Industrial robot utilization requires cybersecurity strategy
Digitalization and AI bring opportunities for robots, but also a degree of cybersecurity risk as more data is gathered and processed all the way from the edge to the cloud and beyond.
Industrial robots generate billions of data points that can be used to measure and optimize robot performance, provide predictive maintenance and to drive advanced analytics.
Digitalization of the industrial sector is certainly on the increase – as it has been since pre-COVID times but with an extra push provided by recent pandemic operating conditions— as manufacturing companies deploy remote access, programming and monitoring tools, and predictive maintenance solutions.
The manufacturing sector is on course to generate about 1,812 petabytes of data every year, significantly more than the data generated by communications, finance, retail and several other sectors, according to Deloitte’s Survey on AI Adoption in Manufacturing, published in 2020.
Additionally, manufacturers are showing massive interest in using artificial intelligence and machine learning to enable smart production and to enhance business operations and decision-making processes. Deloitte’s survey revealed that 93% of manufacturing companies believe AI will be a pivotal technology to drive growth and innovation in the sector.
Digitalization and AI bring opportunities, but also a degree of cybersecurity risk as more data is gathered and processed all the way from the edge to the cloud and beyond. What are industry leaders doing to ensure data security and what should owner-operators look for from providers in terms of cybersecurity?
Regulated, compliant intelligence
Traditional industrial automation systems are not intelligent enough to adjust to variation in the environment, a major impediment when it comes to complex material handling tasks, said Derik Pridmore, co-founder and CEO at OSARO, a machine learning company focused on robot vision in industrial and warehouse automation applications.
“Instead of a robot performing the same task 5 million times, our customers want robots to do something slightly different each of 5 million times, for example in material handling applications running on conveyors. You need artificial intelligence to do that,” Pridmore said.
The OSARO system applies machine learning to visual information about the environment and robot actions. By relating that visual data to a robot’s position and applying machine learning algorithms, robots can be trained to move and grasp objects more efficiently, optimizing performance and improving the bottom line for owner-operators. This involves periodic movement of data through cloud infrastructure, which is “extremely well-developed and sophisticated.”
GDPR is a set of tough data protection laws developed by the European Union designed to ensure data privacy and security. The OSARO solution is GDPR-compliant, said Pridmore, which means that customers can, for example, request that any personal data collected by OSARO at any time can be retrieved and deleted.
Owner-operators can also request that their data is not used in OSARO’s machine learning models, however this is yet to happen, as it defeats the purpose of investing in AI in the first place. “No one has ever done that, because the whole point of gathering and processing visual data is that you want your robots to learn,” Pridmore said.
Security, interoperability and availability
It’s important to strike the correct balance between security, interoperability, and availability, said Kyle McMillan, an R&D Specialist and product & solutions security expert at Siemens. “The most secure system would be one that has no interfaces at all, but that’s not a useful system. So, rather than turn it off and put it in a locked cabinet, we find ways to securely bring that information out into the field,” McMillan.
Siemens’ “Defense-in-Depth” (DiD) concept is key feature of the company’s industrial security approach. DiD provides a comprehensive data protection strategy based on the Industrial Security Standard IEC 62443 for control system components. IEC 62443 was developed for vendors, system integrators and owner-operators and it is a useful starting point for owner-operators navigating their way through the potential risks around plant access, network access and system integrity.
In addition to DiD, Siemens is a founding member of Charter of Trust (CoT), a collaboration of leading global companies with three main aims: Protecting data related to individuals and companies; Preventing damage to people, companies and infrastructures; and, Creating a reliable foundation to drive confidence in digitalization.
McMillan encourages owner-operators to work with strong cybersecurity partners that can provide cybersecurity services and educational resources. Additionally, owner-operators need to take ownership of understanding the basic cybersecurity risks around their business and ensure that these risks are addressed through measures such as setting up time-limited access to specific data sets and ensuring that all security software patches and updates have been installed.
“Much of the work in cybersecurity is mundane, day-to-day cyber hygiene. Just like brushing your teeth –it’s something you take time for every day, something you don’t necessarily tell people about, but it’s important that you do it. Investment in these cybersecurity hygiene activities is really critical to maintaining a good security posture,” McMillan said.
Overwhelmingly normal data
The end-product of all the data produced by industrial robots has the potential to turn into a digital tsunami, so it’s important to separate the important data from the waves of ongoing “I’m normal” status updates provided by your robots, said Irene Petrick, director of industrial innovation at Intel.
“You don’t want to deal with most of the ‘I’m normal’ data. You want to know when things are not normal and when an anomaly has occurred. We do a lot pre-processing before it ever gets transmitted at the source,” Petrick said.
AI can be of real use here, whether it’s putting data in context, abstracting key information from ongoing background noise or stripping all identifying metadata from data that is sent to the cloud.
“Cybersecurity has to happen across the entire stack and across the entire data lifecycle. For owner-operators that are not doing this now, there’s a tremendous learning curve, but my suggestions would be to understand the data that really matters, understand how to anonymize that data from its context, understand how to transmit it safely, and how to recognize when that transmission has been compromised,” Petrick said.
Noting that data security is “everybody’s responsibility,” Petrick adds: “Unfortunately, the majority of workers in the industrial space at least don’t have the basic tools –or sometimes, even the appreciation—of what these cybersecurity vulnerabilities are. So, there’s a significant uptraining that has to occur as we go further and further towards network and software-defined operations.”
Cybersecurity is an ongoing process for vendors, system integrators and owner-operators, said Luis Narvaez, product manager for controllers in Siemens’ Factory Automation Division.
“Cybersecurity is an ongoing effort that involves continuous improvement, evaluation and implementation. It’s not just a matter of installing, for example, an edge device and walking away. The hacker community is continuously evolving and they will find ways to break into mature equipment,” Narvaez said.
Narvaez advises owner-operators to evaluate their vendors’ cybersecurity features and to look for security that is enabled by default. ”In this day and age, there are a lot of tools and features available that can definitely contribute to protecting your system. So, if there’s one takeaway it would be to make sure that your vendor is up to speed and that you continue to evaluate what solutions and security features are available from your automation vendors.”
In most cases, the benefits derived from optimized robot performance far outweigh the downtime and costs stemming from security vulnerabilities and ransomware attacks. Adding some security-related steps to basic maintenance or engineering processes can help improve overall awareness of the importance of maintaining a strict cybersecurity regime, while protecting your production processes from the risks associated with cyber and ransomware attacks.
“There’s no point in having a lock on your door if you don’t use it. Similarly, it’s important that we embrace the mindset of interacting with security features instead of bypassing them just so we can get to Point B quicker. If you don’t, you might just leave that backdoor open,” Narvaez said.
– This originally appeared on the Association for Advancing Automation’s (A3) website. A3 is a CFE Media and Technology content partner.