What Happens When Cybercriminals Target Industrial Robots?
Historically, robots were just dumb pieces of programmable machinery that did the same task over and over again. They had virtually no ability to sense their environment. And they certainly couldn’t make decisions for themselves.
With the advent of machine learning and smart systems, that’s all changing. Now designers are imbuing their mechanical appendages with all manner of intelligence. And it’s only getting better.
For economists, these trends are extremely exciting. We could be looking at a future where robots do the vast majority of manual jobs, freeing up labour for other tasks, boosting productivity like nothing else in human history.
However, there are also concerns, mainly from cybersecurity experts. They worry that current trends will lead to a world in which hackers can hijack robots just as easily as cloud servers, but with far more devastating consequences for human wellbeing.
The risk of robot-related cyber-attacks has been rising for a long time now. Companies need to hook their robots up to the cloud so that they can share information and react to real-time data. The fourth industrial revolution actually relies on this process taking place.
Robots need to do more than just perform specific tasks. They have to be able to ebb and flow with demand and supply. And they need to be able to work in more flexible environments. Even today, most robots still sit behind perspex screens in factories.
We’re seeing the development of a host of different kinds of co-bots: robots that can work around humans. These bots feature special servos and motors that cut out if they encounter too much resistance, enabling them to perform certain tasks, without posing a threat to human operatives.
However, if cybercriminals target industrial robots, that could change. We could see workers injured – even killed – by nefarious actors operating remotely.
Manufacturers Need To Step Up To The Challenge
The future of connected robots is coming, whether we like it or not. The competition will eventually make it inevitable.
The question for manufacturers, therefore, is how are they going to start preparing for the threat now? Cyberattacks aren’t going to go anywhere. In fact, the stakes are likely going to be much higher if criminals can gain control over physical systems.
The first step will be securing the IoT against threats. At present, there are no standard protocols – very similar to when the internet was first developing. And that means that we’re likely to see some disturbing and high-profile security lapses in the near future.
Fortunately, some organizations are trying to put standards in place to address the issue. IEC 62443, for instance, attempts to address both autonomous systems and their control systems, ensuring that they each have a standard cybersecurity engineering element. There are similar drives in the automobile market which looks like it may transition to autonomous systems within the next decade.
Consult Existing Standards
So what can the average company do to protect themselves?
The first step is to consult the IEC 62443 first to see what standards are already in place to protect workers in close proximity to connected machines. Managers should buy industrial automation parts while bearing their duties to their workers in mind.
The standards make it clear that the threats from automation are different from those merely involving information security management. Businesses, therefore, shouldn’t take cues exclusively from ISO 27001 when designing their responses. While data confidentiality remains an issue in a robot-rich environment, avoiding physical harm is now the overriding concern.
There are several strategies that businesses can adopt. However, the standards are still very much under development. A full IEC code is not expected until the middle of this year, which makes the situation confusing for any business looking to improve automation.
Part of the issue is that robotics is coming online so rapidly and the capabilities of units are improving considerably. Just five years, the idea that a robot could do backflips or dance seems like a long-shot. But now it’s happening. And that means that the people creating the standards are having to continually revise their work to account for new capabilities and paradigms.
Build Cybersecurity Into The Product Development Timeline
According to standards setters and product certification professionals, any business engaged in automation processes need to build cybersecurity concerns into their development cycle.
As a first step, they need to target informational safety, ensuring that their systems are as robust as possible against possible cyber intrusion. Then, after that, they need to consider the physical safety of their devices, possibly providing mechanical shut-offs that override digital instructions.
Ultimately, businesses need to design robots that can’t hurt people, even if they lose digital control of the devices.
Robots aren’t the only part of the ecosystem that needs to follow these protocols. IC chips, subsystems, software modules and IC chips also need to hop on the bandwagon too. If they aren’t a part of the approach companies take, then they could represent a weak point in their defences, allowing a possible point of entry for a security breach.
Build A Culture Of Security
Professionals currently developing these standards point out that most businesses aren’t aware of the dangers that face them. The majority of C-suite executives fully understand purely digital risks, but they’re not ready for the IoT – which is potentially a much larger hazard.
The solution, according to people who are working on robotics cybersecurity standards, is to change company culture. Leaders in the space would like to see C-suite executives of industrial firms taking swift action to build awareness of IoT cybersecurity issues and improve certification efforts.
IoT applications are likely going to explode in ways people can’t imagine over the next decade. But at the moment, it looks like security will be playing catch-up, just like it did with the movement to the cloud. Eventually, brands understood why it was important, but only after a lot of pain and loss.
This time around the stakes are higher. People could potentially get hurt, so the old break-fix model will have to go. Prevention is now the aim of the game.