The implementation of the Industry 4.0 philosophy is increasing the adoption of intelligent manufacturing systems that control and monitor the physical manufacturing environment, automating manufacturing processes, and enabling large-scale machine-to-machine communication to achieve greater efficiencies and leaner production practices. Robotic equipment is now widely utilized across a range of industry sectors. Their application has moved beyond vehicle assembly lines and specialized handling of hazardous materials. The technology is currently deployed for purposes as varied as warehouse picking to supporting medical surgery procedures. A consequence of this growing trend toward employing robotic devices in manufacturing and services industries is cybersecurity risks and their effects on the workplace. Manufacturers must be conscious of these risks to develop safe and secure industrial products.
Trends In robotic systems
Industrial robots have gained popularity through their ability to perform repetitive tasks faster, more precisely and more consistently than human operatives. They can also operate continuously for long periods without any degradation in performance. For manufacturing tasks requiring high standards of quality, they have proved invaluable. An added benefit is that robots can operate in environmental conditions that would either be unsuitable for a human operative or require them to wear protective equipment.
Such modern manufacturing equipment is now built around advanced processing elements that are networked to deliver flexible and adaptable functionality. Production downtime is minimized through proactive performance monitoring and fault diagnosis techniques, facilitating preventative maintenance regimes scheduled into assembly line activity planning. The biggest drawback for industrial robots was the high capital outlay required for equipment that could perform a relatively limited range of operations. Repurposing for changes to production processes was challenging. The development of intelligent mobile robots that can perform a greater range of functions has shifted the cost benefits towards adopting this technology. The potential long-term cost savings and production efficiencies prove attractive to the manufacturing sector following the disruption caused by the COVID-19 pandemic when the human workforce could not work due to government restrictions on movement and congregation. A robotic labor force would be unaffected by such events.
Autonomous system risks
The benefits of robotic devices can appear tremendous, but manufacturers must be aware of the safety and security risks they create. Cybersecurity is rarely treated as an integrated component of manufacturing processes, with a limited crossover of skills and often little communication between subject matter experts in what can be a highly siloed environment.
Unwanted control operations due to malicious actions can result in a potentially fatal working environment if the robot is closely coupled with human interaction. Where industrial robots were the traditional three-axis arms installed at a fixed location, physical separation between personnel and the devices was the primary control in reducing risks. With the introduction of mobile robots, alternative risk reduction measures will be necessary. Physical separation may work for some applications like warehouses where human-free areas can be designated and enforced. Still, where the robot acts on or near humans, such as medical applications, this is obviously impractical.
While international standards such as ISO 10218 and ISO 15066 provide guidance for robot safety, their applicability to security is restricted to the safety-related consequences of security incidents. The development of mobile autonomous robots is driving changes to the standards. Still, to date, the focus has been on automated guided vehicles such as driverless cars, a category that robots do not neatly fit into. This focus is expected to change as robotics develop. Manufactures must be mindful of the developments in regulations, standards, and guidelines as they appear.
Robotic devices hold vast volumes of sensitive commercial information, from product designs to manufacturing processes. Protection of this intellectual know-how is vital for businesses. Its confidentiality is what gives the manufacturer a competitive edge over competitors. Malicious attacks that exploit security vulnerabilities represent the greatest threat to a business’s intellectual property. But not all attacks start outside of a company’s perimeter. Equipment built around complex processing elements can use network connectivity to autonomously reach out across the internet. It is common for manufacturing equipment to send diagnostic data back to its manufacturer to achieve maintainability and reliability goals. Such data can inadvertently reveal classified details of the equipment’s operations for anyone who knows what to look for. There is significant interest from competitors and nation-states who typically have the resources to seek out and exploit such information for some specialized industry sectors.
There are many ways attackers can disrupt manufacturing facilities, the most significant economic threats come from halting production or making products unusable. Disrupting the operation of manufacturing equipment can halt production, damage the equipment or result in the manufactured items being out of specification. Arguably stopping production is least severe as it would be immediately apparent and would not waste resources. A subtle change that caused manufactured products to be made incorrectly may not be noticed for hours, in which time resources and materials would have been wasted, and identification of the cause of the issue may itself take hours before rectification can begin. An attack that damages bespoke robotic manufacturing equipment requiring costly repairs and a lengthy downtime may significantly impact business revenues. Unplanned stoppage of production lines can be fatal for on-time delivery processes.
Products may also be a critical part of a supply chain. This can lead to knock-on effects if there are no alternate products and insufficient stocks to manage the period of disruption. The just-in-time production environment does not take long for supplier disruption to impact final product availability. Disrupting the production line does not just lead to economic impact. With sufficient knowledge of the manufacturing equipment, a determined, intelligent and well-resourced attacker can cause all manner of effects which range from accessing stored data to steal valuable intellectual property to causing physical damage to equipment and personnel, potentially causing injury or loss of life.
Warehouses are now being built where all movements are managed using robots in an enclosed area behind a physical firewall where humans only enter when the systems have been shut down. The simplest way to bring such a facility to a standstill is simply to alter the database of where items are stored. The robots will retrieve the wrong items or return empty-handed and will not have the cognitive ability to search from the correct objects like a human operator.
The standard security controls for intelligent devices apply as the baseline for robotic security. Strength in-depth and robust security should prevent all but the most determining and sophisticated attacks on each device and the networks that they connect with.
Additional controls will be required to manage the risks that autonomous robots bring into the workplace. With all moving devices, these risks will encompass both safety and security. The threats will come from the security domain, but the consequences of any security vulnerabilities being exploited will be wider-ranging. The first step for any manufacturer is to develop robust risk identification and assessment processes, backed with suitably qualified and experienced practitioners. The greatest threats often come from the realization of risks that were never identified.
Relying on network security measures to protected industrial robotic equipment is not sufficient. Network-connected robots need to be sufficiently secure to withstand attacks without total reliance on external controls. By making equipment secure by design, the application of security controls in the heart of the device’s functionality as part of the design process will be more effective and cheaper to implement than controls bolted on as an outer protective shield. When added to network controls, the layering of defenses prevents exploitation of a single vulnerability resulting in a single point of failure for the system’s security.
All network-connected equipment with a processing element should have patches and updates available over its life. Securely delivering automated updates transparently to the end-user is the optimum solution rather than relying on users to search out updates for every smart device. But the process must be safe; the SolarWinds incident has highlighted the importance of this. The onus is on manufactures to guarantee through life security support that is itself secure.
Security consequences may be centered around the theft of confidential information or consequential effects. The compromised device may itself be exploited, or it may provide a gateway for attacking other network-connected devices using privilege escalation and lateral movement techniques. Safety consequences will be centered around the movement of a compromised machine, causing damage to property or physical harm to anyone in the vicinity. A thorough risk assessment is necessary to identify and mitigate all credible risks. Temporal risk assessment activities are essential as technologies advance, security threats evolve, and best practices develop. Risks should be reviewed at least annually and in response to any significant change to the robot itself or to the environment and threat landscape that it is operating in. Manufacturers should take the lead in proactive security measures, identifying and resolving vulnerabilities and pre-empting malicious attacks where possible.
The integration of complex, innovative manufacturing technologies into industrial robots increases the risk of cyber-attacks and the consequences of such an attack. Potential outcomes can range from lost production with its financial implications through to, at the extreme, the loss of life. Manufacturers of industrial robotic equipment must address security as part of the product development process, applying secure by design and secured for life principles. This security process starts with comprehensive risk assessments that are then managed and maintained over the product’s life.