaked.

Of course, cybersecurity is important in all areas of a manufacturing business. However, with robots, it’s especially important.

The Risks of a Robot Cyberattack

According to cybersecurity company Trend Micro, there are various actions that an attacker could take on your robot.

For example, a hacker can:

  1. Sabotage production by making small, imperceptible changes to the robot’s programming. As in our example, this can lead to compromised products and can be very difficult to debug.
  2. Damage itself or surrounding equipment by instructing the robot to move erratically and collide with objects.
  3. Physically harm workers by instructing the robot to move when people are close to it and overriding safety limits.
  4. Install ransomware to block access to the robot and demand money from the business.
  5. Extract sensitive data from the robot controller or software, such as product designs and other industry secrets.

Usually, the latter two risks are the biggest concern when businesses are talking about cybersecurity.

However, the first three risks are especially dangerous when it comes to robot security. Robots have the potential to cause real physical harm if their programming is compromised.

The 5 Step Cybersecurity Assessment Tool for Manufacturers

How can you tell whether or not your manufacturing business is secure from cyberattacks?

Recently, the Manufacturing Extension Partnershp (MEP) introduced a Cybersecurity Assessment Tool for manufacturing businesses. This tool is based on the 5-part Cybersecurity Framework from the National Institute for Standards and Technology (NIST). It has become a standard for cybersecurity across industries.

You can use the framework to assess how vulnerable your business is to cyberattacks and to prepare yourself better.

The 5 steps are outlined below, along with how they relate specifically to the cybersecurity of robotic systems.

1. Identify

The first step is to identify who has access to the robot system and who doesn’t. Can the robot be programmed by anyone or only those with a specific login? It is better to have individual accounts for each employee rather than a single account for everyone.

Identify which confidential data is stored on the robot’s controller and its programming software. Delete any programs or data which are no longer necessary and contain sensitive information.

Create policies for cybersecurity which follow the legal requirements.

2. Protect

Put mechanisms and safeguards in place to protect the robot from potential attacks. For example, limit the number of employees who can operate the robot only to those who need to use it.

Train employees to recognize the signs that a robot might have been compromised. You should also train them in attacks which can allow hackers to gain access to your computer network (e.g. phishing scams).

Install software and hardware firewalls, as well as other security measures. Examples include automatic timeouts, data encryption, and remote access restrictions.

3. Detect

Even when you implement all the measures in the first two steps, it is still likely that you will experience a cybersecurity attack at some point. When this happens, you need to make sure you can detect the attack as soon as possible.

Install anti-virus and anti-malware protection on all devices and keep them up to date. If you program your robot offline, ensure that the computer you use is well secured.

Check the log files of your robot controller often. Track cybersecurity events and try to correlate them with the robot’s log files. This is to ensure that you detect any changes a hacker makes to the robot programming.

4. Respond

When a cyberattack does happen, you need to have a plan already in place. This will allow you to respond quickly and effectively in the heat of the moment. If you wait until an attack happens, you and your team will risk making bad decisions; you are trying to solve problems when everyone is stressed.

Develop a plan for what you will do in the case of cyberattacks and other security incidents.

5. Recover

You need to be able to recover quickly when a cyberattack hits your manufacturing business. This means preparing for recovery long before it actually happens.

Make full backups of all the robot’s programs and schedule incremental backups so that these stay up-to-date. Continually make improvements to the robot’s programming and update to the latest version of your programming software.

If you already have cyber insurance, check that it covers incidents related to a robot cyberattack. If you are not insured, seriously consider getting insurance as the cost of a cyberattack can be huge.

How to Ensure Cybersecurity Incidents Don’t Cause Harm

For many of us, cybersecurity is a relatively new concept. We aren’t sure exactly what we need to do to keep ourselves protected. Robots add an extra layer of complexity given that they have the potential to cause real harm.

Following a framework such as these 5 steps from NIST is a good way to get your business up to speed. However, the most important thing is to keep cybersecurity at the top of your mind.

You wouldn’t leave a door unlocked when everyone had left the building for the day, would you? Cybersecurity requires a similar level of vigilance.

What measures do you have in place to avoid cybersecurity issues? Tell us in the comments below or join the discussion on LinkedIn, Twitter, Facebook, Instagram or in the RoboDK Forum.

Alex Owen-Hill

About Alex Owen-Hill

Alex Owen-Hill is a freelance writer and public speaker who blogs about a large range of topics, including science, presentation skills at CreateClarifyArticulate.com, storytelling and (of course) robotics. He completed a PhD in Telerobotics from Universidad Politecnica de Madrid as part of the PURESAFE project, in collaboration with CERN. As a recovering academic, he maintains a firm foot in the robotics world by blogging about industrial robotics.

View all posts by Alex Owen-Hill

Leave a Reply

Your email address will not be published. Required fields are marked *