Interviews

Exciting time for robotics

by Mark Rowe

Gabriel Aguiar Noury, Robotics Product Manager at the software company Canonical, writes of how robotics companies can ensure security is a top priority.

It’s an exciting time for the robotics industry, as more and more companies are beginning to appreciate the commercial value and positive impact on sustainability that robots can bring to their business. For example, ABB’s PixelPaint uses a pair of high-precision robotic arms for two-tone painting in the automotive industry. The approach removes the need for time-consuming masking and de-masking methods, improving the team’s productivity and expanding the potential for customised paint schemes to better match customer demand. It also increases sustainability, as it eliminates overspray benefiting the environment.

Investment into the industry is also growing, with worldwide investment expected to reach $210 billion by 2025. This is more than double the figures in 2020. An industry that has been booming with the constraints that covid-19 has brought.

As investment grows, so does the competition among robotics developers and manufacturers as they battle to bring ever more impressive functions for customers to use. To support this, many companies are creating robots using the Robot Operating System, the standard open-source framework for robotics application development. However, there is one key area of robotics development that they have to prioritise in the race to get their products to market, and that’s security. If security is overlooked, manufacturers put their data at risk. On top of this, the physical safety of customers can be jeopardised if a hacker were to take over control of a robot and harm people or infrastructure. By addressing security risks, companies can make sure they protect both themselves and the customers they serve.

Security from the beginning

As the demand for robots grows, it can be tempting to rush through the development phase and ship robots quickly. In doing so, businesses risk not securing robots from the beginning and will face the task of trying to retrofit security measures, which ultimately becomes an expansive task. It also causes downtime for the user and can have a negative impact on the image and reputation of the company.

A similar approach was taken with IoT security when the tech industry was too late to focus on it and many devices were shipped with weak password protection and an ineffective path and system update. The fate of security in IoT and robotics are intertwined as the Internet of Robotic Things (IoRT) emerges where robots can monitor events, fuse sensor data from a variety of sources in its network, use this data to determine the best course of action then act to control objects in the physical world. As an industry, the tech sector overlooked the need for strict security measures for IoT, and we must ensure the same doesn’t happen with robotics.

This starts with a watertight, proactive security strategy that ensures that there are enough levels of protection in place. For instance, just having a password in place won’t be enough to keep hackers out. Multi-factor authentication methods should be implemented to ensure a business is doing all it can to keep its sensitive data safe. This could also make privilege escalation more challenging for attackers. Even using an OS with a containerised architecture could guarantee that attackers will operate in a sandbox.

But businesses can’t just implement security measures and consider their job to be done. Regular risk assessments must be carried out to identify, analyse and evaluate the risk to ensure that the cyber security controls they have chosen are still appropriate. Without doing so, a business can waste time, effort and resources. Ultimately, a robot is another networked device within an organisation that needs to be included in risk assessments and patched as needed. Security maintenance represents the minimum requirement for reducing vulnerabilities. If a robot software in a manufacturing line or retail is not maintained, sooner or later attackers may gain a foothold on it and possibly use it to gain access to the device itself, and potentially to other corporate assets.

The role of regulations

A big step in ensuring security is a high priority in robotics development should also involve the Robot Operating System (ROS). ROS isn’t just software, it’s an international community of developers, academics and engineers who have made it their mission to make robots better. As a result of this, the field of robotics has a huge pool of talent at its fingertips to tap into to optimise security protocols, but it isn’t currently taking advantage of this. If it did, the community could support each other in identifying vulnerabilities and reporting them, improve existing code by addressing security issues, improve new code writing, ensure that contributions from less-trusted parties are reviewed, suggest ways to harden measures, follow and propose secure design principles, and apply recommendations from cybersecurity frameworks.

Regulations can also be put in place to add an additional layer of security. While there aren’t robotics cybersecurity regulations, depending on the field, robotics companies need to comply with different security regulations. For instance, in the finance sector companies need to adhere to PCI standards. For ROS within CIS, there’s a benchmark for ROC melodic that runs on Ubuntu 18.04. It contains over 200 recommended settings for securely operating ROS.

Regulations don’t have to be restrictive either, innovation-driven regulation, based on the collective views of developers and users within the community, can help to drive the development of open-source robotics security. As an example, the UK government’s proposed cybersecurity laws are set to cover the connected devices that make up the IoT, but while this regulation is for everyday users, the same needs to be created for robotics. Even though the regulation is for IoT, it’s worthwhile for robotics companies to abide by the same laws to ensure the security of their connected products.

Security must be prioritised

The robotics industry must take security seriously. Though it is a promising time as investment and competition increase, those working at the heart of the area can’t lose sight of security in an attempt to rush the development process to keep up with demand.

While robotics security can be a complex topic, the most important element to remember for companies is to ensure security protocols and hardening techniques are in place from day one. While the possibilities robots can bring to a business are endless, they’ll soon be stopped in their tracks if they aren’t secured properly and businesses face a potential security breach. The ramifications of a security breach of a robot are huge and have the power to destroy a company. From leaked data to physical harm to people and production lines, a breach would negatively impact everyone involved in the production and consumption of robots. For businesses to reap the true benefits of robots, security strategies must be implemented, reviewed and maintained from the beginning of development.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing