Robot cybersecurity threats: What to watch for
Industrial robots are helping to change the way we manufacture products for decades. We use them to deal with risk on automotive assembly lines, operate them in mines, and use them in other hazardous environments, but advances in connectivity systems for industrial robots are adding a new cause for concern. Although the benefits of such connectivity are numerous, the risk of cyberattacks must be addressed to ensure safety.
Security threats for industrial robots
Many service robots and automated systems are now connected to company networks and the internet, leaving the system sensors vulnerable to hacker attacks. Today’s Industrial Internet of Things (IIoT) devices communicate directly with whatever or whoever needs the data they collect. Thanks to this connectivity, hackers no longer have to attack sensors at the bottom of the hierarchy as laid out on the Purdue model, a commonly used architectural reference model containing five levels from zero to four.
For example, a drive for a welding robot may be transmitting usage data to its builder via the internet. It may report information like, “based on my duty cycle, I will need a certain part replaced in 12 days and 2 hours.” The robot is exchanging this data to maximize performance and uptime, but this communication could be at risk of being intercepted.
The Purdue model and other security standards are in place to protect the robot’s systems, but if there’s a flaw in the robot’s operating system, a hacker may be able to take control of the robot or disable it with a buffer overflow or some other type of communications attack.
To prevent cyberattacks and maintain robotic safety, manufacturers need to be aware of the possible security threats to industrial robots. If a hacker gets control of an industrial robot, the intruder could cause defects in part production. This would compromise the final use of whatever it is producing, causing significant losses for the company.
A connected, industrial robot is vulnerable to ransomware attacks. A hacker could use such an attack to block access to data and the entire production system.
An attacker may take control of a robot that can harm operators. The hacker may use the robot to interfere with security mechanisms, damage a work cell, or attempt to cause injury.
Disruption of the industrial process
Production can be compromised in the long term. A hacker may alter or suspend a process, which could jeopardize company operations.
Exfiltration of sensitive data
Like with all industrial objects connected to the company’s internal network, a security flaw in an industrial robot represents an access point for attackers. Hackers could use this vulnerability to gain access to and steal confidential information.
With the increasing popularity of automation in industrial processes, security threats are heightened. “If hackers were launching an attack against a plant, looking at the supply chain and at smaller manufacturers that provide equipment, such as robots, would be an easier target. This is something that big and small manufacturers need to consider,” said Nigel Stanley, chief technology officer for global OT and industrial cybersecurity at TÜV Rheinland.
There are multilayered complexities of cybersecurity that should be addressed when working alongside industrial robots. In order for a robot to be safe, it should be protected against cyberattacks and possible security breaches.