tuv rheinland image

TUV Rheinland outlines cyber security threats to industrial robotics and automation systems

tuv rheinland image

TUV Rheinland was invited to attend Shanghai International Industrial Automation & Robot Exhibition 2017 earlier this month, and held thematic lectures on the “New Engine of Smart Society – Robots and Inspection & Certification Services for Robot Systems” during the exhibition.

Shu Xu, unit general manager of commercial products of TUV Rheinland Greater China, officially released in the lecture a white paper on industrial robotics and cyber security, drawing considerable interest of many exhibitors, media and professionals in the world of robotics.

The white paper provides a detailed picture of various cyber security risks faced by industrial robots, as well as latest developments on technological trends, standards and product testing in the cyber security industry. 

It also proposes realistic responding strategies and recommendations respectively for robot manufacturers, integrators and operators according to their characteristics, aiming to help enterprises in the robotic industry chain remain abreast of new developments on cyber security so that they can capture market opportunities and make right operational decisions.

Shu Xu said: “Like any complex electromechanical system, robots are subject to cyber security threats that can impact their safe and secure functioning.

“By presenting a comprehensive view of the robotic cyber security, we hope that we can create a safe and reliable operational environment for upstream and downstream enterprises to address potential security risks in all processes, from robot design, manufacturing and integration to use.”

Cyber threats and risks to robots

With the development of industrial internet, an increasing number of industrial devices are connected to the internet, especially industrial robots.

Connecting a corporate internal network to the public internet contribute to increased production efficiency on the one hand, and pose cyber security threats to robots on the other. Specifically, these risks mainly come from the following aspects:

Firmware and software: Some firmware and software with open access for ease of maintenance in low security level are vulnerable targets of malware, such as an open USB port, a wireless network with default password, and a maintenance laptop lack of secure configuration.

Software development: As robot operating systems (ROS) provide open source software and do not have any security features by default, and the programming languages of a robot are mostly common languages, the security flaws in software are easy to be exposed.

Communication system: Robots are usually configured with various communication systems, but manufacturers often do not consider the confidentiality of data in their design, thus leading to weakly encrypted products. Such insecurity of communication channels could result in an attacked system.

Identity and access management: Poor implementation of IAM could result in, for example, inexperienced operators sharing user name and password that could introduce major quality and safety issues.

Data privacy: Robots for medical care and surgery will inevitably contain many personal and sensitive data. In most cases, both personal and healthcare data are protected by law due to their sensitive nature. Special attention will need to be paid by manufacturers and users of these equipments to ensure they do not breach legal requirements of patient confidentiality.

Disposal and recycling: As for industrial robots that contain sensitive data, any resident memory should be destroyed or forensically overwritten during robot decommissioning, because criminals can trivially recover simply deleted data for their own use.

Cyber threat analysis – an important risk management approach

Cyber security threats are developing and evolving continuously. In this context a threat is anything – either originating from a technical software bug or human criminal gang.

At present, cyber threat analysis is an important approach for industrial robot suppliers or operators to manage risk. Tying together disparate snippets of data to produce threat intelligence and taking efficient solutions can help protect an industrial robot.

Mutually reinforcing functional safety and cyber security

Functional safety is the defense against random and systematic technical failure to protect life of the person concerned. Cyber security is the defense against negligent and willful actions to protect devices and data. The worlds of functional safety, robots and cyber security are inextricably linked as an industrial robot can no longer be deemed safe if it is not secure.

TUV Rheinland suggests that both safety and security testing are addressed

The generic standard for functional safety, IEC 61508:2010 states that, if a malevolent or unauthorized action is identified, then a security threats analysis should be carried out; if security threats have been identified, then a vulnerability analysis should be undertaken in order to specify security requirements; the standard further goes on to recommend using the guidance given in the IEC 62443 series (a set of information system security standards for industrial communication networks).

Testing an industrial robot against the seven foundational requirements of IEC 62443 will reduce many cyber security risks across an industrial robot system, and security level (SL) can then be applied to the system.

SL4 is the highest security level to protect a robot against intentional violation using sophisticated means with extended resources.

However, most enterprises have not fully recognized the importance of SL4.

As such, TUV Rheinland suggests that the best approach is to design in safety and security at the initial development of an industrial robot.

For product testing, a combination of traditional vulnerability and penetration testing with those tests for IEC 62443-3-3 will likely provide the most comprehensive test to determine whether there are security risks, such as due to outdated software components, use of poor authentication or default credentials, poor transport encryption using outdated cryptographic techniques, insecure web interfaces and poor software protection.