The army of cybercrime threatens the empire of robots

Robotics is advancing by leaps and bounds and has not yet peaked. It inhabits our homes in the form of smart devices, it is present in the hospitality sector to support waiters, it has made a niche in the operating rooms to achieve less aggressive interventions and, of course, it has colonized the industry, where it has lived for some time. decades with flesh and blood workers. To get an idea of ​​the mammoth universe that automata suppose, the ‘stock’ of industrial robots in factories around the world now exceeds 2.7 million units, the highest level in history, according to the International Federation of Robotics.

years: robots will do half the jobs humans do today by 2025, as estimated by the World Economic Forum. That machines offer advantages that are increasingly difficult to disprove is a fact but, like computers or mobile phones, they face a silent enemy, cybercriminals, from whom they are not always well protected.

The number of incidents remains low, although experts call for caution. “Attacks in the specific field of robots are very punctual since the technology is not accessible to everyone, that is, not all the industry has robots as digitized as they exist in the market. Criminals are attacking most common technologies, which suppose them less effort and more possibilities of performance “, explains Daniel Fírvida, Cybersecurity expert of Incibe-CERT (center of the National Institute of Cybersecurity).

This circumstance should in no case serve to lower your guard, since the consequences of an attack can be serious. ‘Robots used in industry are highly sensitive elements, so they a vulnerability presents a very high risk. An attacker can alter their configuration, the logic of production in an assembly line and the parameters with which they are calibrated, something that, in the end, can affect not only the industrial process but also the safety of the people who handle them. “, He says.

Asked about the degree of protection of robots, he argues that, although it is true that the mechanical part has been developed for a long time, it is still an emerging technology in terms of its digitization and that includes cybersecurity. «In the pure industrial field, safety is always present for the protection of the people who operate the machines. The cybersecurity aspects necessary for digitization are also covered, although not all have the same priority, “says the expert. In this way, remember that use cases are still being deployed and cybersecurity aspects are also evolving.

Oscar Lage, Head of Cybersecurity and Blockchain at Tecnalia, affirms that we are in the initial stages of cybersecurity in robotics and that the generalization of industry 4.0 increases the risks. “We have the machines visible to the internet when it is not necessary to operate them and we are exposing them,” he warns. To this is added the ignorance on the part of those who operate the robots. «The Robotic Operating System (ROS) was until recently in its first version and did not bring any cybersecurity. They have released a second version, which incorporates some things, but very few people use it, “he laments.

Role of manufacturers

A frequent complaint among users of these machines is that the manufacturers themselves make updates difficult. On this point, Lage believes that it cannot be generalized because there are some that take only 14 days on average to release a patch after a vulnerability appears, while others take a year. ‘We have to ask the manufacturers to release the patches as soon as possible, but in most cases it is more a problem of culture of the person who operates it. People usually go four years without updating them. And many times it does it because the computer inside it breaks down and the new one comes with everything updated, “he says.

There are also situations in which updating is complicated for reasons beyond the control of the producers. «If the robot is not connected to the internet, the procedure to update the software is much more complicated and manufacturers, even if they want to, do not have it easy, “he says. Marta Beltran, coordinator of the Degree in Cybersecurity Engineering at the Rey Juan Carlos University.

Artificial locks

However, other times, for economic interest, companies prevent customers from making security updates and thus have to resort to them. “There are manufacturers who do not want them to be made because they prefer that users depend on going to their technical service or even buying a new version of the robot. They work with the concept of planned obsolescence because it is more profitable for them, ”says Beltrán. These practices occur mainly in very specific robots used in critical environments: «As yes or yes they have to be updated, promote dependency, that the ecosystem is kept very closed and that customers cannot resort to a cheaper third party.

Some manufacturers prevent users from updating the robot to enhance their technical service or purchase a new version

Security vulnerabilities make bots a target for cybercriminals, whose main motivation is often financial. “In industrial settings, they typically aim to compromise availability, that is, stop plant production. When they pay them a ransom, they let it continue to operate, ”explains Beltrán. The other aspect would be the information theft: “Factory robots often have product recipes or blueprints for designs, very sensitive intellectual property.” As Óscar Lage tells us, Hackers can extort money directed at a company because it is very profitable and has previously paid ransoms or that they look for visible robots on the internet and then find out who they are to extort money from them.

Lage stresses that these incidents are still residual. “Only one in ten experts who work with robots that use the ROS operating system, the most common, have seen a cyber incident,” he justifies. In his opinion, what is worrisome is the upward curve. «Cases are increasing very fast», He says. In segments such as vehicles, with greater internet connectivity or operating systems more vulnerable than ROS, is where the bulk of attacks are concentrated. «Connected vehicles such as AGVs are having the most problems», He details. “You have to have a plan to slowly but surely adopt security measures. These uncontrolled assets can cause physical damage and one way to avoid this is to protect them», It affects. And here Spain occupies a prominent place, according to the consensus of experts.

“The production of robots is focused on countries such as Japan or Germany, but in cybersecurity we are very well positioned”, considers Daniel Fírvida, from Incibe-Cert. It should be remembered that Spain approved in 2011 the Ley of Protection of Critical Infrastructures, that forced the operators to put the batteries. «It has helped us to have a quite reasonable level of maturity in all the part of industrial cybersecurity and that includes robots “, highlights Marta Beltrán.

Anticipate incidents

Researchers from our country also try to do their bit to detect hackers and prevent the robot from carrying out actions for which it is not programmed. The Robotics and Intelligent Electronics research group at the University of Huelva, for example, has designed a sensor that warns of computer security threats in the operation of the hardware of mobile robots.

Suitable for any electronic device that exchanges information through the I2C bus, the sensor has been tested on an experimental platform to verify its effectiveness. «We saw that it was viable and we patented itHe says Fernando Gomez-Bravo, member of the group and director of the Department of Electronic Engineering, Computer Systems and Automation of the aforementioned university. The incidents it sees include those that leave no trace. “The robot’s control organs receive wrong orders, but apparently nothing happens, there is no trace of the effect caused by the attack,” he explains. By alerting of these anomalies, strategies such as stopping the robot or having a program to resume its normal operation can be applied.

At the moment, the proposal has not reached the market. “The bus in which we work is used in mobile robots, which tend to be implanted little by little, no longer in industry, but in social robotics and at home”, he clarifies. “Today attacks on domestic robots are rare, but it is possible that in the future we will be interested in having them protected. At that time our work will have a true commercial application», Assures Gómez-Bravo. Companies and researchers are taking steps to immunize robots from the dreaded cyberattacks.

Related Posts

Leave a Reply

Your email address will not be published.