The line is blurring between information technology (IT) and operational technology (OT). As more industrial robotics equipment is connected to the industrial internet of things (IIoT), the vulnerabilities increase. Among the many devices being added to networks are robotic machines. That’s raising red flags for some experts. And it has many people worried. What are the risks associated with connecting an army of robots? It’s the stuff of science fiction.
Industrial Robotics on the Rise
The World Robotics Report 2016 gives us some insight into the scope of global automation growth: “The number of industrial robotics deployed worldwide will increase to around 2.6 million units by 2019.” It says that the strongest growth figures are for Central and Eastern Europe. The report cites China as the market for growth, and says that North America is on the path to success. “The USA is currently the fourth largest single market for industrial robots in the world,” according to the report.
TechCrunch contributor Matthew Rendall says “Industrial robotics will replace manufacturing jobs — and that’s a good thing”. He writes that the “productivity growth” behind 85% of job losses is all about machines replacing humans. Luddite and famous poet Lord Byron would not have been pleased. But Rendall is not bothered. He says that “more is getting done” by industrial robotics that are safer and more reliable than human beings. And he believes that this robotics revolution will be beneficial to workers and society in the long run.
All this rush to automation might be the best thing since jelly doughnuts. But one question could make all the difference between abysmal failure and glorious success: Can we keep them secure?
Cybersecurity Challenge in Industrial Robotics
We probably don’t need to worry about robots taking over the world any time soon. (Let’s hope, anyway.) What concerns security experts is that our computer-based friends can be hacked. Wired Magazine reports how one group of researchers was able to sabotage an industrial robotics arm without even touching the code. That’s especially worrying when you think that most industrial robotics have a single arm and nothing else. These devices are made to make precise movements. Hackers can change all that.
German designer Clemens Weisshaar addressed the issue in a form at Vienna Design Week in 2014. “Taking robots online is as dangerous as anything you can put on the web,” he said. In a video from the forum, Weisshaar talked about how even his company’s robot demonstration in London had been hacked within 24 hours. They even tried to drive his robots into the ground. “If everything is on the internet,” he said, “then everything is vulnerable to attack.”
Industrial robotics is only one part of what many are calling Industry 4.0. It’s a trending concept — especially in Germany — and it’s another way of referring to the Fourth Industrial Revolution. To understand what this is about, we should first reach back in the dim recesses of our minds to what we learned in history class in school.
The Industrial Revolution, as it was originally called, took place in the 18th and 19th centuries. It started in Great Britain and involved the harnessing of steam and tremendous advances in production methods – the 1st. Next came the 2nd roughly from 1870 until World War I in the USA. This involved the use of electricity to develop mass production processes. Th 3rd brought us into the digital age. Part four is upon us now.
A video from Deloitte University Press introduces us to the Fourth Industrial Revolution — Industry 4.0. It gives a good summary of the four “revolutions”, and it talks about some of the new technologies that now define our age:
- Internet of Things (IoT)
- Machine Learning
- Augmented Reality
- Mobile and Edge Computing
- 3D Printing
- Big Data Processing
“These technologies,” says the narrator, “will enable the construction of new solutions to some of the oldest and toughest challenges manufacturers face in growing and operating their business.” They also make up the environment in which hackers flourish.
Industrial Robots and IoT Security
In this space we have already discussed the security vulnerabilities of IoT devices. We told you how white hat hackers proved that they could commandeer a Jeep Cherokee remotely by rewriting the firmware on an embedded chip. Imagine what hackers with more sinister motives might be planning for the millions of robotic devices taking over the manufacturing shop floor — supposing they are all connected.
Some researchers tackled the issue in a study called “Hacking Robots Before Skynet”. (You will remember from your science fiction watching that Skynet is the global network that linked robots and other computerized devices in the Terminator movie franchise.) The authors had a lot to say about the current state of cybersecurity in the industrial robotics industry. We can borrow directly from the paper’s table of contents to list what they call “Cybersecurity Problems in Today’s Robots”:
- Insecure communications
- Authentication issues
- Missing authorization
- Weak cryptography
- Privacy issues
- Weak default configuration
- Vulnerable Open Source Robot Frameworks and Libraries
Each of these topics could probably merit a full article on its own. The researchers explained further: “We’re already experiencing some of the consequences of substantial cybersecurity problems with Internet of Things (IoT) devices that are impacting the Internet, companies and commerce, and individual consumers alike, Cybersecurity problems for industrial robotics could have a much greater impact.”
What might that impact be? Well, to start with, robots have moving parts. They tell how a robot security guard knocked over a child at a shopping mall. A robot cannon killed nine soldiers and injured 14 in 2007. And robotic surgery has been linked to 144 deaths. It’s not Skynet yet, but connecting robots has its risks.
How we communicate with machines and how they communicate with each other are matters that require significant attention. Arlen Nipper of Cirrus Link Solutions talks about MQTT, which is a protocol for machine-to-machine (M2M) messaging. Manufacturing designers and operators send instructions to one-armed industrial robotics, who work in a variety of industries from automotive to aerospace to agriculture to packing and logistics. All this talking back-and-forth with robots has to be regulated. NIST’s Guide to Industrial Control Systems (ICS) Security has a few references to robots. But maybe not enough.